The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Twitter , the biggest Social Media platform used for vital communication is now banned in Turkey from the last few days, after Prime Minister Recep Tayyip Erdoğan promised to root out the social media service during an election rally this week with the help of a court order. " Twitter and so on, we will root them out. The international community can say this or that – I don't care. They will see the power of the Turkish Republic ." After the ban imposed on Twitter late on Thursday, millions of Turkey users began using Google's DNS service to bypassing censorship, that briefly helped Turks stay connected to Twitter. Turkey Government is trying to close all the possible loopholes that had allowed users to circumvent the ban and finally today the authorities have also blocked the Google DNS service (8.8.8.8 and 8.8.4.4), However the number of tweets jumped 138% in the last 24 Hours and almost 2.5 million tweets have been posted from the country after the ban imposed. Why

Facebook just released a new programming language called ' HACK ', designed to build complex websites and other software quickly and without many flaws. The company has already migrated almost all of its PHP-based social networking site to HACK over the last year, but it has nothing to do with Hacking. When Social Networking website Facebook was started 10 years ago, it was coded in PHP by Mark Zuckerberg and team, but as the company grew, PHP Programming platform became difficult to manage and bug-free. Thus, Hack was born!  Facebook Team decides to develop a new programming language that could combine elements of static- type programming languages such as C or C++ with dynamic-type languages like PHP, now called " HACK Programming Language ". " Hack has deep roots in PHP. In fact, most PHP files are already valid Hack files. " Facebook said, " We have also added many new features that we believe will help make developers more productiv

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

The US Government was publicly accusing Chinese electronics manufacturer Huawei of espionage from the past few years. Ironically, it has now been revealed that the  National Security Agency conducted a major offensive cyber operations against the  Chinese government and networking company Huawei,  in early 2009. According to reports based on classified documents leaked by Edward Snowden   and viewed by The Times and Der Spiegel , NSA has infiltrated servers in the headquarters of Chinese telecommunications and hacked into the email servers of Huawei five years ago. Code-named as " Operation Shotgiant " was conducted with the involvement of the CIA, White House intelligence coordinator and the FBI; aimed to find a link between  Huawei  and China's People's Liberation Army. NSA accessed the emails of many Huawei employees' for this purpose. NSA STOLE SOURCE CODES NSA also aimed to conduct surveillance through computer and telephone networks Huawei sold

As we have reported you earlier that Microsoft is pulling out their Windows XP support after April 8 2014. Since a vast majority of bank ATMs around the world currently runs on Windows XP, but if they'll continue sticking to it after the deadline, then they'll be exposed to all kinds of security threats, as Microsoft will no longer provide the security patches thereafter. Many countries' Banks have got a way out, many banks have arranged or are in the process of arranging extended support for Windows XP for which they are ready to pay Microsoft millions of dollars, but may be not in the case of India. Yes, India will never feed Microsoft for providing extra support to the older version; rather they could switch over to the Linux operating system. India has around 115,000 ATMs across the country at present and the counts will go up in coming days, but the end of life for XP will not affect banks and functioning of ATMs as the financial institutions across the country are we

Earlier this week, Microsoft admitted that they have accessed a French Blogger's private Hotmail account to identify a former Microsoft employee who had leaked the company's trade secrets in 2012. Microsoft defined this private investigation as part of " Protecting our customers and the security and integrity of our products ", mentioned in the Microsoft's terms of service, which says that the action was within the boundaries of the Electronic Communications Privacy Act. U.S. Authorities arrest Alex Kibkalo , ex-Microsoft employee. The indictment states , Kibkalo " uploaded proprietary software and pre-release software updates for Windows 8 RT as well as the Microsoft Activation Server Software Development Kit (SDK) to his personal SkyDrive account in August 2012. " Kibkalo not only leaked the secret screenshots of Windows 8 , but also provided the information about ' activation of Windows ' that helped the crackers to create a keygen for

Another leak from  Edward Snowden files, but this time not about the NSA, rather the documents revealed that France's central intelligence agency, the DGSE has complete and unconditional  access to all of  telecom giant  Orange's data, not just metadata . Yes! It is the same  Orange company who threatened to sue the NSA for hacking into the underwater cable that it jointly owns with 15 other companies. According to the French paper Le Monde -- Orange, the leading telecom company in France with more than 26 million customers worldwide cooperated allegedly illegally for years with France's main intelligence agency. DGSE and Agents with military clearance have been working with Orange for at least 30 years. France has a PRISM like surveillance  program to target phone communications, emails and data from tech companies like Google, Facebook, Apple, Microsoft and Yahoo. Furthermore, DGSE is also sharing this data with foreign allies like GCHQ.  The revelations c

