The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Almost all Android handsets are  vulnerable to a  flaw that could allow hackers to seize control of a device to make calls, send texts, or build a mobile botnet , has been uncovered by Bluebox Security .i.e almost 900 million Android devices globally. Or simply, The Flaw allow hackers to modify any legitimate and digitally signed application in order to transform it into a Trojan program that can be used to steal data or take control of the OS. When an application is installed and a sandbox is created for it, Android records the application's digital signature and all subsequent updates for that application need to match its signature in order to verify that they came from the same author and anything without the signature certificate won't install or run on a user's device. The vulnerability has existed since at least Android 1.6, which means that it potentially affects any Android device released during the last four years.  Samsung 's flagship Galaxy S4 has a

Edward Snowden , a former NSA systems analyst, have revealed the NSA's sweeping data collection of U.S. phone records and some Internet traffic and the programs target foreigners and terrorist suspects mostly overseas. According to the Constitution of all countries, capturing and reading emails or text messages without privileges is illegal . Several Asian and European countries is worried about the US spying. Today a Germany's top security official has warned, " If you are worried about the US spying on you, you need to stop using Google and Facebook. " Internet users who fear their data is being intercepted by U.S. intelligence agencies such as the National Security Agency's should stay away from American websites run through American servers, Interior Minister Hans-Peter Friedrich said. " If these reports are true, it's disgusting. The United States would be better off monitoring its secret services rather than its allies. " Head of t

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

The recent exposes and revelations by Edward Snowden about the Top Secret Internet Snooping program currently run by US National Security Agency (NSA) have shocked the world. The extent of snooping is even more shocking and what has just stunned the world is the sheer name of top Internet companies who had shared data of all their users and not to forget except Microsoft, all of them namely Google, Facebook, and Apple have longed established themselves as the outright defenders of free speech and Right to Privacy . Many of them are funders and donors of Electronic frontier foundation in US. The recently formed renowned organization defending right to privacy and free speech on Internet . Though much is being written about the extent of snooping, leaked Memos, Obama's Admissions, NSA's careful acceptance of the snooping Program but What bothers me is the stand of Indian Government in this mess. We are reportedly 5th most spied country by US NSA under this program and

A Russian immigration source informed that the US intelligence agency whistleblower Edward Snowden has applied for political asylum in Russia. Few days back, Russian president Vladimir Putin has said Russia would never hand over Mr Snowden over to the United States but that if Snowden wants to stay in Russia he " must stop his work aimed at harming our American partners. " He initially fled from Hawaii to Hong Kong and then to Russia . The US has annulled his passport, and Ecuador, where he had hoped to get asylum, has been coy over offering him shelter. Sarah Harrison is an employee of anti-secrecy group WikiLeaks , who accompanied Mr Snowden on his trip from Hong Kong. " Snowden is not a Russian agent ", Putin said on Monday, and that Russian intelligence services were not working with the fugitive American, who is believed to remain in the transit area at a Moscow airport eight days after arriving from Hong Kong. Speaking at a news confe

A recently discovered new form of Android malware called  USB Cleaver  can not only infect your smartphone, but also targets your PC to steal sensitive information from it. A hacking tool discovered by analysts at F-Secure, which is capable of stealing information from a connected Windows machine. USBCleaver seems to be designed to facilitate a targeted attack by gathering details that would be helpful in a later infiltration attempt. To use the application, hacker must install an application called USB Cleaver on his Android device. Once executed, the app downloads a ZIP file from a remote server and then unzips the downloaded file to the following location: /mnt/sdcard/usbcleaver/system folder. Tools is design to steal information like  Browser passwords (Firefox, Chrome and IE), PC's Wi-Fi password, The PC's network information etc. When the device is then plugged into a PC, /mnt/sdcard is mounted and, if autorun is enabled, go.bat and the payload