The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

We are continuously keeping our eye on new variants of the widely spread Ransomware family like Cryptolocker , Prison Locker, Copycat and Locker which encrypts your files and ask for a random amount to decrypt it.  If infected by such malware, to be very honest, there is no hope for recovering your documents without paying a ransom amount to the cyber criminals. Online users are now facing another similar ransomware called ' CryptorBit ', ( Virustotal report ) first spotted on September 2013. It is not a variant of Cryptolocker but it does exactly the same thing i.e. Encrypt all the files on the Hard Disk. CryptorBit is an infection that activates by clicking links in a spam message or malicious email, or websites while browsing the web, or by opening an attachment in an email from a malicious source. Once your system gets infected by the CryptorBit, it will encrypt your files and hold them until a ransom of $50 - $500 or more is not paid. It will display

Are you fond of playing games on your Smartphone like Angry Birds or Subway Surfer ?? You should now stop wasting your time, because NSA is utilizing your gaming energy in the best possible way. According to the latest documents leaked by former U.S. Government contractor Edward Snowden , Some of the world's most popular Smartphone applications are telling British (GCHQ) and American intelligence agencies ( NSA ) everything about you. NSA is tapping communication across the Internet of all " leaky " apps ( Unencrypted app, without SSL connection ) to peek into the tremendous amounts of very personal data, including your age, location, sex and even sexual preferences. This is really unacceptable! The Guardian claims that the NSA and its UK counterpart GCHQ have been developing capabilities to take advantage of these 'leaky' apps, collecting most sensitive information such as sexual orientation and " even sends specific sexual preferences such a

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

A location based Social Networking platform with 45 million users,' Foursquare ' was vulnerable to the primary email address disclosed.  Foursquare is a Smartphone application that gives you details of nearby cafes, bars, shops, parks using GPS location and also tells about your friends nearby. According to a Penetration tester and hacker ' Jamal Eddin e ',  an attacker can extract email addresses of all 45 million users just by using a few lines of scripting tool. Basically the flaw exists in the Invitation system of the Foursquare app. While testing the app, he found that invitation received on the recipient's end actually disclosing the sender's email address, as shown above. Invitation URL:  https://foursquare.com/mehdi?action=acceptFriendship&expires=1378920415&src=wtbfe& uid = 64761059 &sig=mmlx96RwGrQ2fJAg4OWZhAWnDvc%3D Where 'uid' parameter represents the sender's profile ID.  Hacker noticed th

Do you use Thunderbird , a free; open-source; cross-platform application for managing email and news feeds? According to a Pakistani Security Researcher from Vulnerability-Lab, a flaw gives an attacker the ability to run code on a user's machine. Mozilla Thunderbird 17.0.6 email application is vulnerable to critical validation and filter bypass vulnerability, enables an attacker to bypass the filter that prevents HTML tags from being used in messages. According to a Security Advisory released by Vulnerability-Lab , the flaw resides in Mozilla's Gecko engine. During the testing, the researchers found many java script errors which gave the researcher much hope in believing that the application might actually be vulnerable. By default, HTML tags like <script> and <iframe> are blocked in Thunderbird and get filtered immediately upon insertion. However, while drafting a new email message, attackers can easily bypass the current input filters by encoding

Using Tormail Email service for being Anonymous online while conversations and mail exchange?? There is a very disappointing news for all   current and past users, US Federal Bureau of Investigation (FBI) has a complete copy of Tormail server and they are using it to catch the Criminals & Hackers. According to court documents that recently surfaced, the FBI  have cloned the entire email database while investigating Freedom Hosting. In August 2013, when the FBI seized the Tor network's top web host, Freedom Hosting , that gave the feds access to every record of every anonymous site hosted by Freedom Hosting , including TorMail , a service that allowed to send and receive email anonymously . New evidence uncovered by Wired suggests those archives are now being used in completely unrelated investigations, but possibly now the FBI is mining the information from that database to track cyber criminals. Remember the shutdown of the Silk Road black market?? A