The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Hackers have found a new way to hack your Android smartphone and remotely gain total control of it, even if your device is running the most up-to-date version of the Android operating system. Security researcher Guang Gong recently discovered a critical zero-day exploit in the latest version of Chrome for Android that allows an attacker to gain full administrative access to the victim's phone and works on every version of Android OS. The exploit leverages a vulnerability in JavaScript v8 engine , which comes pre-installed on almost all (Millions) modern and updated Android phones. All the attacker needs to do is tricking a victim to visit a website that contains malicious exploit code from Chrome browser. Once the victim accessed the site, the vulnerability in Chrome is exploited to install any malware application without user interaction, allowing hackers to gain remotely full control of the victim's phone. Also Read:   This Malware Can Delete and Replace Yo...

Facebook is planning to offer you the popular Snapchat feature in its Messenger app – ' Self-Destructing' Messages . Yes, Facebook is testing a new feature within its Messenger app that will allow its users to send self-destructing messages. Some Facebook users in France have spotted this new feature in the Messenger app that lets them send messages that only last for an hour. How to Turn ON the Feature? Users can turn on the self-destructing message feature within Messenger through an hourglass icon on the top-right corner of the conversation. The icon, when tapped, sets the messages to self-destruct after an hour of sending it. Tapping the hourglass icon again will turn off the feature, with everything going back to normal. Here's what Facebook says about the feature: "We're excited to announce the latest in an engaging line of optional product features geared towards making Messenger the best way to communicate with the people that ...

The fight to protect your company's data isn't for the faint of heart. As an embattled IT warrior, with more systems, apps, and users to support than ever before, keeping everything up and running is a battle in itself. When it comes to preventing the worst-case scenario from happening, you need all the help you can get, despite your super-hero status. According to SANS, there are 6 key phases of an incident response plan. Preparation - Preparing users and IT to handle potential incidents in case they happen Identification - Figuring out what we mean by a "security incident" (which events can we ignore vs. which we must act on right now?) Containment - Isolating affected systems to prevent further damage Eradication - Finding and eliminating the root cause (removing affected systems from production) Recovery - Permitting affected systems back into the production environment (and watching them closely) Lessons Learned - Writing everything down and reviewing an...

The non-profit Tor Project has accused the FBI of paying the security researchers of Carnegie Mellon University (CMU) at least $1 Million to disclose the technique they had discovered that could help them… …Unmask Tor users as well as Reveal their IP addresses as part of a criminal investigation. As evidence, the Tor Project points to the cyber attack that it discovered last year in July. The team discovered more than hundred new Tor relays that modified Tor protocol headers to track people who were looking for Hidden Services – web servers hosted on Tor that offers more privacy. The Evidence The unknown attackers used a combination of nodes and exit relays, along with some vulnerabilities in the Tor network protocol that let them uncovered users' real IP addresses. The attack reportedly began in February 2014 and ran until July 2014, when the Tor Project discovered the vulnerability. Within few days, the team updated its software and rolled out new ve...

The US government has charged hackers over the largest ever hacking case in financial history. The US Court of the Southern District of New York has charged three men accused of hacking into many financial institutions, including JPMorgan Chase that, according to the officials, was "the largest theft of user data from a U.S. financial institution in history." JPMorgan Chase is one of the world's biggest banks that controls total assets worth more than $2.59 Trillion . The Hackers targeted at least nine financial institutions between 2012 and mid-2015, including JPMorgan Chase, brokerages and a major business news publication, and stolen information of " over 100 Million customers ," Bloomberg reported Tuesday. The three men, including Gery Shalon , Ziv Orenstein , and Joshua Samuel Aaron were charged with 23 counts, including hacking, identity theft, securities fraud, and money laundering, among others. A separate indictment was also ...

Vulnerabilities are common these days and when we talk about mobile security, this year has been somewhat of a trouble for Android users. Almost every week we come across a new hack affecting Android devices. One of the serious vulnerabilities is the  Stagefright Security Bug , where all it needed to install malicious code on the Android devices was a simple text message. Although Google patched these security holes in its latest Android update, manufacturers can take a long time to release their own updates, and it's even possible that older devices may not get the updates at all. So, even after the release of patches for these critical vulnerabilities, it is difficult to say which Android devices are at risk of what bugs. There is a one-click solution to this problem. One Android app can help educate you and help you know whether your devices is at risk. One-Click Solution to Check Your Device for All Critical Bugs Android Vulnerability Test Suite ( VT...