The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Going for a meeting or for a party and your Phone's battery discharged? Oops!  Yes, I know this happens with most of us once in a day or I can rather say all of us. Smartphones are smart enough but not that smarter as expected keeping in mind today's lifestyle. Phones are the basic necessity now-a-days, but this comes up with another tension-tension of charging at regular intervals, which took most of our precious time. GET-SET CHARGE IN 30 SECONDS Now, if I say that your Smartphone will charge in just 30 seconds, then you definitely won't believe it. But saying this won't be wrong, Israeli start-up claims to have created a battery that uses nanotechnology to charge your Smartphone in 30 seconds. StoreDot unveiled the device Monday at Microsoft's Think Next Conference in Tel Aviv . The prototype charger is capable to charge your Smartphone 100% within few blinks of your eyes, all in about 30 seconds. It depends on bio-organic quantum dots that are na

Year back, one of the largest " Advanced Persistent Threat " ( APT ) hacking groups received widespread attention from the media and from the U.S. government. APT Groups are China's cyber espionage units and they won't stop their espionage operation, despite being exposed last year. Yes, APT hacking groups, APT1 and APT12 , are again making headlines. Without bothering that the world knows about its cyber hacking activities, the two of its major hacking groups have became once again active and have resumed their espionage operation, reports the security firm Mandiant . A timeline of APT1 economic espionage conducted since 2006 and has systematically stolen confidential data from at least 141 organizations across multiple industries. Mandiant, the FireEye owned company, announced in its M-Trend report that over the past year the firm has a close eye on the APT1 group , which it first exposed in February 2013. It's also been monitoring the second Chinese hackers group, APT12 that

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Just imagine, you are sitting in front of your laptop and your laptop is listening to your nearby conversations. What if the recorded audio from the system's microphone is being instantly uploaded to a malicious website? Google has created a speech-recognition Application Programming Interface (API) that allows websites to interact with Google Chrome and the computer's microphone allows you to speak instead of typing into any text box, to make hands-free web searches, quick conversions, and audio translator also work with them. In January, a flaw was discovered in Google Chrome that enabled malicious websites with speech recognition software to eavesdrop on users' conversations from background without their knowledge using an outdated Google speech API. CHROME IS LISTENING YOU A new similar vulnerability in Google Chrome has been discovered by Israeli security researcher, Guy Aharonovsky, claimed that the Chrome's speech-recognition API has a vulnerability that allo

Firewalls are the front-line soldiers, who sit strategically at the edge of your network and defend it from various security threats. Firewalls require constant maintenance and management to ensure that they are accurately configured for optimal security, continuous compliance, and high performance. Manual firewall configuration and change management is a time-consuming, error-prone, and headache-fraught task, especially in today's increasingly complex and dynamic networks and, for organizations dealing with dozens, or very commonly, hundreds of individual firewalls, routers and other network security devices, manual configuration and ongoing ACL changes can quickly become a management nightmare. If not managed correctly, organizations can find themselves exposed to dangerous cyber threats and compliance risks, which can lead to costly repercussions. The key to keeping up with ever-changing and ever-growing firewall rule-sets is automation.By automating firewall configu

Millions of websites, users' passwords, credit card numbers and other personal information may be at risk as a result of the Heartbleed security flaw , a vulnerability in widely used cryptographic library ' OpenSSL '. [ READ DETAILS HERE ] Netcraft survey says that about half a million widely trusted active websites on the internet are vulnerable to the heartbleed bug, which means the information transmitting through hundreds of thousands of websites could be vulnerable, despite the protection offered by encryption techniques. According to Netcraft, " the heartbeat extension was enabled on 17.5% of SSL sites, accounting for around half a million certificates issued by trusted certificate authorities. These certificates are consequently vulnerable to being spoofed (through private key disclosure), allowing an attacker to impersonate the affected websites without raising any browser warnings. " Among the trusted names running OpenSSL is Yahoo!, which has been

