The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

While the whole world was waiting for the next generation of Windows operating system , i.e. Windows 9, but skipping right over 9, Microsoft has announced the next version of its Windows is Windows 10 , disclosing its first details on Tuesday at an event in San Francisco. The latest version of Microsoft's flagship operating system, which will be available for everyone next year, brings back the popular Start Menu, which had been removed from Windows 8. Windows 10 will be Microsoft's single platform for developing apps across all devices, from Smartphones and tablets to desktop PCs. However, Windows 10 will not be a one-size-fits-all operating system and instead will vary a bit from device to device. " Windows 10 will run on the broadest amount of devices. A tailored experience for each device ," Microsoft's executive VP of operating systems, Terry Myerson said at a press event here Tuesday. " There will be one way to write a universal application, one

The Federal Bureau of Investigation (FBI) has arrested the CEO of a UK-based company for allegedly advertising and selling a spyware app to individuals who suspect their romantic partners of cheating on them. The dodgy cell phone spyware application, dubbed as StealthGenie , monitors victims' phone calls, text messages, videos, emails and other communications "without detection" when it is installed on a target's phone, according to the Department of Justice. The chief executive officer of a mobile spyware maker is a Pakistani man collared 31-year-old Hammad Akbar , of Lahore, who was arrested over the weekend in Los Angeles for flogging StealthGenie spyware application and now faces a number of federal charges. According to the US Department of Justice, Akbar operates a company called InvoCode, which sold the StealthGenie spyware app online that can intercept communications to and from mobile phones including Apple, Google, and BlackBerry devices. T

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

At the beginning of the month, Apple was criticized for the security flaw in its iCloud file storage service that, according to multiple media outlets, allowed hackers to allegedly retrieve photos of a number of high-profile celebrities . And Now, the company's newly launched iOS 8 has been reportedly found vulnerable to another critical bug that is troubling Apple iOS 8 users. After the launch of iOS 8 , some minor bugs was reported in its operating system which was quickly fixed in Apple's iOS 8.0.1. But, the critical vulnerability discovered in iOS 8.0.1 seems to be deleting data stored in iCloud Drive without the user's permission. The bug was uncovered by MacRumors after its forum members complaint about the issue triggered by the option to " Reset All Settings ," which is typically supposed to reset your network settings to give your iOS device a clean slate to work with, but it turns out the feature is also deleting all your files from iCloud Drive.

Tails , a Linux-based highly secure Operating System specially designed and optimized to preserve users' anonymity and privacy, has launched its new release, Tails version 1.1.2. Tails, also known as ' Amnesiac Incognito Live System ', is a free security-focused Debian-based Linux distribution, which has a suite of applications that can be installed on a USB stick, an SD card or a DVD. It keeps users' communications private by running all connectivity through Tor, the network that routes traffic through various layers of servers and encrypts data. The operating system came into limelight when the global surveillance whistleblower Edward Snowden said that he had used it in order to remain Anonymous and keep his communications hidden from the law enforcement authorities. The new version 1.1.2 addresses a single but critical vulnerability which arises because the Network Security Services (NSS) libraries parser used by Firefox and other browsers is capable of being tricke

It seems like there is no end of " celebrity photo leaks ". As part of the Fappening 3 hack, some new naked photos of Jennifer Lawrence have apparently been leaked online in the "third round" of celebrity photo leaks including, top model Cara Delevingne, actress Anna Kendrick. On Friday, new celebrity photos were leaked online, labelled as ' The Fappening 3 ' by subreddits and 4chan communities. The release appears to be part of the massive leak that began in August and has continued with 55 more photos of a three-time Oscar nominee who won for her role in Silver Linings Playbook, Jennifer Lawrence hitting the Internet once again. Other female identities targeted by the latest Leaked photo scandal include American Olympic gold medallist Misty May Treanor and actors Alexandra Chando, Kelli Garner and Lauren O'Neil . However, there are several pictures that show the celebrities were partying away in some pretty revealing outfits. Earlier this week, the second edition of

On one hand where more than half of the Internet is considering the Bash vulnerability to be severe, Apple says the vast majority of Mac computer users are not at risk from the recently discovered vulnerability in the Bash command-line interpreter – aka the " Shellshock " bug that could allow hackers to take over an operating system completely. Apple has issued a public statement in response to this issue, assuring its OS X users that most of them are safe from any potential attacks through the ShellShock Vulnerability , which security experts have warned affect operating systems, including Mac's OS X. " The vast majority of OS X users are not at risk to recently reported bash vulnerabilities ," Apple said. " Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unl

Researchers on Thursday discovered a critical remotely exploitable vulnerability in the widely used command-line shell GNU Bourne Again Shell ( Bash ), dubbed " Shellshock " which affects most of the Linux distributions and servers worldwide, and may already have been exploited in the wild to take over Web servers as part of a botnet that is currently trying to infect other servers as well. BOTNET ATTACK IN THE WILD The bot was discovered by the security researcher with the Twitter handle @yinettesys , who reported it on Github and said it appeared to be remotely controlled by miscreants, which indicates that the vulnerability is already being used maliciously by the hackers. The vulnerability (CVE-2014-6271) , which came to light on Wednesday, affects versions 1.14 through 4.3 of GNU Bash and could become a dangerous threat to Linux/Unix and Apple users if the patches to BASH are not applied to the operating systems. However, the patches for the vulnerabil

Users might have praised the technology companies for efforts to encrypt their latest devices that would prevent law enforcement agencies' hands on users' private data, but the FBI is not at all happy with Apple and Google right now. The Federal Bureau of Investigation director, James Comey , said Thursday he was " very concerned " over Apple and Google using stronger or full encryption in their Smartphones and Tablets that makes it impossible for law enforcement to collar criminals. According to Comey, the Silicon Valley tech giants are "marketing something expressly to allow people to place themselves above the law." " There will come a day – well it comes every day in this business – when it will matter a great, great deal to the lives of people of all kinds that we be able to with judicial authorization gain access to a kidnapper's or a terrorist or a criminal's device, " Comey told reporters . " I just want to make sure we

A Critical remotely exploitable vulnerability has been discovered in the widely used Linux and Unix command-line shell, known as Bash , aka the GNU Bourne Again Shell , leaving countless websites, servers, PCs, OS X Macs, various home routers, and many more open to the cyber criminals. Earlier today, Stephane Chazelas publicly disclosed the technical details of the remote code execution vulnerability in Bash which affects most of the Linux distributions and servers worldwide. REMOTELY EXPLOITABLE SHELLSHOCK The vulnerability (CVE-2014-6271) affects versions 1.14 through 4.3 of GNU Bash and being named as Bash Bug , and Shellshock by the Security researchers on the Internet discussions. According to the technical details, a hacker could exploit this bash bug to execute shell commands remotely on a target machine using specifically crafted variables. " In many common configurations, this vulnerability is exploitable over the network, " Stephane said. This 22-ye

The official website of the popular cross-platform JavaScript library jQuery (jquery.com) has been compromised and redirecting its visitors to a third-party website hosting the RIG exploit kit , in order to distribute information-stealing malware. JQuery is a free and open source JavaScript library designed to simplify the client-side scripting of HTML. It is used to build AJAX applications and other dynamic content easily. The popular JavaScript library is used by 30 percent of websites, including 70 percent of the top 10,000 most visited websites. James Pleger , Director of Research at Risk management software company RiskIQ , reported yesterday that the attack against jQuery.com web servers launched for a short period of time on the afternoon of September 18th. So, the users who visited the website on September 18th may have infected their system with data-stealing malware by redirecting users to the website hosting RIG. Pleger urged those who visited the site durin