The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Bad news for AT&T customers! You all are vulnerable to phishing scams – thanks to AT&T's text protocols. The actual problem lies in the way AT&T handles its customer alerts via text messages, as it's very easy for cybercriminals to mimic. In "Phishing" attacks , scammers attempt to trick victims into revealing their personal and financial information by sending email or text messages that appear to be from legitimate companies. Instead of emails, here hackers have targeted AT&T users with the text messages. According to Dani Grant , the computer programmer who discovered the flaw and reported to the company, AT&T is making use of plethora for short codes, due to which its customers unable to distinguish between the legitimate and phishing messages . The second issue is that some of AT&T's real links directs its users to att.com while others take you to dl.mymobilelocate.com. " Another problem is that AT&T directs cu...

Ready to patch your Adobe Flash software now. Adobe has patched one after one two zero-day vulnerabilities in its Adobe Flash that are being actively exploited by the cyber criminals. PATCH FOR FIRST ZERO-DAY On Thursday, the company released an emergency update for one of the critical vulnerabilities in Flash Player. However, the flaw was not the one that security researcher Kafeine reported. Adobe focused on another zero-day, identified as CVE-2015-0310 , that was also exploited by Angler malicious toolkit. PATCH FOR SECOND ZERO-DAY Today, Adobe released an updated version of its Flash player software that patches a zero-day vulnerability , tracked as CVE-2015-0311, spotted by French security researcher Kafeine at the beginning of the week. The vulnerability is " being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below, " Adobe said in a security advisory . The com...

We are all aware of the mass surveillance conducted by the government agencies on us. From our phone calls, emails to web activities, chats and social network activities, everything has been interrupted by the law enforcements. And now they have crossed every limits by using a new way to spy on you. Guess What? Dozens of US law enforcement agencies are quietly taking advantage of the technology that allows them to effectively "see" through walls of buildings to monitor people's activity . This has once again raised privacy questions. Privacy has become just a word as there's nothing private left, not even our homes. According to a recent report from USA Today , over 50 law enforcement agencies, including Federal Bureau of Investigation (FBI) and U.S. Marshals, have secretly been using the new radars for the past two years, but it came to light just last month during a court hearing in Denver . The device, dubbed Range-R , sends out radio waves that can d...

Python supply chain attacks are surging in 2025. Join our webinar to learn how to secure your code, dependencies, and runtime with modern tools and strategies.

Smartphones in our pockets are exponentially smaller and more powerful that they don't realize the need to carry laptops with us everywhere. Now imagine if a small mouse meets the need of the entire PC? Not just imagination, it has been proved and done by the engineers at a Polish startup. Poland-based Przemysław Strzelczyk and a team of software developers working on a new concept have created what they believe is the future of desktop computing — a mouse that's also a PC. Called " Mouse-Box ", a wireless gadget that packs a 1.4 GHz quad-core ARM processor, a micro-HDMI port, WiFi up to 802.11n, accelerometer, gyroscope, two USB 3.0 ports and 128 GB storage space into a mouse. The only extra hardware needed is a monitor. Mouse Box comes with the same amount of storage as a high-end iPhone 6 Plus , but we know that nobody will be able to work for long with so little storage. The storage capacity can't be physically expanded, but can be extended with the use of clou...

Ransomware  malware threat has forced somebody for the terrible suicide and once again has marked its history by somebody's blood. Sad, but it's True! Joseph Edwards , a 17-year-old schoolboy from Windsor, Berkshire, hanged himself after receiving a bogus email appeared to be from police claiming that he'd been spotted browsing illegal websites and that a fine of 100 pound needed to be paid in order to stop the police from pursuing him. The scam email pushed the well-known Police Ransomware onto the boy's laptop and also downloaded malware that locked up his system once it was opened. Edwards was an A-level student with Autism, a developmental disability, that likely made him more susceptible to believing the Internet scam mail, supposedly sent from from Cheshire police, was genuine, a coroner heard on Thursday. Edwards was so upset and depressed by the accusation and the extortionate demand that he hanged himself hours after falling victim to the crucial threat. He was foun...

After exposing three critical zero-day vulnerabilities in Microsoft's Windows operating systems, Google's Project Zero vulnerability research program has revealed the existence of three more zero-day vulnerabilities, but this time, on Apple's OS X platform. The team has published three zero-day exploits for Apple's OS X, with sufficient information for an experienced hacker to exploit the bugs in an attack. Of course, the details about the zero-days were not released without alerting Apple to these issues. FIRST ZERO-DAY  VULNERABILITY The first flaw, " OS X networkd 'effective_audit_token' XPC type confusion sandbox escape ," allows an attacker to pass arbitrary commands to the networkd OS X system daemon because it does not check its input properly. The flaw may already have been mitigated in OS X Yosemite , but there is no clear explanation of whether this is the case. SECOND ZERO-DAY VULNERABILITY The second and third vulnerability both are relate...

A critical cross-site scripting ( XSS ) vulnerability in the Google Apps administrator console allowed cyber criminals to force a Google Apps admins to execute just about any request on the https://admin.google.com/ domain. The Google Apps admin console allows administrators to manage their organization's account. Administrators can use the console to add new users, configure permissions, manage security settings and enable Google services for your domain. The feature is primarily used by many businesses, especially those using Gmail as the e-mail service for their domain. The XSS flaw allowed attackers to force the admin to do the following actions: Creating new users with "super admin" rights Disabling two-factor authentication ( 2FA ) and other security measures from existing accounts or from multiple domains Modifying domain settings so that all incoming e-mails are redirected to addresses controlled by the attacker Hijack an account/email by resett...

Barrett Brown , a journalist formerly served as an unofficial spokesman for the hacktivist collective Anonymous , was sentenced Thursday to over five years in prison, after pleading guilty to federal charges of  " transmitting a threat in interstate commerce ,"   " for interfering with the execution of a search warrant ," and to being " accessory after the fact in the unauthorized access to a protected computer ." After already having served over 2 years ( 31 months ) in detention, Texas court in Dallas has sentenced Barrett Brown to 63 months in federal prison and also ordered him to pay a little more than $890,000 in restitution and fines related to the 2011 hack of Stratfor Global Intelligence . Over a year ago, another federal judge sentenced Anonymous member Jeremy Hammond to 10 years in prison for making millions of emails from the servers of security firm Stratfor public. It's Hammond who said that Brown simply linked to the hacked ...

Are you worried about your privacy? Its Obvious because of a Hacker or the government could be snooping in your emails, voice or video calls. The Famous Internet entrepreneur Kim Dotcom , who introduced legendary Megaupload and Mega file sharing services to the World, has now released its latest encrypted communication software for video calling, messaging and chat. Kim Doctom's file-sharing site Mega has launched the public beta of its end-to-end encrypted video and audio chat service called " MegaChat ", which the company says gives better protection than alternatives such as Skype and Google Hangouts. MegaChat is currently free to use and right now just provides browser-based audio and video calls, but Mr. Dotcom said on Twitter "Text chat and video conferencing will follow soon," HOW TO USE MEGACHAT Create a Mega account. Simply log in via the web browser and click on the Conversations icon provided on the left-hand side  Contacts will need their o...