Are you safe from the critical bug Heartbleed?? OpenSSL- the encryption technology used by millions of websites to encrypt the communication and is also used to protect our sensitive data such as e-mails, passwords or banking information.  But a tiny, but most critical flaw called " Heartbleed " in the widely used OpenSSL opened doors for the cyber criminals to extract sensitive data from the system memory. WHAT IS HEARTBLEED? SSL and TLS are known to provide communication security and privacy over the Internet for applications such as websites, email, instant messaging (IM), including some virtual private networks (VPNs). Heartbleed is a critical bug ( CVE-2014-0160 ) is in the popular OpenSSL cryptographic software library, that actually resides in the OpenSSL's implementation of the TLS (transport layer security protocols) and DTLS ( Datagram TLS ) heartbeat extension (RFC6520). This bug was independently discovered by a team of security enginee

Passwords are the first line of defense against cyber criminals. It is the most vital secret of every activity we do over the internet and also a final check to get into any of your user account, whether it is your bank account, email account, shopping cart account or any other account you have. We all know storing passwords in clear text in your database is ridiculous. Many desktop applications and almost every web service including, blogs, forums eventually need to store a collection of user data and the passwords, that has to be stored using a hashing algorithm. Cryptographic hash algorithms MD5, SHA1, SHA256, SHA512, SHA-3 are general purpose hash functions, designed to calculate a digest of huge amounts of data in as short a time as possible. Hashing is the greatest way for protecting passwords and considered to be pretty safe for ensuring the integrity of data or password. The benefit of hashing is that if someone steals the database with hashed passwords, they o

It is advised to those who are running their web server with OpenSSL 1.0.1 through 1.0, then it is significantly important that you update to OpenSSL 1.0.1g immediately or as soon as possible.  As this afternoon, an extremely critical programming flaw in the OpenSSL has been discovered that apparently exposed the cryptographic keys and private data from some of the most important sites and services on the Internet. The bug was independently discovered by security firm Codenomicon along with a Google Security engineer. The flaw is in the popular OpenSSL cryptographic software library and its weakness allows cyber criminals to steal the information protected, under normal conditions, by the SSL (Secure Sockets Layer) or TLS (Transport Security Layer) encryption used to secure the Internet. OpenSSL is an open-source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions that enable SSL and TLS encryption. Mostly every w

Yahoo! The one who enabled the HTTPS connections by default from the beginning of this year, the one who encrypts traffic moving between its data centers from 31st March , now has been accused of harming every  Mailing List  across the world. Experts from the Internet Engineering Council John R. Levine , specialized in email infrastructure and spam filtering claimed this in the post titled " Yahoo breaks every mailing list in the world including the IETF's. " on Internet Engineering Task Force (IETF). Yahoo has established a new rule to automatically exclude Yahoo users from the mailing list, because Mailing List server does not comply with DMARC requirements and they strongly modifies each email. He talks about an " emerging e-mail security scheme " known as Domain-based Message Authentication, Reporting and Conformance (DMARC) that has been implemented by almost every largest email service providers, including Gmail, Hotmail, Comcast, and Yahoo. DMARC helps to reduce the p

When we talk about security, only one thing cames to our mind – ENCRYPTION . Encryption of our online messages, encryption of our emails, encryption of our voice call, encryption of our every personal data and communication that we have to keep away from cybercriminals and, if I am not wrong, also from government intelligence agencies, such as NSA and GCHQ. Eventually, secure encryption is mandatory need of our modern Internet, Mobile communication, financial transactions, network sensors, car keys, and many more. But, government agencies like NSA are trying hard to break every effort that we adopt to secure our personal and confidential data.  NSA is trying to develop a futuristic super computer called ' Quantum computer ' that could be capable of breaking almost every kind of Encryption used to protect banks, medical, business including top-secret information held by government around the world. NEARLY UNBREAKABLE ENCRYPTION So, need for new encryption schem

Well, we all are very conscious, when it comes to the security of our personal information, security of our financial data and security of everything related to us. In the world of Smart devices where our Smartphones knows more than we know ourselves. To keep our device protected from harmful viruses, malware or spyware, we totally depend on various security products such as antivirus, firewall and privacy guard apps, that we typically install from some trusted sources, Google Play Store. Most Antivirus apps are available to download for free, but some of them are paid with extra premium features like advance firewall protection, anti theft, App Locker or Cloud Backup etc. But do you believe that just because you're downloading an application from an official app store and also if its a premium paid version, you're safe from malicious software? Think twice. PAID, BUT FAKE ANTIVIRUS APP In Past, Mobile Security Researchers had spotted numerous fake mobile anti

