The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

As far sci-fi movies have been entertaining the public, but their ideas have always been a matter of adoption in real life. Just like in any other sci-fi movie, simply touching a laptop can be enough to extract the cryptographic keys used to secure data stored on it. A team of computer security experts at Tel Aviv University (Israel) has come up with a new potentially much simpler method that lets you steal data from computers — Just Touch it — literally. WAYS TO ATTACK ENCRYPTION There are different ways of attacking encryption systems. On one side, there are security vulnerabilities and weakness in the encryption algorithms themselves that make it possible to figure out the cryptographic keys. On the other side, there are flaws and weaknesses in the people themselves that make it easier than it should be to force them to offer up the keys to decrypt something. But, Flaws and weaknesses in neither of which is necessarily quick or easy to find out, as there are seve

The United States National Security Agency ( NSA ) is using a massive information sharing platform that allows multiple law enforcement agencies to infiltrate more than 850 billion communications records detailing e-mails, phone calls, instant messages, and phone geolocation, according to the classified documents disclosed by former intelligence contractor Edward Snowden. The NSA has built ICREACH, a Google-like search engine that secretly provides data — metadata of both foreigners and citizens on US soil — to nearly two dozen U.S. government agencies, including the DEA, FBI, and CIA, The Intercept reported . Many of those surveilled data had not been accused of any illegal activity as well. But until now, it is unclear that exact what mechanism was used by the US intelligence agency to share the massive amounts of surveillance data, as well as number of government agencies it was sharing information with. Although, the classified documents show that the FBI and the D

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

It's been a bad weekend for Sony Playstation. The entire PlayStation Network was down much of the day after a dedicated distributed denial-of-service (DDoS) attack by online attackers, which left the network inaccessible to users. It's possible that EVE Online and Guild Wars 2 have also been hit by the attackers. Developers on the EVE Online forums have announced DDoS issues, and many users on the Guild Wars 2 forums have been reporting login issues. Sony's PlayStation Network is an online service that connects PlayStation 3 and PlayStation 4 video game consoles to the Internet and to over-the-top video services such as Netflix. What's weird about this attack is that it also includes a security threat against the American Airlines plane in which the President of Sony Online Entertainment, John Smedley, was traveling today. The aircraft along with a full load of passengers was diverted to Phoenix due to a bomb threat. WHO BRING DOWN SONY PLAYSTATION NETWORK? Tw

A group of security researchers has successfully discovered a method to hack into six out of seven popular Smartphone apps, including Gmail across all the three platforms - Android , Windows, and iOS operating systems - with shockingly high success rate of up to 92 percent. Computer scientists the University of California Riverside Bourns College of Engineering and the University of Michigan have identified a new weakness they believe to exist in Android, Windows, and iOS platforms that could allow possibly be used by hackers to obtain users' personal information using malicious apps. The team of researchers - Zhiyun Qian , of the University of California, Riverside, and Z. Morley Mao and Qi Alfred Chen from the University of Michigan - will present its paper, " Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks " ( PDF ), at the USENIX Security Symposium in San Diego on August 23. The paper detailed a new type of

Along with a dream to make Internet access available to everyone across the world, Facebook founder Mark Zuckerberg is working to make the Internet a more secure place as well. Till now, a number of large technology companies have bug bounty programs to reward researchers and cyber enthusiast who contribute in the security of Internet by finding out security holes in software or web platforms, and the social networking giant Facebook is the latest one to do so. Facebook and Usenix have together implemented the Internet Defense Prize — an award recognizing superior quality research that combines a working prototype with great contributions to securing the Internet, Facebook announced Thursday at the annual USENIX Security Symposium in San Diego. Also, Facebook announced the first award under its Internet Defense Prize, and crowned a pair of German researchers for their paper , " Static Detection of Second-Order Vulnerabilities in Web Applications " — a seemingly viabl

