The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The Fourth and final member of an international hacking group called " Xbox Underground " (XU) has pled guilty to steal more than $100 Million in intellectual property and data from Microsoft, Epic Games, and Valve Corporation. In addition, the group also stole an Apache helicopter simulator developed by Zombie Studios (''Zombie") for the U.S. Army and gained access to the U.S. Army's computer network. Austin Alcala , a 19-year-old of McCordsville, Indiana, along with two other Americans and a Canadian, has found guilty to charges of computer hacking conspiracies and criminal copyright infringement involving theft of information related to then-unreleased Xbox One gaming console and Xbox Live games. All the other members of the hacking group have been pleaded guilty before. Two members, Sanadodeh Nesheiwat , 28, and David Pokora , 22, pleaded guilty last September, while a third member, Nathan Leroux , 20, pleaded guilty to the same conspira

The Security audit of TrueCrypt disk-encryption software has been completed, with no evidence of any critical design vulnerabilities or deliberate backdoors in its code. TrueCrypt -- one of the world's most-used open source file encryption software used by Millions of privacy and security enthusiasts -- is being audited from past two years by a team of security researchers to assess if it could be easily exploited and cracked. Hopefully, it has cleared the second phase of the audit. TrueCrypt is a free, open-source and cross-platform encryption program available for Windows, OSX and Linux that can be used to encrypt individual folders or encrypt entire hard drive partitions including the system partition. NO NSA BACKDOORS Security Auditors and Cryptography Experts at NCC took an initiative to perform a public information security audit of TrueCrypt in response to the concerns that National Security Agency (NSA) may have tampered with it, according to a leaked cl

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

In the War against Ad injectors , Google has started removing ad-injecting extensions for its Chrome browser after it discovered as many as 200 Chrome extensions that exposed Millions of its users to malicious software and fraudulent activities. While working with a team of researchers from the University of California, Berkeley, the search engine giant found that over 5 percent of its users were infected with ' Ad Injectors ' — software that inserts ads or replace existing ads into the pages you visit while browsing the web. In last three months, Google received more than 100,000 complaints from its Chrome users about ad injection, which is far more than what the company receives for network errors, performance problems, or any other issue. Ad Injectors are sometimes more than just intrusive. A visitor to a website can be tricked into downloading an unwanted software and programs that could result in a major security risk, just what happened in the recent Sup

A security researcher has discovered a simple but critical vulnerability in Google-owned YouTube that could be exploited by anyone to knock down the whole business of the popular video sharing website. Kamil Hismatullin , a Russian security bod, found a simple logical vulnerability that allowed him to delete any video from YouTube in one shot . While looking for Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF) flaws in YouTube Creator Studio, Hismatullin came across a simple logical bug that could wipe up any video by just sending an identity number of any video in a post request against any session token. The bug was simple but critical as it could be exploited by an attacker to fool YouTube easily into deleting any video on its system. "I've fought the urge to [delete] Bieber's channel," Hismatullin wrote in his blog post . "Luckily no Bieber videos were harmed." Citing the consequences of the issue, Hismatullin said "this vulne

The recently disclosed FREAK (Factoring attack on RSA Export Keys) attack is an SSL/TLS vulnerability that is affecting major browsers, servers and even mobile devices.  FREAK vulnerability allows the attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to manipulate or steal sensitive data. Although most major hardware/software vendors and owners have patched this flaw, many are still susceptible to this kind of attack.  Instrumental in discovering FREAK flaw, the University of Michigan conducted scans and discovered that an estimated 36.7% of the 14 million websites offering browser-trusted certificates were vulnerable at the time of disclosure.  This includes some very high profile pages like nsa.gov, irs.gov and even the ubiquitous connect.facebook.com (the source of all Facebook "Like" buttons.) IMPACTS OF FREAK ATTACK Intercepts your sensitive,