The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The National Security Agency will restrict access to, and ultimately destroy, millions of US phone records previously collected by the spy agency, the Office of the Director of National Intelligence (ODNI) announced Monday. The federal law was passed in June ending the NSA’s bulk collection of U.S. Citizen’s Telephone records and destroying the data it collected under a controversial global spying program disclosed by former NSA contractor Edward Snowden. So far, the ODNI didn’t specify when the agency would destroy these metadata records , but noted that the metadata must be retained until the lawsuits around the metadata collection program are ongoing. NSA’s Bulk Metadata Collection is illegal Section 215 of the Patriot Act legally authorizes the law enforcement agencies to collect "any tangible things" that the government proves are connected or linked to an investigation into any suspected terrorist. However, the verdict in May ruled that the mas...

A critical vulnerability has been discovered in the official Apple’s App Store and iTunes Store, affecting millions of Apple users. Vulnerability-Lab Founder and security researcher Benjamin Kunz Mejri discovered an Application-Side input validation web vulnerability that actually resides in the Apple App Store invoice module and is remotely exploitable by both sender as well as the receiver. The vulnerability, estimated as high in severity, has been reported to Apple Security team on June 9, 2015 and the company patched the issue within a month. How the vulnerability works? By exploiting the flaw, a remote hacker can manipulate the name value ( device cell name ) by replacing it with a malicious script code. Now, if the attacker buys any product in the App Store or iTunes Store, the internal app store service takes the device value ( which is actually the malicious code ) and generates the invoice which is then sends to the seller account. This results in...

Wanna Hack an extremely secure Computer? You do not need sophisticated techniques or equipment to do so. To hack an Air-Gapped computer – All you need is a cell phone; even old-fashioned, dumb phones from the past decade will work. Yes, Hacking Air-Gapped Computers is possible using a basic low-end mobile phone. Israeli security researchers have devised a new attack to steal data from a computer that is isolated from the internet and other computers that are connected to external networks, also known as an air-gapped computer. This new hack attack that could steal data from a highly secured computer uses: The GSM network Electromagnetic waves A basic low-end mobile phone The research was conducted by lead security researcher Mordechai Guri, along with Yuval Elovici, Assaf Kachlon, Ofer Hasson, Yisroel Mirsky, and Gabi Kedma – the same researchers who developed a previous attack that used a smartphone to wirelessly extract data from Air-Gapped computers . ...

Own an Android phone? Beware, Your Android smartphones can be hacked by just a malformed text message. Security researchers have found that 95% of Android devices running version 2.2 to 5.1 of operating system, which includes Lollipop and KitKat, are vulnerable to a security bug, affecting more than 950 Million Android smartphones and tablets. Almost all Android smart devices available today are open to attack that could allow hackers to access the vulnerable device without the owners being aware of it, according to Joshua Drake, vice president of platform research and exploitation at security firm Zimperium. The vulnerability actually resides in a core Android component called " Stagefright ," a multimedia playback library used by Android to process, record and play multimedia files such as PDFs. A Text Message Received...Your Game is Over The sad news for most of the Android users is that the fix will not help Millions of Android users that owned o...

Next time you find yourself hooked up behind the wheel, make sure that your car is actually in your control. Hackers are now able to break into hundreds of thousands of vehicles on the road. Car hacking is a hot topic today and until now it was performed only while researchers were hard-wired into a car's electrical system. However, the most recent hack performed by two computer hackers, who have spent years developing ways to crack the digital safeguards of Internet-connected vehicles, is rather more Disturbing. Researchers Charlie Miller and Chris Valasek recently demonstrated their abilities to control a Jeep Cherokee remotely from miles away by exploiting the car's entertainment system that was connected to the mobile data network. The duo was able to move laterally into other electronic parts of the vehicle, like the air conditioning, transmission, and even the car's steering controls. 1.4 Million Car Models Vulnerable Not just Jeep Cherokee, but the rest of ...

Do you own a Smartwatch ? If yes, then how safe it is? There are almost 100 percent chances that you own a vulnerable Smartwatch. Computer manufacturer Hewlett-Packard is warning users of smartwatches including Apple Watch and Samsung Gear that their wearable devices are vulnerable to cyber attacks. In a study, HP's Fortify tested today's top 10 smartwatches for security features, such as basic data encryption, password protection and privacy concerns. The most shocking part of the study was that –  Not even a Single Smartwatch Found to be 100 percent Safe Security experts found that 100 percent of wearable devices contained at least one serious security vulnerability that could make the devices vulnerable to hackers. With the increase in the adoption of smartwatches, manufacturers need to pay closer attention to the customers' security because these wearable devices could potentially open doors to new threats to personal and sensitive informat...

I think you'll agree with me when I say: It's quite hard to maintain anonymity on the Internet using the slow Tor network. Or is it? Well, it turns out, you may soon boost your online anonymity dramatically with the help of a new high-speed anonymity network. A group of six academics have developed a Tor network alternative for users that allows high-speed anonymous web surfing, reinforcing the privacy of Internet users worldwide. The network is dubbed: HORNET: High-speed Onion Routing at the Network Layer Many anonymising networks, including The Onion Router (or TOR) network, are often slow because the data passing through the networks is encrypted a many numbers of times. However, the high-speed onion routing network HORNET is capable of handling anonymous traffic at speeds of more than 93 Gbps  while maintaining privacy. The new anonymous network is built by researcher Chen Chen of Carnegie Mellon University , along with Daniele Enri...