The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

We are continuously keeping our eye on new variants of the widely spread Ransomware family like Cryptolocker , Prison Locker, Copycat and Locker which encrypts your files and ask for a random amount to decrypt it.  If infected by such malware, to be very honest, there is no hope for recovering your documents without paying a ransom amount to the cyber criminals. Online users are now facing another similar ransomware called ' CryptorBit ', ( Virustotal report ) first spotted on September 2013. It is not a variant of Cryptolocker but it does exactly the same thing i.e. Encrypt all the files on the Hard Disk. CryptorBit is an infection that activates by clicking links in a spam message or malicious email, or websites while browsing the web, or by opening an attachment in an email from a malicious source. Once your system gets infected by the CryptorBit, it will encrypt your files and hold them until a ransom of $50 - $500 or more is not paid. It will display

Are you fond of playing games on your Smartphone like Angry Birds or Subway Surfer ?? You should now stop wasting your time, because NSA is utilizing your gaming energy in the best possible way. According to the latest documents leaked by former U.S. Government contractor Edward Snowden , Some of the world's most popular Smartphone applications are telling British (GCHQ) and American intelligence agencies ( NSA ) everything about you. NSA is tapping communication across the Internet of all " leaky " apps ( Unencrypted app, without SSL connection ) to peek into the tremendous amounts of very personal data, including your age, location, sex and even sexual preferences. This is really unacceptable! The Guardian claims that the NSA and its UK counterpart GCHQ have been developing capabilities to take advantage of these 'leaky' apps, collecting most sensitive information such as sexual orientation and " even sends specific sexual preferences such a

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a

A location based Social Networking platform with 45 million users,' Foursquare ' was vulnerable to the primary email address disclosed.  Foursquare is a Smartphone application that gives you details of nearby cafes, bars, shops, parks using GPS location and also tells about your friends nearby. According to a Penetration tester and hacker ' Jamal Eddin e ',  an attacker can extract email addresses of all 45 million users just by using a few lines of scripting tool. Basically the flaw exists in the Invitation system of the Foursquare app. While testing the app, he found that invitation received on the recipient's end actually disclosing the sender's email address, as shown above. Invitation URL:  https://foursquare.com/mehdi?action=acceptFriendship&expires=1378920415&src=wtbfe& uid = 64761059 &sig=mmlx96RwGrQ2fJAg4OWZhAWnDvc%3D Where 'uid' parameter represents the sender's profile ID.  Hacker noticed th

Do you use Thunderbird , a free; open-source; cross-platform application for managing email and news feeds? According to a Pakistani Security Researcher from Vulnerability-Lab, a flaw gives an attacker the ability to run code on a user's machine. Mozilla Thunderbird 17.0.6 email application is vulnerable to critical validation and filter bypass vulnerability, enables an attacker to bypass the filter that prevents HTML tags from being used in messages. According to a Security Advisory released by Vulnerability-Lab , the flaw resides in Mozilla's Gecko engine. During the testing, the researchers found many java script errors which gave the researcher much hope in believing that the application might actually be vulnerable. By default, HTML tags like <script> and <iframe> are blocked in Thunderbird and get filtered immediately upon insertion. However, while drafting a new email message, attackers can easily bypass the current input filters by encoding

Using Tormail Email service for being Anonymous online while conversations and mail exchange?? There is a very disappointing news for all   current and past users, US Federal Bureau of Investigation (FBI) has a complete copy of Tormail server and they are using it to catch the Criminals & Hackers. According to court documents that recently surfaced, the FBI  have cloned the entire email database while investigating Freedom Hosting. In August 2013, when the FBI seized the Tor network's top web host, Freedom Hosting , that gave the feds access to every record of every anonymous site hosted by Freedom Hosting , including TorMail , a service that allowed to send and receive email anonymously . New evidence uncovered by Wired suggests those archives are now being used in completely unrelated investigations, but possibly now the FBI is mining the information from that database to track cyber criminals. Remember the shutdown of the Silk Road black market?? A