The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Facebook is moving a step ahead from others and making its social media service as an information sharing platform in serious situations as well. The social networking giant has announced a new tool, which lets users notify their family and friends that they are safe during or after natural disasters. The tool, named " Safety Check, " will soon be available globally to over 1.32 billion Facebook users on Android, iOS, feature phones and the desktops. The tool is designed to be activated after a natural disaster and by using either the city you lived in or your last location - if you have checked in on " Nearby Friends ", it let's you alert your friends and family that you are safe, while also tracking the status of others. " In times of disaster or crisis, people turn to Facebook to check on loved ones and get updates, " wrote the company in a blog post about the feature. " It is in these moments that communication is most critical both for people in the affected ...

As part of monthly patch update, Microsoft released eight security bulletins on Tuesday that address dozens of vulnerabilities including a zero-day flaw reportedly being exploited by Russian hackers to target NATO computers and a pair of zero-day Windows vulnerabilities that attackers have been exploiting to penetrate major corporations' networks. Just a day before yesterday, our team reported you about a Zero-day vulnerability discovered by the cyber intelligence firm iSight Partners affecting all supported versions of Microsoft Windows and is being exploited in a five-year old cyber-espionage campaign against the Ukrainian government and U.S organisations. Researchers at FireEye found two zero-day flaws, used in separate, unrelated attacks involving exploitation of Windows kernel, just a day after iSight partners disclosed zero-day in Windows. The pair of zero-day vulnerabilities could allow an attacker to access a victim's entire system. According to the res...

Another Heartbleed-like vulnerability has been discovered in the decade old but still widely used Secure Sockets Layer ( SSL ) 3.0 cryptographic protocol that could allow an attacker to decrypt contents of encrypted connections to websites. Google's Security Team revealed on Tuesday that the most widely used web encryption standard SSL 3.0 has a major security vulnerability that could be exploited to steal sensitive data. The flaw affects any product that follows the Secure layer version 3, including Chrome, Firefox, and Internet Explorer. Researchers dubbed the attack as " POODLE ," stands for Padding Oracle On Downgraded Legacy Encryption , which allows an attacker to perform a man-in-the-middle attack in order to decrypt HTTP cookies. The POODLE attack can force a connection to "fallback" to SSL 3.0, where it is then possible to steal cookies, which are meant to store personal data, website preferences or even passwords. Three Google security engineers - Bodo Möll...

Internet users have faced a number of major privacy breaches in last two months. Major in the list are The Fappening , The Snappening and now the latest privacy breach in Dropbox security has gained everybody's attention across the world. Dropbox , the popular online locker service, appears to have been hacked by an unnamed hacker group. It is still unclear how the account details of so many users were accessed and, indeed, if they are actually legitimate or not. However, the group claims to have accessed details from nearly 7 million individual accounts and are threatening to release users' photos, videos and other files. HACKERS CLAIMED TO RELEASE 7 MILLION USERS' PERSONAL DATA A thread surfaced on Reddit today that include links to files containing hundreds of usernames and passwords for Dropbox accounts in plain text. Also a series of posts with hundreds of alleged usernames and passwords for Dropbox accounts have been made to Pastebin, an anonymous information-sha...

Once again a Russian cyber espionage group has gained media attention by exploiting a Zero-day vulnerability in Microsoft's Windows operating system to spy on the North Atlantic Treaty Organization ( NATO ), Ukrainian and Polish government agencies, and a variety of sensitive European industries over the last year. ZERO-DAY VULNERABILITY IN MICROSOFT WINDOWS Researchers at cyber intelligence firm iSight Partners have discovered a zero-day vulnerability that impacts desktop and server versions of Windows, from Vista and Server 2008 to current versions. They also uncovered a latest cyber-spying campaign - suspected to be based in Russia - that uses this Zero-day vulnerability ( CVE-2014-4114 ) to target government leaders and institutions for nearly five years. The recently detected Russian hacking group is dubbed as " Sandworm Team " by iSIGHT Partners because it found references to the Frank Herbert's " Dune " science fiction series in the malici...

Lots of Linux distributions are offered free of cost on the Internet by a number of companies, non-commercial organizations and by many individuals as well, and now, the notorious Syrian Electronic Army (SEA) has announced their own Linux distribution known as SEANux . A Linux distribution is a coordinated collection of software consisting of a customized version of the kernel together with hundreds of open source (i.e., free) utilities, installers, programming languages and application programs. Some of the most popular distributions are Fedora (formerly Red Hat), SuSE, Debian, Ubuntu, Kali Linux, Tails OS and Mint Linux. SEA (Syrian Electronic Army) is the same group of hackers who made the headlines in past year by launching advance phishing attacks against media organisations, usually Western media outlets. The group is reportedly aligned with president Bashar al-Assad and had purposely targeted social media accounts of a number of high-profile media outlets inclu...

Sometimes we wonder that how the National Security Agency ( NSA ) reached such a wide range of its Surveillance operation across the world – which you can measure from several secret documents released by the former NSA contractor Edward Snowden. This hell parameter of the NSA's operation was not reached by its agents sitting in the NSA headquarter in United States, but by its undercover agents working in foreign companies based in China, Germany, and South Korea to infiltrate and compromise foreign networks and devices, according to documents obtained by The Intercept . NSA INTERCEPTING FOREIGN NETWORKS AND DATA CENTRES The latest document from the Snowden's desk talks about a program called " physical subversion ," under which the NSA's undercover operatives were infiltrating foreign networks to acquire sensitive data and access to systems in the global communications industry and possibly even some American firms. The document describes the details regarding vario...

The waves of celebrities photos have not yet stopped completely, and a new privacy threat has emerged exposing tens of thousands of private photographs and videos of innocent users are circulating over the Internet. The personal image that are believed to be sent through Snapchat — the ephemeral messaging service that allows users to send pictures that should disappear after a few seconds — has been floating on the image based 4chan's notorious /b/ board since last night. The incident was result of a security breach in an unofficial third-party app for Snapchat. Earlier this week, an anonymous 4chan user claimed to have obtained images on Snapchat and then the user warned of releasing thousands of videos and images sent using Snapchat soon in an event dubbed ' The Snappening '. Previously, It was believed that the official SnapChat mobile app or its servers had been hacked by the hackers, and the third-party Snapchat client app has been collecting every photo and ...

Payment services provider PayPal is vulnerable to an authentication restriction bypass vulnerability , which could allow an attacker to bypass a filter or restriction of the online-service to get unauthorized access to a blocked users ' PayPal account. The security vulnerability actually resides in the mobile API authentication procedure of the PayPal online-service , which doesn't check for the blocked and restricted PayPal accounts. HOW THE VULNERABILITY WORKS In case if a PayPal user enters a wrong username or password combination several times in an effort to access the account, then for the security reasons, PayPal will restrict the user from opening or accessing his/her account on a computer until the answers to a number of security questions is provided. However, if the same user, at the same time switches to a mobile device and tries accessing the temporarily closed PayPal account with the right credentials via an official PayPal mobile app client through t...