The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Biometric security systems that involve person's unique identification (ID), such as Retinal, IRIS, Fingerprint or DNA, are still evolving to change our lives for the better even though the biometric scanning technology still has many concerns such as information privacy, and physical privacy. In past years, Fingerprint security system , which is widely used in different applications such as smartphones and judicial systems to record users' information and verify person's identity, were bypassed several times by various security researches, and now, IRIS scanner claimed to be defeated . Don't worry! It's not like how they do it in movies, where an attacker needs to pull authorized person's eye out and hold it in front of the eye scanner. Instead, now hackers have finally found a simple way to bypass IRIS Biometric security systems using images of the victims. The same security researcher Jan Krissler , nicknamed Starbug , from the famous Chaos Co...

Recently discovered FREAK  vulnerability that apparently went undetected for more than a decade is reportedly affecting all supported versions of Microsoft Windows, making the flaw more creepy than what we thought. FREAK vulnerability is a disastrous SSL/TLS flaw disclosed Monday that allows an attacker to force SSL clients, including OpenSSL, to downgrade to weaken ciphers that can be easily broken and then supposedly conduct Man-in-the-Middle attacks on encrypted HTTPS-protected traffic passing between vulnerable end-users and Millions of websites. Read our previous post to know more about FREAK vulnerability . FREAK IN MICROSOFT RESIDES IN SECURE CHANNEL Microsoft issued an advisory published Thursday warning Windows users that Secure Channel ( Schannel ) stack — the Windows implementation of SSL/TLS — is vulnerable to the FREAK encryption-downgrade attack , though it said it has not received any reports of public attacks. When the security glitch first dis...

Do you know, apart from United States National Security Agency (NSA) , Federal Bureau of Investigation (FBI) and law enforcement, a few advertising companies are also monitoring unsuspecting users' cell phone data with the help of the unmanned aerial vehicles (UAVS) called Drones. Yes it's True! A Singapore-based advertising firm AdNear , which described itself as "the leading location intelligence platform," is using a number of small drones flying around the San Fernando Valley in Los Angeles since early February in order to track Wi-Fi and cellular transmission signals. ADNEAR DRONES TRACKS YOU EVERYWHERE The drones have ability to sniff out device' cellular or wireless Internet signals, which is then identify by device ID. Using this gathered information, the drones track each and every movements and behaviors of individual users. Generally, the reason behind spying on people's cell phone signals is the company's interest to deliver hyper-targe...

Last month, cyber security researchers spotted a new strain of french surveillance malware, dubbed " Babar ," which revealed that even French Government and its spying agency the General Directorate for External Security (DGSE) is dedicatedly involved in conducting surveillance operation just like the United States — NSA and United Kingdom — GCHQ . A powerful piece of surveillance malware, known as " Casper ," has recently been discovered by the Canadian security researchers that once again point fingers at the French government. CASPER SURVEILLANCE MALWARE LINKED TO FRANCE The newly discovered sophisticated Casper surveillance malware is believed to be developed by France based hacking group suspected to have ties with the French government, according to the report published by Motherboard . Report suggests that French hacking group have developed ' Swiss Army knife of spying tools ' which has been used by French government to conduct multipl...

The world's infamous Angler Exploit Kit has become the most advanced, much more powerful and the best exploit kit available in the market, beating the infamous BlackHole exploit kit , with a host of exploits including zero-days and a new technique added to it. Angler Exploit Kit's newest technique is dubbed "Domain Shadowing" which is considered to be the next evolution of online crime. Domain Shadowing, first appeared in 2011, is the process of using users domain registration logins to create subdomains. WHAT IS DOMAIN SHADOWING ? With the help of Domain Shadowing technique used in a recent Angler campaign, attackers are stealing domain registrant credentials to create tens of thousands of sub-domains that are used in hit-and-run style attacks in order to either redirect victims to the attack sites, or serve them malicious payloads. Security researcher Nick Biasini of Cisco's Talos intelligence team analysed the campaign and said the "massive...

As you may be aware, you need an Android smartphone to use an Android Wear smartwatch , but if you carry an Apple iPhone or iPad, you'll soon be able to use the same Android Wear smartwatch, without relying on unofficial third-party app support. Google is reportedly going to release its a new iOS app over to the App Store that will allow iPhone and iPad users to pair Android Wear devices such as Moto 360 and LG G Watch with their Apple products, French outlet 01net claimed . OFFICIAL ANDROID WEAR APP FOR iOS Google's new move to go cross-platform with an iOS app would expand support for the wearable platform beyond Android devices and target the potential market of tens of Millions of Apple users that may not be interested in purchasing an Apple Watch. As well as, with lower prices and strong design, a fair amount of Android Wear smartwatch demand would likely be there. The search engine giant is possibly planning to launch the Android Wear app for iOS at Google's annual develop...