The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The growing popularity of microblogging sites like Twitter has sparked a corresponding rise in social networking scams. If you receive an email or direct message (DM) on Twitter with text " Hello, You have been selected to be the Twitter user for the month! We've got a reward for you text this word ITweet to the following number 6 8 3 9 8 " , don't bother replying the mail. Mary C. Long actually notice this scam and write a quick warming on his blog .  Those who send messages to the number provided by the scammers are actually handing over their phone numbers to the crooks. They can use the information for smishing attacks and all sorts of other malicious plots , Eduard Kovacs from Softpedia explains . Here a small list of most common Twitter-Facebook Scam messages , If any of this phishing scheme sounds familiar, ignore the message. i got mine yesterday you even see them taping u him what on earth you're doing on this movie O M G your in this what on earth could you be

A few week ago, we have seen a major example of Cyberbullying , where a 15-year-old girl ' Amanda Todd '  to kill herself. The Internet can be a dangerous place for the young, exposing them to e-threats such as malware, phishing schemes, pornography or material promoting the use of drugs and violence, among others. In order to keep your kids safe, you'll need to know about the different types of online dangers that are out there. Researchers from  TrendMicro found a malware that steals images from your hard drives of an affected system and able to upload them to a remote FTP server . Malware specifically look for all .JPG, .JPEG, and .DMP files in the storage. Once your system will connect to internet, malware will upload first 20,000 files to the FTP server. " Information theft routines have been mostly limited to information that are in text form, thus this malware poses a whole new different risk for users. " The internet is a very useful tool,

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

On a quick tip from a The Hacker News reader - Travis, we came to know about that some antivirus giving warning when readers try to visit  Bloomberg's Businessweek website ( businessweek.com ) that the site is infected with malware and trying to drop a malware on visitor's system. Website having very high alexa rank, that means it server updates to millions of daily visitors. Most obvious that Bloomberg's site was hacked and then hacker was able to inject the script to infect visitors of site. After exploring the site, I found that some " Under Maintenance " pages like (  hxxp://bx.businessweek.com/photos/spham708_medium.jpg  ) of  Businessweek website having injected iframe that trying to open a remote page uploaded on a italian website as shown below: Injected URL :  hxxp://www.lamiabiocasa.it/class/cls-memcache.php ( Do not open this page ). We have another news from other sources that, recently around hundreds of italian websites was got hacked silently

Your android device allows you to connect with anyone at anytime, if they are available. Mobile-enhanced shopping and banking sites gives you freedom to buy anything - anywhere. You have millions of applications, that you can install to pimp up your device. But same applications can exploit your business and personal life by stealing your personal information by various intelligent methods. Researchers at NC State University has uncovered a new vulnerability that expose smishing and vishing threats for Android users. I think you need to know about  Smishing  first,so it is where the mobile phone user will receive a text message. This text message only purpose is to get the user to click on the link. If you click on the link, you may inadvertently be downloading a Trojan horse, virus, or other malicious malware. So, researchers found a new way to do such phishing attacks using fake sms, If an Android user downloads an infected app, the attacking program can make it appear that the us

Government eavesdropping and security agency GCHQ is developing new tools to sift through them for nuggets of useful data from Facebook, Twitter, LinkedIn, Google+, Pinterest. All of these are the source of valuable intelligence that the UK's intelligence agencies want to know about. During a visit to Bletchley Park, UK foreign secretary William Hague launched a 'spy drive' to recruit staff for GCHQ and other intelligence agencies, a National Cipher Challenge for schools, and a £480,000 grant to the home of WW2 code-breaking. " The work involves devising algorithms, testing them and general problem solving in the broad field of language and text processing. This pioneering research work is open to specialist in mathematical/statistics, computational linguists (eg speech recognition and/or language processing) and language engineering ." Job Description explains . " Using data-mining techniques, you will help us to find meaningful patterns and relationships in large

Do you believe that it is possible to shut down Facebook with a cyber attack on 5th November 2012, which is not even organised in a proper way ? Few activists on internet threatened to shut down Zynga and Facebook, after the gaming giant announced it was laying off five per cent of its work force. Most obvious like other big fake claims, this claim is also not from the activist working as Anonymous Genuinely. Generally I am strong supporter of Anonymous or Wikileaks but the Idea behind Anonymous have lots of Pro and Con. I ask some Anonymous (who are actually managing major operations) to comment about the attack scheduled on 5th November by some unknown anonymous group, and their reply was simply -- " FAKE " . Facebook , Twitter and other social media sites and News organisations are giving you platform for spreading information, they are your voice with an amplifier. Do you think you can use your MIC after unplugging is ? If yes, then think again... Me

Google is bringing a host of new features to its Android 4.2 Jelly Bean operating system designed to increase productivity, creativity and peace of mind and some very promising security improvements including: client side malware protection, Security Enhanced Linux, and always-on VPN . Most important Security Improvements in Android 4.2 is that it now includes a service based on Bouncer that works with all apps, not just those on Google Play. For example, it can check the apps you download on the Amazon App Store, or from 3rd Party sites. Whenever user will install any app from a different source than the official market, and will scan it for any malicious code that may prove potentially harmful for your device. Other than this, Users can now control how much data apps can access and share. This is made even more secure by something called VPN lockdown that can limit the amount of information sent over a connection that may not be secure or that is shared rather than priv

French security researcher firm and famous bug hunters at Vupen announced that it had already developed an exploit that could take over a Window 8 machine running Internet Explorer 10, in spite of the many significant security upgrades Microsoft built into the latest version of its operating system. Windows 8 operating system released last week, and now Microsoft itself has not been aware of security vulnerabilities available in release. " We welcome #Windows 8 with various 0Ds combined to pwn all new Win8/IE10 exploit mitigations, " Vupen posted on Twitter . Bekrar's claim follows up on his promise earlier in the month that Vupen would be ready to compromise Windows 8 immediately upon its launch: " Windows 8 will be officially released by MS on Oct 26th, we'll release to customers the 1st exploit for Win8 the same day #CoordinatedPwnage " "T he in-depth technical details of the flaws will be shared with our customers and they can use them to protect their critical infrastruc

Folks from abuse.ch spotted an interesting piece of ransomware malware currently circulating in the wild. Current release is infecting Windows users. It seems that Cybercrooks are taking advantage of Anonymous Banner, for conducting such malware campaigns and supposed to be another game by opposite parties for discredit/Infamous the name of Anonymous in the eyes of the world. Before twitter user @FawkesSecurity posted a threat to bomb a government building by Anonymous. But later, collective group clear themself by statement, " Anonymous is not a terrorist organization. Anonymous does not use bombs. Anonymous does not condone violence in any way. Anonymous supports justice and universal equal rights. We support peaceful protest ." Ransomware malware restricts access to the computer system that it infects and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Message read " Your computer has been hacked by the Ano

Late in August McAfee Labs discovered a Fake Antivirus program that claims to detect infections, and displays alerts to scare users into purchasing protection. On the contrary, this program is not genuine software and has nothing to do with reliable and effective AV tools. The truth is that this is another scam application developed to enter your PC through vulnerabilities in outdated programs. Trend Micro, which detects the threat as TROJ_FAKEAV.EHM said, " After infecting a user's system, this malware scares its victim into buying the "product" by displaying fake security messages, stating that the computer is infected with spyware or other malware and only this product can remove it after you download the trial version. As soon as the victim downloads Win 8 Security System, it pretends to scan your computer and shows a grossly exaggerated amount of nonexistent threats ". This sort of malware is commonplace, with examples existing for Windows XP, Windows Vista, Windows 7 and even