The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Authorities in Britain, Sweden, and the United States have arrested eight more people in the wake of the shutdown of the Silk Road , online illegal drug marketplace which helped dealers sell drugs under the cloak of anonymity. Millions of Dollars worth of Bitcoins (Electronic currency) had been seized and that other online drug dealer should expect a knock on their door by the National Crime Agency. The other suspects were arrested within hours after the FBI arrested 29-year-old Ross Ulbricht , the suspected creator of Silk Road also known as " Dread Pirate Roberts ". Although, he denies charges that he operated the website. Ulbricht is separately accused in a federal indictment in U.S. District Court in Baltimore with a similar count of narcotics trafficking conspiracy and additional charges of soliciting an $80,000 murder-for-hire of a former Silk Road employee. A federal judge on Wednesday ordered that Ulbricht charged with operating a notorious online drug marketplac

If you're unlucky enough to lose your Smartphone or have it stolen, anyone who finds the device will also be able to access any content stored on the device, whether its contacts, music or documents. But by implementing a SIM card PIN lock, everytime the device is powered down and subsequently switch back on again, the PIN will need to enter before the phone can be used. Security Researcher - Benjamin Kunz Mejri from Vulnerability Laboratory claimed that he found a new vulnerability in the iOS v7.0.1 & v7.0.2, that allows a hacker to bypass the Sim lock Mode. In a Proof of Concept video, he demonstrates that how an attacker can bypass the restricted section of the iPhone, when Sim Lock is enabled on a Stolen iPhone Device. Flaw can be exploited without user interaction and successful exploitation results in the bypass of the SIM lock mode to the regular lock mode. Follow Steps to bypass SIM Lock on stolen Devices: Turn on your iPhone and ensur

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

The Website of Word's most popular mobile messaging app and Antivirus Firm - AVG were hacked this morning and defaced by a new Palestinian Hacker group - KDMS Team, affiliated with Anonymous Group. The Defacement page titled 'You got Pwned', with Anonymous Logo and playing Palestinian national anthem in the page background, says:  we want to tell you that there is a land called Palestine on the earth this land has been stolen by Zionist do you know it ? Palestinian people has the right to live in peace Deserve to liberate their land and release all prisoners from israeli jails we want peace and " There Is No Full Security We Can Catch You ! " It seems that the hacker used DNS hijacking to point domains on a fake server with deface page. The  Whatsapp has resolved the issue, but at the time of writing AVG is still defaced. It is not clear that if any user data was compromised from AVG or Whatsapp. We have contacted WhatsApp and AVG

Microsoft today announced that they had paid more than $28,000 in rewards to Security Researchers for its first Bug Bounty program, that went on for a month during the preview release of Internet Explorer 11 (IE11). The program was designed to run during Internet Explorer 11's browser beta test on June 26 and went on till July 26. They said it would pay researchers up to $11,000 for each Internet Explorer 11 vulnerability they found. In July, the company announced that the first such bounty award was given to a current employee of Google, Ivan Fratric. Today Microsoft has released the names of all the people who the company said found vulnerabilities that qualified for a bounty and paid out $28k a total of six researchers for reporting 15 different bugs. J ames Forshaw, Context Security 4 Internet Explorer 11 Preview Bug Bounty - $4,400 1 Bonus for finding cool IE design vulnerabilities - $5,000 Jose Antonio Vazquez Gonzalez, Yenteasy - Security Research 5 Internet Explorer 11

In the past, there was a general belief that Macs is much more secure than Windows PCs, but now Mac malware is a serious threat to the security of users' computers and information. One of the reasons behind the increase in Mac related Malware attacks is the fact that Apple products are popular with many prominent businessmen and influential politicians. Daniel Pistelli, Reverse Engineer and lead developer of Cerbero Profiler, former developer of IDA Pro comes up with another interesting research, and explained The Hacker News , the basic details behind the technique he used to create an undetectable malware for Mac OS X. Apple implements internally an encryption mechanism to protect some of their own executable like " Dock.app " or " Finder.app ". This encryption can be applied to malware as well. If one does, anti-malware solutions can no longer detect the malware because of the encryption, but OS X has no problem loading such malware. This same

According to a Security Analyst ' Maarten Boone ' working  at Fox-IT company, the Developer of notorious Blackhole Exploit Kit  developer ' Paunch ' and his partners were arrested in Russia recently. Blackhole Exploit Kit  which is responsible for the majority of web attacks today, is a crimeware that makes it simple for just about anyone to build a botnet . This Malware kit was developed by a hacker who uses the nickname "Paunch" and his Team, has gained wide adoption and is currently one of the most common exploit frameworks used for Web-based malware delivery. The Blackhole exploit kit is a framework for delivering exploits via compromised or third-party websites, serve up a range of old and new exploits for Oracle's Java, Adobe's Flash and other popular software to take control of victim's machines. It the point of writing No Police Authority or Press has confirmed the claim made by Maarten about the arrest of Malware author. Plea

