The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Yahoo! has offered $24,000 to a security researcher for finding out and reporting three critical security vulnerabilities in its products including Yahoo! Stores and Yahoo!-hosted websites. While testing all the company's application, Mark Litchfield , a bug bounty hunter who often works with different companies, discovered three critical vulnerabilities in Yahoo!'s products. All the three vulnerabilities have now been fixed by Yahoo!. THREE CRITICAL SECURITY VULNERABILITIES The first and most critical vulnerability gives hackers full administrator access to Yahoo!'s e-commerce platform, Yahoo! Small Business , a portal that allows small business owners to create their own web stores through Yahoo! and sell merchandise. According to the researcher, the flaw in the service allowed him to fully administrator any Yahoo store and thereby gain access to customers' personally identifiable information, including names, email addresses, telephone numbers. ...

Banks have tried every effort, from providing Magnetic Stripes based Credit and Debit Cards to Chip-and-Pin Cards , in order to secure its users from credit card cloning and card Skimmers. It has been known from years that Magnetic stripe are incredibly hackable, but  Chip-n-Pin cards have also been hacked and successfully cloned by a group of security researchers. A unit of Canada's Bank of Montreal, BMO Harris Bank is  launching  the U.S.'s biggest cardless ATM network that allows its customers to withdraw cash within seconds, using nothing but their smartphones. NO CARD, NO PIN, JUST YOUR SMARTPHONE According to the bank, there is no need to enter PIN and instead of swiping the card, customers have to sign into mobile banking app " Mobile Cash ", hold their smartphones over the QR code on the ATM screen and the cash gets delivered. This cardless cash withdrawal technology will boost security, speed up transactions and reduce frauds because no card...

Does downloading Windows updates from Microsoft's servers and waiting too long really annoy you? It might not be with the arrival of Windows 10 . Microsoft seems to make a major change in Windows 10 to the way it delivers updates for the software. The leaked version of Windows 10 build 10036 (the current version is build 9926) allows you to grab OS updates from Microsoft as well as other computers, whether they're on your local network or on the Internet. Yeah, it's a Peer-to-Peer (P2P) technology Microsoft is going to use in order to deliver both app and operating system updates. Peer-to-Peer , or P2P Technology is usually associated with file sharing services like BitTorrent to download illicit copies of movies and albums, and of course, those endless Linux ISOs you've been downloading. However, Redmond is embracing the technology as an efficient means to deliver software updates to its users around the globe. Peer-to-Peer downloads will be o...

Good news for all Android Lollipop-ers! Google appears to be secretly working on a Virtual Private Network (VPN) service, dubbed ' Google VPN '. The news is still not confirmed, but the folks at Pocketables discovered an interesting hidden app called " Google Connectivity Services " under " All Apps " in the app manager, while digging through settings and apps after installing the latest version, Android 5.1 Lollipop on a Nexus 6 phone. After clicking on the created shortcut, the app greeted with a pop-up message that reads,  " Google VPN:  To help protect you on open Wi-Fi networks, your data will be transmitted securely through a Google VPN." The pop-up also has the " learn more " and " got it " options. However, since Google VPN feature is currently not in a functional state, you get redirected to a support page from Google if you click on " learn more " option. But if you click on the " ...

After the latest Microsoft Patch Tuesday updates that came with important patches for Stuxnet and FREAK encryption-downgrade attack , now its time to update your Adobe Flash Player. Adobe has rolled-out an update for its popular Flash Player software that patches a set of 11 critical security vulnerabilities in its program, most of which potentially allow hackers to remotely execute arbitrary code on vulnerable systems. AFFECTED SOFTWARE All versions prior to the latest version 17.0.0.134 of the Flash Player are affected on Windows and Mac OS X machines. Therefore, Adobe Flash Player installed with Google Chrome, as well as Internet Explorer 10 and 11 on Windows 8 and Windows 8.1, should automatically update to the newest version 17.0.0.134. In addition, Adobe Flash Player 11.2.202.442 for Linux and Flash Player Extended Support Release 13.0.0.269 for Windows and Mac OS X are also affected by the vulnerabilities. So, users of Flash Player on Linux should update...

Can Hackers turn a remote computer into a bomb and explode it to kill someone, just like they do in hacker movies? Wait, wait! Before answering that, Let me tell you an interesting story about Killer USB drive: A man walking in the subway stole a USB flash drive from the outer pocket of someone else's bag. The pendrive had "128" written on it. After coming home, he inserted the pendrive into his laptop and instead discovering any useful data, he burnt half of his laptop down. The man then took out the USB pendrive, replaced the text "128" with "129" and put it in the outer pocket of his bag… Amen! I'm sure, you would really not imagine yourself being the 130th victim of this Killer perdrive, neither I. This above story was told to a Russian researcher, nicknamed Dark Purple, who found the concept very interesting and developed his own computer-frying USB Killer pendrive. He is working with electronic manufacturing company from where...