The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

With the rise in technology, the need of ultrafast quantum computer has also increased that can work on huge numbers and calculations at the same time. Quantum technology has long been a scientific dream, but now it is a step closer to becoming a reality after a team of scientists has figured out a way for a standard silicon chip to tackle quantum entanglement. Entanglement — a phenomenon in which multiple particles are connected to each other and act in uniform no matter their distance apart — is the key ingredient that promises to make ultrafast quantum computers and secure communications ( encryption ) far more powerful than conventional computing devices. The new research, detailed in The Optical Society's (OSA's) new high-impact journal Optica, describes how a multinational collaboration of boffins, for the first time, have created a new Micro-Ring Resonator that can generate a continuous supply of entangled photons; photons are essentially the particles that mak

Security researchers from Core Security has reportedly found a Denial of Service ( DoS ) attack vulnerability in Android WiFi-Direct. Android's WiFi-Direct is a wireless technology that allows two devices to establish a direct, peer-to-peer Wi-Fi connection without requiring a wireless router. Smartphones have been able to support Wi-Fi Direct for a while now. According to the advisory , the remotely exploitable denial-of-service vulnerability is affecting a wide number of Android mobile devices when it scans for WiFi Direct devices. If exploited, the vulnerability would let an attacker force a reboot of a device. " An attacker could send a specially crafted 802.11 Probe Response frame causing the Dalvik subsystem to reboot because of an Unhandle Exception on WiFiMonitor class ," advisory states. The Android WiFi-Direct vulnerability (CVE-2014-0997) affects: Nexus 5 - Android 4.4.4 Nexus 4 - Android 4.4.4 LG D806 - Android 4.2.2 Samsung SM-T310 - Android

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

The use of small Unmanned Aerial Vehicles (UAVs) called Drones is rapidly transforming the way we go to war. Drones were once used for land surveillance, Delivering Pizza's, then equipped with bombs that changed the way nations conduct war and last year, these hovering drones were also used to hack Smartphones. Recently, a security researcher has found a backdoor in the Parrot AR Drones manufactured by a French-based company, that could allow a malicious hacker to remotely hijacked the radio controlled flying quadcopter helicopter. The Parrot AR Drone, revealed at the International CES 2010 in Las Vegas, is a quadricopter helicopter which you can control with your smartphone or tablet. It features two built-in cameras, is easy to fly, and can be controlled without too much danger of it flipping over or smashing into things. FIRST EVER MALWARE FOR DRONES Security researcher, Rahul Sasi claimed to have developed the first ever backdoor malware for AR drone ARM L

The Pirate Bay — an infamous Torrent website predominantly used to share copyrighted material free of charge — could be relaunched on 1st February, the date the website has long been expected to return. The website went dark from the Internet following a raid in Sweden last month. After a complaint was filed by a group called the Rights Alliance, Swedish Police officers raided The Pirate Bay's server room in Stockholm and seized several servers and other equipment. Last month's raid comes almost a month after the arrest of Fredrik Neij, the third and final founder of The Pirate Bay, at the border between Laos and Thailand on November 3. He was convicted by Swedish courts for sharing copyrighted material more than five years ago. The Pirate Bay homepage is displaying a logo of Phoenix once again with a timer counting down to 1 February. The search box and categories are back under the flag, but are not active yet. At the bottom of the page, a pirate ship sails tow

A database containing details of more than 20 Million users of a Russian-based online dating website has been allegedly stolen by a hacker and made publicly available for sale through an online forum. A hacker using the online alias " Mastermind " on an online forum used by cybercriminals claims the responsibility of the hack into an unnamed online dating website, according to recent reports. The leaked credentials are claimed to be 100% valid in a posting to a paste site, and Daniel Ingevaldson, chief technology officer of Easy Solution, said that the list included email addresses from Hotmail, Yahoo and Gmail. " The list appears to be international in nature with hundreds of domains listed from all over the world ," Ingevaldson said in a blog post on Sunday. " Hackers and fraudsters are likely to leverage stolen credentials to commit fraud not on the original hacked site, but to use them to exploit password re-use to automatically scan and c

