The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

As Millions of Hackers, Spammers and Scammers are after your sensitive online data, you can't really expect your passwords to stay secure forever, even if you are using long passwords. Most of us might be worried about losing our passwords as we keep signing up for online services. However, Google is equally concerned about your online security and wants to help you protect your most sensitive data in a most smarter way. Google has now made what has to be one of the smallest computers ever — Project Vault. That's a really catching name announced on the second day of the annual Google I/O developers conference on Friday. Project Vault, designed by Google's ATAP (Advanced Technology and Projects) group, is a secure computer entirely packed onto a microSD card that can be plugged into any system whether it's a desktop or a mobile phone. The vault is technically a computer though it is not for regular computing. Rather it is a new and secure way to com

We reported you about a new bug in the core component of iOS and OS X that causes the device's Messages app to crash and iPhones to reboot if it receives a certain string of characters , Arabic characters , via text message. Many have since fallen victims to this specially crafted sequence of Unicode bug . It is believed that when this malicious string of characters is sent in a text message, it will crash an iThing when the text is displayed as a notification on an iPhone, iPad, or Apple watch. Not iMessages alone, Snapchat and Twitter on iOS devices are also vulnerable to this iPhone crash text bug as they also use the CoreText component to display text on-screen. Here's the unique text that's causing the iPhone crash: effective. Power لُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ 冗 It's been really annoying that people all across the world are messaging each other the secret string of unique characters that resets the phone, causing it to turn on and off.

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Ross Ulbricht , the alleged founder and mastermind of the infamous online black marketplace Silk Road, has been sentenced to life in prison after being found guilty of narcotics conspiracy, money laundering and other criminal charges. This means the 31-year-old San Francisco man will die behind bars . With all the seven charges stemming from the creation and operation of the once the Internet's largest online illegal-drug marketplace, Ulbricht was facing 20 years at a minimum sentence, but making life in prison is the harshest possible sentence. Ulbricht's Life in Prison without any possibility of Parole: The sentence was made by Judge Katherine B. Forrest in a Federal District Court in Manhattan, though Forrest admitted it was a "very, very difficult" call to make , leaving Ulbricht without any hope of parole. Operating online as " Dread Pirate Roberts ," Ulbricht ran the $1.2 billion Empire from the year 2011 to 2013, armed just

The bandwidth of Millions of users of a popular free VPN service is being sold without their knowledge in an attempt to cover the cost of its free service, which could result in a vast botnet-for-sale network. " Hola ," a free virtual private network, is designed to help people abroad watch region restricted shows like American Netflix, and other streaming United States media. Hola is selling users' bandwidth: Hola is easy-to-use browser plugin available in the Google Chrome Store with currently more than 6 Million downloads . But, unfortunately, Hola could be used by hackers to maliciously attack websites, potentially putting its users at risk of being involved in illegal or abusive activities. Hola uses a peer-to-peer system to route users' traffic. So, if you are in Denmark and wants to watch a show from America, you might be routed through America-based user's Internet connections. However, Hola is not leaving a chance to make money o

" Ransomware " threat is on the rise, but the bad news is that Ransomware campaigns are easier to run, and now a Ransomware kit is being offered by hackers for free for anyone to download and distribute the threat. Ransomware is a type of computer virus that infects a target computer, encrypts their sensitive documents and files, and locks the out until the victim pays a ransom amount, most often in Bitcoins. Sometimes even the best security experts aren't able to unlock them and end up paying off ransom to crooks in order to get their important files back. Tox — Free Ransomware Kit Now, to spread this creepy threat more easily by even a non-tech user, one dark web hacker has released a ransomware-as-a-service kit, dubbed " Tox ," for anyone to download and set up their own ransomware for free. Yes, believe it or not, but Tox is completely free to use . The developers of the online software make money by taking a cut (20%) of any succes

Security firm Check Point has uncovered what seems to be a successful, and long-running, cyber-surveillance campaign called " Volatile Cedar ." Check Point found that targets of the attack included, but were not limited to, defense contractors, media companies, telecommunications, and educational institutions. The attack is said to have originated in Lebanon and possibly has political ties in the region. According to an article in Techworld , previous cyber-campaigns originating from Lebanon have been either extremely unsophisticated or targeted at other countries in the region. However, Volatile Cedar is different. According to the report, this campaign has been in operation since 2012 and has successfully penetrated a large number of targets across the globe. During this time it has allowed the attackers to steal data and monitor a large volume of victim's actions. The actors involved in this campaign do not appear to be using flashy mechanisms like zero day attacks

