The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A hidden microphone was found in Ecuador's embassy in London, where WikiLeaks founder Julian Assange is sheltering from extradition to Sweden, The Ecuadorean Foreign Minister Ricardo Patino claimed. The microphone was found in the office of the ambassador Ana Alban and was discovered last month during his visit to Britain to discuss issues surrounding Julian Assange. At a press conference in Quito, the foreign minister of Ecuador, held up a photo of a " spy microphone " that was found on June 14 inside a small white box that was placed in an electrical outlet behind a bookshelf. However, the purpose of the bug, according to Patino, was not to track the WikiLeaks founder directly, but rather listen to the conversations of ambassador Ana Alban. He told reporters: " We have reason to believe that the bugging was carried out by The Surveillance Group Limited, one of the largest private investigation and covert surveillance companies in the United Kin

Members of Iceland's Pirate Party  have introduced a proposal in Parliament that would grant immediate citizenship to National Security Agency Whistleblower Edward Snowden . The government is however not keen on helping Snowden. The bill to grant Snowden citizenship received limited support Thursday. Six members of minority parties were in favor out of Parliament's 63 members . Ogmundur Jonasson, Icelandic MP for the Left-Green Movement, said at parliament this morning that US authorities violated the Icelandic constitution when they spied on Icelandic citizens.  He referred to the 71st article of the constitution which states: " It is not allowed to search a person, his house or personal effects, unless according to a court order or a special legal basis. The same thing applies to research on documents and mail deliveries, phone calls and other telecommunications.. ." Snowden is believed to be stuck in a Moscow airport transit area, seeking asylum

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Q-CERT team found a critical vulnerability that allows the attacker to bypass the two-factor authentication in the most popular file sharing service ' DropBox '. Two Factor Authentication is an extra layer of security that is known as " multi factor authentication " that requires not only a password and username but also a unique code that only user can get via SMS or Call. Zouheir Abdallah demonstrated , if an attacker already knows the username and password of the victim's Dropbox account, which is protected by two-factor authentication, it is still possible to hack that Dropbox account using following explained technique. DropBox does not verify the authenticity of the email addresses used to Sign up a new account, so to exploit this flaw hacker just need to create a new fake account similar to the target's account and append a dot (.) anywhere in the email address. In Next step, enable 2-factor authentication for the fake account, and save the emerg

South Korea 's Ministry of National Defense is banning its employees from using the  smart phones inside of the ministry's building in a bid to prevent military data leaks. At present, the only way to ensure sensitive corporate and Defense data is not lost is to provide employees with devices owned and controlled by the enterprise. Staffers will still be allowed to make phone calls or use text messaging services and also visitors will also be required to leave their smartphones at the entrance, officials said Wednesday. Defense ministry employees will be required to install a smart phone application which deactivates major smart phone functions like computing, Internet connectivity and the camera. Employees will be allowed to answer and make phone calls and use text messaging services and the plan will kick in on July 15.

The US isn't the only western country with an Digital eye i.e PRISM like  surveillance program , designed to monitor internet and phone communications . French is leading member at European Parliament and they voted to launch an in-depth inquiry against the US's based PRISM surveillance project. The fact that the French DGSE is itself engaged in similar program should make for some awkward proceedings as that inquiry gets underway. France's General Directorate for External Security has a PRISM like system that intercept and processes the metadata for billions and billions of communications, including internet messaging, phone calls , SMS and even faxes. The one difference being that PRISM was used to spy on international targets whereas the DGSE were only keeping a watch on the French. According to French newspaper, Le Monde - program goal is ostensibly to track the behavior of terrorist cells, but the Directorate allegedly shares the anonymized informa