The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Recent disclosures by whistleblower Edward Snowden claiming that internet traffic is being intercepted and used by the Americans in their war on terror, force to re-think about the user's privacy and online anonymity. It has been relatively common knowledge for years that wherever we go on the web, we leave clear tracks, so it shouldn't really have come as much of a surprise to discover this has been going on. The best thing you can do to stay anonymous online is to hide your IP address . If someone knows your IP address, it is the easiest way to trace your online activity back to you and they can easily determine the geographic location of the server that hosts that address and get a rough idea of where you're located. TOR is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Browsing with TOR is a lot like simultaneously using hundreds of different proxies that are randomized periodically.

TrueCaller, a popular app built by a Swedish company and world's largest collaborative phone directory compromised by Syrian Electronic Army hackers. Truecaller was running an outdated version (3.5.1) of blogging software WordPress for its web interface and there are millions of Phonebook records available in their database that were reportedly stolen by hackers, as claimed on their twitter account. Syrian Electronic Army also claimed that the database contains million of access codes of Facebook, Twitter, Linkedin, Gmail Accounts of different users, that can be used to post update from compromised Accounts. In total, the hackers claimed to downloaded more than 7 databases fro Truecaller server of 450GB in size. At the time of reporting this news, Truecaller website is still under maintenance and index page saying, " We are doing some upgrades. Thank you for your patience ." SEA also posted a database screenshot on twitter, showing the phonebook l

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Researchers at mobile security firm Lookout discovered a security flaw in Google Glass which allowed them to capture data without the user's knowledge, when the user merely took a photo that captured a malicious QR code. Lookout was able to force Google Glass to silently connect to a Wi-Fi access point, which let the researchers view all of the data flowing to and from the device. When combined with an Android 4.0.4 web vulnerability , the hack apparently gave researchers full control of the Glass headset. The problem was that Google Glass could be told to execute a QR code without the user having to give permission. Because of Glass's limited user interface, Google set up the device's camera to automatically process any QR code in a photograph. In a video posted on YouTube, Lookout Security described the vulnerability: " That access point in turn allowed us to spy on the connections Glass made, from web requests to images uploaded to the Cloud ." said Mar

Android Security Squad, the China-based group that  uncovered a second Android master key vulnerability that might be abused to modify smartphone apps without breaking their digital signatures.  The whole point of digitally signing a document or file is to prove the file hasn't been modified. The process uses a form of public-key cryptography . In Chinese version of hacking attack, malicious code can be added into the file headers, but the method is limited because targeted files need to be smaller than 64K in size. APK files are packed using a version of the widespread ZIP archiving algorithm. Most ZIP implementations won't permit two same-named files in one archive, but the algorithm itself doesn't forbid that possibility. So basically, two versions of the classes.dex file are placed inside of the package, the original and a hacked alternative. When checking an app's digital signature, the Android OS looks at the first matching file, but when act

Ransomware is a type of malware that attempts to extort money from a computer user by infecting and taking control of the victim's machine, or the files or documents stored on it. This kind of malware has typically been the domain of Windows users, but has made its way to OS X. A new piece of FBI themed Ransomware Malware is targeting Mac OS X and hijacking the user's browser with a notice demanding payment of $300 in order to release control of the application and accusing them of illegally accessing pornography. The address bar shows a URL clearly trying to fool users - fbi.gov.id657546456-3999456674.k8381.com  and the warnings appearing to be from the FBI tell the victim: " you have been viewing or distributing prohibited Pornographic content.. To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $300. " According to Malwarebytes , ransomware page is being pushed onto unsuspecting users browsing re