The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The critical zero-day security flaws has been discovered in the privacy and security dedicated Linux-based operating system " Tails " that could be used by an attacker to unmask your identity. Tails, which is been used and recommended by the global surveillance whistleblower Edward Snowden to remain Anonymous, has a suite of privacy applications and designed to keep users' communications private by running all connectivity through Tor , the network that routes traffic through various layers of servers and encrypts data. But unfortunately, the highly secured OS has several critical zero-day vulnerabilities that could help attackers or law enforcements to de-anonymize anyone and allows to perform remote code execution , according to a researcher at Exodus Intelligence who uncovered the flaws but didn't publish the details about it. The Texas-based security firm, Exodus Intelligence , tweeted on Monday that it had found several remote code execution vulnerabilities i

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

The allegations from a data forensic expert and security researcher that iOS contains a " backdoor " permitting third parties to potentially gain access to large amount of users' personal data instigated Apple to give a strong response. The company has completely denied to the claims published over the weekend by Jonathan Zdziarski, a forensic scientist and iOS security expert. The researcher, better identified as the hacker moniker " NerveGas ", detailed a number of undocumented features in a paper presentation titled, " Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices " showing his findings, from his talk at the Hackers On Planet Earth (HOPE X) conference held in New York on Friday. ALLEGATIONS ON APPLE The issue, what he explained in his finding, arises from the way Apple encrypts or fails to encrypt data from the iPhone's native apps, leaving over 600 million personal iOS devices vulnerable to third parties. &q

Mozilla has officially released its latest build Firefox 31 for all supported platforms, addressing 11 vulnerabilities in total, three of which are marked critical that could have been exploited by hackers to mount remote code execution attacks. Mozilla Firefox recommends its users to install the security update as soon as possible, warning that the three critical vulnerabilities discovered in its browser could be exploited by attackers and leverage them to " run attacker code and install software, requiring no user interaction beyond normal browsing ". CRITICAL VULNERABILITIES The three major vulnerabilities are as follows: MFSA 2014-62 - This is one of the three critical vulnerabilities reported by Patrick Cozzi and get fixed in the newer version of the browser. The vulnerability allows the exploitation of a WebGL crash with Cesium JavaScript library. Much details about the flaw are not known at the time, but Mozilla notes that the flaw cannot be exploi

So far, we have seen the search engine for online underground Black Markets , named ' Grams ' that lets anyone find illegal drugs and other contraband online in an easier way ever and is pretty much fast like Google Search Engine . Now, a new search engine has been launched that primarily exposes all the available information of malicious hackers caught up in the very sort of data breaches  — including the recent massive breaches at Adobe and Yahoo! The search engine dubbed as " Indexeus ", designed by 23-year-old Jason Relinquo of Portugal, boasts a searchable database of "over 200 million entries available to our customers ". It specifically targeted hackers by listing huge amounts of their information such as email addresses, usernames, passwords, Internet address, physical addresses, birthdays and other information that may be associated with those accounts. If in case, any hacker want to get their credentials removed or blacklisted from the search engine

A distasteful trend among the cyber crooks have began these days that they left no occasion, either good or bad, to snatch users' financial information in order to make money as well as spread malware to victimize users. The tragedy of the crashed Malaysia Airlines flight MH17 is no exception for the criminal minds. They are exploiting the disaster that took place last week in the disputed territory. All related to Malaysian Airline Flight MH17 , a Boeing 777 aircraft carrying 283 passengers and 15 crew members, that was shot down over eastern Ukraine on July 17 by a ground-to-air missile. So far, its unclear that who is behind the tragic incident, while Ukraine and the insurgents blamed each other. Within just a week, at least six bogus Facebook pages that popped up the names of the Boeing 777 victims. According to the Australia's Sydney Morning Herald, three of the fraudulent pages were created in the names of children who were on the plane and died. The bogus Fac

A well known iPhone hacker and forensic scientist has unearthed a range of undocumented and hidden functions in Apple iOS mobile operating system that make it possible for a hacker to completely bypass the backup encryption on iOS devices and can steal large amounts of users' personal data without entering passwords or personal identification numbers. Data forensics expert named Jonathan Zdziarski has posted the slides ( PDF ) titled " Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices " showing his findings, from his talk at the Hackers On Planet Earth (HOPE X) conference held in New York on Friday. Jonathan Zdziarski, better identified as the hacker " NerveGas " in the iPhone development community, worked as dev-team member on many of the early iOS jailbreaks and is also the author of five iOS-related O'Reilly books including " Hacking and Securing iOS Applications ." The results of his overall research on the iOS