The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The ultra secure NSA-Proof Blackphone titled as, " world's first Smartphone which places privacy and control directly in the hands of its users, " has been rooted within 5 minutes at the BlackHat security conference in Las Vegas this weekend. Blackphone , a joint venture between encrypted communications firm Silent Circle and Spanish Smartphone maker Geeksphone , has a fully customized version of Android known as PrivatOS and pre-installed with lots of privacy-enabled applications, which claims to offer its users a high-end security at consumer level. A security researcher with twitter handle @TeamAndIRC took only 5 minutes to achieve root access on the Blackphone without having the need to unlock the device' bootloader. The hacker even mocked Blackphone's team by saying that "It is apparent no one ran CTS [ compatibility test suite ] on this device." The so-called " secure " Android phone that was promising security given the fact that its basically a suite of secure

Chinese telecoms equipment suppliers have previously been criticized by some countries due to suspected backdoors in its products, and if United States has banned its several major government departments, including NASA, Justice and Commerce Departments, from purchasing Chinese products and computer technology, then they are not wrong at all. In the latest claim against Chinese smartphone manufacturers is the allegation that the popular Chinese smartphone brand, Xiaomi has been suspected of "secretly" stealing users' information — including SMS messages and photos —from the device without the user's permissions and sending it back to a server in Beijing, despite of turning off the data backup functions, according to Apple Insider . Security Researchers from  F-Secure Antivirus firm  has shown that the Xiaomi phones (RedMi 1S handset) send quite a lot of personal and sensitive data to " api.account.xiaomi.com "  server located in China, including following information

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

What do you expect from your cat to come back with?? Perhaps with a mouse or a bird – none of your use. But what if she come back with your neighbours' wifi details? Really Interesting! A creative security researcher has found a way to use his pet cat mapping dozens of vulnerable Wi-Fi networks in his neighborhood. Gene Bransfield , a security researcher with Tenacity, managed to turn his wife's grandmother's pet cat Coco into a roaming detector for free Wifi networks by just using a custom-built collar , which was made from a Wi-Fi card, GPS module, Spark Core chip, battery and some fetching leopard print fabric. Bransfield dubbed his experiment " Warkitteh " – on the concept of " Wardriving ", where hackers used unsecured Wi-Fi connections from a parked car. He decided to turn his cat into a hacker because he found the idea amusing, and also because cats are the one that consumes as much as 15 per cent of internet traffic, with the popularity among the internet users.

Scammers have again targeted more than one billion active users of the popular social networking giant Facebook, to infect as many victims as possible. This time, an old Facebook scam is back in action once again! Malicious Facebook "Color Changer" app has resurfaced again on the popular social networking site Facebook, this time compromising more than 10,000 people worldwide. The malicious app promises users to change the characteristic blue colour of Facebook's header and interface to one of nine other colours including pink, purple, green, yellow, orange and black, in order to infect users' phones and computers with malicious software. Researchers at China-based Internet company Cheetah Mobile have detected the " Facebook colour changer " that tricks Facebook users into downloading the app via a malicious phishing site. The phishing website targets users in two ways: First of all, it steals the users' Facebook Access Tokens by asking them

Oracle's newly launched Data Redaction security feature in Oracle Database 12c can be easily disrupted by an attacker without any need to use exploit code, a security researcher long known as a thorn in Oracle's side said at Defcon. Data Redaction is one of the new Advanced Security features introduced in Oracle Database 12c. The service is designed to allow administrators to automatically protect sensitive data, such as credit card numbers or health information, during certain operations by either totally obscuring column data or partially masking it. But according to David Litchfield , a self-taught security researcher who found dozens and dozens of critical vulnerabilities in Oracle's products, a close look at this Data Redaction security feature help him found a slew of trivially exploitable vulnerabilities that an attacker don't even need to execute native exploit code to defeat the feature. David Litchfield is a security specialist at Datacomm TSS and th

Today Microsoft has released its Advance Notification for the month of August 2014 Patch Tuesday Updates releasing a total of nine security Bulletins, which will address several vulnerabilities in its products, out of which two are marked critical and rest are important in severity. The latest updates, which is set to arrive on August 12, will address two critical bugs affect Internet Explorer and Windows with seven other issues rated as important. The vulnerabilities in the company's products range from remote code execution to protection bypasses. Both of the critical fixes will address remote-code execution flaws. The critical Windows update affects only business and professional editions of Windows 7 and Windows 8. Whereas, the Internet Explorer update affects all versions of Windows on all supported platforms. The remaining seven updates affect its various products, including Windows, Office, SQL Server, the .NET Framework and SharePoint Server 2013. There wi

