The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A critical vulnerability discovered in Verizon 's FiOS mobile application allowed an attacker to access the email account of any Verizon customer with relative ease, leaving almost five million user accounts of Verizon's FiOS application at risk. The FiOS API flaw was discovered by XDA senior software developer Randy Westergren on January 14, 2015, when he found that it was possible to not only read the contents of other users' inboxes, but also send message on their behalf. The issue was discovered while analyzing traffic generated by the Android version of My FiOS , which is used for account management, email and scheduling video recordings. Westergren took time to put together a proof-of-concept showing serious cause for concern, and then reported it to Verizon. The telecom giant acknowledged the researcher of the notification the same day and issued a fix on Friday, just two days after the vulnerability was disclosed. That's precisely how it shou...

A UK man linked to the notorious hacking group, Lizard Squad , that claimed responsibility for knocking Sony's PlayStation Network and Microsoft's Xbox Live offline on Christmas Day has been arrested by the United Kingdom police. Lizard Squad launched simultaneous Distributed Denial-of-Service ( DDoS ) attacks against the largest online gaming networks, Xbox Live and PlayStation Network, on Dec. 25, 2014. Then offered to sell its own Lizard-branded DDoS-for-hire tool called Lizard Stresser . SECOND ARREST As part of an investigation, the UK Regional Organised Crime Unit, in collaboration with the Federal Bureau of Investigation (FBI), have arrested an 18 year old teenager in Southport, near Liverpool, UK on Friday morning, and seized his electronic and digital devices as well. So far, this is the second arrest made in connection to the attack after Thames Valley Police arrested a 22-year old , named Vinnie Omari , also believed to have been an alleged member of Liz...

Microsoft has heavily criticized Google and its 90-days security disclosure policy after the firm publicly revealed two zero-day vulnerabilities in Microsoft's Windows 8.1 operating system one after one just days before Microsoft planned to issue a patch to kill the bugs. But, seemingly Google don't give a damn thought. Once again, Google has publicly disclosed a new serious vulnerability in Windows 7 and Windows 8.1 before Microsoft has been able to produce a patch, leaving users of both the operating systems exposed to hackers until next month, when the company plans to deliver a fix. DISCLOSURE OF UNPATCHED BUGS, GOOD OR BAD? Google's tight 90-days disclosure policy seems to be a good move for all software vendors to patch their products before they get exploited by the hackers and cybercriminals. But at the same time, disclosing all critical bugs along with its technical details in the widely used operating system like Windows 7 and 8 doesn't appears to be a righ...

Python supply chain attacks are surging in 2025. Join our webinar to learn how to secure your code, dependencies, and runtime with modern tools and strategies.

On January 13, 2015, Microsoft's mainstream support for Windows 7 Service Pack (SP) 1 ended, which means the end of free Windows 7's " mainstream support " period, with the operating system now entering "extended support." Many people are still running the aging Windows XP as well as Windows 7. Microsoft already ended its support for Windows XP officially about a year ago on April 8, 2014, and now the company found Windows 7 an old and cranky OS. END OF MAINSTREAM SUPPORT FOR WINDOWS 7 BUT NO WORRIES UNTIL 2020 However, it doesn't mean that the tech giant is going to automatically stop or break your operating system, but it does mean that the company will no longer offer free help and support in case you have any problem with your Windows 7 software. No new features will be added either. Windows 7 is still supported by the company and will continue to receive security updates for at least another five years, i.e. until Jan. 14, 2020. By ...

We have seen a series of Ransomware tended to be simple with dogged determinations to extort money from victims. But with the exponential rise in the samples of Ransomware last year, we saw more subtle in design, including " Cryptolocker " that was taken down along with the " Gameover ZeuS " botnet last June. As a result, another improved ransomware packages have sprung up to replace it — CryptoWall . Ransomware is an emerging threat in the evolution of cybercriminals techniques to part you from your money. Typically, the malicious software either lock victim's computer system or encrypt the documents and files on it, in order to extort money from the victims. Since last year, criminals have generated an estimated US$1 million profits. Now, the infamous Cryptowall ransomware is back with the newest and improved version of the file-encrypting ransomware program, which has been spotted compromising victims by researchers early this week, security research...

On one end, where governments of countries like U.K is criticizing end-to-end encryption and considering to ban the encrypted communication apps like Snapchat, CryptoCat, WhatsApp and Apple's iMessage. On the other hand, the Internet community has come up with a new and rather more secure encrypted communication app. Dubbed Peerio , an " encrypted productivity suite " designed to offer much more usable alternative to PGP email and file encryption, so that every individual user and business can encrypt everything from Instant Messages to online file storage. Peerio, released on Wednesday, is designed by 24-year-old Nadim Kobeissi – the creator of the end-to-end encrypted group messaging app Cryptocat and the encrypted file-sharing app MiniLock . " With Peerio everything you share or communicate with your team is secured with state-of-the-art encryption , and it's as easy as using Gmail. You don't need to learn to use it, " Kobeissi told Wired. ...

Your Instagram is not as Private as You Think. Millions of private Instagram photos may have been exposed publicly on the web until the company patched a privacy hole this weekend. Instagram team was unaware of a security vulnerability from long time which allowed anyone with access to an image's URL to view the photo, even those shared by users whose accounts are set to "private." In other words, If a private user shares an Instagram post with another service, such as Twitter or Facebook as part of the upload process, that shared photo will remain viewable to the public despite its privacy settings. The flaw was first reported by  David Yanofsky  at Quartz and Instagram acknowledged the issue last week before patching the flaw. In a statement to Quartz, an Instagram representative said: ' If you choose to share a specific piece of content from your account publicly, that link remains public but the account itself is still private, ' The Instagram...

In today's world your network is subject to a multitude of vulnerabilities and potential intrusions and it seems like we see or hear of a new attack weekly. A data breach is arguably the most costly and damaging of these attacks and while loss of data is painful the residual impact of the breach is even more costly. The loss or leakage of sensitive data can result in serious damage to an organization, including: Loss of intellectual property Loss of copyrighted information Compliance violations Damage to corporate reputation/brand Loss of customer loyalty Loss of future business opportunities Lawsuits and ongoing litigation Financial and criminal penalties To help you protect sensitive data and reduce the risk of data loss, we recommend using a Security Information and Event Management ( SIEM ) technology such as SolarWinds® Log & Event Manager . If you're not familiar with Log & Event Manager (LEM), it's a comprehensive SIEM product, packaged in an ea...

Owning a smartphone running Android 4.3 Jelly Bean or an earlier versions of Android operating system ?? Then you are at a great risk, and may be this will never end. Yes, you heard right. If you are also one of millions of users still running Android 4.3 Jelly Bean or earlier versions of the operating system, you will not get any security updates for WebView as Google has decided to end support for older versions of Android WebView – a default web browser on Android devices. WebView is the core component used to render web pages on an Android device, but it was replaced on Android 4.4 KitKat with a more recent Chromium-based version of WebView that is also used in the Chrome web browser. Just a day after Google publicized a bug in Windows 8.1 before Microsoft could do anything about it, Tod Beardsley, a security analyst from Rapid7 who oversees the Metasploit project, discovered a serious bug in the WebView component of Android 4.3 and earlier that possibly left m...