The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The NSA surveillance program PRISM story was started with four leaked slides from the Washington Post weeks before and today they has revealed four more annotated slides about the NSA operation, along with detailing the various levels of scrutiny from the FBI and NSA that happen before, during and after approved wiretaps take place. According to new slides, The NSA can track real-time events such as email logins or the sending of email, and the logging in or out of a user to a chat service. For live communications, this data goes straight to the NSA's PRINTAURA filtering system, while both the FBI and NSA scan pre-recorded data independently. Two of the new slides detail the data collection process, from the initial input of an agency analyst, to data analysis under several previously-reported analysis tools such as Marina (internet data), Mainway (call records), Nucleon (voice data), and Pinwale (video data). There were 117,675 active surveillance targets in PRISM

E-HACK is an Information Security Workshop, organized by infySEC . The workshop aims at creating awareness about INFORMATION SECURITY by showing in what all ways information or data can be stolen. Meddle in cyber-warfare, battle with our machine master mind who will throw challenges on web application security, network security, algorithms, reverse engineering and decryption.  The team which cracks the final level will attain the glory of being Winner at our E-HACK Guinness record attempt with tons of prizes waiting. Be simple but not simpler is quote by Einstein, that's secret of success for E-HACK. Be there to witness the epic battle of brains. It's planned to be done in a more fun way, through a game called CTF (Capture the Flag) . The only way to know how to protect our information is by knowing the ways in which it can be stolen. So, we'll be having wide range of discussions on what all ways a HACKER can get his hands on your information and in what all ways you can thwart him

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

For years the National Security Agency has successfully shielded its surveillance programs from any real public scrutiny. There have been a lot of news stories about NSA surveillance programs following the leaks of secret documents by Edward Snowden . We have learned that the NSA is collecting millions of Americans' phone records on a daily basis, that it operates a program called PRISM involving the surveillance of Internet communications, including Email, Facebook posts, and instant messages. The NSA is allowed to record the conversations of non-Americans without a specific warrant for each person monitored, if at least one end of the conversation is outside of the U.S. It is also allowed to record the communications of Americans if they are outside the U.S. and the NSA first gets a warrant for each case. Because Facebook is using outdated Web encryption, which cryptographers say the NSA could penetrate reasonably quickly after intercepting the communications using 

According to secret documents obtained by the Guardian , Obama administration permitted the National Security Agency to surveillance the Emails and  Internet metadata  of all Americans. This secret warrant less surveillance program, collectively known by the NSA code name Stellar Wind , was launched in the end of 2001, to handover the data to the United States government.  Program was officially authorized after the September 11, 2001 terrorist attacks by President George W. Bush and continued under President Barack Obama through 2011. A federal judge at the Fisa court approved this bulk collection order for internet metadata, in every 90 days.  Documents also exposed that all communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States, was recorded by surveillance program . Metadata also details the internet protocol addresses (IP) used by people inside the United States when sen

On June 19, Browser maker Opera admitted that, it discovered an attack on its internal network infrastructure and windows users may have been tricked into installing a Trojan signed with a stolen Opera certificate. " On June 19th we uncovered, halted and contained a targeted attack on our internal network infrastructure. Our systems have been cleaned and there is no evidence of any user data being compromised." "We are working with the relevant authorities to investigate its source and any potential further extent. We will let you know if there are any developments ." said in a post on the Opera Security Blog. Code signing certificates are used to cryptographically verify that a piece of software comes from its purported publisher. It is possible that a few thousand Windows users, who were using Opera between 01.00 and 01.36 UTC on June 19th, may automatically have received and installed the malicious software. Opera plans to roll out a new version of its

Can you ever imagine that a single text message is enough to hack any Facebook account without user interaction or without using any other malicious stuff like Trojans, phishing , keylogger etc. ? Today we are going to explain you that how a UK based Security Researcher, " fin1te " is able to hack any Facebook account within a minute by doing one SMS. Because 90% of us are Facebook user too, so we know that there is an option of linking your mobile number with your account, which allows you to receive Facebook account updates via SMS directly to your mobile and also you can login into your account using that linked number rather than your email address or username. According to hacker , the loophole was in phone number linking process, or in technical terms, at file  /ajax/settings/mobile/confirm_phone.php This particular webpage works in background when user submit his phone number and verification code, sent by Facebook to mobile. That submission form h

