The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Is Facebook planning to integrate WhatsApp Messenger into its ' Facebook for Android ' app? Yes, this might be possible soon. According to latest rumours, Facebook is reportedly working on it. The social network giant, Facebook has begun testing a new feature in its Facebook app for Android that includes the first integration of WhatsApp Messenger, according to a blogger. WHATSAPP INTEGRATION INTO FACEBOOK APP According to this update, a year after of acquiring WhatsApp Messenger, Facebook has only added a 'Send' button with the WhatsApp icon. This WhatsApp ' send ' will work as part of the status actions options that appear under each status update. It means that Facebook for Android users soon may have this particular version of Facebook app with a dedicated WhatsApp button that would allow an Android user to share posts, status and anything else directly through WhatsApp by just clicking the Share button. If rumours are true, th

Mozilla has rolled out the latest Version 37 of its Firefox browser for Windows desktop, Mac, Linux and Android operating systems. The new release also adds patches for 13 different security advisories along with some new security improvements as well as user-experience features. The biggest security feature added to Firefox 37 among others is the "Opportunistic Encryption" (OE) for servers and websites that support " HTTP/2 AltSvc. " Opportunistic Encryption (OE) allows Firefox browser to encrypt the traffic over plaintext HTTP connection without any need to authenticate it. This will help you to create, not complete, but some confidentiality from attackers to eavesdrop on your connection. So Opportunistic encryption can be implemented with very minimal changes to an existing IPsec implementation. The move by Mozilla is really a bonus for HTTP users with no encryption measure at all, but still it is not as good as authenticated encryption

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

OnePlus One users might be waiting for the new Lollipop based ROM for their smartphones. The wait is over as the popular Chinese smartphone maker OnePlus has finally released its own custom ROM --  OnePlus OxygenOS , which is based on Android 5.0 Lollipop. Last month, the OnePlus announced the official release of its in-house OxygenOS to 'One' on or before March 27, but was failed to deliver the update due to a couple of security issues discovered in the update. The news disappointed many OnePlus customers, including me, who were looking forward to their Lollipop updates. However, the update is now ready for downloading from the OnePlus servers. Also, a full installation guide has been provided for customers who want to switch from the CyanogenMod 11S to the latest OxygenOS. "Developing OxygenOS has been an incredibly fun and challenging experience for all of us, " the company wrote . " In this environment where everyone is fighting to standou

Security researchers have uncovered an active cyber attack campaign that has successfully stolen more than $1 Million from a variety of targeted enterprise organizations using spear phishing emails, malware and social engineering tricks. The campaign, dubbed " The Dyre Wolf " by researchers from IBM's Security Intelligence division, targets businesses and organizations that use wire transfers to transfer large sums of money, even if the transaction is protected by 2-factor authentication. A MIXTURE OF MALWARE, SOCIAL ENGINEERING & DDoS Nowadays, cybercriminals not only rely on banking Trojans to harvest financial credentials, but also using sophisticated social engineering tactics to attack big corporations that frequently conduct wire transfers to move large sums. " An experienced and resource-backed [cyber criminal] gang operates Dyre ," John Kuhn, Senior Threat Researcher at IBM Managed Security Service, wrote in a blog post published Th

Last year at Google I/O developer event, Google launched a limited beta " App Runtime for Chrome " (ARC) project, which now expanded to run millions of Android apps within Chrome browser. Google has released a new developer tool called App Runtime for Chrome (ARC) Welder that allows Android apps to run on Chrome for Linux, Windows, and OS X systems. App Runtime for Chrome (ARC) was an early experiment specifically designed for app developers, but now anyone can download it. Google Chrome's ARC Welder app can now run any of your favorite Android apps like WhatsApp, Candy Crush, Angry Birds, all from your Chrome web browser . ARC welder tool operates via some special runtime implemented using Native Client (NaCl) in-browser binary execution tech. Native Client is a Chrome sandboxing technology that allows Chrome plugins and apps to run at near-native speeds, taking full advantage of the system's CPU and GPU. Google ported complete Android s

