The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Potential threat, range from very narrow to very broad, posed by Cyber-Terrorism has provoked considerable alarm. Terrorists involved in Cyber Espionage and Operations aim at gaining access to Nation's critical infrastructure involving both Government as well as Private sectors. The Frequency and Intensity of such Cyber-attacks are increasing rapidly and extending into absolute cyber-war between states, allowing terrorist organizations to pilfer data from financial and military organizations. Similar Incident happened, few months back, when a group of Middle-east terrorists tried to infiltrate Indian Government officials operational in Cyber related divisions. In response, a team of Independent Indian security researchers planned a counter operation to track down the terrorist organization behind the cyber attack. Shesh Sarangdhar , a security researcher at Seclabs & Systems Pvt. told The Hacker News that his team successfully penetrated the sourc...

Security researchers have developed a Flying Drone with a custom-made tracking tool capable of sniffing out data from the devices connected to the Internet – better known as the Internet-of-things. Under its Internet of Things Map Project , a team of security researchers at the Texas-based firm Praetorian wanted to create a searchable database that will be the Shodan search engine for SCADA devices. Located More Than 1600+ Devices Using Drone To make it possible, the researchers devised a drone with their custom built connected-device tracking appliance and flew it over Austin, Texas in real time. During an 18 minute flight, the drone found nearly 1,600 Internet-connected devices , of which 453 IoT devices are made by Sony and 110 by Philips. You can see the full Austin map here . How did They locate Internet of Things Devices? The researchers located all ZigBee-enabled smart devices and networks and then started expanding their research. "When [I...

Android users are busy fighting with Stagefright vulnerability while the popular mobile operating system faces another critical security vulnerability, dubbed as " Certifi-Gate ". Millions of Android devices could be hacked exploiting a plugin that comes pre-installed on your Android devices by the manufacturers. Most of the Android device manufacturers pre-install ' Remote Support Tool (mRST) ' plugin onto their phones that are intended to help users, such as RSupport or TeamViewer . But, a critical Certifi-Gate security vulnerability in this mRTS plugin allows malicious applications to gain illegitimate privileged access rights, even if your device is not rooted. "Certifi-Gate" Android security vulnerability According to Israeli researchers at Check Point, Ohad Bobrov and Avi Bashan, Certifi-Gate Android vulnerability lies in the way Google's partners (manufacturers) use certificates to sign remote support tools. Remote support tools often hav...

If you think that the patches delivered through Windows update can not be laced with malware, think again. Security researchers have shown that Hackers could intercept Windows Update to deliver and inject malware in organizations. Security researchers from UK-based security firm ' Context ' have discovered a way to exploit insecurely configured implementations of Windows Server Update Services (WSUS) for an enterprise. What is WSUS in Windows? Windows Server Update Services (WSUS) allows an administrator to deploy the Windows software update to servers and desktops throughout the organization. These updates come from the WSUS server and not Windows server. Once the updates are with the administrator on the server, he can limit the privilege for the clients in a corporate environment to download and install these updates. As the admin is the owner of the distribution of these updates. Intercepting WSUS to Inject Malware into Corporate Networks By def...

Earlier this week, Mozilla Security researcher Cody Crews discovered a malicious advertisement on a Russian news site that steals local files from a system and upload them to a Ukrainian server without the user ever knowing. The malicious advertisement was exploiting a serious vulnerability in Firefox's PDF Viewer and the JavaScript context in order to inject a script capable of searching sensitive files on user's local file systems . Mozilla versions of Firefox that do not contain the PDF Viewer, such as Firefox for Android, are not affected by the " Same origin violation and local file stealing via PDF reader " vulnerability. The exploit does not execute any arbitrary code but injects a JavaScript payload into the local file context, allowing the script to search for and upload potentially user's sensitive local files. All an attacker need to do is load the page with this exploit and sit back and relax. The exploit will silently steal files in t...

Gone are the days when you had to wait in a queue to get your Bank passbook updated. With the implementation of automated machines in Banks, it's now a game of seconds to update your passbook yourself. Bank Passbook is a copy of the customer's account in the books of the bank which includes client's current account balance and transaction details (deposits and withdrawals). But, Are these Automated Machines holding your Financial Information Hack-Proof? Last year, Major Indian Banks rolled out a barcode based passbook printers called ' Swayam ' which can be operated by customers themselves. 17-year-old Indian bug hunter, Indrajeet Bhuyan , found that the barcode technology used by more than 3000 Indian Banking Branches, including State Bank of India , UCO Bank and Canara Bank , is vulnerable to information disclosure. To use Swayam, the s elf-service passbook printing machine , the customers need just to feed their passbook into the machine, which will read the barcod...

At its Build developers conference in April this year, Microsoft announced " Project Islandwood " - the " Windows Bridge for iOS " that lets iOS and Android developers port their apps to Windows. Microsoft finally made another surprise move on Thursday by open sourcing an early version of its toolkit for iOS to help iOS developers move their apps more easily to Windows 10. The source code for an early preview of " Windows Bridge for iOS " is now available on GitHub under the MIT open-source license. By releasing the preview of iOS Bridge, Microsoft wants the open-source community to contribute code, comments, testing, vulnerability reports, before the company launch the final version later this fall. iOS Toolkit for Building Windows 10 Apps The iOS Bridge enables developers to create apps that work with both Windows 8.1 and Windows 10 operating systems. Currently, Microsoft only targets the standard X86 and X64 processor archi...

Sometimes, instead of black and white we tend to look out, how a grey would look? Yes, today we are going to discuss the 'entangling' or 'superpositioning' which is a power packed functionality of quantum computers. And simultaneously, how can they pose a threat when fully launched in the world. Superposition is a state in which a system can be in multiple stages i.e. it can be 'up' and 'down' at the same time. The Quantum systems can hit different modules of a problem simultaneously, split across possible versions of the universe. What are Quantum Computers? Quantum computers are going to be the next huge development in computing for processing data, with an ability to perform calculations thousands of times faster than today's modern supercomputers. Quantum computing is not well suited for tasks such as word processing and email, but it is ideal for tasks such as cryptography, modeling and indexing enormous databases. A quantum computer can compute in min...

Over a year ago I wrote an article on The Hacker News that warned of serious security concerns created by the iPhone and Android's Fingerprint authentication . Till now hackers were impersonated simply by lifting prints off the side of a phone and gaining unauthorized access to user's phone and thus data. However, security researchers have now discovered four new ways to attack Android devices to extract user fingerprints remotely without letting the user know about it. The attack, which the researchers dubbed the " Fingerprint Sensor Spying attack ," could be used by hackers to " remotely harvest fingerprints in a large scale, " Yulong Zhang, one of the researchers told ZDNet. Remotely Hacking Android Fingerprints FireEye researchers Tao Wei and Yulong Zhang presented their research in a talk titled, Fingerprints on Mobile Devices: Abusing and Leaking , at the Black Hat conference in Las Vegas on Wednesday, where they outlined new wa...