The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

'SuperFish' advertising software recently found pre-installed on Lenovo laptops is more widespread than what we all thought. Facebook has discovered at least 12 more titles using the same HTTPS-breaking technology that gave the Superfish malware capability to evade rogue certificate. The Superfish vulnerability affected dozens of consumer-grade Lenovo laptops shipped before January 2015, exposing users to a hijacking technique by sneakily intercepting and decrypting HTTPS connections, tampering with pages and injecting advertisements. Now, it's also thought to affect parental control tools and other adware programmes. Lenovo just released an automated Superfish removal tool to ensure complete removal of Superfish and Certificates for all major browsers. But, what about others? SSL HIJACKING Superfish uses a technique known as " SSL hijacking ", appears to be a framework bought in from a third company, Komodia, according to a blog post written

Cyber criminals have started targeting government enforcement of the Ransomware in an attempt to extort money. Recently, the police department of the Midlothian Village in Illinois has paid a ransom of over $600 in Bitcoins to an unknown hacker after being hit by a popular ransomware attack. The popular Ransomware, dubbed Cryptoware , disabled a police computer in Midlothian — located south of Chicago — by making it inaccessible through its file-encryption capabilities and forced them to pay a ransom in order to restore access to the important police records. The Chicago Tribune reported that the department first encountered Cryptoware in January, when someone in the department opened a spear-phishing email that pointed to the malicious software. Once opened, the email carrying the Cryptoware ransomware immediately encrypts the files on the computer and, in typical ransomware style, displays a message demanding money in exchange for a decrypt code that could free the

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

The computer giant Lenovo has released a tool to remove the dangerous "SuperFish" adware program that the company had pre-installed onto many of its consumer-grade Lenovo laptops sold before January 2015. The Superfish removal tool comes few days after the story broke about the nasty Superfish malware that has capability to sneakily intercept and decrypt HTTPS connections, tamper with pages in an attempt to inject advertisements. WE JUST FOUND 'SUPERFISH' - LENOVO The Chinese PC maker attempted to push the perception that Superfish software was not a security concern and avoid the bad news with the claim that it had "stopped Superfish software at beginning in January". However, Lenovo has now admitted that it was caught preloading a piece of adware that installed its own self-signing Man-in-the-Middle (MitM) proxy service that hijacked HTTPS connections. " We did not know about this potential security vulnerability until yesterday ," Lenovo said

Data leaks through power consumption? Don't be surprised because security researchers have discovered a way to track your every move by looking at your Android smartphone's consumption of the battery power,even if you have GPS access unable. Researchers at Stanford University and Israeli Defense Research Group, Rafael, have developed a new technology, which they have dubbed " PowerSpy ", that have capability to gather the geolocation of Android phones by simply by measuring the battery usage of the phone over a certain time. TRACKING PERMISSION GRANTED BY-DEFAULT Unlike Wi-Fi and GPS access, the battery consumption data does not need the users' permission to be shared and is freely available to any downloaded and installed application. Therefore, this data can be used to track a phone with up to 90 percent accuracy. All an attacker would need to do is use an application — any application you download and installed onto your Android smartphone — to measu

There is an entire section of the Internet that you probably don't see on daily basis, it's called the " Darknet " or " Deep Web ", where all browsing is done anonymously. About a week ago, we reported about the 'Memex' Deep Web Search Engine , a Defense Advance Research Projects Agency (DARPA) project to create a powerful new search engine that could find things on the deep web that isn't indexed by Google and other commercial search engines, but it isn't available to you and me. Now, there is another search engine that will let anyone easily search the Deep Web for large swaths of information for free, and without an application; you only need is an Internet connection. Onion.City , a new search engine for online underground markets that makes it more easier to find and buy drugs, guns, stolen credit cards directly from your Chrome, Internet Explorer or Firefox browser without installing and browsing via Tor Browser . Just two