The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

If you see any wall post or inbox message -- saying, “ Warning!!! Facebook Security Warning!!! Do this before your account gets deactivated! ," and urges you to follow some steps to reactivate your Facebook account, then just ignore it; It's a Facebook Scam! Facebook has become one of the most popular website with more than one billion active users this year. Hundreds of people join the social networking website to reconnect with their old friends and get a chance to make new friends. But, with the increase in various scams on Facebook to target users, it became very clear that not only does the social networking platform provide special opportunities for people to connect and share information; it also serves as a great and useful platform for scammers. Once again scammers have targeted Facebook users by spreading new kind of scam that threatens users with account deactivation if they don't register it again. " Attention : to all facebook users Your ...

After hacking PCs, Cyber criminals have now begun targeting Smartphones with a special piece of malicious software that locks up the devices until the victims pay a ransom to get the keys to unlock the phone, called Ransomware .  Ransomware typically targets users' personal computers and has become a profitable way for cyber criminals to earn money. To deliver the Ransomware malwares to the mobile devices, cyber criminals have started creating malicious software programs that masquerade as antivirus apps or other play store apps, but instead of protecting your smart devices, they lock up your Smartphone until you pay a ransom to unlock it. RANSOMWARE - POLICE &  CRYPTOLOCKER As we reported earlier in news updates, security researchers disclosed various Police ransomware targeting users' personal computers. The ransomware software once installed, cyber criminals attempts to lock the victim’s computer hard disk and files from a remote location. Usuall...

After the Heartbleed bug that exposed half of the Internet vulnerable to hackers thereby marking as one of the largest Internet vulnerability in recent history, the critical flaw in the implementation of the DNS protocol could also represent a serious menace to the Internet security. A Serious security vulnerability has been discovered in the algorithms of DNS software – BIND by the two Israeli students ' Roee Hay ' and ' Jonathan Kalechstein ', who are working under a project out at the Laboratory of Computer Communication & Networking in the Faculty of Computer Science at the Technion , which was led by Dr. Gabi Nakibly from Rafael (Rafael Advanced Defense Systems Ltd.). Although, Technion students have not provided any detail explanation about the vulnerability , but indicated that by exploiting the DNS protocol flaw an attacker could redirect the users who are trying to visit a legitimate website to a fake and bogus website which the attacker con...

The collection of slashes and hyphens in URLs of websites make it look complicated and messy, now the new experimental version of the Google Chrome browser bury the whole URL into the top-level domain name. Google’s new experiment to the recent update to Chrome 's publicly available Canary browser indicates that in the coming weeks Google may eventually hide the full URLs of the websites and will show only the website name and domain even if you are navigating within the website, something familiar with the mobile version of Safari. Chrome Canary is an early build and a leading-edge of the next version of Google’s web browser and a couple of days ago, Google pushed an update to both of its Chrome Canary and beta builds that hide long URLs of a website from the address bar. OMNIBOX - NEW ADDRESS BAR The field that is mostly known as address bar is now better known as “omnibox”, a single bar at the top of the screen that gives you ability to type terms you want to ...

An 18-year old Miami University student is facing charges for allegedly breaching the school's computer system to change grades for himself and four other students. Jose Bautista appeared before a judge Friday after he was arrested Thursday by the Miami School Board Police after the principal of Dr. Michael M. Krop Senior High School turned him in, after the student reportedly gave him a written confession. The principal claims he obtained a written confession from the student. " It's not fair to the people that really try ," said Mayan Dehry , a student at Bautista's school. " Like, I know a lot of kids are in AP classes, and they try really hard to get the grades that they get. I don't know, if you're just going to be lazy and then change your grades, that's not what learning is about. " A fellow student Brett Curtis said Bautista's actions are not representative of the majority of his peers. " We have almost 3,000...

After Heartbleed bug , a security flaw in widely used open-source software OpenSSL that puts countless websites at risk, another vulnerability has been found in popular authentication software OpenID and authorization software OAuth. Wang Jing , a Chinese mathematics Ph.D student at the Nanyang Technological University in Singapore, found that the OAuth and OpenID open source login tools are vulnerable to the " Covert Redirect " exploit. The login tools ‘ OAuth ’ and ‘OpenID’ protocols are the commonly used open standard for authorization. OAuth designed as a way for users to sign in or sign up for other services using an existing identity of a site such as Google, Facebook, Microsoft or Twitter, whereas OpenID is a decentralized authentication system for the Internet that allows users to log in at websites across the internet with same digital identity. The Covert Redirect vulnerability could affect those who use ‘OAuth’ and ‘OpenID’ protocols to ‘login’ to the websites ...

Microsoft had publicized widely its plans to stop supporting oldest and widely used Operating system, Windows XP after 8th April this year, which means Microsoft would no longer issue security patches for XP. A few days back, we reported about a new critical Zero-day vulnerability in all versions of Microsoft’s browser Internet Explorer, starting with IE version 6 and including IE version 11. According to the advisory (CVE-2014-1776), All versions of Internet Explorer are vulnerable to Remote Code Execution flaw, which resides ' in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated ,’ Microsoft confirmed . An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. FIRST PATCH FOR WINDOWS XP, EVEN AFTER EXPIRATION DATE Internet Explorer vulnerability poses a special concern for people still using Windows XP , but can Microsoft really ignore inno...