Gaana.com -- One of India's most popular music streaming service with more than 10 Million registered users and 7.5 Million monthly visitors -- has reportedly been hacked, exposing the site's user information database. A Pakistani hacker, who claimed responsibility for the hack, claims that details of over 10 Million users of Gaana service including their username, email addresses, MD5-encrypted password, date of births, and other personal information has been stolen and made available in a searchable database. At the time of writing, Gaana website is currently down for maintenance without any official statement provided yet. As of now, the site displays, "Site is down due to server maintenance. We will be back shortly. Kindly bear with us till then." Details of 10 Million Users Available in a Searchable Database: The hacker, nicknamed Mak Man , posted the link to a searchable database of Gaana user details on his Facebook page, with images of t

Just the way you swipe your smartphone screen is enough for your smartphone to identify you. Yes, it's a Fact, not Fiction! The United States National Security Agency (NSA) has a new technology that can identify you from the way your finger swipe strokes and text on a smartphone screen, according to officials with Lockheed Martin who helped design the technology. John Mears , a senior fellow for Lockheed IT and Security Solutions, told NextGov that Lockheed Martin has been working with the agency to create a " secure gesture authentication as a technique for using smartphones, " and " they are actually able to use it. " Mandrake – New Smartphone-Swipe Recognition Technology This new smartphone-swipe recognition technology, dubbed " Mandrake ," remotely analyses the curve, unique speed and acceleration of a person's finger strokes across their device's touchscreen. " Nobody else has the same strokes, " Mears ex

Remember the magical Marauder's Map from the Harry Potter books that reveal the whereabouts of characters as they roam classrooms and the halls of Hogwarts school? A student developer from Cambridge has created a Chrome extension that works similar and also named it Marauder's Map . The extension that allows you to watch every footstep of your Facebook friends by grabbing location data from Facebook Messenger and rapidly plotting your friends' locations on a map. We all are aware that Facebook shares our location data with our friends, however, what we probably aren't aware of the accuracy of that data and easiness of extracting that data from the messaging service. LOCATION SHARING AND MAPPING... Facebook usually encourages Messenger users to share their location by enabling location sharing by default when users install iOS or Android app. Software developer Aran Khanna's extension dubbed Marauder's Map, loads the map in Messenger's Web interface and fetc

A newly discovered bug in Apple's iOS mobile operating system has emerged this evening that lets iPhone users crash another user's iPhone by just sending a tiny string of text characters in a message. The bug is related to the Messages app and the notification system used by iPhone and iPad devices and appears to work only if there is iPhone to iPhone communication. A string of particular Arabic characters ( see the image above ) used in the text message causes the iPhone to continuously crash when a certain text is received and — reportedly in some cases — causes the iPhone to reboot without notice. How to Crash an iPhone with a Message: iPhone users who receive the string of text characters with Messages open would not be able to go back to other conversations without crashing the app, but… ...if the string is received while the iPhone is on the lock screen, users would be unable to open the Messages app entirely , or in some cases, the text could cause t

The Developers of one of the most advanced open source operating system for penetration testing called ' KALI Linux ' have made the operating system available for Docker-addicted system administrators. But, What's Docker? Docker is a new open-source container technology, released in June 2014, that automates the deployment of applications inside self-sufficient software containers by providing an additional layer of abstraction and automation of operating-system-level visualization on Linux. Docker, built on top of Linux containers, is simply a way of managing multiple containers on a single machine. Nowadays, companies are adopting Docker at a remarkable rate. Docker is not just the favorite of Linux powers like RedHat and Canonical, but also big software firms, including Microsoft, which has embraced Docker. Why bringing Kali Linux for Docker? The same was happened to the developer of Offensive Security, who was requested for a Dockerised image of

So you love Minecraft ? You might want to be very careful before downloading the cheats for the popular Minecraft game from Google Play Store. Nearly 3 Million users have downloaded malicious Minecraft Android applications for their smartphone and tablets from the Google Play store, security researchers warned. The security researchers from IT security firm ESET have uncovered as many as 33 fake "scareware" applications that have been uploaded to the Google Play store in the course of the past 9 months, masquerading as Minecraft cheats and tip guides. These malicious applications have been downloaded between 660,000 and 2.8 million times. "All of the discovered apps were fake in that they did not contain any of the promised functionality and only displayed banners that tried to trick users into believing that their Android system is infected with a dangerous virus," ESET researcher Lukas Stefanko wrote in a blog post . Once downloaded, these mali