Pebble, a wristwatch that can connect to your phone - both iOS and Android - and interact with apps, has a hard-coded vulnerability that allows a remote attacker to destroy your Smartwatch completely. Pebble Smartwatch , developed and released by Pebble Technology Corporation in 2013, is considered as one of the most popular SmartWatches that had become the most funded project in the history of Kickstarter. Just two hours after its crowd-funding campaign launched, Pebble had already surpassed its $100,000 goal and at last had reached over $10.25 million pledged by nearly 70,000 Kickstarter backers. A security enthusiast Hemanth Joseph  claimed to have found that his Pebble SmartWatch with the latest v2.4.1 Firmware can be remotely exploited by anyone with no technical knowledge in order to delete all data stored in the device, apps, notes, and other information stored in it. HOW PEBBLE SMARTWATCH WORKS Before proceeding towards how he did this, let me explain how Peb

The United States division of Samsung has been charged with deceiving the US government into believing that several of its products met the necessary US government policies, resulting in the US government buying unauthorised Chinese-made electronics . The South Korean electronics giant has agreed to pay the Government $2.3 million in fines to settle the charges of violating trade agreements, the Justice Department announced Tuesday. Under federal contracting rules, Government agencies are only required to purchase products made in the United States or in countries that have a trade agreement with the United States. Federal agencies purchased products from Samsung through authorised resellers, believing they were manufactured in South Korea or Mexico, comply with government procurement rules — namely the US trade agreement act. SAMSUNG LIED TO U.S GOVERNMENT Despite complying with the terms of the contract, Samsung was found to have breached the US government bet

Hacking Internet of Things (IoTs) have become an amazing practice for cyber criminals out there, but messing with Traffic lights would be something more crazy for them. The hacking scenes in hollywood movies has just been a source of entertainment for the technology industry, like we've seen traffic lights hacked in Die Hard and The Italian Job , but these movies always inspire hackers to perform similar hacking attacks in day-to-day life. Security researchers at the University of Michigan have not only hacked traffic light signals in real life, but also claimed that it's actually shockingly easy to perform by anyone with a laptop and the right kind of radio. If we compare the traffic light hacks in movies and real life, the reality is much easier. In a paper study published this month, the security researchers describe how a series of major security vulnerabilities in traffic light systems allowed them to very easily and very quickly seized control of the whole system of at

Network security practitioners rely heavily on intrusion detection systems (IDS) to identify malicious activity on their networks by examining network traffic in real time. IDS are available in Network (NIDS) and Host (HIDS) forms, as well as for Wireless (WIDS). Host IDS is installed via an agent on the system you are monitoring and analyzes system behavior and configuration status. Network IDS inspects the traffic between hosts to find signatures of suspicious behavior and anomalies. Wireless IDS identifies rogue network access points, unauthorized login attempts, encryption-level in use, and other anomalous behavior. There are many options for open source IDS tools if your budget for buying new tools is tight. Asset inventory and vulnerability management go hand in hand with IDS. Knowing the role, function, and vulnerabilities of your assets will add valuable context to your investigations. AlienVault Unified Security Management (USM) includes IDS integrated with asset di

If you have jailbroken your iPhone, iPad, or iPod touch and have downloaded pirated tweaks from pirated repositories, then you may be infected by "AdThief" malware, a Chinese malware that is now installed on more than 75,000 iPhone devices. According to a recent research paper published on Virus Bulletin by the Security Researcher Axelle Apvrille , the malware, also known as " spad ," was first discovered by security researcher Claud Xiao in March this year. Till now, AdThief aka Spad malware has hijacked an estimated 22 million advertisements and stealing revenue from developers on the iOS jailbreak community, Axelle Apvrille says. The malware allegedly infects iOS jailbroken devices by disguising itself as Cydia Substrate extension, presents only on jailbroken Apple devices, when a malware infected Cydia package is downloaded and installed by the unsuspecting user. Once installed, the malware modifies certain advertisements displayed on your iOS devi

