The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Over the past few years, Cyber Criminals have choose the official Google Chrome Web Store to push malware. In a recent announcement by Google, like Google Play Android apps store, all new apps uploaded to the Chrome Web Store will now also be automatically scanned for malware. Also, Google warned developers that it may take a little longer than before for their app to go live in the store, and  scanning may take from just a few minutes up to an hour.  " Starting today in the Chrome Web Store, you might notice that your item is not broadly available immediately after you publish it. " It is always against the Chrome Web Store Content Policies to distribute malware, if developer still wants to upload something malicious, they should cancel the process and withdraw their program. " This new functionality does not require any action on the part of developers. When you publish an item in the store, the developer dashboard will indicate that your item is i

The Bitcoin Foundation has received a cease-and-desist letter from the California Department of Financial Institutions, which oversees banks, credit unions, and other financial organizations operating in the state. Jon Matonis, who is a board member at the Foundation, revealed the letter on Forbes. The agency charges Bitcoin Foundation with allegedly " engaging in the business of money transmission without a license or proper authorization ." If they found to be in violation of the California Financial Code, the foundation could be fined up to $2,500 a day per violation, in addition to criminal prosecution. Convictions under the federal statute are punishable by up to 5 years in prison and a $250,000 fine. Bitcoin doesn't have any kind of central regulatory authority, and trading takes place through Mt. Gox or other exchange floors. So, California's decision to send a money transmitter warning to the Bitcoin Foundation is a Washington, D.C., nonprofit, makes no sense

Facebook is alerting its users about a security breach due to a technical glitch, that may have inadvertently exposed the email addresses and telephone numbers of roughly 6 million users. " We recently received a report to our White Hat program regarding a bug that may have allowed some of a person's contact information (email or phone number) to be accessed by people who either had some contact information about that person or some connection to them, " Facebook said in its announcement. The problem stemmed from a tool that allows users to upload their contact lists or address books to Facebook so that the social network can serve up friend recommendations or invite people to join Facebook. " Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people's contact information as part of their account on Facebook, " As a result,

Permissions in SaaS platforms like Salesforce, Workday, and Microsoft 365 are remarkably precise. They spell out exactly which users have access to which data sets. The terminology differs between apps, but each user's base permission is determined by their role, while additional permissions may be granted based on tasks or projects they are involved with. Layered on top of that are custom permissions required by an individual user.  For example, look at a sales rep who is involved in a tiger team investigating churn while also training two new employees. The sales rep's role would grant her one set of permissions to access prospect data, while the tiger team project would grant access to existing customer data. Meanwhile, special permissions are set up, providing the sales rep with visibility into the accounts of the two new employees. While these permissions are precise, however, they are also very complex. Application admins don't have a single screen within these applications th

Edward Snowden , The Whistleblower who revealed the existence of a secret US online surveillance program left Hong Kong and has landed at Moscow's Sheremetyevo airport with help of Wikileaks . WikiLeaks said in a statement that its legal adviser Sarah Harrison was on the plane with Mr Snowden and they would help 'secure is safety' at his 'final destination'. Snowden will go down in history as one of the most prolific whistleblowers . Snowden left Hong Kong after The White House asked the autonomous Chinese territory to extradite him. A senior administration official warned that if Hong Kong did not act quickly it would complicate relations. He had earlier been charged in the US with espionage. Snowden, who has been in hiding in Hong Kong for several weeks since he revealed information on the highly classified spy programs, has talked of seeking asylum in Iceland. He got an on SU 213 Aeroflot flight from Chep Lap Kok airport at 11.04am today (Hong K

According to the court records released this week on web, The Justice Department used a secret search warrant to obtain the entire contents of a Gmail account used by a former WikiLeaks volunteers in Iceland. Smari McCarthy and Herbert Snorrason , are the two Icelandic freedom of information activists, who managed the secure chat rooms of WikiLeaks in 2010, and that is the reason the government demanded his records from Google. According to the documents, Google was told by the Justice Department that they were prohibited from disclosing to either Snorrason or McCarthy any information about the investigation until indicated. But later last week, US. District Court Judge issued an order allowing Google to notify Snorrason about the warrant and to provided a redacted copy of the warrant.  The search warrant was issued under seal on October 14, 2011 by the Alexandria, Virginia federal judge overseeing the WikiLeaks grand jury investigation there. Snorrason says he rece

Kim Dotcom today said on Twitter that Megaupload user data in Europe has been irreversibly lost because it was deleted by a Dutch hosting company called LeaseWeb.  LeaseWeb is based in Germany and has subsidiaries also in the United States, the company.  LeaseWeb has 60,000 servers under its management and more than 15,000 clients worldwide. " The greatest massacre data of history ", The news is shocking if we consider the wealth of information contained in the files.  Leaseweb has informed Kim Dotcom that all 630 servers they rented have been wiped clean. This means that petabytes of data belonging to Megaupload users is now gone without any notice. LeaseWeb responds to Kim Dotcom " When Megaupload was taken offline, 60 servers owned by MegaUpload were directly confiscated by the FIOD and transported to the US. Next to that, MegaUpload still had 630 rented dedicated servers with LeaseWeb. For clarity, these servers were not owned by MegaUpload, t

