The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

In the War against Ad injectors , Google has started removing ad-injecting extensions for its Chrome browser after it discovered as many as 200 Chrome extensions that exposed Millions of its users to malicious software and fraudulent activities. While working with a team of researchers from the University of California, Berkeley, the search engine giant found that over 5 percent of its users were infected with ' Ad Injectors ' — software that inserts ads or replace existing ads into the pages you visit while browsing the web. In last three months, Google received more than 100,000 complaints from its Chrome users about ad injection, which is far more than what the company receives for network errors, performance problems, or any other issue. Ad Injectors are sometimes more than just intrusive. A visitor to a website can be tricked into downloading an unwanted software and programs that could result in a major security risk, just what happened in the recent Sup

A security researcher has discovered a simple but critical vulnerability in Google-owned YouTube that could be exploited by anyone to knock down the whole business of the popular video sharing website. Kamil Hismatullin , a Russian security bod, found a simple logical vulnerability that allowed him to delete any video from YouTube in one shot . While looking for Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF) flaws in YouTube Creator Studio, Hismatullin came across a simple logical bug that could wipe up any video by just sending an identity number of any video in a post request against any session token. The bug was simple but critical as it could be exploited by an attacker to fool YouTube easily into deleting any video on its system. "I've fought the urge to [delete] Bieber's channel," Hismatullin wrote in his blog post . "Luckily no Bieber videos were harmed." Citing the consequences of the issue, Hismatullin said "this vulne

The recently disclosed FREAK (Factoring attack on RSA Export Keys) attack is an SSL/TLS vulnerability that is affecting major browsers, servers and even mobile devices.  FREAK vulnerability allows the attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to manipulate or steal sensitive data. Although most major hardware/software vendors and owners have patched this flaw, many are still susceptible to this kind of attack.  Instrumental in discovering FREAK flaw, the University of Michigan conducted scans and discovered that an estimated 36.7% of the 14 million websites offering browser-trusted certificates were vulnerable at the time of disclosure.  This includes some very high profile pages like nsa.gov, irs.gov and even the ubiquitous connect.facebook.com (the source of all Facebook "Like" buttons.) IMPACTS OF FREAK ATTACK Intercepts your sensitive,

SaaS applications are dominating the corporate landscape. Their increased use enables organizations to push the boundaries of technology and business. At the same time, these applications also pose a new security risk that security leaders need to address, since the existing security stack does not enable complete control or comprehensive monitoring of their usage. LayerX has recently released a new guide, " Let There Be Light: Eliminating the Risk of Shadow SaaS " for security and IT teams, which addresses this gap. The guide explains the challenges of shadow SaaS, i.e., the use of unauthorized SaaS apps for work purposes, and suggests practices and controls that can mitigate them. The guide also compares various security controls that attempt to address this risk (CASB, SASE, Secure Browser Extension) and explains how each one operates and its efficacy. Consequently, the guide is a must-read for all security leaders at modern organizations. Here are the main highlights:

Chinese smartphone maker OnePlus who recently announced that the company is planning to launch its latest flying drone, OnePlus DR-1 , saying it would be a " Game Changer. " There have already been some speculations about a drone from OnePlus circulating on the Internet, but now the company has confirmed during a Reddit AMA (Ask Me Almost Anything) session that OnePlus DR-1 (aka DR-ONE ) will land on its online store next month. OnePlus also posted a Vine video on Tuesday with the caption " Feeling adventurous? The DR-1 is flying to our store next month. #OneGameChanger. " The six-second short video did not give much information about the new drone, but it hints more or less that the company is working on a drone. The product page of DR-1 sectioned impressive lines such as " innovating a whole new way of thinking about drones " and telling users to " experience the next age of aviation technology with effortless transportation and

Imagine — reaching into your pocket — and pulling out a computer ! Google has made it possible to put your whole computer into your pocket by introducing a whole new kind of Chrome device — a tiny stick that plugs into HDMI port of any display. Dubbed ChromeBit , a fully featured computer-on-a-stick from Asus that Google promises to retail for less than $100 when it comes out this summer. You just need to plug a Chromebit right into your TV or any monitor in order to turn it into a full-fledged Chrome OS -based computer. Google Chromebit is portable with an impressive look and will be available in three attractive colors — silver, blue and orange. It has a smarter clinch on the business end so that a user can easily plug it into practically any HDMI port without the need of any extension cable. SPECIFICATIONS This tiny little Google ChromeBit stick packaged with: Rockchip RK3288 (with quad-core Mali 760 graphics) 2GB of RAM 16GB of solid state storage memory

The famous cyber hacker group Anonymous has vowed an ' Electronic Holocaust ' against Israel in response to what the group calls 'crimes in the Palestinian territories'. In a spooky video " message to Israel " posted on YouTube March 4, Anonymous declared yet another cyber attack on April 7, which is one week before Holocaust Remembrance day. Totally in news delivering style, the video clip shows a man wearing an Anonymous mask and threatening to take down Israeli servers and websites related to critical infrastructure next week, promising to 'erase you from cyberspace'. " We will erase [Israel] from cyberspace in our electronic Holocaust ," says the video. " As we did many times, we will take down your servers, government websites, Israeli military sites, and Israeli institutions. " The cyber activist group declared Palestinians youths as a 'symbol of freedom', and urged them to "never give up. [Anonymous] are with

Two former Federal investigators who helped to shut down the infamous black-market website ' Silk Road ' accused of fraud and stealing more than a Million dollars in Bitcoins during their investigation. Silk Road, an infamous online drug market that hosted more than $200 Million in transactions, was seized by the FBI in 2013, but during that period two of FBI agents took advantage of their position. CHARGES AGAINST FEDS The US Department of Justice indictment charges 46-year-old former Drug Enforcement Agency (DEA) special agent Carl Force , and 32-year-old former Secret Service agent Shaun Bridges , with the following charges: Theft of government property Wire fraud Money laundering Conflict of interest MILLION DOLLAR EXTORTION Both Force and Bridges were part of Baltimore's Silk Road Task Force to investigate illegal activity in the black marketplace. The creator of Silk Road, Ross Ulbricht, was arrested and found guilty of running the Tor-h