The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A vulnerability has been identified in Wiko Mobiles that could allow anyone to remotely  force it to shut down abruptly with a text message only. Wiko is  a two-year-old French Mobile manufacturing company known for its cheapest mobiles and smartphones. French  blogger Korben reported that just by sending a  Short Message Service (SMS) with text  "="  (without the quotes) to Wiko mobiles could force them to restart and  knock them off a cellular network. He demonstrated the flaw in a video as shown below: He successfully tested Wiko Mobile flaw with official Android operating system and also reproduced it with custom Android ROM i.e. CyanogenMod, which concludes that the flaw could be in Wiko Mobile Hardware, rather than software. The Flaw was accidentally discovered by a reader, so currently we have no technical explanation that why Wiko mobiles can't behave equal as other smartphones do after receiving 'equal' symbol in SMS. If y

Google just made a huge change to the way application permissions work on Android devices which has left a potential door open to malicious app developers and hackers. Google narrows down Android's 145 permissions into 13 broad categories and groups app permissions into ' groups of related permissions ', likely for Android users to have an easier time dealing with app permissions. Unfortunately, the new update has introduced a few potential security and privacy issues, as listed below: hiding permissions behind the group names auto-updating app with no warning for new permissions According to new update, once a user approves an app's permissions, he actually approves the whole respective permission groups. For example, if an app want to read your incoming SMS messages, then it requires the " Read SMS messages " permission. But now installing an app, you are actually giving it access to all SMS-related permissions. The app developer can then include

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

A new and relatively rare Zeus Trojan  program has found which is totally different from other banking Trojans and has capability to secretly steal data from forms, login credentials and files from the victim as well as can create fake web pages and take screenshots of victim's computer. Researchers at RSA Security's FraudAction team have discovered this new and critical threat, dubbed as ' Pandemiya ', which is being offered to the cyber criminals in underground forums as an alternative to the infamous Zeus Trojan and its many variants, that is widely used by most of the cyber-criminals for years to steal banking information from consumers and companies. The source code of the Zeus banking Trojan is available on the underground forums from past few years, which lead malware developers to design more sophisticated variants of Zeus Trojan such as Citadel, Ice IX and Gameover Zeus . But, Pandemiya is something by far the most isolated and dangerous piece of malware

Following the massive data breaches at eBay , Neiman Marcus Group and Michaels Stores , yet another private equity company Centerbridge Partners-backed restaurant chain P.F. Chang's China Bistro suffered a potential Credit and Debit card data breach. The Asian-themed casual dining restaurant chain confirmed on Thursday their customers' Credit and Debit card information were stolen in the cyber attack on its restaurants, saying it is temporarily switching to a manual Credit and Debit card imprinting system for all of its P.F. Chang's China Bistro branded restaurants located in the United States, in order to process cards safety. " At P.F. Chang's, the safety and security of our guests' payment information is a top priority, " said Rick Federico, CEO of P.F. Chang's. " Therefore, we have moved to a manual credit card imprinting system for all P.F. Chang's China Bistro branded restaurants located in the continental United States. This ensures our guests can

Many of us own a PayPal account for easy online transactions, but most of us don't have balance in our PayPal Account. But what will happen if your money doubles, triple...or even more folds in just some couple of hours ?? Sounds cherishing!! A loophole in the popular digital payment and money transfer service, PayPal allows its users to double the money in their account and that too endlessly. That means with only $50 in your PayPal account, you can make it to $100, then $100 to directly $200 and so on. An eBay owned company, PayPal provides a faster and safer way to pay and get paid. The service gives people simpler ways to send money without sharing financial information, with over 148 million active accounts in 26 currencies and across 193 markets, thereby processing more than 9 million payments daily. According to TinKode a.k.a Razvan Cernaianu , who claimed to have found this loophole in the PayPal service that actually resides in its Chargeback Process  which

When I was in school, I used to play outdoor games like basketball and badminton. When I was in college, I started taking more interest in playing computer games rather going out. But nowadays, children have completely changed their hobbies to programming, hacking, bug bounties in such a ways that just in half an hour of lunch break between classes they hacked ATM machine . A pair of ninth grade students, Caleb Turon and Matthew Hewlett , both 14 year old broke into a Bank of Montreal ATM during their lunch hours between classes by following an old ATM operators manual found online. The duo used the online manual to access the operator mode of the ATM machine in Winnipeg. They didn't use the accessed data to steal any amount from the ATM, rather they simply broke into the ATM machine and printed off information including users' transaction data, surcharge profits and the total cash held in the unit. HOW THEY HACKED INTO ATM MACHINE? Turon and Hewlett were not expectin

