#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Search results for peer-to-peer | Breaking Cybersecurity News | The Hacker News

Windows 10 to deliver updates and App downloads via Peer-to-Peer Technology

Windows 10 to deliver updates and App downloads via Peer-to-Peer Technology

Mar 16, 2015
Does downloading Windows updates from Microsoft's servers and waiting too long really annoy you? It might not be with the arrival of Windows 10 . Microsoft seems to make a major change in Windows 10 to the way it delivers updates for the software. The leaked version of Windows 10 build 10036 (the current version is build 9926) allows you to grab OS updates from Microsoft as well as other computers, whether they're on your local network or on the Internet. Yeah, it's a Peer-to-Peer (P2P) technology Microsoft is going to use in order to deliver both app and operating system updates. Peer-to-Peer , or P2P Technology is usually associated with file sharing services like BitTorrent to download illicit copies of movies and albums, and of course, those endless Linux ISOs you've been downloading. However, Redmond is embracing the technology as an efficient means to deliver software updates to its users around the globe. Peer-to-Peer downloads will be o
New Kickass Torrents Site: List of New 2024 Proxies and Alternatives

New Kickass Torrents Site: List of New 2024 Proxies and Alternatives

Jan 01, 2019
Kickass Torrents (KAT cr) was once a hugely popular online portal, renowned for its vast archive of movies, music, TV shows, and other media. It was a treasure trove for those seeking rare content and for users looking to share their creations. However, Kickass Torrents faced significant opposition. The movie and music industries saw the site as a threat to their revenue, accusing it of promoting copyright infringement. Despite this, the Kickass Torrents team continued to advocate for its users, claiming they were providing a valuable service. The Downfall and Resurgence of Kickass Torrents Eventually, legal action caught up with Kickass Torrents. In July 2017, U.S. authorities shut down the site after its owner, Artem Vaulin, was charged with allowing the distribution of copyrighted material. Following the shutdown, a group of loyal contributors founded the Katcr.co forum, aiming to restore the popular torrent site to its former glory. Many wondered if this was the end for Kicka
The Secret Weakness Execs Are Overlooking: Non-Human Identities

The Secret Weakness Execs Are Overlooking: Non-Human Identities

Oct 03, 2024Enterprise Security / Cloud Security
For years, securing a company's systems was synonymous with securing its "perimeter." There was what was safe "inside" and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem installations and controlled networks. Data and applications now reside in distributed cloud environments and data centers, accessed by users and devices connecting from anywhere on the planet. The walls have crumbled, and the perimeter has dissolved, opening the door to a new battlefield: identity . Identity is at the center of what the industry has praised as the new gold standard of enterprise security: "zero trust." In this paradigm, explicit trust becomes mandatory for any interactions between systems, and no implicit trust shall subsist. Every access request, regardless of its origin,
Google Solves Update Issue for Android Apps Installed from Unknown Sources

Google Solves Update Issue for Android Apps Installed from Unknown Sources

Jun 21, 2018
If you are wondering how to receive latest updates for an Android app—installed via a 3rd party source or peer-to-peer app sharing—directly from Google Play Store. For security reasons, until now apps installed from third-party sources cannot be updated automatically over-the-air, as Google does not recognize them as Play Store apps and they do not show up in your Google account app list as well. Late last year, Google announced its plan to set up an automated mechanism to verify the authenticity of an app by adding a small amount of security metadata on top of each Android application package (in the APK Signing Block) distributed by its Play Store. This metadata is like a digital signature that would help your Android device to verify if the origin of an app you have installed from a third-party source is a Play Store app and have not been tempered, for example, a virus is not attached to it. From early 2018, Google has already started implementing this mechanism, which doesn
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
Google Details Patched Bugs in Signal, FB Messenger, JioChat Apps

Google Details Patched Bugs in Signal, FB Messenger, JioChat Apps

Jan 20, 2021
In January 2019, a  critical flaw  was reported in Apple's FaceTime group chats feature that made it possible for users to initiate a FaceTime video call and eavesdrop on targets by adding their own number as a third person in a group chat even before the person on the other end accepted the incoming call. The vulnerability was deemed so severe that the iPhone maker removed the FaceTime group chats feature altogether before the issue was resolved in a subsequent iOS update. Since then, a number of similar shortcomings have been discovered in multiple video chat apps such as Signal, JioChat, Mocha, Google Duo, and Facebook Messenger — all thanks to the work of Google Project Zero researcher Natalie Silvanovich. "While [the Group FaceTime] bug was soon fixed, the fact that such a serious and easy to reach vulnerability had occurred due to a logic bug in a calling state machine — an attack scenario I had never seen considered on any platform — made me wonder whether other sta
Ricochet — Most Secure Peer-to-Peer Encrypted Messenger that Sends No Metadata

