The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Imagine you have lost your credit card and applied for a fresh credit card from your bank. What if some criminal is using your new credit card before you have even received it? Yes, it's possible at least with this $10 device. Hardware hacker Samy Kamkar has built a $10 device that can predict and store hundreds of American Express credit card numbers, allowing anyone to use them for wireless payment transactions, even at non-wireless terminals. The device, dubbed MagSpoof , guesses the next credit card numbers and new expiration dates based on a cancelled credit card's number and when the replacement card was requested respectively. This process does not require the three or four-digit CVV numbers that are printed on the back side of the credit cards. Also Read:  How Hackers Can Hack Your Chip-and-PIN Credit Cards The tiny gadget would be a dream of any card fraudster who can pilfer cash from the stolen credit cards even after they have been blocked ...

Remember Junaid Hussain ? Junaid Hussain – a hacker turned ISIS cyber mastermind who was killed in a US drone strike in August this year. But something has emerged what we don't know about the death of Hussain. The infamous hacker who in the past hacked the Anonymous pseudo-official Twitter accounts, now claims he served as an FBI informant to help the US government track down Junaid Hussain. The hacker, goes by the online alias Shm00p ( @5hm00p ), is a member of the hacking collective Rustle League and believes he is "99.9% sure" that the information given by him to the FBI agents led to the extrajudicial killing of Hussain. "What the fuck have I done," Shm00p tweeted early Sunday morning. Over 15 hours later after his first tweet, Shm00p made a series of tweets at the FBI Twitter account. "I lost a lot of good friendship and my fucking honor," Shm00p tweeted at the FBI. You can see an archived copy of his now deleted t...

Similar to the Superfish malware that surrounded Lenovo laptops in February, another big computer manufacturer Dell spotted selling PCs and laptops pre-installed with a rogue SSL certificate that could allow attackers: To impersonate as any HTTPS-protected website and spy on when banking or shopping online. The rogue certificate, dubbed eDellRoot , was first discovered over the weekend by a software programmer named Joe Nord . The certificate is so creepy that it automatically re-installs itself even when removed from the Windows operating system. Also Read:  Lenovo Caught Using Rootkit to Secretly Install Unremovable Software Superfish 2.0: Unkillable Zombie The self-signed transport layer security (TLS) credential came pre-installed as a root certificate on Dell PCs and laptops that are signed with the same private cryptographic key, which is stored locally. That means an attacker with moderate technical skills can extract the key and abuse it to sig...

In the wake of horrific terror attacks in Paris, the online Hacktivist group Anonymous last week declared " total war " against the Islamic State militant group (ISIS) that claimed responsibility for the attacks. While French, Russian, and US military are bombing ISIS from the sky, Anonymous members from all over the world are carrying out their very own cyber attack campaign, dubbed #OpParis , against the terrorist organization. Anonymous has claimed to have taken down 20,000 ISIS-affiliated Twitter accounts in order to take revenge from ISIS for the deadly Paris attacks on November 13. Anonymous Took Down 20,000 ISIS-affiliated Twitter Accounts In a YouTube video posted on Wednesday, the group said: "More than 20,000 Twitter accounts belonging to ISIS were taken down by Anonymous." The group has provided a list of all the Twitter accounts that have been taken down. On Tuesday, the hacktivist group claimed to have successfully taken ...

Own an Android Smartphone? Hackers can install any malicious third-party app on your smartphone remotely even if you have clearly tapped a reject button of the app. Security researchers have uncovered a trojanized adware family that has the capability to automatically install any app on an Android device by abusing the operating system's accessibility features. Michael Bentley , head of response at mobile security firm Lookout, warned in a blog post published Thursday that the team has found three adware families: Shedun (GhostPush) Kemoge (ShiftyBug) Shuanet Also Read:  Android Malware Can Spy On You Even When Your Mobile Is Off All the three adware families root-infect Android devices in order to prevent their removal and give attackers unrestricted access to the devices. But, it seems that the Shedun adware family has capabilities that go beyond the reach of other adware families. The Malware Doesn't Exploit Any Vulnerability It is...

Do Mac Computers Get Viruses? Yes, Of Course, they do!  According to stats, malware for MAC OS X has appeared five times more in 2015 alone than the previous five years combined. As malware for Macs is becoming more common, Google has decided to add support for Mac  OS X malware detection to its VirusTotal web-based service. VirusTotal — launched in 2004 and acquired by Google in 2012 — is a free and popular online service for security researchers and Hackers that lets you upload files to check them for viruses. VirusTotal scans uploaded files with more than 55 different Antivirus products and Online scan engines to provide a combined report on the results. VirusTotal also runs certain ' Windows PE files and Android apps ' files in the Sandbox , a controlled research environment used for malware analysis. According to the recent announcement, VirusTotal will also be able to execute suspicious Mac executable files inside its Sandbox environmen...

Yes, you heard it right. Mark Zuckerberg has left his job at Facebook. Don't believe me? I can prove it to you. —  Check this Facebook Post by yourself  — This is weird, Isn't it? But, don't be surprised or shocked, because what you just saw was only an illusion. This is actually a minor bug in the popular social media website that allows anyone to manipulate the life event of any user who has his work status posted on Facebook. The bug, uncovered by the independent hacker Sachin Thakuri , is not a technical flaw. So how was he able to do this? All Thakuri did is took the original URL of Mark Zuckerberg life event: https://www.facebook.com/zuck/timeline/story?ut=32&wstart=-2051193600&wend=2147483647&hash=971179541251&pagefilter=3 &ustart=1 &__mref=message_bubble ...and remove the ustart=1 parameter, which left him with: https://www.facebook.com/zuck/timeline/story?ut=32&wstart=-2051193600&wend=21474836...