The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Terrorist organisations are increasingly using high-grade encryption technologies to prevent being caught by the law enforcement. But, that was not in the case of last year's Paris attacks that killed 129 people, as Encryption seems to have played little to no role. So, Who was the Real Culprit Behind the Attacks? The 'Burner' Phones. Burner Phones, or Prepaid mobile phones, are often the quick, easy, and anonymous method of communication. All you need to do is head to your nearest big-box store and pick up a cheap prepaid "burner" phone and a phone card. Now you have an entirely useable phone with no ID that could reveal your identity. It seems that these prepaid "burner" phones are a dream tool for terrorist organisations that bring them in bulk and then disposed of each time they make a communication. The same prepaid phones were utilized in the terrorist attacks in Paris late last year. Therefore, by using different phon...

The Federal Bureau of Investigation (FBI) has lengthened its Most Wanted List by adding seven Iranian hackers who are accused of attacking a range of US banks and a New York dam. On Thursday, the United States Department of Justice (DoJ) charged seven Iranian hackers with a slew of computer hacking offences for breaking into computer systems of dozens of US banks, causing Millions of dollars in damages, and tried to shut down a New York dam. The individual hackers, who allegedly worked for computer security companies linked to the Iranian government, were indicted for an " extensive campaign " of cyber attacks against the US financial sector. All the seven hackers have been added to the FBI's Most Wanted list, and their names are: Ahmad Fathi , 37 Hamid Firoozi , 34 Amin Shokohi , 25 Sadegh Ahmadzadegan (aka Nitr0jen26), 23 Omid Ghaffarinia (aka PLuS), 25 Sina Keissar , 25 Nader Saedi (aka Turk Server), 26 All the hackers have been charg...

A critical zero-day vulnerability has been discovered in all versions of Apple's OS X operating system that allows hackers to exploit the company's newest protection feature and steal sensitive data from affected devices. With the release of OS X El Capitan, Apple introduced a security protection feature to the OS X kernel called System Integrity Protection ( SIP ). The feature is designed to prevent potentially malicious or bad software from modifying protected files and folders on your Mac. The purpose of SIP is to restrict the root account of OS X devices and limit the actions a root user can perform on protected parts of the system in an effort to reduce the chance of malicious code hijacking a device or performing privilege escalation. However, SentinelOne security researcher Pedro Vilaça has uncovered a critical vulnerability in both OS X and iOS that allows for local privilege escalation as well as bypasses SIP without kernel exploit, impacting all versions...

Tay, Microsoft's new Artificial Intelligence (AI) chatbot on Twitter had to be pulled down a day after it launched, following incredibly racist comments and tweets praising Hitler and bashing feminists. Microsoft had launched the Millennial-inspired artificial intelligence chatbot on Wednesday, claiming that it will become smarter the more people talk to it. The real-world aim of Tay is to allow researchers to "experiment" with conversational understanding, as well as learn how people talk to each other and get progressively "smarter." "The AI chatbot Tay is a machine learning project, designed for human engagement," a Microsoft spokesperson said. "It is as much a social and cultural experiment, as it is technical. Unfortunately, within the first 24 hours of coming online, we became aware of a coordinated effort by some users to abuse Tay's commenting skills to have Tay respond in inappropriate ways. As a result, we have taken Tay offline and are...

Despite so many messaging apps, Email is still one of the widely used and popular ways to communicate in this digital age. But are your Emails secure? We are using email services for decades, but the underlying 1980s transport protocol used to send emails, Simple Mail Transfer Protocol (SMTP), is ancient and lacks the ability to secure your email communication entirely. However, to overcome this problem, SMTP STARTTLS was invented in 2002 as a way to upgrade an insecure connection to a secure connection using TLS. But, STARTTLS was susceptible to man-in-the-middle attacks and encryption downgrades. But worry not. A new security feature is on its way!!! SMTP STS: An Effort to Make Email More Secure Top email providers, namely Google, Microsoft, Yahoo!, Comcast, LinkedIn, and 1&1 Mail & Media Development, have joined forces to develop a new email standard that makes sure the emails you send are going through an encrypted channel and cannot be sniffed. Dubbed SMT...

Meet the security company that is helping Federal Bureau of Investigation (FBI) in unlocking San Bernardino shooters' iPhone: The Israeli mobile forensics firm Cellebrite . Yes, Cellebrite – the provider of mobile forensic software from Israel – is helping the FBI in its attempt to unlock iPhone 5C that belonged to San Bernardino shooter, Syed Rizwan Farook, the Israeli YNetNews reported on Wednesday. The company's website claims that its service allows investigators to unlock Apple devices running iOS 8.x " in a forensically sound manner and without any hardware intervention or risk of device wipe. " If Cellebrite succeeds in unlocking Farook's iPhone, the FBI will no longer need Apple to create a backdoored version of its iOS operating system that could let it access data on Farook's locked iPhone 5C. Apple is engaged in a legal encryption battle with the US Department of Justice (DoJ) over a court order that forces the company to write ...

Security researchers have discovered a new data-stealing Trojan that makes special use of USB devices in order to spread itself and does not leave any trace of activity on the compromised systems. Dubbed USB Thief ( or Win32/PSW.Stealer.NAI), the malware has the capability of stealthy attacking against air-gapped or isolated computers, warns ESET security firm. The malware author has employed special programs to protect the USB Thief from being reproduced or copied, making it even harder to detect and reverse-engineer. USB Thief has been designed for targeted attacks on computer systems that are isolated from the Internet, according to the ESET malware analyst Tomáš Gardoň. The 'USB Thief' Trojan Malware The USB Thief Trojan malware is stored either as a portable application's plugin source or as a Dynamically Linked Library (DLL) used by the portable application. Since USB devices often store popular applications like Firefox, Notepad++ or TrueCrypt portab...