The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A wave of excitement in The Pirate Bay lovers. After almost two months of untimely and unexpected outage, the infamous torrent-indexing website The Pirate Bay (TPB) made a defiant return on Saturday. The Pirate Bay — a widely popular file-sharing website predominantly used to share copyrighted material free of charge — went dark from the Internet following a raid in Sweden late last year. In response to a complaint from Swedish anti-piracy group Rights Alliance, the police raided The Pirate Bay's server room in Stockholm and seized several servers and other equipment. Though, its almost impossible to keep The Pirate Bay offline for too long, last took down was the longest outage the torrenting site has ever experienced. The site is back one day early based on the countdown timer that was running on the official domain of TPB, i.e. thepiratebay.se . Anyone visiting thepiratebay.se domain today will be welcomed with a functioning site. People are already uploading and downloa

WhatsApp is again in news but this time not for any security holes, but for its all new and, of course, much-awaited Free Voice Calling feature — similar to other instant messaging apps like Skype and Viber allow users to make voice calls using Internet. After launching its much-awaited Web client (dubbed WhatsApp Web ) to Android users, the most popular mobile messaging application WhatsApp has started rolling out the promised free voice calling feature, and this time again to Android users first. Late last night, some screenshots of WhatsApp's new voice calling feature appeared on Reddit. Reportedly, this new feature will allow WhatsApp users to make free voice calls to their online pals by simply tapping your phone icon to call their WhatsApp friends. The report broke when a Reddit user ( pradnesh07 ) received a WhatsApp call from a friend, and this is how the feature get activated. The free voice calling feature, for now, seems to be invite-only. So, if you still have to

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

Facebook users just Beware!! Don't click any porn links on Facebook. Foremost reason is that you have thousands of good porn sites out there, but there's an extra good reason right now. Rogue pornography links on the world's most popular social network have reportedly infected over 110,000 Facebook users with a malware Trojan in just two days and it is still on the rise, a security researcher warned Friday. The Facebook malware disguised as a Flash Player update and spreads itself by posting links to a pornographic video from the Facebook accounts of previously infected users. The malware generally tags as many as 20 friends of the infected user . "In the new technique, which we call it ' Magnet ,' the malware gets more visibility to potential victims by tagging the friends of the victim in the malicious post," said Mohammad Faghani, a senior consultant at PricewaterhouseCoopers, in a mailing list post to the Full Disclosure infosec hangout.  "A tag may

After the disclosure of extremely critical GHOST vulnerability in the GNU C library (glibc) — a widely used component of most Linux distributions, security researchers have discovered that PHP applications, including the WordPress Content Management System (CMS), could also be affected by the bug. " GHOST " is a serious vulnerability ( CVE-2015-0235 ), announced this week by the researchers of California-based security firm Qualys, that involves a heap-based buffer overflow in the glibc function name - "GetHOSTbyname()." Researchers said the vulnerability has been present in the glibc code since 2000. Though the major Linux distributors such as Red Hat , Debian and Ubuntu , have already updated their software against the flaw, GHOST could be used by hackers against only a handful of applications currently to remotely run executable code and silently gain control of a Linux server. As we explained in our previous article, heap-based buffer overflow was found

Last week, the most popular mobile messaging application WhatsApp finally arrived on the web — dubbed WhatsApp Web , but unfortunately it needs some improvements in its web version. An independent 17-year-old security researcher Indrajeet Bhuyan reported two security holes in the WhatsApp web client that in some way exposes its users' privacy. Bhuyan called the first hole, WhatsApp photo privacy bug and the other WhatsApp Web Photo Sync Bug. Bhuyan is the same security researcher who reported us the vulnerability in the widely popular mobile messaging app which allowed anyone to remotely crash WhatsApp by sending a specially crafted message of just 2kb in size, resulting in the loss of conversations. Whatsapp Photo Privacy Bug According to him, the new version of WhatsApp Web allows us to view a user's profile image even if we are not on the contact list of that user. Even if the user has set the profile image privacy setting to " Contacts Only ," the pro

Back in November, Mozilla teamed-up with Tor Project under a new initiative called Polaris , in order to help reduce finite number of Tor connections occurring at the same time by adding high-capacity Tor middle relays to the Tor network , and now the company is ready with its first Tor Middle relays. The Firefox maker has given the Tor network a high-capacity middle relays with the launch of 12 relays , all located in the United States, that will help distribute user traffic; the Tor browser is a great way to keep prying eyes from tracking you. Mozilla is one of the most trusted companies on the internet, particularly when it comes to user privacy. The partnership of Mozilla and Tor aimed at providing more privacy features to Firefox browser, and increased Tor network support. The Polaris Privacy Initiative was an effort of Mozilla, the Tor Project and the Center of Democracy and Technology — an advocacy group for digital rights, in order to help build more privacy

