The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

No plan to install Windows 10 due to Microsoft's controversial data mining and privacy invasions within the operating system? Well, Windows 7 and Windows 8 OS users should also be worried as Windows 10 spying is now headed their way too… Microsoft has been caught installing latest updates onto Windows 7 and Windows 8 computers that effectively introduce the same data collecting and user behavior tracking features used in Windows 10. Under the new updates, the operating systems indiscriminately upload data to Microsoft's servers, which might be a major privacy concern for many users. Creepy Updates The updates in question are: KB3068708 – This update introduces the Diagnostics and Telemetry tracking service to existing devices. KB3022345 (replaced by KB3068708 ) – This update adds the Diagnostics and Telemetry tracking service to in-market devices. KB3075249 – This update adds telemetry points to the User Account Control (UAC) feature in order to collect data on ele

Drones also known as Unmanned Aerial Vehicles (UAVs) have contributed enormously by acting as an interface for conducting surveillance operations, or delivering products, or attacking a war site to name a few. We have seen Drones like ' Snoopy ' that are capable to intercept data from your Smartphones, even without authentication or interaction, using spoofed wireless networks. And now the reports depict... The first U.S. state to get permission for flying drones with "less lethal weapons" is North Dakota. It now has the powers to grant permissions to the local police departments to attach weapons like: rubber bullets, pepper spray, tear gas, sound cannons, and tasers. Earlier, the law's author Rick Becker had restricted the police to get a warrant for conducting drone surveillance. However, the things didn't turn up his way as, an officer from the North Dakota Peace Officers Association Bruce Burkett , controlled things his way by get

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Hackers are getting smarter in fooling us all , and now they are using sophisticated hacking schemes to get into your Gmail. Yes, Iranian hackers have now discovered a new way to fool Gmail's tight security system by bypassing its two-step verification – a security process that requires a security code (generally sent via SMS) along with the password in order to log into Gmail account. Researchers at Citizen Lab released a report on Thursday which shows how the hackers are using text messages and phone-based phishing attacks to circumvent Gmail's security and take over the Gmail accounts of their targets, specifically political dissidents. The report detailed and elaborated three types of phishing attacks aimed at Iranian activists. Researchers also found one such attack targeting Jillian York , the Director for International Freedom of Expression at the Electronic Frontier Foundation . Here's How the Attack Works Via Text Messages: In some case

Only 9 days are left for Apple's annual new iPhone launch event, where the company will bring its various new products but the obvious stars of the show will be the iPhone 6s and the iPhone 6s Plus . The company has not officially announced the iPhone 6S and iPhone 6S Plus yet, but a series of new, high-resolution photographs obtained by 9to5Mac show some new features coming to its next-generation iPhone. The new iPhones – likely called the iPhone 6S and 6S Plus – will be introduced at Apple's fall event on September 9. The leaked photos give us a closer look at two of the iPhone's key new features: Force Touch and a larger FaceTime camera. Here are the list of features the new iPhone 6S and iPhone 6S Plus include: Force Touch The new iPhone 6S would include Force Touch technology that Apple introduced with the Apple Watch, and haptic feedback. Here's how it works: When a user press slightly harder on the screen, sensors in the scre

Six British teenagers arrested and released on bail on suspicion of launching cyber attacks on websites and services with the help of Lizard Squad DDoS attack tool, called Lizard Stresser . Lizard Squad is infamous for hacking and knocking down the largest online gaming networks – PlayStation Network and Xbox Live – last year by launching massive Distributed Denial-of-Service (DDoS) attacks. The notorious hacker group set up a website to let customers use its Lizard-branded DDoS-for-hire tool Lizard Stresser to launch similar DDoS attacks. The six teens, arrested by the National Crime Agency , are accused of using Lizard Stresser DDoS tool to launch cyber attacks against a school, a national newspaper, gaming companies and a number of online retailers. However, according to the law enforcement, none of the teenagers are believed to be the member of Lizard Squad, nor had any connection with the last year's Christmas hack against Sony and Microsoft's gami

Two weeks ago, we reported how a serious flaw in the popular peer-to-peer BitTorrent file sharing protocols could be exploited to carry out a devastating distributed denial of service (DDoS) attack, allowing lone hackers with limited resources to take down large websites. Good news is that the developers of BitTorrent have fixed the security issue in its service that is being used by hundreds of Millions of users worldwide. In a blog post published Thursday, BitTorrent announced that the flaw was resided in a reference implementation of the Micro Transport Protocol (uTP) called libuTP , which is used by many widely used BitTorrent clients such as μTorrent , Vuze and Mainline . The San Francisco company also announced that it has rolled out a patch for its libuTP software that will stop miscreants from abusing the p2p protocol to conduct Distributed Reflective Denial-of-Service (DRDoS) attacks. DRDoS attack is a more sophisticated form of conventional DDoS att

