The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Hackers have already bypassed Apple's fingerprint scanner using fake fingerprints, and now they have found a way to reproduce your fingerprints by using just a couple of photos of your fingers. Special Fingerprint sensors have already been used by Apple and Samsung in their smartphones for authentication purposes and in near future fingerprints sensors are believed to be the part of plenty of other locked devices that can be unlocked using fingerprints, just to add an extra layer of authentication. But, How secure are your fingerprints? A member of Europe's oldest hacker collective, the Chaos Computer Club (CCC) , claimed to have cloned a fingerprint of a Germany's federal minister of defense , Ursula von der Leyen , using pictures taken with a " standard photo camera " at a news conference. At the 31st annual Chaos Computer Conference in Hamburg Germany this weekend, biometrics researcher Starbug , whose real name is Jan Krissler , explained

A serious security vulnerability has been discovered in the default web browser of the Android OS lower than 4.4 running on a large number of Android devices that allows an attacker to bypass the Same Origin Policy (SOP). The Android Same Origin Policy (SOP) vulnerability ( CVE-2014-6041 ) was first disclosed right at the beginning of September 2014 by an independent security researcher Rafay Baloch. He found that the AOSP (Android Open Source Platform) browser installed on Android 4.2.1 is vulnerable to Same Origin Policy (SOP) bypass bug that allows one website to steal data from another. Security researchers at Trend micro in collaboration with Facebook have discovered many cases of Facebook users being targeted by cyber attacks that actively attempt to exploit this particular flaw in the web browser because the Metasploit exploit code is publicly available, which made the exploitation of the vulnerability much easier. The Same Origin Policy is one of the guidin

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

After the Mysterious Malaysian Airlines flight MH370 incident in March 2014 and the shooting of Malaysia Airline Flight MH17 by a ground-to-air missile in July 2014, yesterday AirAsia flight QZ 8501 with 162 people on board found missing by the time it flew from the Indonesian city of Surabaya to Singapore after losing contact with air traffic control due to weather, the airline company said Sunday. Since, cybercriminals are known to take advantage of every major incident and any occasion that captures public attention – regardless of how sensitive – comes out to be an opportunity for spammers and hackers to snatch users' personal information and spread malware, and the tragedy of the Missing AirAsia flight QZ 8501 is no exception. Cyber criminals are exploiting the disappearance of Indonesia AirAsia flight QZ 8501 by luring users to websites purporting to offer the latest news in order to steal their personal information. Our team has spotted some posts on social media

" The Interview ", the controversial North Korean-baiting film which appeared to be the root cause of the cyber mishap occurred at Sony Pictures Entertainment that threatened terror attack at theaters showing the movie, now threatens to expose users of Android phones to a malware attack. Since its release, everyone is talking about "The Interview" — the Seth Rogen and James Franco-starring comedy centered around a TV host and his producer assassinating North Korean dictator Kim Jong Un. Because cybercriminals are known to take advantage of major events where there is a high level of public interest, The Interview became their target. In a joint investigation, Security researchers of McAfee and Technische Universität Darmstadt and the Center for Advanced Security Research Darmstadt (CASED) has discovered an Android app claiming to download 'The Interview' comedy on their smartphone devices actually infects users' devices with banking trojan in

Hackers claiming affiliation with the hacktivist group "Anonymous" have allegedly leaked more than 13,000 username and password combinations for some of the worlds most popular websites, including Amazon, Xbox Live and Playstation Network . The stolen personal information was released in a massive text document posted to the Internet file-sharing website Ghostbin  (now deleted) , on Friday. The document contains a huge number of usernames and passwords, along with credit card numbers and expiration dates. The news came just a day after the hacker group Lizard Squad compromised Sony's Playstation and Microsoft's Xbox Live gaming networks on Christmas day, which is estimated to have affected Xbox's 48 million subscribers and PlayStation's 110 million users, making it a total of more than 150 million users worldwide. However, data breach of 13,000 users is not the biggest data breach we've ever seen. When millions of passwords are used for sites ar

It was the sad Christmas day for gamers all around the world!! A lot of people get new PlayStations and Xboxes on Christmas, but this Christmas they bought the game, popped it into the console for online gaming, and what they found? Oh Crap! I can't log on . It was the notorious hacker group " Lizard Squad " who claimed the responsibility for taking down PlayStation Network, saying it has made unavailable both networks with apparent Distributed Denial of Service (DDoS) attacks — intentionally overloading servers by sending a flood of bogus web traffic, which made logging into the PlayStation Network and Xbox Live difficult for most users. Now Anonymous has declared war against Lizard Group, warning that " now you are all going down. " Recently, in response to Lizard Squad launching DDoS attacks on the Tor network , the international activist group Anonymous has leaked the personal details of one of the group's alleged members, warning the hacke

