The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The critical zero-day security flaws has been discovered in the privacy and security dedicated Linux-based operating system " Tails " that could be used by an attacker to unmask your identity. Tails, which is been used and recommended by the global surveillance whistleblower Edward Snowden to remain Anonymous, has a suite of privacy applications and designed to keep users' communications private by running all connectivity through Tor , the network that routes traffic through various layers of servers and encrypts data. But unfortunately, the highly secured OS has several critical zero-day vulnerabilities that could help attackers or law enforcements to de-anonymize anyone and allows to perform remote code execution , according to a researcher at Exodus Intelligence who uncovered the flaws but didn't publish the details about it. The Texas-based security firm, Exodus Intelligence , tweeted on Monday that it had found several remote code execution vulnerabilities i

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

The allegations from a data forensic expert and security researcher that iOS contains a " backdoor " permitting third parties to potentially gain access to large amount of users' personal data instigated Apple to give a strong response. The company has completely denied to the claims published over the weekend by Jonathan Zdziarski, a forensic scientist and iOS security expert. The researcher, better identified as the hacker moniker " NerveGas ", detailed a number of undocumented features in a paper presentation titled, " Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices " showing his findings, from his talk at the Hackers On Planet Earth (HOPE X) conference held in New York on Friday. ALLEGATIONS ON APPLE The issue, what he explained in his finding, arises from the way Apple encrypts or fails to encrypt data from the iPhone's native apps, leaving over 600 million personal iOS devices vulnerable to third parties. &q

Mozilla has officially released its latest build Firefox 31 for all supported platforms, addressing 11 vulnerabilities in total, three of which are marked critical that could have been exploited by hackers to mount remote code execution attacks. Mozilla Firefox recommends its users to install the security update as soon as possible, warning that the three critical vulnerabilities discovered in its browser could be exploited by attackers and leverage them to " run attacker code and install software, requiring no user interaction beyond normal browsing ". CRITICAL VULNERABILITIES The three major vulnerabilities are as follows: MFSA 2014-62 - This is one of the three critical vulnerabilities reported by Patrick Cozzi and get fixed in the newer version of the browser. The vulnerability allows the exploitation of a WebGL crash with Cesium JavaScript library. Much details about the flaw are not known at the time, but Mozilla notes that the flaw cannot be exploi

So far, we have seen the search engine for online underground Black Markets , named ' Grams ' that lets anyone find illegal drugs and other contraband online in an easier way ever and is pretty much fast like Google Search Engine . Now, a new search engine has been launched that primarily exposes all the available information of malicious hackers caught up in the very sort of data breaches  — including the recent massive breaches at Adobe and Yahoo! The search engine dubbed as " Indexeus ", designed by 23-year-old Jason Relinquo of Portugal, boasts a searchable database of "over 200 million entries available to our customers ". It specifically targeted hackers by listing huge amounts of their information such as email addresses, usernames, passwords, Internet address, physical addresses, birthdays and other information that may be associated with those accounts. If in case, any hacker want to get their credentials removed or blacklisted from the search engine

A distasteful trend among the cyber crooks have began these days that they left no occasion, either good or bad, to snatch users' financial information in order to make money as well as spread malware to victimize users. The tragedy of the crashed Malaysia Airlines flight MH17 is no exception for the criminal minds. They are exploiting the disaster that took place last week in the disputed territory. All related to Malaysian Airline Flight MH17 , a Boeing 777 aircraft carrying 283 passengers and 15 crew members, that was shot down over eastern Ukraine on July 17 by a ground-to-air missile. So far, its unclear that who is behind the tragic incident, while Ukraine and the insurgents blamed each other. Within just a week, at least six bogus Facebook pages that popped up the names of the Boeing 777 victims. According to the Australia's Sydney Morning Herald, three of the fraudulent pages were created in the names of children who were on the plane and died. The bogus Fac

A well known iPhone hacker and forensic scientist has unearthed a range of undocumented and hidden functions in Apple iOS mobile operating system that make it possible for a hacker to completely bypass the backup encryption on iOS devices and can steal large amounts of users' personal data without entering passwords or personal identification numbers. Data forensics expert named Jonathan Zdziarski has posted the slides ( PDF ) titled " Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices " showing his findings, from his talk at the Hackers On Planet Earth (HOPE X) conference held in New York on Friday. Jonathan Zdziarski, better identified as the hacker " NerveGas " in the iPhone development community, worked as dev-team member on many of the early iOS jailbreaks and is also the author of five iOS-related O'Reilly books including " Hacking and Securing iOS Applications ." The results of his overall research on the iOS

