The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Facebook has several security measures to protect users' account, such as a user " access token " is granted to the Facebook application (like  Candy Crush Saga, Lexulous Word Game ), when the user authorizes it, it provides temporary and secure access to Facebook APIs. To make this possible, users have to ' allow or accep t' the application request so that an app can access your account information with the required permissions. The Access Token stores information about permissions that have been granted as well as information about when the token will expire and which app generated it. Approved Facebook apps can publish or delete content on your behalf using the access tokens, rather than your Facebook password. Access tokens are pretty sensitive, because anyone who knows the access token of a user can access the user's data and can perform any actions on behalf of the user, till the token is valid. In Past years, Many Security Researchers

Last week, The Foreign Intelligence Surveillance Court (FISA) ruled the National Security Agency (NSA) to do not keep Internet and phone metadata gathered through bulk surveillance programs longer than five years and destroy them. Judge Reggie Walton said, keeping records for more than 5 years " would further infringe on the privacy interests of United States persons whose telephone records were acquired in vast numbers and retained by the government ," Later, The Electronic Frontier Foundation, an Internet privacy and civil liberties group asked the Court to temporarily hold the destroy orders, saying the records may be used as an evidence in its lawsuits challenging the NSA surveillance . U.S. District Judge Jeffrey White, who is overseeing an invasion-of-privacy lawsuit against the National Security Agency (NSA), ruled to stop the destruction of millions of Telephone records collected by the National Security Agency's surveillance program and ruled to safeguard th

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

The Whistleblower and Former National Security Agency (NSA) contractor Edward Snowden raised his voice and talked about citizen's privacy once again. Yes, Snowden, whose leaks last year triggered debate on the massive surveillance conducted by the Government worldwide. In an interview, speaking via Google Hangout at the South by Southwest Interactive conference, SXSW in Austin, Snowden said he has no regrets over his leaks about mass surveillance programs , despite now being unable to return to the US, where he faces a criminal indictment. He said, " Every society has benefited " from the disclosures. " Would I do this again? The answer is absolutely yes. Regardless of what happens to me, this is something we had a right to know. " Two BAD-Geeks:  Snowden criticized both Alexander and Michael Hayden, who were his predecessor as the NSA director, and the same two officials who mainly " harmed our Internet security and actually our national security " in the

Pop Singer Justin Bieber's Twitter account hacked for around 15 minutes before it was corrected! The Twitter account with 50.2 Million Followers was compromised i.e. Twitter account with the second most Twitter followers. Spammers tweeted in Indonesian language from his hacked account with the links to a malicious twitter app named " ShootingStarPro ", and messages reading " Justin Bieber Cemberut? ", means - " Justin Bieber sullen? " It seems that the Justin's twitter account was hijacked by Indonesian hacker with a malicious twitter app, that further tweeted links to the a malicious website rumahfollowers[dot]tk   that hosted " ShootingStarPro " app, aimed to target his millions of followers in one shot. Justin's team quickly responded to the issue, deleted the bogus tweets and told fans " All good now. We handled it. ". He also warned his followers, " That link from earlier. Don't click it. Virus. Going to e

We have seen a lot of Facebook malware and virus infections spreading through friends list, and this time a new clickjacking scam campaign is going viral on Facebook. Hackers spam Facebook timeline with a friend's picture and " See (Friend)'s naked video," or "(Friend Name's) Private Video. " The Picture appears to be uploaded by a friend and definitely, you might want to see some of your Facebook friends naked, But Beware!  If you get curious and click, you will be redirected to a malicious website reports that your Flash Player is not working properly and needs to be re-installed. But in actuality it will install a malware in your system and once approved, several disguised thing can happen to you. It further installs a malicious  browser extension to spread the scam and steal users' photos. " When the link is clicked, users are sent to a very realistic-looking mockup of a YouTube page, where the hackers will try to imme

