The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

If you haven't heard by now, Facebook just made its biggest move ever, buying the messaging service WhatsApp in a deal worth some $19 billion. That's 19 times what Facebook paid for Instagram two years ago. The WhatsApp Service run by the team of just 32 engineers, handles more than 50 Billion messages daily, and approx 385 million active users. WhatsApp acquisition has also brought out fresh criticism over security for the billions of messages delivered on the platform. Security Researcher at Praetorian Labs identified several SSL-related security issues in WhatsApp application using Project Neptune , a mobile application security testing platform. " WhatsApp communication between your phone and our server is fully encrypted. We do not store your chat history on our servers. Once delivered successfully to your phone, chat messages are removed from our system ." Company said in a blog post . But researchers found that WhatsApp is vulnerable to Man-in-theMiddl

Apple's latest 35.4 MB update of  iOS 7.0.6  doesn't seem important at first, but it contains a critical security patch that addresses a flaw with SSL encryption. Yes, a very critical security vulnerability that could allow hackers to intercept email and other communications that are meant to be encrypted in iPhone, iPad and Mac computer. Apple provides very little information when disclosing security issues, ' For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. ' said in the security advisory . Cryptography experts immediately tried to figure out what was wrong with Apple's implementation of Secure Sockets Layer (SSL) and the details are: Impact:  The vulnerability assigned CVE-2014-1266 and  affects both the iOS and OS X operating systems , describes as ' Secure Transport failed to validate the authent

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

WhatsApp for Android added most awaited privacy option for all who do not want to display information about when they last used the app. This is the first impressive update of the  WhatsApp after acquisition by Facebook , who   has paid a lot of money in cash and stock to acquire it. The Popular Smartphone messaging application  WhatsApp version 2.11.169 will provide you more ability and control over privacy options i.e. Hiding ' last seen at ' time, Profile picture, status updates from others, which are currently visible for all WhatsApp users. Currently, these options are set to  'everyone'  by default, that allows any WhatsApp user to find out exactly when you used WhatsApp for the last time, also reveals your image and Status message. Most of the times we don't want it to be shown to anyone or to non-contact users. How to hide WhatsApp 'last seen at' time and Profile Picture? WhatsApp now allows you to Modify your Privacy settings in three wa

Smartphone  is the need of everyone today and so the first target of most of the Cyber Criminals . Malware authors are getting to know their market and are changing their way of operations. Since last year we have seen a rise in the number of hackers moving from the Blackhat into the Greyhat. The Head of knowledge delivery and business development for  RSA's FraudAction Group ,  Daniel Cohen  warned users about the new threat via a company  blog  on Thursday, that explains everything about the malware app, called  iBanking . iBanking , a new mobile banking  Trojan app which impersonates itself as an Android ' Security App ', in order to deceive its victims, may intimidate a large number of users as now that its source code has been leaked online through an underground forum. It will give an opportunity to a larger number of cybercriminals to launch attacks using this kind of ready-made mobile malware in the future. Since many banking sites use  two-fac

Security Firm FireEye has uncovered yet another critical zero-day vulnerability in widely used Adobe Flash Software and Adobe has been forced to issue a second emergency patch update  in less than a month. All versions of Adobe Flash Player released before today's patch are vulnerable to the zero-day exploit and the patch addresses a critical vulnerability  CVE-2014-0502 , being used in a watering hole attack -dubbed " Operation Greedywonk",  that allows attackers to remotely take control of infected systems. The vulnerability affects the latest versions of Flash, is reported to be targeting the websites of three non-profit institutions, being redirected to an malicious server hosting the zero-day exploit. " Visitors to the Peter G. Peterson Institute for International Economics (www.piie[.]com) were redirected to an exploit server hosting this Flash zero-day through a hidden iframe ." FireEye said. Security updates tackle a number of flaws includi

So you want to be a Programmer? Want to learn - How to code, Debug, and Program? The Web is full of free resources that can turn you into a programmer in no time, but never knew Where to start or How to troubleshoot your programs . Learning How to be a good programmer begins with learning logic concepts and language syntax and Google is a superb search engine, used by the majority of users online for finding information. But most of the time we don't get helping hands ' easily & quickly ' to debug our programs using Google or other Search engines. Learning to program is hard enough, but debugging is a critical skill, actually - it's frustrating ! DuckDuckGo , a private Search Engine that claims it gives complete anonymity to its users, has ' Programming Goodies ' for you and Software Engineers, i.e. provides a large number of programming tips and solutions from the a number of references, for various programming languages. Following are the

Popular Smartphone Messaging app  WhatsApp 's $19 billion acquisition by Social Network giant Facebook  made Headlines this week. While Some are applauding the move, and many other users are worried about WhatsApp's future and their privacy after this acquisition. Why So Serious? WhatsApp currently having 450 million active users and processes 50 billion messages a day. Service charges a nominal service fee of $1/year, that means Facebook is buying at $42.22 per user. $19 Billion / 450 million users  = $42.22 per user These figures show ,  obviously future revenue from WhatsApp can't cover the acquisition cost in the short or mid-term. " You can still count on absolutely no ads interrupting your communication. There would have been no partnership between our two companies if we had to compromise on the core principles that will always define our company, our vision and our product. " WhatsApp founder said in a  blog post . So, What Facebook is

Zeus , a financially aimed Banking Trojan that comes in many different forms and flavors, is capable to steal users' online-banking credentials once installed. This time, an infamous  Zeus Trojan has turned out to be a more sophisticated piece of malware that uses web-crawling action . Instead of going after Banking credentials and performing malicious keystroke logging, a new variant of Zeus Trojan focuses on Software-as-a-service (SaaS) applications for the purpose of obtaining access to proprietary data or code. The SaaS Security firm vendor Adallom , detected a targeted malware attack campaign against a Salesforce.com customer, which began as an attack on an employee's home computer. Adallom found that the new variant had web crawling capabilities that were used to grab sensitive business data from that customer's CRM instance. The Security firm noticed the attack when they saw about 2GB of data been downloaded to the victim's computer in less than 10

Using Popular Online Dating app - Tinder on iPhone ?? Then you are at significant risk that exposed members' private information without their knowledge. Online Dating app Tinder, available for the iPhone from the app store , has become incredibly popular in the past few months. Tinder app allows you to find dates nearby your location within a few miles and connects you with them, but a vulnerability allowed the attacker to potentially pinpoint your exact location to within 100 feet. Security Researchers at Include Security discovered that Tinder GPS vulnerability making members vulnerable to hackers. The Security flaw was discovered by the company last October, that enabled any member with some programming skills to access the app's API (Application Programming Interface) to get the exact latitude and longitude for another member. " Due to Tinder's architecture, it is not possible for one Tinder user to know if another took advantage of this vu