BigBoss repository, one of the biggest and most popular repositories for jailbreak tweaks in Cydia , has reportedly been hacked by either an individual or a group of hackers. Cydia is a software application for iOS that enables a user to find and install software packages on jailbroken iOS Apple devices such as the iPhone, the iPod Touch, and the iPad. Most of the software packages available through Cydia are free, but some require purchasing. The BigBoss repository is default repository in jailbroken iOS devices and has long been one of Cydia's biggest and best, but it may have just been targeted by cybercriminals. The hackers, who go by the name "Kim Jong-Cracks", managed to gain access to all packages , including all paid as well as free, and made their own repository available with all BigBoss repository applications for free. " The other post more than likely broke rule 1 because it linked the site directly. To anyone that didn't see the post the BigBoss rep

Four years ago, NASDAQ servers were compromised by Russian hackers, who were somehow able to insert a " digital bomb " into the systems of NASDAQ stock exchange, which would have been able to cause several damage to the computer systems in the stock market and could bring down the entire structure of the financial system of the United States. Till now, identities of the hackers have not been identified by the agencies who are investigating the whole incident from past four years. However, it has been identified that the intruder was not a student or a teen, but the intelligence agency of another country. The Hackers successfully infiltrated the network of NASDAQ stock exchange with customized malware which had ability to extract data from the systems and carry out surveillance as well. However, a closer look at the malware indicated that it was designed to cause widespread disruption in the NASDAQ computer system. MALWARE EXPLOITS TWO 0-DAY VULNERABILITIES

Any occasion that captures public attention – regardless of how sensitive – comes out to be an opportunity for spammers and hackers to snatch users' personal information and spread malware , and the tragedy of the crashed Malaysia Airlines flight MH17 is no exception. According to the U.S. intelligence officials, Malaysia Airline Flight MH17, a Boeing 777 aircraft carrying 283 passengers and 15 crew members, was struck by a ground-to-air missile. So far, it's unclear, whether the missile was launched by the Russian military or pro-Russian separatist rebels. Ukraine and the insurgents blamed each other. Spammers and cybercriminals are quick to take advantage of the tragedy and started spreading malware through the social media websites, abusing the mystery behind the crash of Malaysia Airline Flight MH17. Researchers at the anti-virus firm Trend Micro came across some suspicious tweets written in Indonesian language. The cybercriminals are using the trending #MH17 to lu

At the beginning of the month, we have reported about the new surge of a Stuxnet-like malware "Havex" , which was previously targeting organizations in the energy sector, had been used to carry out industrial espionage against a number of companies in Europe and compromised over 1,000 European and North American energy firms. Recently, researchers at security firm FireEye have discovered a new variant of Havex remote access Trojan that has capability to actively scan OPC ( Object linking and embedding for Process Control ) servers, used for controlling SCADA (Supervisory Control and Data Acquisition) systems in critical infrastructure, energy, and manufacturing sectors. OPC is a communications standard that allows interaction between Windows-based SCADA or other industrial control systems (ICS) applications and process control hardware. New Havex variant gathers system information and data stored on a compromised client or server using the OPC standard. OPC is pervasive and

The 31-year-old former US National Security Agency (NSA) contractor Edward Snowden has warned that during surveillance, among other things, NSA system administrators also intercepted and routinely passed the photos of people in "sexually compromising" situations among other NSA employees. In a video interview, NSA whistleblower speaks with the Guardian editor-in-chief Alan Rusbridger and reporter Ewen MacAskill in Moscow, which was then published by the Guardian on Thursday. WOOOH!! ATTRACTIVE NUDIE PICS - PASS IT ON TO BILL TOO " You've got young enlisted guys, 18 to 22 years old. They've suddenly been thrust into a position of extraordinary responsibility where they now have access to all of your private records, " he said in the video interview. " During the course of their daily work they stumble upon something that is completely unrelated to their work in any sort of necessary sense – for example, an intimate photo of someone o