Last week, the Researchers at the German security company G Data Software have reported about the most complex and sophisticated rootkit  malware, Uroburos which is designed to steal data from secure facilities and has ability to take control of an infected machine, execute arbitrary commands and hide system activities. Recently, British cyber specialist BAE  has disclosed the parent Russian malware campaign dubbed as ' SNAKE ' that remained almost undetected for least eight years while penetrating highly secured systems. Uroburos rootkit was one of the components of this campaign. In a separate Investigation, Western intelligence officers have found another piece of spyware , infecting hundreds of government computers across Europe and the United States, known as ' Turla '. Researchers believed that  Turla  campaign is linked to a previously known campaign ' Red October ', a massive global cyber spying operation targeting diplomatic, military and nuclear

Smartphones are always ready to connect to the Internet and contains sensitive information such as Contacts, SMS, Photos, and GPS information and this sensitive information is always in danger of leakage. According to a report, Cyber criminals and state-sponsored hackers are developing 55,000 new malware variants, each and every day; and many of them try to elevate privileges for unfettered control of the user device. North Carolina State University Researchers have developed a new software, called Practical Root Exploit Containment ( PREC ) , with the sole purpose of detecting mobile malware that attempts to run Root exploits in Android devices. Root exploits take control of system administration functions of the operating system that gives the hacker an unrestricted control of user's Smartphone. That means, an application has not permission to read your messages or contacts or the GPS location, but after getting root access it will be able to steal any data from your d

Tor network offers users browse the Internet anonymously and is mostly used by activists, journalists to conceal their online activities from prying eyes. But it also has the Dark side, as Tor is also a Deep Web friendly tool that allows hackers and cyber criminals to carry out illicit activities by making themselves anonymous. Kaspersky security researcher reported that Tor network is currently being used to hide 900 botnet and other illegal hidden services, through its 5,500 plus nodes i.e. Server relays and 1,000 exit nodes i.e. Servers from which traffic emerges. These days, Cyber criminals are hosting malware's Command-and-control server on an anonymous Tor network to evade detection i.e., difficult to identify or eliminate. Illegal use of the Tor network boosted up after the launch of the most popular underground Drug Market - Silk road  that also offered arms and malware to their users against Bitcoin , one of the popular crypto currency . ChewBacca , a point-

U.S. Prosecutors decided not to pursue crucial criminal charges against journalist and activist Barrett Brown , and dismiss a majority of charges related to sharing a link to a dump of credit card numbers connected to the breach of intelligence firm Stratfor. Supporters say Brown just copied the hyperlink from an the Internet chat room and then reposted the link on his own internet chat room, Project PM , that linked to stolen documents from the US government contractor, Stratfor Global Intelligence , included 860,000 e-mail addresses for Stratfor subscribers and 60,000 credit card details. Just hours after Brown's lawyers filed their comprehensive argument, the DOJ has filed a motion to dismiss all 11 charges, on Thursday.  Apart from computer fraud charges, Brown is also facing prosecution for allegedly threatening an FBI agent and for alleged obstruction of justice. The Electronic Frontier Foundation (EFF) , a non-profit organization defending civil libertie

' Satoshi Nakamoto ', the mysterious founder and creator of the biggest digital cryptocurrency ' Bitcoin ' has reportedly been unmasked as a 64-year-old father of six living in Temple City, Southern California. Satoshi Nakamoto introduced Bitcoin to the world in 2008, but his identity has remained unknown. Till now, there was speculation that he might be a rebellious young programmer based in Tokyo, who took up the Nakamoto moniker as an alias. B ut t he most astonishing thing about this Japanese-American man is that, his real name is Satoshi Nakamoto , who has been finally identified by Newsweek magazine . Newsweek journalist, Leah McGrath Goodman also had a face-to-face meeting with Satoshi Nakamoto, and during an interview he said, " I am no longer involved in that [Bitcoin] and I cannot discuss it, " he said. " It's been turned over to other people. They are in charge of it now. I no longer have any connection. " and even he kep