Ricochet — Most Secure Peer-to-Peer Encrypted Messenger that Sends No Metadata

Feb 23, 2016
There are several encrypted messaging apps for mobile and desktop platforms that shipped with "The Most Secure" tagline but ends up in de-anonymizing the real identity of its users in some or the other way. In fact, very few encrypted messaging apps available today deal with the core problem of Metadata .  The majority of apps offer end-to-end encryption that kept the content of your messages away from prying eyes, but your metadata will still be accessible to them, which is enough to know who you really are, and who you're talking to. But, one messenger app stands out of the crowd by providing superb anonymity to its users, and it is dubbed as " Ricochet ." Ricochet is a peer-to-peer instant messaging system available for Windows, Mac, and Linux and you can trust it as the app has already cleared its first professional security audit carried out by cyber security company NCC Group . What's so Promising about Ricochet? Unlike
Federal Judge ruled at Child pornography case, 'Your Peer-to-Peer file sharing data is not a private matter'

Federal Judge ruled at Child pornography case, 'Your Peer-to-Peer file sharing data is not a private matter'

Nov 13, 2013
Today computer telecommunications have become one of the most prevalent techniques used by pedophiles to share illegal photographic images of minors and to lure children into illicit sexual relationships. The Internet has dramatically increased the access of the preferential sex offenders to the population they seek to victimize and provides them greater access to a community of people who validate their sexual preferences. The Fourth Amendment is the most implicated and litigated portion of the Constitution. Courts are increasingly confronting the problems associated with adapting Fourth Amendment principles to modern technology. If you think that your peer-to-peer file sharing can be kept under wraps, then please think again. A federal judge ' Christina Reiss ' in Vermont has ruled that there should be no expectation of privacy for data shared across peer-to-peer file-sharing services. In a Child pornography case, three defendants argued that information gained
THOR : Another P2P Botnet in development with extra stealth features

THOR : Another P2P Botnet in development with extra stealth features

Mar 06, 2012
THOR : Another P2P Botnet in development with extra stealth features The research community is now focusing on the integration of peer-to-peer (P2P) concepts as incremental improvements to distributed malicious software networks (now generically referred to as botnets). Because "botnets" can be used for illicit financial gain,they have become quite popular in recent Internet attacks. A " botnet " is a network of computers that are compromised and controlled by an attacker. Each computer is infected witha malicious program called a "bot", which actively communicates with other bots in the botnet or with several "botcontrollers" to receive commands from the botnet owner. Attackers maintain complete control of their botnets, andcan conduct Distributed Denial-of-Service (DDoS) attacks,email spamming, keylogging, abusing online advertisements, spreading new malware, etc. However, the first botnets that use peer-to-peer (P2P) networks for remote control of the compromised machines appeare
OTR.to — Secure 'Off-the-Record' p2p Encrypted Messaging Service

OTR.to — Secure 'Off-the-Record' p2p Encrypted Messaging Service

Mar 10, 2015
In this post-Snowden era of mass surveillance, being out-of-reach from the spying eyes really doesn't mean they can not get you. So, if you are concerned about your data privacy and are actually searching for a peer-to-peer encrypted messaging service, then it's time to get one. " Otr.to " — an open-source peer-to-peer browser-based messaging application that offers secure communication by making use of "Off-the-Record" (OTR) Messaging , a cryptographic protocol for encrypting instant messaging applications. OTR (Off-the-Record) is one of the most secure cryptographic protocol that offers strong encryption for real time communications i.e. Chatting and Messaging services. Off-the-Record simply means that there is nothing on the record, so nobody can prove that two parties had an Internet chat conversation or said anything specific. ORT.to uses WebRTC to exchange messages via decentralized peer-to-peer communication , which means chat logs bet
Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads

Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads

Jun 27, 2024 Cryptojacking / Data Protection
The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat's transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation. "With its latest updates to the crypto miner, ransomware payload, and rootkit elements, it demonstrates the malware author's continued efforts into profiting off their illicit access and spreading the network further, as it continues to worm across the internet," Cado Security said in a report published this week. P2PInfect came to light nearly a year ago, and has since received updates to target MIPS and ARM architectures. Earlier this January, Nozomi Networks uncovered the use of the malware to deliver miner payloads. It typically spreads by targeting Redis servers and its replication feature to transform victim systems into a follower node of the attacker-controlled server
Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers

Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers

Jun 15, 2022
A new Golang-based peer-to-peer (P2P) botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022. Dubbed  Panchan  by Akamai Security Research, the malware "utilizes its built-in concurrency features to maximize spreadability and execute malware modules" and "harvests SSH keys to perform lateral movement." The feature-packed botnet, which relies on a basic list of default SSH passwords to carry out a  dictionary attack  and expand its reach, primarily functions as a cryptojacker designed to hijack a computer's resources to mine cryptocurrencies. The cybersecurity and cloud service company noted it first spotted Panchan's activity on March 19, 2022, and attributed the malware to a likely Japanese threat actor based on the language used in the administrative panel baked into the binary to edit the mining configuration. Panchan is known to deploy and execute two miners, XMRig and nbhash, on the host
Is WikiLeaks Really Hacking for Secrets !