A cyber campaign that was targeting iPhone and iPad owners with a sophisticated Ransomware in Australia and New Zealand last month, drawn special attention of online media and security analysts. Russian Authorities have arrested two young hackers from Moscow for their alleged involvement in compromising Apple ID accounts and then using ' Apple's Find My iPhone ' service to hold iOS devices for ransom. A Russian man aged 23 and a teenager aged 17 had been taken into custody in the Southern Administrative District of Moscow for their part in " blocking of Apple devices to extort funds ," claims the press release on the Russian Interior Ministry's website on Tuesday. According to the authorities, one of the suspects used phishing websites to trick victims into giving up their Apple ID username and password. The second suspect's activities are exactly same of the ' Oleg Pliss attack '. " The first involved gaining access to the victim's Apple ID by means of the c

Yesterday, the most popular RSS reader Feedly was down as a result of a large scale distributed-denial-of service (DDoS) attack carried by the cybercriminals to extort money. On Wednesday, the Feedly was temporarily unavailable for its users. Feedly posted details of the attack at 5:00 AM ET on its blog saying that they were under a Distributed Denial of Service (DDoS) attack and cyber-criminals were demanding money in return for returning the service to its normal operations. " Criminals are attacking feedly with a distributed denial of service attack (DDoS). The attacker is trying to extort us money to make it stop, " Edwin Khodabakchian, founder and CEO of Feedly said in a statement on Wednesday. He also expressed regret, " We want to apologize for the inconvenience. Please know that you data is safe and you will be able to re-access your feedly as soon as the attack is neutralized. " Feedly is a very popular RSS feed service which is available for desktop, iOS and

Yahoo offers a web browser toolbar which includes apps for leading sites like Facebook, Yahoo! Mail, Weather and News. Yahoo Toolbar also known as Y! Toolbar is available for Internet Explorer, Firefox and Google Chrome web browsers. Yahoo Toolbar is one of the most popular and widely installed web browser add-on/extension. Many popular softwares like Java Update and thousands of free software including some Antivirus products promote Yahoo toolbar and bundled it into their installer files. A vulnerability has been reported in Yahoo Toolbar by Security Researcher Behrouz SAdeghipour , which causes cross site scripting flaw on popular websites like Flickr, Yahoo, Google, Pinterest, Youtube, Amazon, Twitter and many more. Yahoo Toolbar vulnerability triggers all previous non-exploitable XSS payloads on popular websites as shown below in multiple screenshots provided by Behrouz to The Hacker News .  The vulnerability resides in the way Toolbar intercept and

A quiet change in the privacy setting of its forthcoming iOS 8 smartphone Operating System, Apple could effectively block the path for advertisers, marketers, and other snoopers looking to collect data about you and your location from your Smartphone devices. When your mobile device scan for a free Wi-Fi network, whether at the shopping complex, airport, or restaurant, it sends out the MAC address which is a unique identifier of the device that allows devices to distinguish between one another on a network. Routers need this identifier to connect you to a network. Advertisers and retailers have been seeking to track these identifiers to help offer personalized advertisements to customers based on where they've been. Thanks to Apple's upcoming feature which will enhance users privacy to one step higher than other smartphone providers. Apple announced the change during its annual Worldwide Developers Conference (WWDC) in Cupertino last week, revealing that the feature will restrict

While shopping online we need to first surf through number of pages and then finally have to fill credit and debit cards details manually into the browser, which is the annoying for most of the user. But now the new Safari feature in iOS 8 solves this problem by integrating camera-based Credit and Debit card reader. Apple will soon introduce this feature to Safari in its latest Operating System iOS 8 that will allow its iPhone/iPad users to scan their physical credit and debit cards with their device camera and optical character recognition, according to 9to5Mac . So when a user has to shop online using their iPhone or iPad and reach the payment screen for payment, safari browser will automatically display this " Scan Credit Card " option. This option will help your camera to capture the image of your credit card, which the device will analyze by using the optical character recognition to input the card number into the appropriate text field in the online payment form

Multiple flaws have been identified in Linux Kernel and related software could allow hackers to hack your Linux machines, shared hosting and websites hosted on them. PRIVILEGE ESCALATION VULNERABILITY IN LINUX KERNEL A privilege escalation vulnerability has been identified in the widely used Linux kernel that could allow an attackers to take the control of users' system. On Thursday, the most popular distributor of open source Linux OS, Debian warned about this vulnerability (CVE-2014-3153) in a security update, along with some other vulnerabilities in the Linux kernel that may lead to a denial of service attack. The most critical one is the flaw (CVE-2014-3153) discovered by Pinkie Pie which resides in the futex subsystem call of Linux Kernel 2.6.32.62/3.2.59/3.4.91/3.10.41/3.12.21/3.14.5 versions , leaving a queued kernel waiter on the stack, which can be exploited to potentially execute arbitrary code with kernel mode privileges. " Pinkie Pie discovered an