The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Yahoo! has broke its silence and explained why it handed over its users' data to United States federal officials, thereby promising to expose those court documents which ordered the snooping. The US government threatened Internet giant with a $250,000 fine per day several years ago if it failed to comply with National Security Agency 's notorious PRISM Surveillance program, according to unclassified court documents released by Yahoo! on Thursday. " The released documents underscore how we had to fight every step of the way to challenge the US Government's surveillance efforts ," the company's general counsel Ron Bell said on Yahoo's Tumblr page . " At one point, the US Government threatened the imposition of $250,000 in fines per day if we refused to comply. " The documents released by Yahoo! shed new lights on the NSA's secret surveillance program PRISM, which was previously leaked from the agency's confidential documents provided by Global su...

Gmail credentials leaked online? Oh my God! Again I have to change my password…!! Yes, you heard right. Millions of Gmail account credentials (email address and password) have been stolen and made publicly available through an online forum, causing a large number of users worldwide to change their Gmail password again. The website that published the email addresses with matching passwords is Russian. The credentials seem to be old and likely sourced from multiple data breaches. It is believed that the leaked passwords are not necessarily those used to access Gmail accounts, but seem to have been gathered from other websites where users used their Gmail addresses to register. 5 MILLION GMAIL CREDENTIALS LEAKED ONLINE The news broke when a user posted a link to the log-in credentials on Reddit frequented by hackers, professional and aspiring. But the archive file containing nearly 5 million Gmail addresses and plain text passwords was posted on Russian Bitcoin secur...

The informational systems that the National Oceanic and Atmospheric Administration (NOAA) run are loaded with several critical vulnerabilities that could leave it vulnerable to cyber attacks. According to the findings of an audit recently conducted by the Department of Commerce's Office of the Inspector General (OIG), the Joint Polar Satellite System's (JPSS) ground system is vulnerable to a large number of high-risk vulnerabilities. The JPSS ground system is used to collect data from several polar-orbiting weather satellites, and distribute the information to users worldwide. This system also provides command, control and data processing for current and future weather satellites. But, the vulnerabilities identified in the system could impair technology controlling the United States' next generation of polar-orbiting environmental satellites. " Our analysis of the JPSS program's assessments of system vulnerabilities found that, since FY 2012, the number of high-ris...

In an intent to move one step forward from others, China is planning to launch a facial recognition payment application with near-perfect accuracy that enables users to authorize their online transactions just by showing a picture of themselves. Chinese researchers from the Chongqing-based research institute have developed a facial recognition system that can pick faces from a crowd with 99.8 percent accuracy from 91 angles. CHINA FACE-RECOGNITION PAYMENT SYSTEM TO LAUNCH IN 2015 Academic at the Chongqing Institute of Green has set up the world's biggest Asian face database displaying more than 50 million Chinese faces. The database was compiled with help from the University of Illinois and the National University of Singapore. The face-recognition payment system is not completely developed at the moment and will come into application by the Chinese Academy of Science (CAS) in 2015. This system will let users to interlink their bank accounts or credit cards with ...

Researcher has discovered a new Timing attack that could unmask Google users under some special conditions. Andrew Cantino, the vice president of engineering at Mavenlink, detailed his attack in a blogpost st week. According to him, the attack could be used by an attacker to target a particular person or organization. A cyber criminal could share a Google document with an email address, un-checking the option by which Google sends the recipient a notification. TIMING ATTACK USED TO DE-MASK TOR USER'S IDENTITY Now, using timing attack exploit technique, a cyber criminal could figure out when someone logged into any one of the shared addresses visits the their site, Cantino said. An attacker could even use this attack in spear phishing campaigns or even could unmask the identity of Tor users if they're logged in to Google while using the Tor browser . Timing attack can allow to unmask targeted Google users as they browse the web. Cantino said the attack is straightforwa...

The official website of a prominent Israel-based, Middle East foreign policy-focused think tank, the Jerusalem Center for Public Affairs (JCPA) , has been compromised and abused by attackers to distribute malware . The Israeli think tank website JCPA – an independent research institute focusing on Israeli security, regional diplomacy and international law – was serving the Sweet Orange exploit kit via drive-by downloads to push malware onto the computers of the website's visitors by exploiting software vulnerabilities, researchers from security firm Cyphort reported on Friday. The Sweet Orange is one of the most recently released web malware exploitation kits, available for sale at selected invite-only cyber crime friendly communities and has been around for quite some time. However, Sweet Orange has also disappeared but in October 2013, shortly after the arrest of Paunch, the author of BlackHole , experts observed a major increase in the use of Sweet Orange. The ...