The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Security researchers from Core Security has reportedly found a Denial of Service ( DoS ) attack vulnerability in Android WiFi-Direct. Android's WiFi-Direct is a wireless technology that allows two devices to establish a direct, peer-to-peer Wi-Fi connection without requiring a wireless router. Smartphones have been able to support Wi-Fi Direct for a while now. According to the advisory , the remotely exploitable denial-of-service vulnerability is affecting a wide number of Android mobile devices when it scans for WiFi Direct devices. If exploited, the vulnerability would let an attacker force a reboot of a device. " An attacker could send a specially crafted 802.11 Probe Response frame causing the Dalvik subsystem to reboot because of an Unhandle Exception on WiFiMonitor class ," advisory states. The Android WiFi-Direct vulnerability (CVE-2014-0997) affects: Nexus 5 - Android 4.4.4 Nexus 4 - Android 4.4.4 LG D806 - Android 4.2.2 Samsung SM-T310 - Android...

The use of small Unmanned Aerial Vehicles (UAVs) called Drones is rapidly transforming the way we go to war. Drones were once used for land surveillance, Delivering Pizza's, then equipped with bombs that changed the way nations conduct war and last year, these hovering drones were also used to hack Smartphones. Recently, a security researcher has found a backdoor in the Parrot AR Drones manufactured by a French-based company, that could allow a malicious hacker to remotely hijacked the radio controlled flying quadcopter helicopter. The Parrot AR Drone, revealed at the International CES 2010 in Las Vegas, is a quadricopter helicopter which you can control with your smartphone or tablet. It features two built-in cameras, is easy to fly, and can be controlled without too much danger of it flipping over or smashing into things. FIRST EVER MALWARE FOR DRONES Security researcher, Rahul Sasi claimed to have developed the first ever backdoor malware for AR drone ARM L...

The Pirate Bay — an infamous Torrent website predominantly used to share copyrighted material free of charge — could be relaunched on 1st February, the date the website has long been expected to return. The website went dark from the Internet following a raid in Sweden last month. After a complaint was filed by a group called the Rights Alliance, Swedish Police officers raided The Pirate Bay's server room in Stockholm and seized several servers and other equipment. Last month's raid comes almost a month after the arrest of Fredrik Neij, the third and final founder of The Pirate Bay, at the border between Laos and Thailand on November 3. He was convicted by Swedish courts for sharing copyrighted material more than five years ago. The Pirate Bay homepage is displaying a logo of Phoenix once again with a timer counting down to 1 February. The search box and categories are back under the flag, but are not active yet. At the bottom of the page, a pirate ship sails tow...

A database containing details of more than 20 Million users of a Russian-based online dating website has been allegedly stolen by a hacker and made publicly available for sale through an online forum. A hacker using the online alias " Mastermind " on an online forum used by cybercriminals claims the responsibility of the hack into an unnamed online dating website, according to recent reports. The leaked credentials are claimed to be 100% valid in a posting to a paste site, and Daniel Ingevaldson, chief technology officer of Easy Solution, said that the list included email addresses from Hotmail, Yahoo and Gmail. " The list appears to be international in nature with hundreds of domains listed from all over the world ," Ingevaldson said in a blog post on Sunday. " Hackers and fraudsters are likely to leverage stolen credentials to commit fraud not on the original hacked site, but to use them to exploit password re-use to automatically scan and c...

Bad news for AT&T customers! You all are vulnerable to phishing scams – thanks to AT&T's text protocols. The actual problem lies in the way AT&T handles its customer alerts via text messages, as it's very easy for cybercriminals to mimic. In "Phishing" attacks , scammers attempt to trick victims into revealing their personal and financial information by sending email or text messages that appear to be from legitimate companies. Instead of emails, here hackers have targeted AT&T users with the text messages. According to Dani Grant , the computer programmer who discovered the flaw and reported to the company, AT&T is making use of plethora for short codes, due to which its customers unable to distinguish between the legitimate and phishing messages . The second issue is that some of AT&T's real links directs its users to att.com while others take you to dl.mymobilelocate.com. " Another problem is that AT&T directs cu...

Ready to patch your Adobe Flash software now. Adobe has patched one after one two zero-day vulnerabilities in its Adobe Flash that are being actively exploited by the cyber criminals. PATCH FOR FIRST ZERO-DAY On Thursday, the company released an emergency update for one of the critical vulnerabilities in Flash Player. However, the flaw was not the one that security researcher Kafeine reported. Adobe focused on another zero-day, identified as CVE-2015-0310 , that was also exploited by Angler malicious toolkit. PATCH FOR SECOND ZERO-DAY Today, Adobe released an updated version of its Flash player software that patches a zero-day vulnerability , tracked as CVE-2015-0311, spotted by French security researcher Kafeine at the beginning of the week. The vulnerability is " being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below, " Adobe said in a security advisory . The com...