Tomorrow, 8th April could be a sad day for all those who are still using Windows XP, as it is an official assassination day of it, but there is also a good news that Microsoft is going to stop charging for its Windows Operating System on on the devices with screens smaller than nine inches. Yes, Free a Windows OS for the  Internet of Things (IoTs) ,  such as Mobile Devices, Smart thermostats, Smart TVs, wearable devices etc., that was announced by Microsoft at Build 2014 conference on Wednesday. " To accelerate the creation of great mobile devices running Windows and grow our number of users, we announced today that Windows will be available for $0 to hardware partners for Windows Phones and tablets smaller than 9" in size, " said Terry Myerson, executive vice president, OS Group at Microsoft and he also added that it will include a one-year subscription to Office 365. FREE, BUT NOT OPEN SOURCE Free Windows , means the manufacturers of small tablets, phones and any o

A new dangerous variant of ZeuS Banking Trojan has been identified by Comodo AV labs which is signed by stolen Digital Certificate which belongs to Microsoft Developer to avoid detection from Web browsers and anti-virus systems. Every Windows PC in the world is set to accept software " signed " with Microsoft's digital certificates of authenticity, an extremely sensitive cryptography seal. Cyber Criminals somehow managed to hack valid Microsoft digital certificate, used it to trick users and admins into trusting the file. Since the executable is digitally signed by the Microsoft developer no antivirus tool could find it as malicious. Digitally signed malware received a lot of media attention last year. Reportedly, more than 200,000 unique malware binaries were discovered in past two years signed with valid digital signatures. A Comodo User submitted a sample of the malicious software that attempts to trick user by masquerading itself as file of Intern

Is Air Travel expensive for You?? Of course it's costly for Common people. But, hackers have found a way out of it too. If you have an iPhone then there is no need to buy airline tickets, as a simple iPhone hack can fool any modern airport and get you a seat in first class for free. Anthony Hariton , an 18 year-old computer science student at the University of Crete in Greece, claims he has found a plough to fetch free flight tickets across Europe by generating fake boarding passes designed for Apple's Passbook app. The student prepares to give his presentation entitled " Exploiting Passbook to Fly for Free, " in a hacking conference next month, in which he will theoretically demonstrate on how to generate fake boarding passes using only a computer and an iPhone, then get through all the Security Airport checks and then eventually ending up on your first class seat to the destination of your choice. HACKING iPHONE APP TO GET FREE BOARDING PASSES The iO

Pakistan's Federal Investigation Agency (FIA) has arrested a Pakistani Hacker allegedly involved in hacking into a telecom company and uploading their database on his website. With the help of the National Response Center for Cyber Crime (NR3C) of Pakistan's Federal Investigation Agency, the local authorities were able to trace and arrest the hacker suspected of infiltrating into the systems of Warid Telecom, an Abu-Dhabi-based telecoms company that provides services in Congo, Pakistan and Uganda. The suspect, Mubashar Shahzad , a resident of Kasur, is believed to have downloaded Warid Telecom's customer information from the company's databases and exposed it online, which was published on earlysms.com , a site hosted with HosterPK . Investigation started after one of the senior manager of a cellular company filed a complaint saying the ' information of its consumers till 2006 had been exposed over the internet. ' " A technical/forensic analysis found that the web

Do you know, Why another major company is getting hacked every week? Because of poor policies, Laziness to Incident Response and lack in will-power to put efforts on applying important patches. Some companies are not taking their security more seriously, and best suitable example for this is  TxTag,  an electronic toll collection systems in Texas operated by Texas Department of Transportation (TxDOT) . 1.2 MILLION CREDIT CARD ARE AT RISK Security researcher, David Longenecker   claimed a serious flaw at  TxTag website that exposes the active Credit Card Details and Personal Information of 1.2 Million Drivers including active TxTags (vehicle stickers with microchips, which are scanned by electronic readers on toll roads), Names, phone numbers, full residence addresses, email addresses, along with their complete Credit card numbers and Expiration date. According to David, the account names could be easily predictable by anyone, which is typically an 8-digit number that beg