The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

In this post-Snowden era of mass surveillance, being out-of-reach from the spying eyes really doesn't mean they can not get you. So, if you are concerned about your data privacy and are actually searching for a peer-to-peer encrypted messaging service, then it's time to get one. " Otr.to " — an open-source peer-to-peer browser-based messaging application that offers secure communication by making use of "Off-the-Record" (OTR) Messaging , a cryptographic protocol for encrypting instant messaging applications. OTR (Off-the-Record) is one of the most secure cryptographic protocol that offers strong encryption for real time communications i.e. Chatting and Messaging services. Off-the-Record simply means that there is nothing on the record, so nobody can prove that two parties had an Internet chat conversation or said anything specific. ORT.to uses WebRTC to exchange messages via decentralized peer-to-peer communication , which means chat logs bet

Recently a mobile-security firm Bluebox claimed that the brand new Xiaomi Mi4 LTE comes pre-installed with spyware /adware and a " forked " vulnerable version of Android operating system on top of it, however, the company denies the claim. Xiaomi , which is also known as Apple of China, provides an affordable and in-budget smartphones with almost all features that an excellent smartphone provides. On 5th March, when Bluebox researchers claimed to have discovered some critical flaws in Mi4 LTE smartphone, Xiaomi issued a statement to The Hacker News claiming that " There are glaring inaccuracies in the Bluebox blog post " and that they are investigating the matter. RESEARCHERS GET TROLLED BY CHINESE SELLERS Now, Xiaomi responded to Bluebox Labs by preparing a lengthy denial to their claims and said the new Mi4 smartphone purchased by Bluebox team in China (known as the birthplace of fake smartphones) was not an original Xiaomi smartphone but a coun

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

While WhatsApp is very reserved to its new calling feature, cyber scammers are targeting WhatsApp users across the world by circulating fake messages inviting users to activate the new ' WhatsApp calling feature for Android'  that infects their smartphones with malicious apps. If you receive an invitation message from any of your friend saying, "Hey, I'm inviting you to try WhatsApp Free Voice Calling feature, click here to activate now —> https://WhatsappCalling.com" ,  BEWARE! It is a Scam . The popular messaging app has begun rolling out its much-awaited Free Voice Calling feature — similar to other instant messaging apps like Skype and Viber — to Android users which allows users to make voice calls using Internet. However, for now, the free WhatsApp calling feature is invite-only and only appears to work for people running the latest version of WhatsApp app for Android on a Google Nexus 5 phone running the latest Android 5.0.1 Lollipop . H

A critical vulnerability has been discovered in the Google Apps for Work that allows hackers to abuse any website's domain name based email addresses, which could then be used to send phishing emails on company's behalf in order to target users. If you wish to have an email address named on your brand that reads like admin@yourdomain.com instead of myemail@gmail.com , then you can register an account with Google Apps for Work. The Google Apps for Work service allows you to use Gmail, Drive storage, Calendar, online documents, video Hangouts, and other collaborative services with your team or organization. To get a custom domain name based email service from Google, one just need to sign up like a normal Gmail account. Once created, you can access your domain's admin console panel on Google app interface, but can not be able to use any service until you get your domain verified from Google. SENDING PHISHING MAILS FROM HIJACKED ACCOUNTS Cyber security researchers

Do you own a Facebook Business page? If yes, then you will notice a drop in the number of "likes" on your Facebook Page by next week, which could be quite disappointing but, Facebook believes, will help business to know their actual followers. FACEBOOK'S OFFICIAL MASS AUTO-UNLIKE The social network giant is giving its Pages a little spring cleaning, purging them of memorialized and voluntarily deactivated inactive Facebook accounts in an attempt to make its users data more meaningful for businesses and brands. Facebook purge will begin from March 12, Facebook said, and should continue over the next few weeks. " Over the coming weeks, Page admins should expect to see a small dip in their number of Page likes as a result of this update, " Facebook said in a blog post. " It's important to remember, though, that these removed likes represent people who were already inactive on Facebook. " FACEBOOK TO DETECT FAKE FOLLOWERS Facebook is