Security experts are confident that the Chinese hackers group known as Comment Crew is still operating under cover. " The Comment Crew is back again " this is the rumor within Intelligence community, researchers suspect the involvement of the group of hackers in the recent cyber dispute between U.S. and China. Let's make a step back, last February Mandiant Intelligence firm released an interesting report that revealed an enterprise-scale computer espionage campaign dubbed APT1. Mandiant linked the APT1 attacks, that compromised 141 organizations in seven years, to Chinese military unit called " 61398 ". The is very interesting is that the security firm identified a common pattern for the attacks conducted by Chinese hackers group, it was also able to define a series of key indicators for identifying ongoing APT attacks. Mandiant security firm had monitored the group during last years and report details its operations, it wasn't the only one FireEye is anoth

Once again NSA whistleblower Edward Snowden revealed the truth, that the NSA hacks into China's mobile operators to steal millions of text messages.  Every month Washington come up with new reports  and accuse other nations, particularly China, for cyber hacking , but the biggest culprit of such crime is in fact the United States. All of this appeared to go relatively well for Washington until revelations emerged of the U.S. National Security Agency's PRISM surveillance program . According to Snowden, U.S. spies had hacked 3 major mobile phone companies in China and a core network to steal text messages of millions of Chinese citizens. Fang Binxing, a President at Beijing University who is considered the chief pioneer of China's Great Firewall Internet filtering system, has warned in the past that telecom equipment from international companies like Cisco is a threat to China's national security. As such, it could have allowed NSA operatives to access int

Serious security vulnerability was recently discovered on the Samsung flagship Galaxy S4 device, claiming that attackers can use it to silently send text messages. Qihoo 360 Technology, an antivirus company based in China, said that this particular vulnerability is related to the " cloud backup " feature of Galaxy S4, which is not properly protected and can be abused. This vulnerability was first discovered on June 17 and already reported the issue to Samsung and the company is already in the process of developing an official update to fix the vulnerability. A rogue mobile application could contain code exploiting the vulnerability to send fraudulent scam text messages ordering premium-rate services, the firm said. By exploiting the vulnerable cloud backup feature, malware could pretend to be the identity of any contact, friend, relative, or organization when faking phishing SMS messages. When these phishing SMS messages are received, users may be tricked i

Russian President Vladimir Putin bluntly rejected U.S. pleas to extradite National Security Agency Whistleblower Edward Snowden on Tuesday, says since Snowden has not committed a crime in that country, the government will not extradite him back. Putin said, "Mr. Snowden is a free man," Snowden did not cross the Russian border, implying that he is still in the Moscow airport's transit zone, a sort of diplomatic neutral space. " He arrived as a transit passenger – he didn't need a visa, or other documents, " Putin said. After arriving Sunday on a flight from Hong Kong, Snowden booked a seat on a Havana-bound flight from Moscow on Monday en route to Venezuela and then possible asylum in Ecuador, but he didn't board the plane. " The sooner he selects his final destination point, the better both for us and for himself ," Putin said. White House Press Secretary Jay Carney on Monday urged Russia to ultimately turn him over. " We do ex

If you don't know yet, Microsoft is offerings up to $100,000 in exchange for finding vulnerabilities and exploits in the upcoming Windows 8.1 Preview which is expected to launch on June 26, the same time as the Microsoft Build Developer Conference. Qualifying submissions with accompanying defensive ideas will also be eligible for a BlueHat Bonus worth up to $50,000. " These are super challenging to discover and they require a new technique ," says Mike Reavey, director of Microsoft's Security Response Center. Windows 8.1 is a major update to Microsoft's brand new operating system Windows 8, and given the serious bounty on offer, Microsoft clearly wants to leave nothing to chance as far as securing the operating system is concerned. " Learning about new exploitation techniques earlier helps Microsoft improve security by leaps, instead of capturing one vulnerability at a time as a traditional bug bounty alone would ," he said. Microsoft's senior s

The Britain's spy agency GCHQ is running an online eavesdropping operation that has gained secret access to more than 200 optical fiber cables carrying global Internet traffic and telephone calls. The existence of the program has been disclosed in documents shown to the Guardian by the NSA whistleblower Edward Snowden as part of his attempt to expose what he has called the largest program of suspicion less surveillance in human history. Dubbed as , Operation Tempora has been running for around 18 months and allows GCHQ to tap into and store huge volumes of data drawn from fibre-optic cables for up to 30 days. GCHQ is also sharing this sensitive personal information with its American partner, the National Security Agency (NSA). The paper said GCHQ is tapping 200 internet links in total, each with a data rate of 10Gbps, with the agency having the technical capacity to concurrently analyze 46 of these 200 streams of data at a time. That access could