Facebook bounty hunter Laxman Muthiyah from India has recently discovered his third bug of this year in the widely popular social network website that just made a new record by touching 1 Billion users in a single day. At the beginning of the year, Laxman discovered a serious flaw in Facebook graphs that allowed him to view or probably delete others photo album on Facebook, even without having authentication. Just after a month, Laxman uncovered another critical vulnerability in the social network platform that resided in the Facebook Photo Sync feature , that automatically uploads photos from your mobile device to a private Facebook album, which isn't visible to any of your Facebook friends or other Facebook users. However, the flaw discovered by Laxman could allowed any third-party app to access and steal your personal photographs from the hidden Facebook Photo Sync album. Hacking Any Facebook Page Now, the latest bug in Laxman's list could allow atta

Yesterday, Facebook Co-founder and Chairman Mark Zuckerberg broadcast in his Facebook post, that Monday Facebook made a record by counting ONE BILLION people accessing Facebook in a single day. Zuckerberg shared his happiness and thanked the world. He was overwhelmed with the milestone Facebook has touched and even shared a video expressing his emotions. "[Facebook] just passed an important milestone," Zuckerberg wrote in a Facebook post on Thursday. "For the first time ever, one billion people used Facebook in a single day." That means roughly 1 in 7 people on Earth connected with their friends and family using Facebook in a single day. Feeling Connected Indeed! So far, Facebook is the world's largest online social networking website with 1.5 Billion monthly active users . Comparatively, Twitter has 316 Million monthly active users . Zuckerberg felt proud of the Facebook community. As they are the ones, who helped him to reach such

We could expect Ashley Madison to cross any limits when it comes to cheating, but this is WORSE . After all the revelations made by the Impact Team past week, this was something different from the leaked data that had names, password and other details of Ashley Madison client s. A dump from the leaked files unfold awful strategy of Avid Life Media (ALM), Ashley Madison's parent company, to launch an app called " What's your wife worth ." As the name says it all, the app allows men to Rate each others Wives. Know Your Wife Worth ' What's your wife worth ' was discovered in a June 2013 email exchanged between Noel Biderman , ALM's chief executive and Brian Offenheim , ALM's vice president of creative and design, which said that Biderman suggested Offenheim about the probable outlook of the app. He suggested options like " Choice should be 'post your wife' and 'bid on someone's wife' ," also

This is Really Insane!! Germany's top intelligence agency handed over details related to German citizen metadata just in order to obtain a copy of the National Security Agency's Main XKeyscore software , which was first revealed by Edward Snowden in 2013. According to the new documents obtained by the German newspaper Die Zeit, the Federal Office for the Protection of the Constitution ( BfV - Bundesamtes für Verfassungsschutz ) traded data of its citizens for surveillance software from their US counterparts. Germany and the United States signed an agreement that would allow German spies to obtain a copy of the NSA's flagship tool Xkeyscore, to analyse data gathered in Germany. So they covertly illegally traded access to Germans' data with the NSA. XKeyscore surveillance software program was designed by the National Security Agency to collect and analyse intercepted data it obtains traveling over a network. The surveillance software is powerful

A critical security vulnerability has been discovered in the global e-commerce business PayPal that could allow attackers to steal your login credentials , and even your credit card details in unencrypted format. Egypt-based researcher Ebrahim Hegazy discovered a Stored Cross Site Scripting (XSS) vulnerability in the Paypal's Secure Payments domain. As it sounds, the domain is used to conduct secure online payments when purchasing from any online shopping website. It enables buyers to pay with their payment cards or PayPal accounts, eliminating the need to store sensitive payment information. However, it is possible for an attacker to set up a rogue online store or hijacked a legitimate shopping website, to trick users into handing over their personal and financial details. How the Stored XSS Attack Works? Hegazy explains a step by step process in his blog post , which gives a detailed explanation of the attack. Here's what the researcher calls the worst attack scenario:

Remember Team Poison ?  The hackers group that was active in 2012, and was known for gaining access to the former Prime Minister Tony Blair's address book and then publishing information from it. The British hacker who actually obtained the Prime Minister's address book and was jailed for six months in 2012, named Junaid Hussain , has been killed in a United States drone strike in Syria, a source familiar with the matter said on Wednesday. Hussain was a British hacker who rose to prominence within Islamic State group in Syria as a top cyber expert to mastermind the ISIS online war. The U.S. military conducted the operation; no involvement of the British government in the killing of Hussain, a British citizen from Birmingham. Junaid Hussain Killed in Raqqa Hussain was killed in Raqqa, located in northern Syria, which has been treated as a safe place by ISIS. The United States has yet to officially announce Hussain's death, which is not veri