Today at Black Hat 2014 hacking conference, Yahoo! Chief Information Security Officer Alex Stamos announced that the company will start giving its consumers the option of end-to-end encryption in its Mail service by next year. Google showed off a PGP-based encryption plugin for Gmail back in June. The Purple-hued company will offer encryption via a modified version of the same End-to-End browser plug-in that Google uses for PGP in Gmail, Alex Stamos told the audience at his talk titled Building Safe Systems at Scale - Lessons from Six Months at Yahoo. The PGP plugin will be native in mobile apps allowing Gmail and Yahoo mail to easily exchange encrypted email. Infact, the email providers themselves won't be able to decrypt messages exchanged between its users. Only senders and recipients will be able to read the messages. In short, it means that Yahoo email users can reportedly send safe and secure messages between Yahoo users and also Gmail adherents without fear, wh

Till now, he have heard about " Bitcoin digital wallet hacked " or " Bitcoin website hacked ", but now a hacker has stolen cryptocurrency from mining pools and generated $83,000 in digital cash in more than four months by gaining access to a Canadian Internet provider. Bitcoin is a virtual currency that makes use of cryptography to create and transfer bitcoins. Users make use of digital wallets to store bitcoin addresses from which bitcoins are received or sent. Bitcoin uses public-key cryptography so that each address is associated with a pair of mathematically linked public and private keys that are held in the wallet. Researchers at Dell SecureWorks Counter Threat Unit (CTU) , a cyber intelligence company, have discovered a series of malicious activities in which a cryptocurrency thief used bogus Border Gateway Protocol ( BGP ) broadcasts to hijack networks belonging to no less than 19 Internet service providers, including Amazon and other hosting services like DigitalO

FinFisher spyware, a spyware application used by government and law enforcement agencies for the purpose of surveillance, appears to have been hacked earlier this week and a string of files has been dumped on the Internet. The highly secret surveillance software called " FinFisher " sold by British company Gamma International can secretly monitors computers by turning ON webcams, recording everything the user types with a keylogger, and intercepting Skype calls, copying files, and much more. A hacker has claimed on Reddit and Twitter that they'd infiltrated the network of one of the world's top surveillance & motoring technology company Gamma International, creator of FinFisher spyware, and has exposed 40GB of internal data detailing the operations and effectiveness of the FinFisher suite of surveillance platforms. The leaked information was published both on a parody Gamma Group Twitter account ( @GammaGroupPR ) and Reditt by the hacker that began publishi

The individual responsible for one of the most significant leaks in US political history is Edward Snowden, a 31-year-old global surveillance whistleblower and former U.S. intelligence contractor, who has received a three- year residence permit from Russia, his lawyer announced on Today. " On the first of August he received a three-year residence permit, " lawyer Anatoly Kucherena told RT . He had not asked for political asylum, his lawyer added. The former NSA contractor has not apply for Russian citizenship for now, as he will be able to apply for the Russian citizenship in five years. " A foreign citizen, who got a residence permit, will certainly be able to apply for citizenship, " Kucherena said. " He will be able to travel freely within the country and go abroad. He'll be able to stay abroad for not longer than three months ," Kucherena said. Snowden is responsible for handing over material from one of the world's most secretive organisations the NSA. The

When I say Ransomware, the first nasty piece of malware strikes in the mind is CryptoLocker . A nasty strain of ransomware malware that threatened most of the people around the world by effectively destroying important files of the victims forever. CRYPTOLOCKER - A DEVASTATING THREAT CryptoLocker is a simple rather a devastating piece of Ransomware that encrypts the files on a victim's computer and issues an ultimatum - Pay up or lose your data. CryptoLocker is particularly designed to extort money from computer users by holding computer files hostage until the computer user pays a ransom fee to get them back. Cryptolocker hijacker sniffs out your personal files and wraps them with strong AES-256-bit encryption before it demands money. HOW TO DECRYPT CRYPTOLOCKER? FREE TOOL RELEASED Thanks to security experts, who created an online service where victims whose systems have been encrypted by the CryptoLocker ransomware can get the decryption keys for free. This o

Users running the website on a self-hosted WordPress or on Drupal are strongly recommended to update their websites to the latest version immediately. A moderately critical vulnerability was discovered in the way Drupal and WordPress implement XMLRPC, which can lead an attacker to disable your website via a method known as Denial of Service (DoS) . VULNERABILITY RESULTS IN DoS ATTACK The latest update of WordPress 3.9.2 mainly addresses an issue in the PHP's XML processor that could be exploited to trigger a DoS (denial of service) attack . The vulnerability affects all previous versions of WordPress. The XML vulnerability was first reported by Nir Goldshlager , a security researcher from Salesforce.com's product security team, that impacts both the popular website platforms. The issue was later fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team. ATTACK MAKES YOUR WEBSITE COMPLETELY INACCES