The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

$US1 may be a very little amount, but it is enough to buy you a stolen Uber account and free car rides around the city. Two separate vendors on AlphaBay , a relatively new Dark Web marketplace launched in late 2014, are selling active Uber accounts with usernames and passwords for $1 each, Motherboard reports . Once purchased, these active Uber accounts let you order up rides using the payment information provided on the file. Additionally, other sensitive information that comes with the purchase includes partial credit card data (the last four digits and expiration date), trip history, email addresses, phone numbers, and location information of users' home and work addresses. Over on AlphaBay market, a vendor identified as " Courvoisier " is claiming to sell hacked Uber accounts for $1 each. Under the product listing for ' x1 UBER ACCOUNT - WORLDWIDE TAXI!, ' anyone can buy a Uber account anonymously. Another vendor, identified as ThinkingFo...

Do you realize how often your smartphone is sharing your location data with various companies? It is more than 5000 times in just two weeks. That is little Shocking but True! A recent study by the security researchers from Carnegie Mellon reveals that a number of smartphone applications collect your location-related data — a lot more than you think. The security researcher released a warning against the alarming approach: " Your location [data] has been shared 5,398 times with Facebook, GO Launcher EX, Groupon and seven other [applications] in the last 14 days. " During their study, researchers monitored 23 Android smartphone users for three weeks. First Week - Participants were asked to use their smartphone apps as they would normally do. Second Week - An app called App Ops was installed to monitor and manage the data those apps were using. Third Week - The team of researchers started sending a daily " privacy nudge " alert that would ping particip...

Thomas Jiřikovský , an alleged Owner of one of the most popular Darknet website ' Sheep Marketplace , ' has been arrested after laundering around $40 Million, making it one of the biggest exit scams in Darknet history. After the arrest of Silk Road owner 'Ross Ulbricht' in 2013 -- Sheep Marketplace became the next famous anonymous underground marketplace among Black Market customers for selling illicit products, especially drugs. But only after few weeks, Sheep Marketplace was suddenly disappeared and was taken offline by its owner, who had been suspected of stealing $40 million worth of Bitcoins at the time when Bitcoin market value was at the peak. Shortly after this Bitcoin Scam, a Darknet commentator ' Gwern Branwen ' doxed the owner, and the suspect was identified -- Thomas Jiřikovský as the owner of the black market website. Unfortunately, Jiřikovský forgot to hide his identity and residential address from the Internet, which was exposed by his Facebook ...

The most popular and widely used encryption scheme has been found to be weaker with the disclosure of a new attack that could allow attackers to steal credit card numbers, passwords and other sensitive data from transmissions protected by SSL ( secure sockets layer ) and TLS ( transport layer security ) protocols. The attack leverages a 13-year-old weakness in the less secure Rivest Cipher 4 (RC4) encryption algorithm , which is the most commonly used stream cipher for protecting 30 percent of TLS traffic on the Internet today. BAR-MITZVAH ATTACK The attack, dubbed " Bar-Mitzvah ", can be carried out even without conducting man-in-the-middle attack (MITM) between the client and the server, as in the case of most of the previous SSL hacks. Itsik Mantin, a researcher from security firm Imperva, presented his findings in a research titled, " Attacking SSL when using RC4 " at the Black Hat Asia security conference Thursday in Singapore. Bar Mitzv...

Github – a popular coding website used by programmers to collaborate on software development – was hit by a large-scale distributed denial of service (DDoS) attack for more than 24 hours late Thursday night. It seems like when users from outside countries visit different websites on the Internet that serve advertisements and tracking code from Chinese Internet giant Baidu , the assailants on Chinese border quietly inject malicious JavaScript code into the pages of those websites. The code instructs browsers of visitors to those websites to rapidly connect to GitHub.com every two seconds in a way that visitors couldn't smell, creating "an extremely large amount of traffic," according to a researcher who goes by the name A nthr@x . "A certain device at the border of China's inner network and the Internet has hijacked the HTTP connections went into China, replaced some JavaScript files from Baidu with malicious ones," A nthr@x wrote at Insight La...

Google want to save its users' bandwidth at home. The company has released a " Data Saver extension for Chrome , " bringing its data compression feature for its desktop users for the first time. While tethering to a mobile Hotspot for Internet connection for your laptop, this new Data Saver extension for Chrome helps you reduce bandwidth usage by compressing the pages you visit over the Internet. If you are unaware of it, the data compression proxy service by Google is designed to save users' bandwidth, load pages faster, and increase security (by checking for malicious web pages) on your smartphones and tablets. REDUCE AS MUCH AS 50% OF DATA USAGE  Until now, the data compression service has been meant to benefit only mobile users, but the latest Data Saver Chrome Extension aims at helping desktop users by reducing their data usage by as much as 50 percent. " Reduces data usage [bandwidth] by using Google servers to optimize pages you visit,...