Bad news for AT&T customers! You all are vulnerable to phishing scams – thanks to AT&T's text protocols. The actual problem lies in the way AT&T handles its customer alerts via text messages, as it's very easy for cybercriminals to mimic. In "Phishing" attacks , scammers attempt to trick victims into revealing their personal and financial information by sending email or text messages that appear to be from legitimate companies. Instead of emails, here hackers have targeted AT&T users with the text messages. According to Dani Grant , the computer programmer who discovered the flaw and reported to the company, AT&T is making use of plethora for short codes, due to which its customers unable to distinguish between the legitimate and phishing messages . The second issue is that some of AT&T's real links directs its users to att.com while others take you to dl.mymobilelocate.com. " Another problem is that AT&T directs cu

Ready to patch your Adobe Flash software now. Adobe has patched one after one two zero-day vulnerabilities in its Adobe Flash that are being actively exploited by the cyber criminals. PATCH FOR FIRST ZERO-DAY On Thursday, the company released an emergency update for one of the critical vulnerabilities in Flash Player. However, the flaw was not the one that security researcher Kafeine reported. Adobe focused on another zero-day, identified as CVE-2015-0310 , that was also exploited by Angler malicious toolkit. PATCH FOR SECOND ZERO-DAY Today, Adobe released an updated version of its Flash player software that patches a zero-day vulnerability , tracked as CVE-2015-0311, spotted by French security researcher Kafeine at the beginning of the week. The vulnerability is " being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below, " Adobe said in a security advisory . The com

We are all aware of the mass surveillance conducted by the government agencies on us. From our phone calls, emails to web activities, chats and social network activities, everything has been interrupted by the law enforcements. And now they have crossed every limits by using a new way to spy on you. Guess What? Dozens of US law enforcement agencies are quietly taking advantage of the technology that allows them to effectively "see" through walls of buildings to monitor people's activity . This has once again raised privacy questions. Privacy has become just a word as there's nothing private left, not even our homes. According to a recent report from USA Today , over 50 law enforcement agencies, including Federal Bureau of Investigation (FBI) and U.S. Marshals, have secretly been using the new radars for the past two years, but it came to light just last month during a court hearing in Denver . The device, dubbed Range-R , sends out radio waves that can d

Smartphones in our pockets are exponentially smaller and more powerful that they don't realize the need to carry laptops with us everywhere. Now imagine if a small mouse meets the need of the entire PC? Not just imagination, it has been proved and done by the engineers at a Polish startup. Poland-based Przemysław Strzelczyk and a team of software developers working on a new concept have created what they believe is the future of desktop computing — a mouse that's also a PC. Called " Mouse-Box ", a wireless gadget that packs a 1.4 GHz quad-core ARM processor, a micro-HDMI port, WiFi up to 802.11n, accelerometer, gyroscope, two USB 3.0 ports and 128 GB storage space into a mouse. The only extra hardware needed is a monitor. Mouse Box comes with the same amount of storage as a high-end iPhone 6 Plus , but we know that nobody will be able to work for long with so little storage. The storage capacity can't be physically expanded, but can be extended with the use of clou

Ransomware  malware threat has forced somebody for the terrible suicide and once again has marked its history by somebody's blood. Sad, but it's True! Joseph Edwards , a 17-year-old schoolboy from Windsor, Berkshire, hanged himself after receiving a bogus email appeared to be from police claiming that he'd been spotted browsing illegal websites and that a fine of 100 pound needed to be paid in order to stop the police from pursuing him. The scam email pushed the well-known Police Ransomware onto the boy's laptop and also downloaded malware that locked up his system once it was opened. Edwards was an A-level student with Autism, a developmental disability, that likely made him more susceptible to believing the Internet scam mail, supposedly sent from from Cheshire police, was genuine, a coroner heard on Thursday. Edwards was so upset and depressed by the accusation and the extortionate demand that he hanged himself hours after falling victim to the crucial threat. He was foun

