The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The critical zero-day security flaws has been discovered in the privacy and security dedicated Linux-based operating system " Tails " that could be used by an attacker to unmask your identity. Tails, which is been used and recommended by the global surveillance whistleblower Edward Snowden to remain Anonymous, has a suite of privacy applications and designed to keep users' communications private by running all connectivity through Tor , the network that routes traffic through various layers of servers and encrypts data. But unfortunately, the highly secured OS has several critical zero-day vulnerabilities that could help attackers or law enforcements to de-anonymize anyone and allows to perform remote code execution , according to a researcher at Exodus Intelligence who uncovered the flaws but didn't publish the details about it. The Texas-based security firm, Exodus Intelligence , tweeted on Monday that it had found several remote code execution vulnerabilities i

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a

The allegations from a data forensic expert and security researcher that iOS contains a " backdoor " permitting third parties to potentially gain access to large amount of users' personal data instigated Apple to give a strong response. The company has completely denied to the claims published over the weekend by Jonathan Zdziarski, a forensic scientist and iOS security expert. The researcher, better identified as the hacker moniker " NerveGas ", detailed a number of undocumented features in a paper presentation titled, " Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices " showing his findings, from his talk at the Hackers On Planet Earth (HOPE X) conference held in New York on Friday. ALLEGATIONS ON APPLE The issue, what he explained in his finding, arises from the way Apple encrypts or fails to encrypt data from the iPhone's native apps, leaving over 600 million personal iOS devices vulnerable to third parties. &q

Mozilla has officially released its latest build Firefox 31 for all supported platforms, addressing 11 vulnerabilities in total, three of which are marked critical that could have been exploited by hackers to mount remote code execution attacks. Mozilla Firefox recommends its users to install the security update as soon as possible, warning that the three critical vulnerabilities discovered in its browser could be exploited by attackers and leverage them to " run attacker code and install software, requiring no user interaction beyond normal browsing ". CRITICAL VULNERABILITIES The three major vulnerabilities are as follows: MFSA 2014-62 - This is one of the three critical vulnerabilities reported by Patrick Cozzi and get fixed in the newer version of the browser. The vulnerability allows the exploitation of a WebGL crash with Cesium JavaScript library. Much details about the flaw are not known at the time, but Mozilla notes that the flaw cannot be exploi

So far, we have seen the search engine for online underground Black Markets , named ' Grams ' that lets anyone find illegal drugs and other contraband online in an easier way ever and is pretty much fast like Google Search Engine . Now, a new search engine has been launched that primarily exposes all the available information of malicious hackers caught up in the very sort of data breaches  — including the recent massive breaches at Adobe and Yahoo! The search engine dubbed as " Indexeus ", designed by 23-year-old Jason Relinquo of Portugal, boasts a searchable database of "over 200 million entries available to our customers ". It specifically targeted hackers by listing huge amounts of their information such as email addresses, usernames, passwords, Internet address, physical addresses, birthdays and other information that may be associated with those accounts. If in case, any hacker want to get their credentials removed or blacklisted from the search engine