The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A critical vulnerability discovered in Verizon 's FiOS mobile application allowed an attacker to access the email account of any Verizon customer with relative ease, leaving almost five million user accounts of Verizon's FiOS application at risk. The FiOS API flaw was discovered by XDA senior software developer Randy Westergren on January 14, 2015, when he found that it was possible to not only read the contents of other users' inboxes, but also send message on their behalf. The issue was discovered while analyzing traffic generated by the Android version of My FiOS , which is used for account management, email and scheduling video recordings. Westergren took time to put together a proof-of-concept showing serious cause for concern, and then reported it to Verizon. The telecom giant acknowledged the researcher of the notification the same day and issued a fix on Friday, just two days after the vulnerability was disclosed. That's precisely how it shou...

A UK man linked to the notorious hacking group, Lizard Squad , that claimed responsibility for knocking Sony's PlayStation Network and Microsoft's Xbox Live offline on Christmas Day has been arrested by the United Kingdom police. Lizard Squad launched simultaneous Distributed Denial-of-Service ( DDoS ) attacks against the largest online gaming networks, Xbox Live and PlayStation Network, on Dec. 25, 2014. Then offered to sell its own Lizard-branded DDoS-for-hire tool called Lizard Stresser . SECOND ARREST As part of an investigation, the UK Regional Organised Crime Unit, in collaboration with the Federal Bureau of Investigation (FBI), have arrested an 18 year old teenager in Southport, near Liverpool, UK on Friday morning, and seized his electronic and digital devices as well. So far, this is the second arrest made in connection to the attack after Thames Valley Police arrested a 22-year old , named Vinnie Omari , also believed to have been an alleged member of Liz...

Microsoft has heavily criticized Google and its 90-days security disclosure policy after the firm publicly revealed two zero-day vulnerabilities in Microsoft's Windows 8.1 operating system one after one just days before Microsoft planned to issue a patch to kill the bugs. But, seemingly Google don't give a damn thought. Once again, Google has publicly disclosed a new serious vulnerability in Windows 7 and Windows 8.1 before Microsoft has been able to produce a patch, leaving users of both the operating systems exposed to hackers until next month, when the company plans to deliver a fix. DISCLOSURE OF UNPATCHED BUGS, GOOD OR BAD? Google's tight 90-days disclosure policy seems to be a good move for all software vendors to patch their products before they get exploited by the hackers and cybercriminals. But at the same time, disclosing all critical bugs along with its technical details in the widely used operating system like Windows 7 and 8 doesn't appears to be a righ...

On January 13, 2015, Microsoft's mainstream support for Windows 7 Service Pack (SP) 1 ended, which means the end of free Windows 7's " mainstream support " period, with the operating system now entering "extended support." Many people are still running the aging Windows XP as well as Windows 7. Microsoft already ended its support for Windows XP officially about a year ago on April 8, 2014, and now the company found Windows 7 an old and cranky OS. END OF MAINSTREAM SUPPORT FOR WINDOWS 7 BUT NO WORRIES UNTIL 2020 However, it doesn't mean that the tech giant is going to automatically stop or break your operating system, but it does mean that the company will no longer offer free help and support in case you have any problem with your Windows 7 software. No new features will be added either. Windows 7 is still supported by the company and will continue to receive security updates for at least another five years, i.e. until Jan. 14, 2020. By ...

We have seen a series of Ransomware tended to be simple with dogged determinations to extort money from victims. But with the exponential rise in the samples of Ransomware last year, we saw more subtle in design, including " Cryptolocker " that was taken down along with the " Gameover ZeuS " botnet last June. As a result, another improved ransomware packages have sprung up to replace it — CryptoWall . Ransomware is an emerging threat in the evolution of cybercriminals techniques to part you from your money. Typically, the malicious software either lock victim's computer system or encrypt the documents and files on it, in order to extort money from the victims. Since last year, criminals have generated an estimated US$1 million profits. Now, the infamous Cryptowall ransomware is back with the newest and improved version of the file-encrypting ransomware program, which has been spotted compromising victims by researchers early this week, security research...

On one end, where governments of countries like U.K is criticizing end-to-end encryption and considering to ban the encrypted communication apps like Snapchat, CryptoCat, WhatsApp and Apple's iMessage. On the other hand, the Internet community has come up with a new and rather more secure encrypted communication app. Dubbed Peerio , an " encrypted productivity suite " designed to offer much more usable alternative to PGP email and file encryption, so that every individual user and business can encrypt everything from Instant Messages to online file storage. Peerio, released on Wednesday, is designed by 24-year-old Nadim Kobeissi – the creator of the end-to-end encrypted group messaging app Cryptocat and the encrypted file-sharing app MiniLock . " With Peerio everything you share or communicate with your team is secured with state-of-the-art encryption , and it's as easy as using Gmail. You don't need to learn to use it, " Kobeissi told Wired. ...