The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Pokémon GO launched just two weeks ago, and people have been getting crazy to catch 'em all. Users, on an average, are spending more time engaged with the new Pokémon GO app than any other apps like Snapchat. But, before downloading and playing Nintendo's new location-based augmented reality game, users are required to keep the following points in their minds: 1. Unofficial Pokémon GO app might contain Malware Since Pokémon GO is currently available in only a few countries, many third-party gaming websites are offering tutorials due to huge interest surrounding the app, recommending users to download the APK from a non-Google Play link. Users need to "side-load" the malicious app to install the APK by modifying their Android core security settings, which allows their device's OS to install apps from " untrusted sources ." However, researchers have discovered that many of these online tutorials are linked to malicious versions of the Pokém...

Online privacy is an Internet buzzword nowadays. If you are also concerned about the privacy of your web surfing, the most efficient way is to use TOR – a free software that lets users communicate anonymously by hiding their actual location from snoopers. Although TOR is a great anonymous network, it has some limitations that could still allow a motivated hacker to compromise the anonymity of legions of users, including dark web criminals as well as privacy-minded innocents. Moreover, TOR (The Onion Network) has likely been targeted by the FBI to arrest criminals , including the alleged Silk Road 2 lieutenant Brian Richard Farrell, who was arrested in January 2014. Even the TOR Project accused the FBI of paying the researchers of Carnegie Mellon University (CMU) at least $1 Million to disclose a technique that could help the agency unmask TOR users and reveal their IP addresses as part of a criminal investigation. So, what's next? Is there an alternative? Well, most p...

No software is immune to being Hacked! Not even Linux. The Ubuntu online forums have been hacked, and data belonging to over 2 Million users have been compromised, Canonical just announced. The compromised users’ data include their IP addresses, usernames, and email addresses, according to the company, who failed to apply a patch to secure its users' data. However, users should keep in mind that the hack did not affect the Ubuntu operating system, or it was not due to a vulnerability or weakness in the OS. Instead, the breach only affected the Ubuntu online forums that people use to discuss the OS, said BetaNews, who initially reported the news. "There has been a security breach on the Ubuntu Forums site," Jane Silber, Chief Executive Officer at Canonical wrote in a blog post . "We take information security and user privacy very seriously, follow a strict set of security practices and this incident has triggered a thorough investigation." "C...

Especially after the Snowden revelations of global  mass surveillance by US intelligence agencies at home and abroad, various countries demanded tech companies including Google, Apple, and Microsoft to set-up and maintain their servers in respective countries in order to keep their citizen data within boundaries. The US government has powers to comply US-based tech companies with the court orders to hand over their customers' data stored on servers, even if the data centers are beyond US borders. Now, the recent court decision has proven that the data centers and servers located outside the US boundaries are safe haven. The Second Circuit Court of Appeals in New York ruled Thursday that the United States government cannot force tech companies to give the FBI or other federal authorities access to their non-US customers' data stored on servers located in other countries. US Government Can't go Beyond its Boundaries to Collect Data Yes, the Stored Communicatio...

Yes, you heard it right. If I tell you not to visit my website, but you still visit it knowing you are disapproved, you are committing a federal crime, and I have the authority to sue you. Wait! I haven't disapproved you yet. Rather I'm making you aware of a new court decision that may trouble you and could have big implications going forward. The United States Court of Appeals for the Ninth Circuit has taken a critical decision on the Computer Fraud and Abuse Act (CFAA): Companies can seek civil and criminal penalties against people who access or visit their websites without their permission. Even Sharing Password is also a Federal Crime... Yes, a similar weird decision was taken last week when the Ninth Circuit Court of Appeals ruled that sharing passwords can be a violation of the CFAA, making Millions of people who share their passwords "unwitting federal criminals." Now, you might be wondering how visiting a publically open website could be a crime. We...

Just yesterday, I wrote a warning article announcing that Drupal – the popular open source content management system – will release patches for several highly critical Remote Code Execution (RCE) bugs that could allow attackers to fully take over any affected site. Below are the three separate Drupal modules that affect up to 10,000 websites: 1. RESTful Web Services – a popular module used for creating REST APIs, which is currently installed on at least 5,804 websites. The vulnerability in RESTWS alters the default page callbacks for entities to provide additional functionality, allowing attackers to "send specially crafted requests resulting in arbitrary PHP execution." Since anonymous users can exploit this vulnerability and there isn't any mitigating factor, users are advised to patch their websites as soon as possible. Admins using RESTful Web Services versions 7.x-2.x prior to 7.x-2.6 and versions 7.x-1.x prior to 7.x-1.7 for their Drupal websites are...