Till now we all were aware about the truth that tech companies gave legal access to user data on the government's request, but we were unaware that well known tech companies also charge the government for providing data. Syrian Electronic Army (SEA) , the pro-hacker group, who had compromised Microsoft's Twitter account and blog, earlier this year and Microsoft did announce a breach on its blog earlier this year. " It appears that documents associated with law enforcement inquiries were stolen ,". It seems that they have achieved something bigger than we expected by once more targeting Microsoft. This time the SEA hacking group has managed to successfully get into the FBI's super-secret Digital Intercept Technology Unit (DITU), where they found the actual invoices from Microsoft; detailing how much each request for data cost, which means that the company charges for every document they provide to the FBI agents, Daily Dot reported. The invoic

2014 - The Year for Encryption! Good News for Security & Privacy seekers, Gmail is now more secure than ever before. Google has announced that it has enhanced encryption for its Gmail email service to protect users from government cyber-spying; by removing the option to turn off HTTPS . So from today, Gmail will always use an encrypted HTTPS connection by default when you check or send email. Furthermore, Google also assured that every single email message will now be encrypted as it moves internally between the company's data centers. " Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail's servers—no matter if you're using public WiFi or logging in from your computer, phone or tablet. " Nicolas Lidzborski, Gmail Security Engineering Lead said in a blog post . It was previously disclosed by Edward Snowden that the National Security Agency (NSA) is intercepting email messages as they

Recently we aware you about the tricky phishing scam targeting Google Docs and Google Drive , a similar phishing scam has been detected by the researchers targeting Apple users to steal users' credentials. According to the researchers at Netcraft , a UK based security services company, the hackers have compromised the web server owned by the gaming company, Electronic Arts (EA) to host a phishing site which targets Apple ID Account holders, asking for users' Apple ID and password, along with their full name and date of birth and credit card details as well. " The phishing site attempts to trick a victim into submitting his Apple ID and password. It then presents a second form which asks the victim to verify his full name, card number, expiration date, verification code, date of birth, phone number, mother's maiden name, plus other details that would be useful to a  fraudsters , " wrote the researchers in a blog post. The Hackers compromised the EA Games server by exp

Could a perfectly innocent looking device like router, TV set-top box or security cameras can mine Bitcoins? YES! Hackers will not going to spare the Smart Internet-enabled devices. A Linux worm named Linux . Darlloz , earlier used to target Internet of Things (IoT) devices, i.e. Home Routers, Set-top boxes, Security Cameras, printers and Industrial control systems; now have been upgraded to mine Crypto Currencies like Bitcoin. Security Researcher at Antivirus firm Symantec spotted the Darlloz Linux worm back in November and they have spotted the latest variant of the worm in mid-January this year. Linux . Darlloz worm exploits a PHP vulnerability ( CVE-2012-1823 ) to propagate and is capable to infect devices those run Linux on Intel's x86 chip architecture and other embedded device architectures such as PPC, MIPS and MIPSEL. The latest variant of Linux . Darlloz equipped with an open source crypto currency mining tool called ' cpuminer ', could be use

In the mob of Smart Devices, after Smartphones... Google glass would definitely be the next must-have device. It's non-other than a small computer you wear like eyeglasses allows you to surf the Web, email, text, take photos, live videos and more, -- all hands free. Google Glasses are yet in very limited release, but researchers have developed the world's first spyware that could hijack your Google's Glass computer eyepieces. Two Polytechnic graduate researchers, 22-year-old Mike Lady and 24-year-old Kim Paterson , from California designed an app that has the capability to convert the Google Glass into a Spy Camera, click a photo every ten seconds without giving any visible sign to the wearer, Forbes reported yesterday . The malware app developed by the researchers, masquerades itself as a fair piece of note-taking software, ironically dubbed as ' Malnotes ', that trick users accept the permissions which allow them to capture images of whatever the glass wearer is l

I am quite sure that you must be syncing your Smartphone with your Computers for transferring files and taking backup of your device. If you are using windows operating system and Android devices, then it's a bad news for you, because FireEye Security Researchers have identified a new piece of windows malware that can also infects your Android Devices. During an investigation of a targeted attack on a US based financial institution, researchers spotted a new version of Windows Remote Access Trojan (RAT) called ' Win-Spy Software Pro v16 ', a spying and monitoring tool.  WinSpy was embedded in macro documents to kick off a spam campaign via a spear phishing email. " The recent surge in Android-based RATs such as Dendroid and AndroRAT shows a spike in the interest of malicious actors to control mobile devices.  GimmeRAT  is another startling example of malicious actors venturing into the Android ecosystem ," security firm said. The Researchers dubbed the

