The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A newly discovered critical flaw in the implementation of web cookies by major browsers could open secured (HTTPS) browsing to Man-in-the-middle attacks . The US Computer Emergency Response Team (CERT) has revealed that all the main browser vendors have improperly implemented the RFC 6265 Standard, also referred to as " Browser Cookies ," allowing… …remote attackers to bypass secure HTTPS protocol and reveal confidential private session data. Cookies are small pieces of data sent from web sites to web browsers, which contains various information used to identify users, or store any information related to that particular website. HTTPS Cookie Injection Vulnerability Whenever a website ( you have visited ) wants to set a cookie in your browser, it passes a header named " Set-Cookie " with the parameter name, its value and some options, including cookie expiration time and domain name ( for which it is valid ). It is also important to note that HTTP

Do You Know:  China has planned to eliminate all foreign Technologies and Services by 2020, just like Google and Facebook . And it seems China in some years would be an entirely independent IT economy; building homegrown Mobile and computer devices, Operating Systems, Applications, Browsers and almost everything existing in the IT ecosystem. Well, China was not at all happy when Microsoft finally announced the end of official support for Windows XP. At the time, Windows holded 91% of total market share, compared to just for Mac OS X and just 1% for Linux. However, China wasn't interested to pay either for extended support for Windows XP or for switching to Windows 8. So, they decided to develop their own Operating System. Yes, China has developed a Desktop Operating System named " NeoKylin " ( and ' Kylin ' in Chinese ), tagged as a substitute to Windows XP by Quartz , who got an opportunity to have a hands-on experience of its "community version" OS. NeoKylin

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Lenovo has once again been caught installing spyware on its laptops and workstations without the user's permission or knowledge. One of the most popular computer manufacturers is being criticized for selling some refurbished laptop models pre-installed with invasive marketing software that sends users data directly to the company. This is not first time Lenovo has allegedly installed spyware onto consumers PCs. Earlier this year, Lenovo was caught red-handed for selling laptops pre-installed with Superfish malware that opened up doors for hackers. In August, Lenovo again got caught installing unwanted and non-removable crapware into part of the BIOS reserved for custom drivers. Lenovo Laptops comes Pre-installed with 'Spyware' Now, the Chinese computer manufacturer is making news once again for embedding tracking software into its laptops and workstations from Lenovo ThinkPad, ThinkCentre, and ThinkStation series. Michael Horowitz from Comput

Mozilla launches Voice and Video Connect with the release of Official Firefox 41.0 Release . After significant improvements done in the Firefox Nightly experimental build of version Firefox 41.0, the stable release has a lot to offer. How would it be experiencing a seamless communication – video and voice calls and text messaging being directly built in your browser? Here's How: Mozilla has launched the stable release of Firefox 41.0 , equipped with project " Firefox Hello " offering free VOIP and instant messaging services through WebRTC ( Real Time Communication ) channel. Firefox Hello had already arrived last year via Firefox 41.0 Beta release with an aim of improving user's experience by providing them with free voice and video calling features, irrespective of additional software or hardware support. By adopting Firefox Hello : Both the parties don't need to have same browsers, software or hardware. No sign-up other than

The First major cyber attack on Apple's App Store has now been linked to CIA (Central Intelligence Agency) . Last week, Researchers disclosed some 39 iOS apps on Apple's App Store infected by ' XCodeGhost Malware' . The Bad News is that the infection has now increased exponentially with the discovery of more than 4,000 infected apps. The XCodeGhost malware was distributed through legitimate iOS Apps via counterfeit versions of Apple's app developer toolkit called Xcode . XcodeGhost is a very harmful and dangerous piece of malware that is capable to Phish credentials, infect other apps, Hijack URLs, Steal iCloud passwords from your device and then upload them to the attacker's servers even without your knowledge. After Apple had removed nearly 300 malware-ridden iOS apps from the App Store, FireEye researchers found more than 4,000 compromised apps. The infected apps include the popular instant messaging app WeChat, Chinese Uber-like ca