After exposing three critical zero-day vulnerabilities in Microsoft's Windows operating systems, Google's Project Zero vulnerability research program has revealed the existence of three more zero-day vulnerabilities, but this time, on Apple's OS X platform. The team has published three zero-day exploits for Apple's OS X, with sufficient information for an experienced hacker to exploit the bugs in an attack. Of course, the details about the zero-days were not released without alerting Apple to these issues. FIRST ZERO-DAY  VULNERABILITY The first flaw, " OS X networkd 'effective_audit_token' XPC type confusion sandbox escape ," allows an attacker to pass arbitrary commands to the networkd OS X system daemon because it does not check its input properly. The flaw may already have been mitigated in OS X Yosemite , but there is no clear explanation of whether this is the case. SECOND ZERO-DAY VULNERABILITY The second and third vulnerability both are relate

A critical cross-site scripting ( XSS ) vulnerability in the Google Apps administrator console allowed cyber criminals to force a Google Apps admins to execute just about any request on the https://admin.google.com/ domain. The Google Apps admin console allows administrators to manage their organization's account. Administrators can use the console to add new users, configure permissions, manage security settings and enable Google services for your domain. The feature is primarily used by many businesses, especially those using Gmail as the e-mail service for their domain. The XSS flaw allowed attackers to force the admin to do the following actions: Creating new users with "super admin" rights Disabling two-factor authentication ( 2FA ) and other security measures from existing accounts or from multiple domains Modifying domain settings so that all incoming e-mails are redirected to addresses controlled by the attacker Hijack an account/email by resett

Barrett Brown , a journalist formerly served as an unofficial spokesman for the hacktivist collective Anonymous , was sentenced Thursday to over five years in prison, after pleading guilty to federal charges of  " transmitting a threat in interstate commerce ,"   " for interfering with the execution of a search warrant ," and to being " accessory after the fact in the unauthorized access to a protected computer ." After already having served over 2 years ( 31 months ) in detention, Texas court in Dallas has sentenced Barrett Brown to 63 months in federal prison and also ordered him to pay a little more than $890,000 in restitution and fines related to the 2011 hack of Stratfor Global Intelligence . Over a year ago, another federal judge sentenced Anonymous member Jeremy Hammond to 10 years in prison for making millions of emails from the servers of security firm Stratfor public. It's Hammond who said that Brown simply linked to the hacked

Are you worried about your privacy? Its Obvious because of a Hacker or the government could be snooping in your emails, voice or video calls. The Famous Internet entrepreneur Kim Dotcom , who introduced legendary Megaupload and Mega file sharing services to the World, has now released its latest encrypted communication software for video calling, messaging and chat. Kim Doctom's file-sharing site Mega has launched the public beta of its end-to-end encrypted video and audio chat service called " MegaChat ", which the company says gives better protection than alternatives such as Skype and Google Hangouts. MegaChat is currently free to use and right now just provides browser-based audio and video calls, but Mr. Dotcom said on Twitter "Text chat and video conferencing will follow soon," HOW TO USE MEGACHAT Create a Mega account. Simply log in via the web browser and click on the Conversations icon provided on the left-hand side  Contacts will need their own M

The most popular smartphone messaging service WhatsApp is now able to communicate with friends from their PC. No Rumours at all !! Enjoy WhatsApp from your desktop from now on. Last month, it was leaked that Whatsapp was working on a web client and finally from today they are introducing it to the public. The feature is called " WhatsApp Web ," which gives its users the ability to read and send messages directly from their web browsers. HOW TO USE WHATSAPP ON PC/DESKTOP Interested WhatsApp users simply need to open Chrome and navigate to https://web.whatsapp.com A QR code will appear on the web page, which must be scanned using WhatsApp mobile application to activate the service. By scanning the  QR code  that appears, users will automatically have paired their mobile WhatsApp with the WhatsApp web client, as shown.  WhatsApp Web requires that you install and run the latest Whatsapp version of the Android app on your phone. The feature currently works on

