The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Mozilla has rolled out the latest Version 37 of its Firefox browser for Windows desktop, Mac, Linux and Android operating systems. The new release also adds patches for 13 different security advisories along with some new security improvements as well as user-experience features. The biggest security feature added to Firefox 37 among others is the "Opportunistic Encryption" (OE) for servers and websites that support " HTTP/2 AltSvc. " Opportunistic Encryption (OE) allows Firefox browser to encrypt the traffic over plaintext HTTP connection without any need to authenticate it. This will help you to create, not complete, but some confidentiality from attackers to eavesdrop on your connection. So Opportunistic encryption can be implemented with very minimal changes to an existing IPsec implementation. The move by Mozilla is really a bonus for HTTP users with no encryption measure at all, but still it is not as good as authenticated encryption ...

OnePlus One users might be waiting for the new Lollipop based ROM for their smartphones. The wait is over as the popular Chinese smartphone maker OnePlus has finally released its own custom ROM --  OnePlus OxygenOS , which is based on Android 5.0 Lollipop. Last month, the OnePlus announced the official release of its in-house OxygenOS to 'One' on or before March 27, but was failed to deliver the update due to a couple of security issues discovered in the update. The news disappointed many OnePlus customers, including me, who were looking forward to their Lollipop updates. However, the update is now ready for downloading from the OnePlus servers. Also, a full installation guide has been provided for customers who want to switch from the CyanogenMod 11S to the latest OxygenOS. "Developing OxygenOS has been an incredibly fun and challenging experience for all of us, " the company wrote . " In this environment where everyone is fighting to standou...

Security researchers have uncovered an active cyber attack campaign that has successfully stolen more than $1 Million from a variety of targeted enterprise organizations using spear phishing emails, malware and social engineering tricks. The campaign, dubbed " The Dyre Wolf " by researchers from IBM's Security Intelligence division, targets businesses and organizations that use wire transfers to transfer large sums of money, even if the transaction is protected by 2-factor authentication. A MIXTURE OF MALWARE, SOCIAL ENGINEERING & DDoS Nowadays, cybercriminals not only rely on banking Trojans to harvest financial credentials, but also using sophisticated social engineering tactics to attack big corporations that frequently conduct wire transfers to move large sums. " An experienced and resource-backed [cyber criminal] gang operates Dyre ," John Kuhn, Senior Threat Researcher at IBM Managed Security Service, wrote in a blog post published Th...

Last year at Google I/O developer event, Google launched a limited beta " App Runtime for Chrome " (ARC) project, which now expanded to run millions of Android apps within Chrome browser. Google has released a new developer tool called App Runtime for Chrome (ARC) Welder that allows Android apps to run on Chrome for Linux, Windows, and OS X systems. App Runtime for Chrome (ARC) was an early experiment specifically designed for app developers, but now anyone can download it. Google Chrome's ARC Welder app can now run any of your favorite Android apps like WhatsApp, Candy Crush, Angry Birds, all from your Chrome web browser . ARC welder tool operates via some special runtime implemented using Native Client (NaCl) in-browser binary execution tech. Native Client is a Chrome sandboxing technology that allows Chrome plugins and apps to run at near-native speeds, taking full advantage of the system's CPU and GPU. Google ported complete Android s...

The Fourth and final member of an international hacking group called " Xbox Underground " (XU) has pled guilty to steal more than $100 Million in intellectual property and data from Microsoft, Epic Games, and Valve Corporation. In addition, the group also stole an Apache helicopter simulator developed by Zombie Studios (''Zombie") for the U.S. Army and gained access to the U.S. Army's computer network. Austin Alcala , a 19-year-old of McCordsville, Indiana, along with two other Americans and a Canadian, has found guilty to charges of computer hacking conspiracies and criminal copyright infringement involving theft of information related to then-unreleased Xbox One gaming console and Xbox Live games. All the other members of the hacking group have been pleaded guilty before. Two members, Sanadodeh Nesheiwat , 28, and David Pokora , 22, pleaded guilty last September, while a third member, Nathan Leroux , 20, pleaded guilty to the same conspira...

The Security audit of TrueCrypt disk-encryption software has been completed, with no evidence of any critical design vulnerabilities or deliberate backdoors in its code. TrueCrypt -- one of the world's most-used open source file encryption software used by Millions of privacy and security enthusiasts -- is being audited from past two years by a team of security researchers to assess if it could be easily exploited and cracked. Hopefully, it has cleared the second phase of the audit. TrueCrypt is a free, open-source and cross-platform encryption program available for Windows, OSX and Linux that can be used to encrypt individual folders or encrypt entire hard drive partitions including the system partition. NO NSA BACKDOORS Security Auditors and Cryptography Experts at NCC took an initiative to perform a public information security audit of TrueCrypt in response to the concerns that National Security Agency (NSA) may have tampered with it, according to a leaked cl...