October is turning out to be a busy month for patches. This month also marks the 10-year anniversary of the Patch Tuesday program, which Microsoft started in October of 2003. Scheduled for tomorrow, Microsoft has announced that they will release eight security updates including four critical, addressing vulnerabilities in Microsoft Windows, Internet Explorer (IE), Microsoft Office and its other products. Bulletin 1 is almost certainly to a zero-day vulnerability   CVE-2013-3893   that has been actively exploited by hackers in targeted attacks.  Though Microsoft issued a temporary " Fix it " in September for the vulnerability, Bulletins 2, 3 and 4 address vulnerabilities in a wide range of Microsoft products, including Windows XP, 7 and 8, and Windows Server 2003, 2008 and 2012. Bulletins 5, 6 and 7 address vulnerabilities that could allow for remote code execution .  Bulletin 8 addresses an information disclosure vulnerability in SIlverlight and is the le

A German security firm SRL claims a vulnerability in Touch ID Fingerprint Scanner and iCloud allows a hacker to access a locked device and potentially gain control over an owner's Apple ID. SRL points out that Airplane mode can be enabled on a stolen phone from the lockscreen , which turns off wireless connectivity and so defeats the remote wipe facility . This can be accessed without requiring a passcode, could be a major vulnerability when it comes to physically stolen devices. In a video demonstration, they point out that while Apple lets users locate and remotely wipe a device using the Find My iPhone app. Since Find My iPhone can only perform a wipe if a device is connected to the Internet, but because airplane mode will disable Internet Connectivity, that may give a thief enough time to get fingerprints off of the device and eventually log in. An attacker can create a fake fingerprint on a laminated sheet and later attached to one of their fingers, as already explained

WHMCS, a popular client management, billing and support application for Web hosting providers, released an emergency security update for the 5.2 and 5.1 minor releases, to patch a critical vulnerability that was publicly disclosed. The vulnerability was publicly posted by a user named as ' localhost ' on October 3rd, 2013 and also reported by several users on various Hosting related Forums . He also released a  proof-of-concept exploit code  for this SQL injection vulnerability in WHMCS. WHMCS says , as the updates have " critical security impacts .", enables attackers to execute SQL injection attacks against WHMCS deployments in order to extract or modify sensitive information from their databases i.e. Including information about existing accounts, their hashed passwords, which can result in the compromise of the administrator account. Yesterday a group of Palestinian hackers , named as KDMS Team  possibly used the same vulnerability against one of the largest Host

LeaseWeb , one of the World's largest hosting provider has been defaced by Palestinian hackers, named as KDMS Team . LeaseWeb was also hosting provider for one of the biggest file-sharing website Megaupload in the past. Later Megaupload Founder, Kim Dotcom claimed that  Leaseweb had deleted all Megaupload user data from 690 servers without warning. The hacker group replaced the Homepage of the website for just a few hours with an Anonymous Palestine , homepage titled " You Got Pwned " and the defacement message says: Hello Lease Web Who Are You ? Who is but the form following the function of what and what are you is a hosting company with no security KDMS Team : Well ,, We Can See That :P We noticed that Attacker has just changed the DNS server to point the Domain to another server at 67.23.254.6, owned by the attacker. At the time of writing, Leaseweb team resolved the issue and get their Domain back to the original server . But because the hac

Yesterday a new classified NSA document was leaked by Edward Snowden - titled ' Tor Stinks ' in which ideas were being kicked around for identifying Tor users or degrading the user experience to dissuade people from using the Tor browser. The NSA had a very hard time while tracking down all Tor  users and monitoring their traffic, especially since Tor servers are all over the world, but they make tracking easier by adopting  the following techniques: By running their own hostile Tor nodes Using zero-day vulnerability of Firefox browser By tracking user' browser Cookies Tor access node tracking is not new and the Document says that both the NSA and GCHQ run Tor nodes themselves. In order to trace traffic back to a particular Tor user the NSA needs to know the ' entry, relay and exit ' nodes in the anonymizer cloud between the user and the destination website. So for tracking purpose they used self-hosted nodes, that is able to trace a very small number of To

Ross Ulbricht , the recently arrested mastermind behind Silk Road , appeared in court yesterday where his lawyer begged for more time before the detention hearing. As the Protective Order states, The United States is further authorized to seize any and all Bitcoins contained in wallet files residing on silk road servers and can transfer the full account balance in each silk road wallet to a public Bitcoin address controlled by the United States. Right now the FBI must be feeling pretty good too, because a federally controlled Bitcoin account , renamed as " Silkroad Seized Coins " now contains over $3.5 million worth of the digital currency , seized from Silk Road over 26,000 Bitcoins. As of this writing, the FBI 's Bitcoin address has received 122 transactions, nearly 30 of which apparently come from pranksters and now the account holds 27,365.89919925 BTC. Forbes, Kashmir Hill asked FBI spokesperson that what the plan is for those seized Bitcoins. " W