Since all the versions of the popular game ' Grand Theft ' gone blatant and during the first week of the release of the Grand Theft Auto 4 in 2008, it topped half of millions of dollars, sold 3.6 million copies and generated $310 million in sales i.e., earning about 5 times as much as the blockbuster movie - Iron Man. But the latest version -- Grand Theft Auto V is only available for the Xbox 360 and PS3 and there are rumors of a PC version of it on GameStop's PowerUp Rewards website. So, it's very common that if I offer you Grand Theft Auto V for PC, you eagerly want it.  Mind this, " There is no Grand Theft Auto V for PC ," accept the reality and don't let cyber criminals take leverage of this fact. If you receive any email that alerts that you have been invited to the PC beta test for the game, considering it unreal, don't click on embedded links in the email because it can lead you to several bad websites that will infect you with all kinds of malwa

Mark Zuckerberg is continually denying working with the NSA or any other Government Intelligence Agency in serving out data they gathered through extended surveillance, and even he expressed his indignation over the damage the Government is creating for all, on the phone call to the US President Obama . " I've called President Obama to express my frustration over the damage the government is creating for all of our future ," he said in a blog post. Facebook - HTTPS Now, just yesterday morning, Facebook's Chief Security Officer Joe Sullivan sat down whiteboard session on social networks in Silicon Valley headquarters for providing information on the company's security policy diving. The session was conducted after a recent report revealed by The Intercept , suggested the National Security Agency (NSA) may have masqueraded as the social network to infect a number of target's computers, according to Edward Snowden documents. He said, " no one co

Last Weekend Google Play Store was crashed twice by a Turkish hacker when he tried to test vulnerability he discovered on the Android  apps  publishing system, known as Google's Developer Console . Turkish hacker ' Ibrahim Balic ' claimed responsibility for the Google Play Store attack and told ' The Hacker News ', he found a flaw in the Android operating system while working with Android tools i.e. Compiler, debugger on his Emulators, that was crashing again and again.  ' I successfully confirmed that it affects Android 4.2.2 , 4.3 and 2.3 ' he said. Then he created an Android app to exploit the vulnerability, ' causes a possible memory corruption '  and uploaded it to the Google's Developer Console. Unfortunately, OR Luckily the malformed Android app crashed whole Google's Developer Console, and he didn't expect that the app will knock everyone offline from Play Store. He was not sure about the outage caused by him or not,

27-year-old Infamous Moroccan-Russian hacker arrested by Thailand's Department of Special Investigation (DSI)  in Bangkok, accused of cracking Switzerland Bank Computers and websites. Farid Essebar , went by the online screen name " Diabl0 ", has been wanted from last three years, and finally arrested on Tuesday with the joint operation of Thai and Swiss authorities and will be extradited to Switzerland soon. In 2011, He allegedly duplicated the Bank website pages to dupe more than 1,000 people and responsible for damage of $4 Billion and subject to an 'International' arrest warrant for forgery and piracy of financial institutions. '' We arrested the suspect at a condominium on Rama IV Road. Next Thailand will send him to Switzerland within 90 days in accordance with the extradition agreement, '' Police Colonel Songsak Raksaksakul of the Department of Special Investigation said. In 2005, 18-year-old Farid Essebar was arrested b

In late 2013, Security Researchers identified thousands of Linux systems around the world infected with the OpenSSH b ackdoor trojan and  credential stealer  named Linux/Ebury ,  that allows  unauthorized access of an affected computer to the remote attackers. Antivirus Firm ESET's Reseacher team has been tracking and  investigating the operation behind Linux/Ebury and today team  uncovers the details [ Report PDF ] of a massive,  sophisticated and organized  malware campaign called ' Operation Windigo ', infected more than 500,000 computers and 25,000 dedicated servers. ' We discovered an infrastructure used for malicious activities that is all hosted on compromised servers. We were also able to find a link between different malware components such as Linux/Cdorked, Perl/Calfbot and Win32/Glupteba.M and realized they are all operated by the same group. '  ESET reported. Malware used in Operation Windigo: Linux/Ebury –  an OpenSSH backdoor use