Get Ready to update your Java program as Oracle has released its massive patch package for multiple security vulnerabilities in its software. The United States software maker Oracle releases its security updates every three months on Tuesday, which it referred to as " Critical Patch Updates " (CPU). Yesterday, Oracle released its first quarterly CPU-date of this year, issuing a total of 169 security fixes for hundreds of its products including Java, Fusion Middleware, Enterprise Manager and MySQL. The security update for Oracle's popular browser plug-in Java addresses vulnerabilities in the software, 14 of which could be remotely exploitable without authentication, that means an attacker wouldn't need a username and password to exploit them over a network. Four Java flaws were marked most severe and received a score of 10.0 on the Common Vulnerability Scoring System (CVSS) , the most critical ranking. Nine other Java flaws given a CVSS Base Score of 6.0

2015 will be a year more smarter than 2014 with smarter mobile devices, smarter home appliances, and yes Smarter Automobiles. Nowadays, there are a number of automobiles companies offering vehicles that run on a mostly drive-by-wire system, meaning that a majority of the controls are electronically controlled, from instrument cluster to steering, brakes, and accelerator as well. No doubt these systems makes your driving experience better, but at the same time they also increase the risk of getting hacked. According to a recent research, an electronic dongle used to plugged into the on-board diagnostic port of more than two million cars and trucks contains few security weaknesses that makes them vulnerable to wireless attacks, resulting in taking control of the entire vehicle. Since 2008, US-based Progressive Insurance has used the SnapShot device in more than two million vehicles . The little device monitors and tracks users' driving behavior by collecting vehicle location a

An Internet domain registrar and web hosting company GoDaddy has patched a Cross-Site Request Forgery ( CSRF or XSRF) vulnerability that allowed hackers and malicious actors to hijack websites registered with the domain registration company. The vulnerability was reported to GoDaddy on Saturday by Dylan Saccomanni, a web application security researcher and penetration testing consultant in New York. Without any time delay, the company patched the bug in less than 24 hours after the blog was published. While managing an old domain registered on GoDaddy, Saccomanni stumbled across the bug and noticed that there was absolutely no protection against CSRF vulnerability at all on many GoDaddy DNS management actions. Cross-Site Request Forgery (CSRF) is a method of attacking a website in which an attacker need to convince the victim to click on a specially crafted HTML exploit page that will make a request to the vulnerable website on their behalf. This common but rathe

Are you one of those victims whose WhatsApp app has recently been banned?? Then you must have installed a 3rd-party version of WhatsApp client, like WhatsAppMD or Whatsapp PLUS in your mobile phone for sure. Reportedly after 12 AM IST on 21st January 2015 , WhatsApp, the widely popular messaging application, has started temporarily banning users for 24 Hours who are currently using any third-party WhatsApp clients and are being directed to download the official app on the Play Store instead. Just in last few hours, large number of users have started complaining on Social media websites that they are being banned from the messaging service for 24 hours. Though the ban is temporary and the users facing the issue now could access their app after the period of 24 hours. In an attempt to clear up why this is happening, Whatsapp team explained via its FAQ website , that it is against 'Terms of Service' to use WhatsApp Plus or any other 3rd-party unofficial app. Why am

A sad reality for gamers all around the world who enjoy playing the very popular game Minecraft on their PCs. If you are one of them, you'll want to pay attention here. A plain text file containing over 1,800 Minecraft account usernames and passwords has just been leaked online, German media reports . The details available in the leak has been posted to Pastebin, which would allow anyone to log into a legitimate user's account in order to play online and download the full version of the game to their own computers. However, the more serious implication of the leaked credentials would be for those affected users who had used the same username and password combination for other online services, like shopping site, banking site, email service or for any social networking site. Minecraft is an incredibly popular online game bought by Microsoft just few months back for $2.5 billion. The game has more than 100 million registered accounts for its PC version alone, and