The makers of ultra secure BlackPhone titled by Silent Circle as, " world's first Smartphone which places privacy and control directly in the hands of its users ," have recently fixed a critical vulnerability in the instant messaging application that allows hackers to run malicious code on the handsets. BlackPhone was also hacked last year at the BlackHat security conference , but the interesting factor about the recent hack was that the attackers only needed to send just a message on a targeted phone number in order to compromise the device. The vulnerability was first discovered and disclosed by Mark Dowd , a principal security researcher at the Australia-based consultancy firm Azimuth Security. Dowd discovered the issue late in 2014, but waited to disclose it until Blackphone got their patches and fixes in place. The flaw actually resides in Silent Text application — the secure text messaging application bundled with the BlackPhone handsets, which is al

​Researchers have uncovered a new evidence that a powerful computer program discovered last year, called " Regin ", is "identical in functionality" to a piece of malware used by the National Security Agency  (NSA) and its Five Eyes allies . REGIN MALWARE "Regin" is a highly advanced, sophisticated piece of malware the researchers believe was developed by nation state to spy on a wide-range of international targets including governments, infrastructure operators and other high-profile individuals since at least 2008. Regin was first discovered in November 2014 by the researchers at antivirus software maker Symantec and was said to be more sophisticated than both Stuxnet and Duqu . The malware alleged to have been used against targets in Algeria, Afghanistan, Belgium, Brazil, Fiji, Germany, Iran, India, Indonesia, Kiribati, Malaysia, Pakistan, Russia and Syria, among others. The recent evidence comes from the journalists at Der Spiege

A highly critical vulnerability has been unearthed in the GNU C Library (glibc) , a widely used component of most Linux distributions, that could allow attackers to execute malicious code on servers and remotely gain control of Linux machines. The vulnerability, dubbed " GHOST " and assigned CVE-2015-0235 , was discovered and disclosed by the security researchers from Redwood Shores, California-based security firm Qualys on Tuesday. CRITICAL AS HEARTBLEED AND SHELLSHOCK GHOST is considered to be critical because hackers could exploit it to silently gain complete control of a targeted Linux system without having any prior knowledge of system credentials (i.e. administrative passwords). Also Read:  Top Best Password Managers . The flaw represents an immense Internet threat, in some ways similar to the Heartbleed ,   Shellshock   and Poodle   bugs that came to light last year. WHY GHOST ? The vulnerability in the GNU C Library (glibc) is dubbed GHOST b

The very popular Pop star Taylor Swift became the latest celebrity to have their social media accounts hacked on Tuesday. The 25-year-old " Shake It Off " singer, who has the fourth-most popular Twitter account with 51.4 million followers, appeared to be asking her millions of followers to follow @veriuser and @lizzard. Swift confirmed that her Twitter and Instagram accounts were hacked on Tuesday afternoon, and also that the rogue posts were quickly removed from the social media websites. " My Twitter got hacked but don't worry, Twitter is deleting the hacker tweets and locking my account until they can figure out how this happened and get me new passwords ," said a statement posted on Swift's personal Tumblr page. The accounts were taken for just 15 minutes, but when it belongs to Taylor Swift, that makes it a big hit. At the time, a Tweet went out from @TaylorSwift13 to her millions of fans, saying, " go follow my boy, @lizzard :) " Yes Li

Apple has rolled out iOS 8.1.3 for iPhone, iPod touch and iPad devices, after weeks of extensive testing. The iOS 8.1.3 update contains bug fixes, stability enhancements and performance improvements. Among the new features, it reduces the amount of storage space required to perform a software update. The update can be downloaded by going to Settings > General > Software Update . The download size of iOS 8.1.3 is 246MB . Apple users with 8GB and 16GB devices will definitely appreciate the reduced storage requirements for updating to iOS 8. In addition to bug fixes, iOS 8.1.3 also includes a number of security improvements which can be viewed in detail on Apple's security page for the update. Apple is also preparing to release OS X Yosemite 10.10.2 beta update , which contains a patch for the Thunderstrike vulnerability that allows malware to be injected into Macs via the Thunderbolt port.

Apple is preparing to release the second update to OS X Yosemite in the coming days to its customers. The upcoming beta update OS X Yosemite 10.10.2 contains a patch for the Thunderstrike vulnerability that allows malware to be injected into Macs via the Thunderbolt port. Earlier this month, Reverse engineer Trammell Hudson revealed technical details and proof-of-concept of Thunderstrike attack . Thunderstrike, an undetectable bootkit, works by injecting an Option ROM into a Mac's EFI. It is possible because hardware attached to a system through Thunderbolt port are not as secure as a Mac itself. Once installed using Thunderstrike attack, the malware would be almost impossible to detect and remove. Because the firmware used on Macs doesn't always apply to the security of attached hardware. So "Apple had to change the code to not only prevent the Mac's boot ROM from being replaced, but also to prevent it from being rolled back to a state where the at