The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A Senior cryptography expert has claimed multiple issues with PGP email encryption - an open source end-to-end encryption  to secure email. Before continuing, I would like to clarify that covering this topic doesn't mean you should stop using PGP encryption , instead we are bringing to you what Security researcher has argued about its fundamental implications.  PGP or Pretty Good Privacy , a program written in 1991, uses symmetric public key cryptography and hashing that allow both Privacy and Security , as well as Authenticity . Privacy and Security ensure users to exchange messages securely and Authenticity proves the origin of those messages. But PGP is a complicated multi-step process, which requires users to keep track of the public keys of other users in order to communicate. Despite clumsiness of the PGP implementation, the popular Internet giants such as Google and Yahoo! have looked forward to integrate it into their popular email services. A respected research profes

Microsoft on Friday quietly urged its users to uninstall the most recent round of security updates, after reports emerged that it crippled their computers with the infamous " Blue Screens of Death " (BSoD), which is really a matter of shame for one of the largest technology giants. Microsoft released security updates on its August Patch Tuesday that addressed privilege escalation vulnerabilities but an apparent font cache clearing issue caused Windows boxes to turn the colour of the screen to Blue. The tech giant forced to make this decision after hundreds of complaints, regarding the infamous Blue Screen of Death error, were sent to the company. This was not the only update to be made last week. The offending Microsoft patch identified as MS 14-045 , one of the nine updates which fixes three security issues including one in the Windows kernel - the heart of the operating system - can cause system crashes forcing users to reboot it. Soon after the initial release o

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

The United States National Intelligence Agency ( NSA ) or the largest Internet giant Google - According to you, which one is the worse? NSA? But, according to the popular Media tycoon Rupert Murdoch ( @rupertmurdoch ), Google is worse than the NSA. Murdoch, founder of global media holding company News Corporation - the world's second-largest media conglomerate, currently lives in Australia and is once more making the sort of news he'd prefer to be remembered for. The 83-year old tweeted on Sunday, in which he labeled Google worse than the National Security Agency (NSA). The missive was as follows: " NSA privacy invasion bad, but nothing compared to Google. " NSA privacy invasion bad, but nothing compared to Google. — Rupert Murdoch (@rupertmurdoch) August 17, 2014 In past, Murdoch accused Google of stealing the content of his newspapers (yet never putting in place a robots.txt file that would prevent search engines crawling it) and has always criticis

Albertson's and SuperValu - Two nation's most popular supermarket store chains announced last weekend that a data breach may have revealed the credit and debit card information of their customers at a number of grocery store locations in more than 18 states. Minnesota-based Supervalu announced that an unknown number of its customers who used their payment cards in around 180 stores between June 22 and July 17 may have had payment card data compromised by attackers who gained access to the Supervalu computer network that processes card transactions. The affected information may includes names, payment card numbers, expiration dates, and other numerical information from cards used at POS devices. " The Company has not determined that any such cardholder data was in fact stolen by the intruder, and it has no evidence of any misuse of any such data, but is making this announcement out of an abundance of caution ," SuperValu said in a statement . The massive da

After the allegations that the U.S. National Security Agency ( NSA ) not only conducted mass surveillance on German citizens, but also spied on German Chancellor Angela Merkel's own personal mobile phone for years, surveillance has become a big issue for Germany. So big, that Germany itself started spying on U.S. According to the reports came from the German media on Friday, the German foreign intelligence agency known as Bundesnachrichtendienst (BND) hacked into at least one call during Hillary Clinton's time in office as US Secretary of State. However, the time and location have not been disclosed, but Clinton's phone calls were interrupted during her phone conversations, according to the joint investigation done by German newspaper Süddeutsche Zeitung and German regional public broadcasters NDR and WDR. Although, after the story broke, some sources from the German government have denied the allegations of Clinton's phone calls interception and said that t

Fiverr.com, a global online marketplace which provides a platform for people to sell their services for five dollars per job, is vulnerable to a critical web application vulnerability that puts its millions of users at risk. Fiverr recently raised $30 million in a third round of institutional funding to continue supporting the new version of its marketplace, but the company ignored the advance warning of the critical bug reported responsibly by a vulnerability hunter and fails to patch up their website before his public release. There are endless numbers of people providing services on Fiverr website, such as graphic design, language translation, illustration, blogging and a lot more that start from just $5 but can go much higher, depending on complexity, seller rating, and type of work. According to a security researcher Mohamed Abdelbaset, an Information Security Evangelist from Egypt, told The Hacker News that Fiverr website is vulnerable to CSRF (Cross-site reque

Scammers spare no incident to target as many victims as possible, and this time they are exploiting the tragic death of comic actor Robin Williams by offering the fake Facebook videos proclaiming a Goodbye video message that Williams made before his death. According to Symantec, this fake Facebook post, which you may see on your walls shared by your Facebook friends, was created by scammers looking to profit on the actor's death. The bogus post claims to be a Goodbye video of Robin Williams making his last phone call before committing suicide earlier this week. Scammers and cyber criminals often use major headline news stories to lure in victims. You may fall victim to this video as the news claims to have come from the most popular and reputed BBC News website. " There is no video. Users that click on the link to the supposed video are taken to a fake BBC News website. As with many social scams, users are required to perform actions before they can view the content. In t