Surprisingly, from yesterday a cartoon picture of the supreme leader of the Democratic People's Republic of Korea (North Korea) named Kim Jong-un appearing on The Pirate Bay website 's homepage, but WHY? At the beginning of this month, The Pirate Bay — an infamous Torrent website predominantly used to share copyrighted material such as films, TV shows and music files, free of charge — went dark from the internet during a raid operation carried out by Swedish Police. However, a number of clones and rumors of rebirths of the infamous The Pirate Bay (TPB) appeared online, but the official domain of The Pirate Bay ( ThePirateBay.se ) remained inaccessible, until last week. ThePirateBay.se , the official domain of TPB returned to life, but without an archive of torrent files and now showing a ticking clock, with the Jolly Roger (skull and crossbones Pirate flag) waving in the background, and an image with apparently random characters with the filename AES.png , hintin

Koreans have once again gain media attention but this time not as an accused of any kind of hack attack, but as a victim of a severe attack on computers systems at a nuclear power plant in South Korea by an unknown hacker or a group. South Korea was hit by a cyber attack on its nuclear power plant, causing the operator to conduct drills in order to test the ability of the nuclear plant to cope with a full-scale cyber-attack. Although the plant's operator says no critical data has been leaked. The cyber attack came into light after a hacker posted blueprints of nuclear reactors online and threatened further "leaks" unless authorities close down the reactors. According to the South Korean Yonhap News Agency, the hacker was able to access blueprints of reactors, floor maps and other internal information on the plant. Last week with the help of a Twitter account named " president of anti-nuclear reactor group ," the hacker posted leaked data revea

First time ever in the History, Apple Inc. has pushed out an automatic security update for Macintosh OS X computers to address a critical security issue that, according to the company, was too risky to wait for users to patch after seeking their prior approval. Despite having the ability for years to silently and automatically update its users computers, Apple typically asks its users' permission to approve them manually or automatically before installing any security update of this kind. But, the company has exercised its ability for the very first time to patch a critical security flaw in a component of its OS X operating system called the Network Time Protocol (NTP) . This newly discovered security vulnerability, assigned CVE-2014-9295, became public late last week and affects all operating systems, including OS X and other Linux and Unix distributions, running versions of NTP4 prior to 4.2.8. NTP is used for synchronizing clocks between computer systems and across the globa

Tor has been targeted once again, but this time at a much larger scale. A new attack on Tor network reportedly would either completely shut it down worldwide or turn it into evil network. This time Tor – an internet browser which allows people to maintain their anonymity online by protecting their location – is warning its users of a cyber attack that quietly seized some of its network specialized servers called Directory Authorities (DA) , the servers that help Tor clients to find Tor relays in the anonymous network service. Tor network architecture relies on ten Directory Authorities whose information is hardcoded into Tor clients. These directory authorities are located in the Europe and United States, and maintain the signed list of all the verified exit relays of the Tor network, and according to experts, attack on these backbone servers can "incapacitate" the overall architecture of Tor. " The Tor Project has learned that there may be an attempt to incapacit

Sony was forced to pull the cinema release of " The Interview ," scheduled for Christmas day, after hacker group Guardians of Peace (GOP) threatened to attack any theater that decided to show the film. But the studio will release the controversial North Korean-baiting film via different alternatives. HACKERS WARNED OF TERROR ATTACK The massive hacking attack against Sony Pictures Entertainment is getting worst day by day. The hack has yet exposed about 200 gigabytes of confidential data belonging to the company from upcoming movie scripts to sensitive employees data, celebrities phone numbers and their travel aliases, and also the high-quality versions of 5 newest films leak , marking it as the most severe hack in the History. Week back, the hacker group GOP, who has claimed responsibility for the damaging Sony cyber-attack, demanded Sony to cancel the release of " The Interview " — the Seth Rogen and James Franco-starring comedy centered around a T

Security researchers have discovered a massive security flaw that could let hackers and cybercriminals listen to private phone calls and read text messages on a potentially vast scale – no matter if the cellular networks use the latest and most advanced encryption available. The critical flaw lies in the global telecom network known as Signal System 7 that powers multiple phone carriers across the world, including AT&T and Verizon , to route calls, texts and other services to each other. The vulnerability has been discovered by the German researchers who will present their findings at a hacker conference in Hamburg later this month. "Experts say it's increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world's billions of cellular customers," said The Washington Post, which first uncovered flaws in the system earlier this year. NUMBER OF SECURITY FLAWS IN SS7 SS7 or