The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A cyber campaign that was targeting iPhone and iPad owners with a sophisticated Ransomware in Australia and New Zealand last month, drawn special attention of online media and security analysts. Russian Authorities have arrested two young hackers from Moscow for their alleged involvement in compromising Apple ID accounts and then using ' Apple's Find My iPhone ' service to hold iOS devices for ransom. A Russian man aged 23 and a teenager aged 17 had been taken into custody in the Southern Administrative District of Moscow for their part in " blocking of Apple devices to extort funds ," claims the press release on the Russian Interior Ministry's website on Tuesday. According to the authorities, one of the suspects used phishing websites to trick victims into giving up their Apple ID username and password. The second suspect's activities are exactly same of the ' Oleg Pliss attack '. " The first involved gaining access to the victim's Apple ID by means of the c...

Yesterday, the most popular RSS reader Feedly was down as a result of a large scale distributed-denial-of service (DDoS) attack carried by the cybercriminals to extort money. On Wednesday, the Feedly was temporarily unavailable for its users. Feedly posted details of the attack at 5:00 AM ET on its blog saying that they were under a Distributed Denial of Service (DDoS) attack and cyber-criminals were demanding money in return for returning the service to its normal operations. " Criminals are attacking feedly with a distributed denial of service attack (DDoS). The attacker is trying to extort us money to make it stop, " Edwin Khodabakchian, founder and CEO of Feedly said in a statement on Wednesday. He also expressed regret, " We want to apologize for the inconvenience. Please know that you data is safe and you will be able to re-access your feedly as soon as the attack is neutralized. " Feedly is a very popular RSS feed service which is available for desktop, iOS and...

Yahoo offers a web browser toolbar which includes apps for leading sites like Facebook, Yahoo! Mail, Weather and News. Yahoo Toolbar also known as Y! Toolbar is available for Internet Explorer, Firefox and Google Chrome web browsers. Yahoo Toolbar is one of the most popular and widely installed web browser add-on/extension. Many popular softwares like Java Update and thousands of free software including some Antivirus products promote Yahoo toolbar and bundled it into their installer files. A vulnerability has been reported in Yahoo Toolbar by Security Researcher Behrouz SAdeghipour , which causes cross site scripting flaw on popular websites like Flickr, Yahoo, Google, Pinterest, Youtube, Amazon, Twitter and many more. Yahoo Toolbar vulnerability triggers all previous non-exploitable XSS payloads on popular websites as shown below in multiple screenshots provided by Behrouz to The Hacker News .  The vulnerability resides in the way Toolbar intercept...

A quiet change in the privacy setting of its forthcoming iOS 8 smartphone Operating System, Apple could effectively block the path for advertisers, marketers, and other snoopers looking to collect data about you and your location from your Smartphone devices. When your mobile device scan for a free Wi-Fi network, whether at the shopping complex, airport, or restaurant, it sends out the MAC address which is a unique identifier of the device that allows devices to distinguish between one another on a network. Routers need this identifier to connect you to a network. Advertisers and retailers have been seeking to track these identifiers to help offer personalized advertisements to customers based on where they've been. Thanks to Apple's upcoming feature which will enhance users privacy to one step higher than other smartphone providers. Apple announced the change during its annual Worldwide Developers Conference (WWDC) in Cupertino last week, revealing that the feature will restrict ...

While shopping online we need to first surf through number of pages and then finally have to fill credit and debit cards details manually into the browser, which is the annoying for most of the user. But now the new Safari feature in iOS 8 solves this problem by integrating camera-based Credit and Debit card reader. Apple will soon introduce this feature to Safari in its latest Operating System iOS 8 that will allow its iPhone/iPad users to scan their physical credit and debit cards with their device camera and optical character recognition, according to 9to5Mac . So when a user has to shop online using their iPhone or iPad and reach the payment screen for payment, safari browser will automatically display this " Scan Credit Card " option. This option will help your camera to capture the image of your credit card, which the device will analyze by using the optical character recognition to input the card number into the appropriate text field in the online payment form ...

Multiple flaws have been identified in Linux Kernel and related software could allow hackers to hack your Linux machines, shared hosting and websites hosted on them. PRIVILEGE ESCALATION VULNERABILITY IN LINUX KERNEL A privilege escalation vulnerability has been identified in the widely used Linux kernel that could allow an attackers to take the control of users' system. On Thursday, the most popular distributor of open source Linux OS, Debian warned about this vulnerability (CVE-2014-3153) in a security update, along with some other vulnerabilities in the Linux kernel that may lead to a denial of service attack. The most critical one is the flaw (CVE-2014-3153) discovered by Pinkie Pie which resides in the futex subsystem call of Linux Kernel 2.6.32.62/3.2.59/3.4.91/3.10.41/3.12.21/3.14.5 versions , leaving a queued kernel waiter on the stack, which can be exploited to potentially execute arbitrary code with kernel mode privileges. " Pinkie Pie discovere...

Ransomware is an emerging threat in the evolution of cybercriminals techniques to part you from your money. Typically, the malicious software either lock victim's computer system or encrypt the documents and files on it, in order to extort money from the victims. Though earlier we saw the samples of Ransomware tended to be simple with dogged determinations to extort money from victims. But with the exponential rise in the samples of Ransomware malwares, the recent ones are more subtle in design, including Cryptolocker , Icepole , PrisonLocker , CryptoDefense and its variants. Now, the ransomware dubbed as Crytowall , a latest variant of the infamous ransomware Cryptolocker is targeting users by forcing them to download the malicious software by through advertising on the high profile domains belonging to Disney, Facebook, The Guardian newspaper and others. Cryptolocker is designed by the same malware developer who created the sophisticated CryptoDefense ( Trojan.Crypt...

Vodafone , the world's second-largest mobile carrier with more than 400 million customers around the world has issued its first " Law Enforcement Disclosure Report ", reveals that the governments in some of the countries it operates, have direct access to its network allowing them to listen to all conversations. The Company has broken its silence on government surveillance and after Snowden's revelations about NSA , this is the only most comprehensive transparency report ever published by an International company detailing that how some Governments are taking advantage of their laws to infiltrate citizens privacy. Vodafone operates in 29 countries, where the government agencies need legal notices to tap into customers' communications, but some of those countries are actually tapping directly into their network, without any need for a warrant or any explanation. There are many countries like Albania, Egypt, Hungary, India , Malta, Qatar, Romania, South Africa and Turk...

Today Microsoft has released its Advance Notification for the month of June 2014 Patch Tuesday releasing seven security Bulletins, which will address several vulnerabilities in its products, out of which two are marked critical and rest are important in severity. This Tuesday, Microsoft will issue Security Updates to address seven major vulnerabilities and all those are important for you to patch, as the flaws are affecting various Microsoft software, including Microsoft Word, Microsoft Office and Internet Explorer. CRITICAL VULNERABILITY THAT YOU MUST PATCH Bulletin one is considered to be the most critical one, which will address a the zero-day Remote Code Execution vulnerability, affecting all versions of Internet Explorer, including IE11 in Windows 8.1.  All server versions of Windows are affected by this vulnerability, but at low level of severity because by default, Internet Explorer runs in Enhanced Security Configuration and just because Server Core ver...