The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The NSA surveillance program PRISM story was started with four leaked slides from the Washington Post weeks before and today they has revealed four more annotated slides about the NSA operation, along with detailing the various levels of scrutiny from the FBI and NSA that happen before, during and after approved wiretaps take place. According to new slides, The NSA can track real-time events such as email logins or the sending of email, and the logging in or out of a user to a chat service. For live communications, this data goes straight to the NSA's PRINTAURA filtering system, while both the FBI and NSA scan pre-recorded data independently. Two of the new slides detail the data collection process, from the initial input of an agency analyst, to data analysis under several previously-reported analysis tools such as Marina (internet data), Mainway (call records), Nucleon (voice data), and Pinwale (video data). There were 117,675 active surveillance targets in PRISM

E-HACK is an Information Security Workshop, organized by infySEC . The workshop aims at creating awareness about INFORMATION SECURITY by showing in what all ways information or data can be stolen. Meddle in cyber-warfare, battle with our machine master mind who will throw challenges on web application security, network security, algorithms, reverse engineering and decryption.  The team which cracks the final level will attain the glory of being Winner at our E-HACK Guinness record attempt with tons of prizes waiting. Be simple but not simpler is quote by Einstein, that's secret of success for E-HACK. Be there to witness the epic battle of brains. It's planned to be done in a more fun way, through a game called CTF (Capture the Flag) . The only way to know how to protect our information is by knowing the ways in which it can be stolen. So, we'll be having wide range of discussions on what all ways a HACKER can get his hands on your information and in what all ways you can thwart him

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

For years the National Security Agency has successfully shielded its surveillance programs from any real public scrutiny. There have been a lot of news stories about NSA surveillance programs following the leaks of secret documents by Edward Snowden . We have learned that the NSA is collecting millions of Americans' phone records on a daily basis, that it operates a program called PRISM involving the surveillance of Internet communications, including Email, Facebook posts, and instant messages. The NSA is allowed to record the conversations of non-Americans without a specific warrant for each person monitored, if at least one end of the conversation is outside of the U.S. It is also allowed to record the communications of Americans if they are outside the U.S. and the NSA first gets a warrant for each case. Because Facebook is using outdated Web encryption, which cryptographers say the NSA could penetrate reasonably quickly after intercepting the communications using 

According to secret documents obtained by the Guardian , Obama administration permitted the National Security Agency to surveillance the Emails and  Internet metadata  of all Americans. This secret warrant less surveillance program, collectively known by the NSA code name Stellar Wind , was launched in the end of 2001, to handover the data to the United States government.  Program was officially authorized after the September 11, 2001 terrorist attacks by President George W. Bush and continued under President Barack Obama through 2011. A federal judge at the Fisa court approved this bulk collection order for internet metadata, in every 90 days.  Documents also exposed that all communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States, was recorded by surveillance program . Metadata also details the internet protocol addresses (IP) used by people inside the United States when sen

On June 19, Browser maker Opera admitted that, it discovered an attack on its internal network infrastructure and windows users may have been tricked into installing a Trojan signed with a stolen Opera certificate. " On June 19th we uncovered, halted and contained a targeted attack on our internal network infrastructure. Our systems have been cleaned and there is no evidence of any user data being compromised." "We are working with the relevant authorities to investigate its source and any potential further extent. We will let you know if there are any developments ." said in a post on the Opera Security Blog. Code signing certificates are used to cryptographically verify that a piece of software comes from its purported publisher. It is possible that a few thousand Windows users, who were using Opera between 01.00 and 01.36 UTC on June 19th, may automatically have received and installed the malicious software. Opera plans to roll out a new version of its

Can you ever imagine that a single text message is enough to hack any Facebook account without user interaction or without using any other malicious stuff like Trojans, phishing , keylogger etc. ? Today we are going to explain you that how a UK based Security Researcher, " fin1te " is able to hack any Facebook account within a minute by doing one SMS. Because 90% of us are Facebook user too, so we know that there is an option of linking your mobile number with your account, which allows you to receive Facebook account updates via SMS directly to your mobile and also you can login into your account using that linked number rather than your email address or username. According to hacker , the loophole was in phone number linking process, or in technical terms, at file  /ajax/settings/mobile/confirm_phone.php This particular webpage works in background when user submit his phone number and verification code, sent by Facebook to mobile. That submission form h

Security experts are confident that the Chinese hackers group known as Comment Crew is still operating under cover. " The Comment Crew is back again " this is the rumor within Intelligence community, researchers suspect the involvement of the group of hackers in the recent cyber dispute between U.S. and China. Let's make a step back, last February Mandiant Intelligence firm released an interesting report that revealed an enterprise-scale computer espionage campaign dubbed APT1. Mandiant linked the APT1 attacks, that compromised 141 organizations in seven years, to Chinese military unit called " 61398 ". The is very interesting is that the security firm identified a common pattern for the attacks conducted by Chinese hackers group, it was also able to define a series of key indicators for identifying ongoing APT attacks. Mandiant security firm had monitored the group during last years and report details its operations, it wasn't the only one FireEye is anoth