The OPM Data Breach  ( Office of Personnel Management ) is getting even worse than we thought. We already know more than 21 Million current and former federal employees had their personal and highly sensitive private information hijacked in a massive data breach that affected Defense Department's OPM. But, now it has been revealed that the hackers have made off a lot more than just names, residential addresses, and social security numbers of the US government employees. And it's the unique and all time constant identity – The Fingerprints . 5.6 MILLLLLION Fingerprints Breached The US officials on Wednesday admitted that nearly 5.6 Million Fingerprints of its federal employees were also stolen in the massive data breach took place in April this year. The OPM, the US government agency that handles all federal employee data, had previously reported that some 1.1 Million Fingerprints were stolen. However, this figure has now been increased to 5.6 Million. L

Adobe has released an important security bulletin that addresses a total of 23 Critical vulnerabilities in Adobe Flash Player. The security fixes for Windows, Linux and Mac users address "critical [flaws] that could potentially allow [attackers] to take control of the affected system," the company warned in an advisory on Monday. Out of 23 critical flaws, 18 address issues that would have allowed attackers to remotely execute arbitrary code on affected machines and take over control of them. Critical Vulnerabilities These 18 security vulnerabilities, all deemed highly critical, are as follows: Type Confusion Vulnerability (CVE-2015-5573) Use-after-free flaws (CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682) Buffer overflow bugs (CVE-2015-6676 and CVE-2015-6678) Memory corruption vulnerabilities that could lead to Remote Code Execution (CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2

You may call this a misleading headline. Right? Yes, it's True. And I apologize for this. But… ...before someone else tricks you to visit any malicious link with intent to hijack your Computer or to Hack Facebook Profile , I just tricked you to visit this ' WARNING ' article about Facebook Scam of the Dislike button. Facebook Scam: Get Facebook Dislike Button Facebook users are being targeted in a new scam that takes advantage of the recent widely publicized announcement by Facebook CEO Mark Zuckerberg that a ' Facebook Dislike Button ' is in development. Zuckerberg said that there're obvious moments in life or bad fortunes where people do not want to "like" posts and wants to express their empathy. He also confirmed that the social network giant was working on such technology but didn't say that it's actually a " Dislike. " The much-vaunted " Dislike " or "empathy" feature has not rolled out ju

A Facebook Dislike button is one of the most frequently requested features from users for years. Earlier in the last week, Facebook finally confirmed its plans to add a Dislike or Empathy to your Facebook Profile and News Feed. If you are thinking that Facebook Dislike is going to be a thumbs-down button, then you are dead wrong. Why Not Thumbs-Down? Because: … The Dislike Concept will lead to more bad behavior than good — vitriol or bullying or worse. Facebook's founder Mark Zuckerberg says, " We didn't want to just build a Dislike button because we don't want to turn Facebook into a forum where people are voting up or down on people's posts. " So what will this Dislike or Empathy button look like? Instead of a simple thumbs down to express disapproval or pity, it could be as simple as Emojis. Yes, Emojis reaction ( Emoticons ) Faces. A ' two-years old ' Patent filed by Facebook uncovered how the new feature might work. The Patent illustr

Almost every day or every second day, When I come across various announcements in Newspaper, TV News Channels, and Press releases that... ...Indian Government and related Policy-making organizations are going to set up their so-called " CyberSecurity Task Forces " or drafted a " National Cyber Security Policies ," with an aim to boost cyber security in India… The first thing that comes to my mind is: Why Doesn't my Government Understand How Encryption and Online Cyber Security Works? Yes, My Government really have no idea, How Encryption relates to users' Privacy. And… Narendra Modi's Government has done it again! With the release of the draft National Encryption Policy , the government wants access to all your messages whether sent over online email services like Gmail or messaging services like WhatsApp, Viber, or Messenger. The National Encryption Policy ( before addendum ) required: Access to your Private Data To stor