Is WikiLeaks Really Hacking for Secrets !

Feb 05, 2011
In April 2009 the whistle-blower website WikiLeaks appear a abstruse U.S. aggressive certificate account abstruse capabilities of the U.S. Navy's Pacific Missile Range Facility on Kauai. In an online column answer how it acquired the information, WikiLeaks adumbrated alone that it came from "a source." It was addition accomplishment for WikiLeaks and its founder, Julian Assange, who describes the extensive organization—it has no anchored domicile—as a defended agenda bead box for antagonistic insiders. He has again said WikiLeaks doesn't actively access classified abstracts but rather provides a belvedere for others who accept arcane advice to acknowledge for the attainable good. Except that WikiLeaks, according to Internet aegis aggregation Tiversa, appears to accept bolter bottomward that aggressive certificate itself. Tiversa says the accumulation may accept exploited a affection of file-sharing applications such as LimeWire and Kazaa that are generally acclimate
How to Share Sensitive Files Instantly and Securely

How to Share Sensitive Files Instantly and Securely

May 13, 2015
Last week, I have to communicate with my friend overseas in China. We both were aware that our email communications were being monitored. So, we both were forced to install and use a fully-fledged encrypted email system. Although it appeared to be very secure, it was quite cumbersome to handle. If you are ever faced with the same situation, I am here to introduce you a very simple and easy-to-use approach to encrypt your files and send them to the person you want to communicate with. Here's the Kicker: You don't even need to install any software or sign up to any website in order to use the file encryption service. So, what do I have today in my box? " Otr.to " — an open-source peer-to-peer browser-based messaging application that offers secure communication by making use of "Off-the-Record" (OTR) Messaging, a cryptographic protocol for encrypting instant messaging applications. We first introduced you Otr.to two months ago. At that time,
New P2PInfect Worm Targeting Redis Servers on Linux and Windows Systems

New P2PInfect Worm Targeting Redis Servers on Linux and Windows Systems

Jul 20, 2023 Malware / Cyber Threat
Cybersecurity researchers have uncovered a new cloud targeting, peer-to-peer (P2P) worm called  P2PInfect  that targets vulnerable Redis instances for follow-on exploitation. "P2PInfect exploits Redis servers running on both Linux and Windows Operating Systems making it more scalable and potent than other worms," Palo Alto Networks Unit 42 researchers William Gamazo and Nathaniel Quist  said . "This worm is also written in Rust, a highly scalable and cloud-friendly programming language." It's estimated that as many as 934 unique Redis systems may be vulnerable to the threat. The first known instance of P2PInfect was detected on July 11, 2023. A notable characteristic of the worm is its ability to infects vulnerable Redis instances by exploiting a critical Lua sandbox escape vulnerability,  CVE-2022-0543  (CVSS score: 10.0), which has been previously exploited to deliver multiple  malware families  such as  Muhstik ,  Redigo , and  HeadCrab  over the past ye
Telegram Calling Feature Leaks Your IP Addresses—Patch Released

Telegram Calling Feature Leaks Your IP Addresses—Patch Released

Oct 01, 2018
The desktop version of the security and privacy-focused, end-to-end encrypted messaging app, Telegram , has been found leaking both users' private and public IP addresses by default during voice calls. With 200 million monthly active users as of March 2018, Telegram promotes itself as an ultra-secure instant messaging service that lets its users make end-to-end encrypted chat and voice call with other users over the Internet. Security researcher Dhiraj Mishra uncovered a vulnerability (CVE-2018-17780) in the official Desktop version of Telegram (tdesktop) for Windows, Mac, and Linux, and Telegram Messenger for Windows apps that was leaking users' IP addresses by default during voice calls due to its peer-to-peer (P2P) framework. To improve voice quality, Telegram by default uses a P2P framework for establishing a direct connection between the two users while initiating a voice call, exposing the IP addresses of the two participants. Telegram Calls Could Leak Your
New NKAbuse Malware Exploits NKN Blockchain Tech for DDoS Attacks

New NKAbuse Malware Exploits NKN Blockchain Tech for DDoS Attacks

Dec 15, 2023 Blockchain / Internet of Things
A novel multi-platform threat called  NKAbuse  has been discovered using a decentralized, peer-to-peer network connectivity protocol known as  NKN  (short for New Kind of Network) as a communications channel. "The malware utilizes NKN technology for data exchange between peers, functioning as a potent implant, and equipped with both flooder and backdoor capabilities," Russian cybersecurity company Kaspersky  said  in a Thursday report. NKN, which has over 62,000 nodes, is  described  as a "software overlay network built on top of today's Internet that enables users to share unused bandwidth and earn token rewards." It incorporates a blockchain layer on top of the existing TCP/IP stack. While threat actors are known to take advantage of emerging communication protocols for command-and-control (C2) purposes and evade detection, NKAbuse leverages blockchain technology to conduct distributed denial-of-service (DDoS) attacks and function as an implant inside com
Expert Insights / Articles Videos
Cybersecurity Resources