Google has been involved in several controversies including among the companies that was claimed to cooperate with US surveillance agencies on their global data-mining programmes, and just yesterday the popular Media tycoon Rupert Murdoch labeled Google worse than the NSA , saying " NSA privacy invasion bad, but nothing compared to Google. " Now another, but already known controversy over the Internet giant has raised many concerns over privacy of users who carry their smartphones with them. We all have sensors in our pockets that track us everywhere we go i.e. Smartphones. GOOGLE TRACKS YOU EVERYWHERE YOU GO - LOCATION HISTORY Today, with the help of these sensors, Google is tracking our every foot steps and placing a red dot on its map to keep track of users' records, Junkee.com reports. " You can yourself check your every move from here. You just need to log in with the same account you use on your Smartphone, that's it. The map will display all the records of everyw

A Senior cryptography expert has claimed multiple issues with PGP email encryption - an open source end-to-end encryption  to secure email. Before continuing, I would like to clarify that covering this topic doesn't mean you should stop using PGP encryption , instead we are bringing to you what Security researcher has argued about its fundamental implications.  PGP or Pretty Good Privacy , a program written in 1991, uses symmetric public key cryptography and hashing that allow both Privacy and Security , as well as Authenticity . Privacy and Security ensure users to exchange messages securely and Authenticity proves the origin of those messages. But PGP is a complicated multi-step process, which requires users to keep track of the public keys of other users in order to communicate. Despite clumsiness of the PGP implementation, the popular Internet giants such as Google and Yahoo! have looked forward to integrate it into their popular email services. A respected research profes

Microsoft on Friday quietly urged its users to uninstall the most recent round of security updates, after reports emerged that it crippled their computers with the infamous " Blue Screens of Death " (BSoD), which is really a matter of shame for one of the largest technology giants. Microsoft released security updates on its August Patch Tuesday that addressed privilege escalation vulnerabilities but an apparent font cache clearing issue caused Windows boxes to turn the colour of the screen to Blue. The tech giant forced to make this decision after hundreds of complaints, regarding the infamous Blue Screen of Death error, were sent to the company. This was not the only update to be made last week. The offending Microsoft patch identified as MS 14-045 , one of the nine updates which fixes three security issues including one in the Windows kernel - the heart of the operating system - can cause system crashes forcing users to reboot it. Soon after the initial release o

The United States National Intelligence Agency ( NSA ) or the largest Internet giant Google - According to you, which one is the worse? NSA? But, according to the popular Media tycoon Rupert Murdoch ( @rupertmurdoch ), Google is worse than the NSA. Murdoch, founder of global media holding company News Corporation - the world's second-largest media conglomerate, currently lives in Australia and is once more making the sort of news he'd prefer to be remembered for. The 83-year old tweeted on Sunday, in which he labeled Google worse than the National Security Agency (NSA). The missive was as follows: " NSA privacy invasion bad, but nothing compared to Google. " NSA privacy invasion bad, but nothing compared to Google. — Rupert Murdoch (@rupertmurdoch) August 17, 2014 In past, Murdoch accused Google of stealing the content of his newspapers (yet never putting in place a robots.txt file that would prevent search engines crawling it) and has always criticis

Albertson's and SuperValu - Two nation's most popular supermarket store chains announced last weekend that a data breach may have revealed the credit and debit card information of their customers at a number of grocery store locations in more than 18 states. Minnesota-based Supervalu announced that an unknown number of its customers who used their payment cards in around 180 stores between June 22 and July 17 may have had payment card data compromised by attackers who gained access to the Supervalu computer network that processes card transactions. The affected information may includes names, payment card numbers, expiration dates, and other numerical information from cards used at POS devices. " The Company has not determined that any such cardholder data was in fact stolen by the intruder, and it has no evidence of any misuse of any such data, but is making this announcement out of an abundance of caution ," SuperValu said in a statement . The massive da