The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The Supreme Court of India today struck down Section 66A of the Information Technology Act -- a controversial law that allowed law enforcement officials to arrest people for posting "offensive" comments on social networks and other internet sites. After hearing a clutch of petitions by defenders of free speech, the Supreme Court described the 2009 amendment to India's Information Technology Act known as section 66A as vague and ambiguous and beyond ambit of the constitutional right to freedom of speech. " Section 66A is unconstitutional and we have no hesitation in striking it down, " said Justice R F Nariman, reading out the judgement. " The public's right to know is directly affected by section 66A. " SECTION 66A OF THE IT ACT The Information Technology Act 2000 was amended in the year 2008 and this amended act contains the 66A section. Under this section, " Any person who sends, by means of a computer resource or a communi

A critical vulnerability in the firmware of Cisco small business phones lets an unauthenticated attacker to remotely eavesdrop on private conversation and make phone calls from vulnerable devices without needing to authenticate, Cisco warned. LISTEN AND MAKE PHONE CALLS REMOTELY The vulnerability ( CVE-2015-0670 ) actually resides in the default configuration of certain Cisco IP phones is due to " improper authentication ", which allows hackers to remotely eavesdrop on the affected devices by sending specially crafted XML request. Moreover, the vulnerability could be exploited by hackers to make phone calls remotely from the vulnerable phones as well as to carry out other attacks by making use of the information gathered through the audio interception activity. AFFECTED DEVICES The devices affects the Cisco's small business SPA300 and SPA500 Internet Protocol (IP) phones running firmware version 7.5.5, however, Cisco alerts that later versions of these

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

You might be not aware of the companies that know pretty much everything related to your email activities like when you've opened email sent by one of their clients, where you are located, what device you're using, what link you click, all without your consent, even if you haven't click any link provided in that email. Companies like Yesware , Bananatag, and Streak track emails , usually by adding small pixels or images to those emails which inform the companies that when and where their emails have been opened by the recipients. If you find this something different then let you know that this sort of email tracking is very common practice adopted by many companies. However, in order to detect these tracking emails, now you have a simple but effective tool. UGLY EMAIL -- DETECT EMAIL TRACKERS Dubbed " Ugly Email ", a new Chrome extension warns you when an email you receive in your Gmail inbox have the ability to track you, and it even works before opening t

A new and terribly awful breed of Point-of-Sale (POS) malware has been spotted in the wild by the security researchers at Cisco's Talos Security Intelligence & Research Group that the team says is more sophisticated and nasty than previously seen Point of Sale malware. The Point-of-Sale malware, dubbed " PoSeidon ", is designed in a way that it has the capabilities of both the infamous Zeus banking Trojan and BlackPOS malware which robbed Millions from US giant retailers, Target in 2013 and Home Depot in 2014. PoSeidon malware scrapes memory from Point of Sale terminals to search for card number sequences of principal card issuers like Visa, MasterCard, AMEX and Discover, and goes on using the Luhn algorithm to verify that credit or debit card numbers are valid. The malware then siphon the captured credit card data off to Russian (.ru) domains for harvesting and likely resale, the researchers say. "PoSeidon is another in the growing number

The Annual Pwn2Own Hacking Competition  2015 held in Vancouver is over and participants from all over the world nabbed $557,500 in bug bounties for 21 critical bugs in top four web browsers as well as Windows OS, Adobe Reader and Adobe Flash. During the second and final day of this year's hacking contest, the latest version of all the four major browsers including Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Apple Safari, were compromised by the two security researchers. Sponsored by HP's Zero Day Initiative program, the Pwn2Own Hacking Competition ran two days at a security conference in Vancouver, Canada. The final highlights for Pwn2Own 2015 are quite impressive: 5 bugs in the Windows operating system 4 bugs in Internet Explorer 11 3 bugs in Mozilla Firefox 3 bugs in Adobe Reader 3 bugs in Adobe Flash 2 bugs in Apple Safari 1 bug in Google Chrome $557,500 USD bounty paid out to researchers The star of the show was South Korean secur