The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Once again the very popular and the world's third largest smartphone distributor Xiaomi , which had previously been criticized for secretly stealing users' information from the device without the user's permissions, has been found spreading malware . The top selling Android smartphone in China, Xiaomi Mi4 LTE , has been found to be shipped with pre-loaded spyware/adware and a "forked," or not certified, vulnerable version of Android operating system on top of that, according to a San Francisco-based mobile-security company, Bluebox. Xiaomi, which is also known as Apple of China, provides an affordable and in-budget smartphones with almost all features that an excellent smartphone provides. Just like other Xiaomi devices, Mi4 LTE smartphone seems to attract a large number of customers with more than 25,000 units sold out in just 15 seconds on India's online retailer Flipkart . Security Researcher Andrew Blaich of Bluebox firm revealed Thursday that the brand new ...

If you have recently installed or updated the popular BitTorrent client μTorrent 3.4.2 Build 28913 on your computer, then you read this warning post right now. Users of the μTorrent file-sharing service are complaining that the latest update of software used for torrent downloading is silently installing a piece of unwanted software called EpicScale , which is basically a Bitcoin mining software . Note: Story update has been added below. USER COMPLAINTS ON SILENT  INSTALLATION The Epic Scale , installed without the consent of users, is a cryptocurrency mining software that reportedly uses the combined computing power of users to generate Bitcoin income for BitTorrent company. The unwanted software slows down the host computers and is particularly harder to remove from the system. The Bitcoin mining software was recently highlighted at uTorrent's complaint forum where a member ' Groundrunner ' says: " There was no information about this during ins...

The United Kingdom's National Crime Agency (NCA) has arrested 56 suspected hackers in a campaign against cybercrime called "strike week." Law-enforcement officials conducted, in total, 25 separate operations across England, Scotland and Wales, and those arrested were suspected in a wide range of cyber crimes including: Network intrusion and data theft from multinational companies and government agencies Distributed Denial of Service (DDoS) attacks Cyber-enabled fraud Malicious software and virus development The raids conducted by NCA were coordinated by its National Cyber Crime Unit (NCCU) , special officers Metropolitan Police and Regional Organised Crime Unit's (ROCUs) , associated with local forces around the UK. The arrested hackers also include alleged hackers suspected of being behind attacks on Yahoo, the US Department of Defence (DoD) , and PlayStation. The list of hackers arrested in the operation is given below: A 23-year-old man w...

Biometric security systems that involve person's unique identification (ID), such as Retinal, IRIS, Fingerprint or DNA, are still evolving to change our lives for the better even though the biometric scanning technology still has many concerns such as information privacy, and physical privacy. In past years, Fingerprint security system , which is widely used in different applications such as smartphones and judicial systems to record users' information and verify person's identity, were bypassed several times by various security researches, and now, IRIS scanner claimed to be defeated . Don't worry! It's not like how they do it in movies, where an attacker needs to pull authorized person's eye out and hold it in front of the eye scanner. Instead, now hackers have finally found a simple way to bypass IRIS Biometric security systems using images of the victims. The same security researcher Jan Krissler , nicknamed Starbug , from the famous Chaos Co...

Recently discovered FREAK  vulnerability that apparently went undetected for more than a decade is reportedly affecting all supported versions of Microsoft Windows, making the flaw more creepy than what we thought. FREAK vulnerability is a disastrous SSL/TLS flaw disclosed Monday that allows an attacker to force SSL clients, including OpenSSL, to downgrade to weaken ciphers that can be easily broken and then supposedly conduct Man-in-the-Middle attacks on encrypted HTTPS-protected traffic passing between vulnerable end-users and Millions of websites. Read our previous post to know more about FREAK vulnerability . FREAK IN MICROSOFT RESIDES IN SECURE CHANNEL Microsoft issued an advisory published Thursday warning Windows users that Secure Channel ( Schannel ) stack — the Windows implementation of SSL/TLS — is vulnerable to the FREAK encryption-downgrade attack , though it said it has not received any reports of public attacks. When the security glitch first dis...

Do you know, apart from United States National Security Agency (NSA) , Federal Bureau of Investigation (FBI) and law enforcement, a few advertising companies are also monitoring unsuspecting users' cell phone data with the help of the unmanned aerial vehicles (UAVS) called Drones. Yes it's True! A Singapore-based advertising firm AdNear , which described itself as "the leading location intelligence platform," is using a number of small drones flying around the San Fernando Valley in Los Angeles since early February in order to track Wi-Fi and cellular transmission signals. ADNEAR DRONES TRACKS YOU EVERYWHERE The drones have ability to sniff out device' cellular or wireless Internet signals, which is then identify by device ID. Using this gathered information, the drones track each and every movements and behaviors of individual users. Generally, the reason behind spying on people's cell phone signals is the company's interest to deliver hyper-targe...

Last month, cyber security researchers spotted a new strain of french surveillance malware, dubbed " Babar ," which revealed that even French Government and its spying agency the General Directorate for External Security (DGSE) is dedicatedly involved in conducting surveillance operation just like the United States — NSA and United Kingdom — GCHQ . A powerful piece of surveillance malware, known as " Casper ," has recently been discovered by the Canadian security researchers that once again point fingers at the French government. CASPER SURVEILLANCE MALWARE LINKED TO FRANCE The newly discovered sophisticated Casper surveillance malware is believed to be developed by France based hacking group suspected to have ties with the French government, according to the report published by Motherboard . Report suggests that French hacking group have developed ' Swiss Army knife of spying tools ' which has been used by French government to conduct multipl...

The world's infamous Angler Exploit Kit has become the most advanced, much more powerful and the best exploit kit available in the market, beating the infamous BlackHole exploit kit , with a host of exploits including zero-days and a new technique added to it. Angler Exploit Kit's newest technique is dubbed "Domain Shadowing" which is considered to be the next evolution of online crime. Domain Shadowing, first appeared in 2011, is the process of using users domain registration logins to create subdomains. WHAT IS DOMAIN SHADOWING ? With the help of Domain Shadowing technique used in a recent Angler campaign, attackers are stealing domain registrant credentials to create tens of thousands of sub-domains that are used in hit-and-run style attacks in order to either redirect victims to the attack sites, or serve them malicious payloads. Security researcher Nick Biasini of Cisco's Talos intelligence team analysed the campaign and said the "massive...

As you may be aware, you need an Android smartphone to use an Android Wear smartwatch , but if you carry an Apple iPhone or iPad, you'll soon be able to use the same Android Wear smartwatch, without relying on unofficial third-party app support. Google is reportedly going to release its a new iOS app over to the App Store that will allow iPhone and iPad users to pair Android Wear devices such as Moto 360 and LG G Watch with their Apple products, French outlet 01net claimed . OFFICIAL ANDROID WEAR APP FOR iOS Google's new move to go cross-platform with an iOS app would expand support for the wearable platform beyond Android devices and target the potential market of tens of Millions of Apple users that may not be interested in purchasing an Apple Watch. As well as, with lower prices and strong design, a fair amount of Android Wear smartwatch demand would likely be there. The search engine giant is possibly planning to launch the Android Wear app for iOS at Google's annual develop...