Once again the very popular and the world's third largest smartphone distributor Xiaomi , which had previously been criticized for secretly stealing users' information from the device without the user's permissions, has been found spreading malware . The top selling Android smartphone in China, Xiaomi Mi4 LTE , has been found to be shipped with pre-loaded spyware/adware and a "forked," or not certified, vulnerable version of Android operating system on top of that, according to a San Francisco-based mobile-security company, Bluebox. Xiaomi, which is also known as Apple of China, provides an affordable and in-budget smartphones with almost all features that an excellent smartphone provides. Just like other Xiaomi devices, Mi4 LTE smartphone seems to attract a large number of customers with more than 25,000 units sold out in just 15 seconds on India's online retailer Flipkart . Security Researcher Andrew Blaich of Bluebox firm revealed Thursday that the brand new

If you have recently installed or updated the popular BitTorrent client μTorrent 3.4.2 Build 28913 on your computer, then you read this warning post right now. Users of the μTorrent file-sharing service are complaining that the latest update of software used for torrent downloading is silently installing a piece of unwanted software called EpicScale , which is basically a Bitcoin mining software . Note: Story update has been added below. USER COMPLAINTS ON SILENT  INSTALLATION The Epic Scale , installed without the consent of users, is a cryptocurrency mining software that reportedly uses the combined computing power of users to generate Bitcoin income for BitTorrent company. The unwanted software slows down the host computers and is particularly harder to remove from the system. The Bitcoin mining software was recently highlighted at uTorrent's complaint forum where a member ' Groundrunner ' says: " There was no information about this during installation

The United Kingdom's National Crime Agency (NCA) has arrested 56 suspected hackers in a campaign against cybercrime called "strike week." Law-enforcement officials conducted, in total, 25 separate operations across England, Scotland and Wales, and those arrested were suspected in a wide range of cyber crimes including: Network intrusion and data theft from multinational companies and government agencies Distributed Denial of Service (DDoS) attacks Cyber-enabled fraud Malicious software and virus development The raids conducted by NCA were coordinated by its National Cyber Crime Unit (NCCU) , special officers Metropolitan Police and Regional Organised Crime Unit's (ROCUs) , associated with local forces around the UK. The arrested hackers also include alleged hackers suspected of being behind attacks on Yahoo, the US Department of Defence (DoD) , and PlayStation. The list of hackers arrested in the operation is given below: A 23-year-old man w

Biometric security systems that involve person's unique identification (ID), such as Retinal, IRIS, Fingerprint or DNA, are still evolving to change our lives for the better even though the biometric scanning technology still has many concerns such as information privacy, and physical privacy. In past years, Fingerprint security system , which is widely used in different applications such as smartphones and judicial systems to record users' information and verify person's identity, were bypassed several times by various security researches, and now, IRIS scanner claimed to be defeated . Don't worry! It's not like how they do it in movies, where an attacker needs to pull authorized person's eye out and hold it in front of the eye scanner. Instead, now hackers have finally found a simple way to bypass IRIS Biometric security systems using images of the victims. The same security researcher Jan Krissler , nicknamed Starbug , from the famous Chaos Co

Recently discovered FREAK  vulnerability that apparently went undetected for more than a decade is reportedly affecting all supported versions of Microsoft Windows, making the flaw more creepy than what we thought. FREAK vulnerability is a disastrous SSL/TLS flaw disclosed Monday that allows an attacker to force SSL clients, including OpenSSL, to downgrade to weaken ciphers that can be easily broken and then supposedly conduct Man-in-the-Middle attacks on encrypted HTTPS-protected traffic passing between vulnerable end-users and Millions of websites. Read our previous post to know more about FREAK vulnerability . FREAK IN MICROSOFT RESIDES IN SECURE CHANNEL Microsoft issued an advisory published Thursday warning Windows users that Secure Channel ( Schannel ) stack — the Windows implementation of SSL/TLS — is vulnerable to the FREAK encryption-downgrade attack , though it said it has not received any reports of public attacks. When the security glitch first discove