The Fourth and final member of an international hacking group called " Xbox Underground " (XU) has pled guilty to steal more than $100 Million in intellectual property and data from Microsoft, Epic Games, and Valve Corporation. In addition, the group also stole an Apache helicopter simulator developed by Zombie Studios (''Zombie") for the U.S. Army and gained access to the U.S. Army's computer network. Austin Alcala , a 19-year-old of McCordsville, Indiana, along with two other Americans and a Canadian, has found guilty to charges of computer hacking conspiracies and criminal copyright infringement involving theft of information related to then-unreleased Xbox One gaming console and Xbox Live games. All the other members of the hacking group have been pleaded guilty before. Two members, Sanadodeh Nesheiwat , 28, and David Pokora , 22, pleaded guilty last September, while a third member, Nathan Leroux , 20, pleaded guilty to the same conspira

The Security audit of TrueCrypt disk-encryption software has been completed, with no evidence of any critical design vulnerabilities or deliberate backdoors in its code. TrueCrypt -- one of the world's most-used open source file encryption software used by Millions of privacy and security enthusiasts -- is being audited from past two years by a team of security researchers to assess if it could be easily exploited and cracked. Hopefully, it has cleared the second phase of the audit. TrueCrypt is a free, open-source and cross-platform encryption program available for Windows, OSX and Linux that can be used to encrypt individual folders or encrypt entire hard drive partitions including the system partition. NO NSA BACKDOORS Security Auditors and Cryptography Experts at NCC took an initiative to perform a public information security audit of TrueCrypt in response to the concerns that National Security Agency (NSA) may have tampered with it, according to a leaked cl

In the War against Ad injectors , Google has started removing ad-injecting extensions for its Chrome browser after it discovered as many as 200 Chrome extensions that exposed Millions of its users to malicious software and fraudulent activities. While working with a team of researchers from the University of California, Berkeley, the search engine giant found that over 5 percent of its users were infected with ' Ad Injectors ' — software that inserts ads or replace existing ads into the pages you visit while browsing the web. In last three months, Google received more than 100,000 complaints from its Chrome users about ad injection, which is far more than what the company receives for network errors, performance problems, or any other issue. Ad Injectors are sometimes more than just intrusive. A visitor to a website can be tricked into downloading an unwanted software and programs that could result in a major security risk, just what happened in the recent Sup

A security researcher has discovered a simple but critical vulnerability in Google-owned YouTube that could be exploited by anyone to knock down the whole business of the popular video sharing website. Kamil Hismatullin , a Russian security bod, found a simple logical vulnerability that allowed him to delete any video from YouTube in one shot . While looking for Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF) flaws in YouTube Creator Studio, Hismatullin came across a simple logical bug that could wipe up any video by just sending an identity number of any video in a post request against any session token. The bug was simple but critical as it could be exploited by an attacker to fool YouTube easily into deleting any video on its system. "I've fought the urge to [delete] Bieber's channel," Hismatullin wrote in his blog post . "Luckily no Bieber videos were harmed." Citing the consequences of the issue, Hismatullin said "this vulne

The recently disclosed FREAK (Factoring attack on RSA Export Keys) attack is an SSL/TLS vulnerability that is affecting major browsers, servers and even mobile devices.  FREAK vulnerability allows the attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to manipulate or steal sensitive data. Although most major hardware/software vendors and owners have patched this flaw, many are still susceptible to this kind of attack.  Instrumental in discovering FREAK flaw, the University of Michigan conducted scans and discovered that an estimated 36.7% of the 14 million websites offering browser-trusted certificates were vulnerable at the time of disclosure.  This includes some very high profile pages like nsa.gov, irs.gov and even the ubiquitous connect.facebook.com (the source of all Facebook "Like" buttons.) IMPACTS OF FREAK ATTACK Intercepts your sensitive,