The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The most popular and widely used encryption scheme has been found to be weaker with the disclosure of a new attack that could allow attackers to steal credit card numbers, passwords and other sensitive data from transmissions protected by SSL ( secure sockets layer ) and TLS ( transport layer security ) protocols. The attack leverages a 13-year-old weakness in the less secure Rivest Cipher 4 (RC4) encryption algorithm , which is the most commonly used stream cipher for protecting 30 percent of TLS traffic on the Internet today. BAR-MITZVAH ATTACK The attack, dubbed " Bar-Mitzvah ", can be carried out even without conducting man-in-the-middle attack (MITM) between the client and the server, as in the case of most of the previous SSL hacks. Itsik Mantin, a researcher from security firm Imperva, presented his findings in a research titled, " Attacking SSL when using RC4 " at the Black Hat Asia security conference Thursday in Singapore. Bar Mitzv...

Github – a popular coding website used by programmers to collaborate on software development – was hit by a large-scale distributed denial of service (DDoS) attack for more than 24 hours late Thursday night. It seems like when users from outside countries visit different websites on the Internet that serve advertisements and tracking code from Chinese Internet giant Baidu , the assailants on Chinese border quietly inject malicious JavaScript code into the pages of those websites. The code instructs browsers of visitors to those websites to rapidly connect to GitHub.com every two seconds in a way that visitors couldn't smell, creating "an extremely large amount of traffic," according to a researcher who goes by the name A nthr@x . "A certain device at the border of China's inner network and the Internet has hijacked the HTTP connections went into China, replaced some JavaScript files from Baidu with malicious ones," A nthr@x wrote at Insight La...

Google want to save its users' bandwidth at home. The company has released a " Data Saver extension for Chrome , " bringing its data compression feature for its desktop users for the first time. While tethering to a mobile Hotspot for Internet connection for your laptop, this new Data Saver extension for Chrome helps you reduce bandwidth usage by compressing the pages you visit over the Internet. If you are unaware of it, the data compression proxy service by Google is designed to save users' bandwidth, load pages faster, and increase security (by checking for malicious web pages) on your smartphones and tablets. REDUCE AS MUCH AS 50% OF DATA USAGE  Until now, the data compression service has been meant to benefit only mobile users, but the latest Data Saver Chrome Extension aims at helping desktop users by reducing their data usage by as much as 50 percent. " Reduces data usage [bandwidth] by using Google servers to optimize pages you visit,...

There is no end to users problem when it comes to security. Everything is easily hackable — from home wireless routers to the large web servers that leak users' personal data into the world in one shot. If you love to travel and move hotels to hotels, then you might be dependent on free Wi-Fi network to access the Internet. However, next time you need to be extra cautious before connecting to Hotel's Wi-Fi network, as it may expose you to hackers. Security researchers have unearthed a critical flaw in routers that many hotel chains depend on for distributing Wi-Fi networks. The security vulnerability could allow a hacker to infect guests with malware, steal or monitor personal data sent over the network, and even gain access to the hotel's keycard systems and reservation. HACKING GUEST WIFI ROUTER Several models of InnGate routers manufactured by ANTlabs, a Singapore firm, have a security weakness in the authentication mechanism of the firmware. The se...

Yesterday at its annual F8 Developer Conference in San Francisco, Facebook officially turned its Messenger app into a Platform. Facebook's Messenger Platform allows third-party app developers to integrate their apps with Facebook messenger app. However, other popular messaging apps are already offering similar features, like Chinese WeChat, but Facebook release is much bigger than any other platform. At F8 Developer Conference, Facebook released SDK v4.0 for iOS and Android along with Graph API v2.3 that enable app developers to add new messenger platform features to their custom apps quickly. Facebook users can install these compatible third-party apps from the messenger app, which offers users to send animated GIFs, images, videos, and more content within the Facebook Messenger app easily. BOON FOR BOTH FACEBOOK AND THIRD PARTY DEVELOPERS Facebook Messenger Platform will offer third party app developers to reach out Facebook's 600 Millions of users. So, the move will be a ...

Security researcher has discovered some new features in the most dangerous Vawtrak , aka Neverquest , malware that allow it to send and receive data through encrypted favicons distributed over the secured Tor network . The researcher, Jakub Kroustek from AVG anti-virus firm, has provided an in-depth analysis ( PDF ) on the new and complex set of features of the malware which is considered to be one of the most dangerous threats in existence. Vawtrak is a sophisticated piece of malware in terms of supported features. It is capable of stealing financial information and executing transactions from the compromised computer remotely without leaving traces. The features include videos and screenshots capturing and launching man-in-the-middle attacks. HOW VAWTRAK SPREADS ? AVG anti-virus firm is warning users that it has discovered an ongoing campaign delivering Vawtrak to gain access to bank accounts visited by the victim and using the infamous Pony module in order to ste...