The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

ON HIGH-PRIORITY YAHOO! is finally rolling out encryption implementation over their site and services in order to protect users. Yahoo is rapidly becoming one of the most aggressive supporters of encryption, as in January this year Yahoo enabled the HTTPS connections by default, that automatically encrypts the connections between users and its email service. November last year, Yahoo revealed plans to encrypt all information that moves between its data centers and finally from 31st March Yahoo has taken another leap in user-data protection through the deployment of new encryption technologies. NSA TARGET LIST -  GMAIL, YAHOO, ... many more. Last year, It was revealed by  Edward Snowden  that under MUSCULAR program , the spy agency NSA was infiltrating the private data links between Google and Yahoo data centers. After finding themselves in the NSA's target list, Yahoo! and Google forced to think hard about the security and privacy of its users. Google had re...

A Free Chrome, Firefox and Safari web browser plugin floating around the web, called ' Sell Hack ' allows users to view the hidden email address of any LinkedIn user, means anyone can grab email addresses that we use for professional purposes. When installed, the ' Sell Hack ' plugin will pop up a ' Hack In ' button on LinkedIn profiles and further automatically mines email addresses of LinkedIn users. NOT A SECURITY BREACH It's not a Security breach, LinkedIn has confirmed that no LinkedIn data has been compromised, but rather this free extension rely on an algorithm that checks publicly available data in order to guess users’ email addresses. So without exploiting any loophole or vulnerability, Sell Hack is capable of predicting users' email addresses with OSINT (Open-Source Intelligence) techniques i.e. information collected from publicly available sources. It is also possible that, the Sell Hack extension is gathering data from ...

The Distributed Denial of Service (DDoS) attack is becoming more sophisticated and complex with the increase in the skills of attackers and so, has become one of favorite weapon for the cyber criminals to temporarily suspend or crash the services of a host connected to the Internet and till now nearly every big site had been a victim of this attack. Since 2013, Hackers have adopted new tactics to boost the sizes of Distributed Denial of Service ( DDoS ) attack known as ‘ Amplification Attack ’, leveraging the weakness in the UDP protocols. One of the commonly used by hacker is (Domain Name System) DNS Reflection Denial of Service (DrDoS). WHAT IS DrDoS ATTACK? The DNS Reflection Denial of Service (DrDoS) technique exploits security weaknesses in the Domain Name System (DNS) Internet protocol. Using Internet protocol spoofing, the source address is set to that of the targeted victim, which means all the replies will go to the target and the target of the attack receives re...

Hardly two month ago we reported about the first widely spread Android Bootkit malware , dubbed as ' Oldboot.A ', which infected more than 500,000 Smartphone users worldwide with Android operating system in last eight months, especially in China. Oldboot is a piece of Android malware that's designed to re-infect Mobile devices even after a thorough cleanup. It resides in the memory of infected devices;  It modify the devices’ boot partition and booting script file to launch system service and extract malicious application during the early stage of system’s booting. Yet another alarming report about Oldboot malware has been released by the Chinese Security Researchers from ' 360 Mobile Security '. They have discovered a new variant of the Oldboot family, dubbed as ' Oldboot.B ', designed exactly as Oldboot.A, but new variant has advance stealth techniques. Especially, the defense against with antivirus software, malware analyzer, and automatic a...

So, is your Safari Web Browser Updated?? Make sure you have the latest web browser updated for your Apple Macintosh systems, as Apple released Safari 6.1.3 and Safari 7.0.3 with new security updates. These Security updates addresses multiple vulnerabilities in its Safari web browser, which has always been the standard browser for Mac users. This times not five or ten, in fact about two dozen. Apple issued a security update to patch a total of 27 vulnerabilities in Safari web browser, including the one which was highlighted at Pwn2Own 2014 hacking competition. The available updates replace the browser running OSX 10.7 and 10.8 with the latest versions of browser 6.1.3, and OSX 10.9 with 7.0.3. Among the 27 vulnerabilities, the most remarkable vulnerability addressed in the update is CVE-2014-1303 , a heap-based buffer overflow that can be remotely exploited and could lead to bypass a sandbox protection mechanism via unspecified vector. This vulnerability is ...

So, How do Hackers compromise a Website? Simply by exploiting the flaws in it, that means they took advantage of the error in the developers’ code. Now, this time the hackers itself has left behind a crucial flaw in its malware code which can be exploited by us to help save our computer systems. Believe me, it’s not an April Fools’ joke! A malicious software program that holds the victims’ computer files hostage by wrapping them with strong encryption until the victim pays a ransom fee to get them decrypted, has a critical flaw in its malware code itself that it leaves the decryption key on the victim’s computer. The Anti-virus firm Symantec examined a sophisticated malware program dubbed as CryptoDefense (Trojan.Cryptodefense) ransomware , which appeared in the end of the last month. CryptoDefense is one of the complex malware programs that include a number of effective techniques, including Tor anonymity tool usage and Bitcoin digital currency to extort money from victims. Cryp...

Imagine, You Open a Winrar archive of MP3 files, but what if it will install a malware into your system when you play anyone of them. WinRAR, a widely used file archiver and data compression utility helps hackers to distribute malicious code. Israeli security researcher  Danor Cohen (An7i)   discovered the WinRAR file extension spoofing vulnerability. WinRAR file extension spoofing vulnerability allows hackers to modify the filename and extension inside the traditional file archive, that helps them to hide binary malicious code inside an archive, pretending itself as '.jpg' , '.txt' or any other format. Using a Hex editor tool, he analysed a ZIP file and noticed that winrar tool also adds some custom properties to an archive, including two names - First name is the original filename (FAX.png) and second name is the filename (FAX.png) that will appear at the WINRAR GUI window. Danor manipulated the second filename and extension to prepare a special Z...