Tor has become a tool of free expression in parts of the world where citizens can not speak freely against their government. On Tuesday, a number of users have noticed that Facebook is blocking connections from the Tor network. Tor is a free tool that keeps Web browsing sessions private and anonymous . For activists and political dissidents who use the Internet to communicate with the outside world in countries where doing so is a crime , being unable to login to Facebook using TOR posed a huge problem. Later, Facebook resolves the Tor issues and said that A high volume of malicious activity across Tor exit nodes triggered Facebook's automated malware detection system, which temporarily blocked visitors who use the Tor anonymity service to access the social network . The role that Tor and Facebook played in facilitating the dissemination of information under restrictive regimes cannot be underestimated. Security researchers are also frequent users of Tor, for instan

The ability to turn your iPhone into a Wi-Fi hotspot is a fantastically useful little tool in and of itself. When setting up a personal hotspot on their iPad or iPhone, users have the option of allowing iOS to automatically generate a password. According to a new study by Researchers at the University of Erlangen in Germany, iOS-generated passwords use a very specific formula one which the experienced hacker can crack in less than a minute. Using an iOS app written in Apple's own Xcode programming environment, the team set to work analyzing the words that Apple uses to generate its security keys . Apple's hotspot uses a standard WPA2 -type process, which includes the creation and passing of pre-shared keys (PSK). They found that the default passwords are made up of a combination of a short dictionary words followed by a series of random numbers and this method actually leaves them vulnerable to  brute force attack . The word list Apple uses contains approximately 52,500

The Pirate Bay co-founder Gottfrid Svartholm Warg was sentenced to two years in jail by Nacka district court, Sweden on Thursday for hacking into computers at a company that manages data for Swedish authorities and making illegal online money transfers. In Sweden, He is also involved in another case, to have hacked the mainframe of the CSC computer company protecting Rigspolitiet's (the Danish national police) IT system, as well as other sensitive government databases. In Denmark, Svartholm Warg and another unnamed Danish co-defendant were accused of illegally accessing 4 million files, including the email passwords of 10,000 policemen, personal identification numbers (CPRs) from a driver's license database and information about wanted persons in the Schengen region. He had denied the charges, further he can be extradited to Denmark to face charges for one of the country's largest hacking attacks. Last year Gottfrid Svartholm Warg was extradited to Sweden from Camb

The LinkedIn became inaccessible for an hour last night. Few Hours before App.net co-founder Bryan Berg posted that LinkedIn DNS was hijacked but later LinkedIn confirmed that they suffered outage due to DNS issue, not Hack. DNS Hijacking is an unauthorized modification of a DNS server or change of DNS address that directs users attempting to access a web page to a different web page that looks the same, but contains extra content such as advertisements, is a competitor page, a malware page, or third-party search page. Bryan said," all of your traffic has been sent to a network hosted by this company [confluence-networks.com]. And they don't require SSL, so if you tried to visit, your browser sent your long-lived session cookies in plaintext ." LinkedIn tweeted " Our site is now recovering for some members. We determined it was a DNS issue, we're continuing to work on it. Thanks for your patience, " but provided no further details. LinkedIn DNS hacked

Edward Snowden , an American former contractor for the National Security Agency (NSA), came forward as the whistle-blower in one of the biggest internal leaks in U.S. intelligence history now seeking asylum According to the United Nations High Commissioner for Refugees, Snowden would not be given preferential treatment if he were to apply for asylum in Hong Kong .  He seems to have complete and total trust in the Hong Kong political and judiciary system:  "Hong Kong has a strong tradition of free speech. People think China, Great Firewall … but the people of Hong Kong have a long tradition of protesting on the streets, making their views known … and I believe the Hong Kong government is actually independent in relation to a lot of other leading Western governments. " Snowden is currently hiding out in Hong Kong as the U.S. government pursues a criminal investigation into his actions. Because Hong Kong 's currently flawed system had no asylum screen

Viber was blocked last week for non-compliance by The government of Saudi Arabia and Now they may move to block Skype and WhatsApp in the coming weeks, if the U.S. based messaging provider fails to comply with requirements set by the country's telecom regulator. CITC confirmed that they could take the nasty step even before the holy month of Ramadan that commences on 9 July. " We have been communicating with WhatsApp and other similar communication platforms to get them to cooperate and comply with the Saudi telecom providers, however, nothing has come of this communication yet ." The main issue seems to be that such channels bypass Saudi's communications monitoring capabilities and consequently do not conform to local regulations.  Saudi Arabia's three main operators Saudi Telecom, Etihad Etisalat (Mobily) and Zain Saudi had been asked to tell CITC if they were able to monitor or block such applications. " We gave them a week to comply and have been co