The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The terrorist groups are encouraging its followers to use Telegram to make their propaganda invisible from law enforcement, but some security experts believe that Telegram may not be as secure as jihadi advocates may like to believe. Telegram is an end-to-end encrypted messaging service that has been adopted by a lot more people than ISIS — as of last year, the company claimed more than 50 Million Telegram users sending 1 Billion messages per day. Terrorists love Telegram because it not only provides an encrypted Secret Chat feature that lets its users broadcast messages to unlimited subscribers but also offers self-destructing message allowing users to set their messages to self-destruct itself after a certain period. Is Telegram Really Secure? In a blog post published Wednesday, the security researcher known as " the Grugq " pointed out several issues with Telegram that might obstruct terrorists from using it.  Here's the list of issues with

The terrorist groups affiliated with the Islamic State have an extensive presence not only on social media accounts but also on the popular end-to-end encrypted messaging app Telegram through which they communicate with their followers and spread terror propaganda materials. Telegram has always been terrorist's favorite, but ISIS had been using the app since October, when Telegram introduced an end-to-end encrypted Secret Chat feature that lets users broadcast messages to an unlimited number of subscribers. Moreover, Telegram also provides self-destructing message feature that allows users to set their messages to self-destruct itself after a certain period of time. But, the Good News is: The nonprofit organization that runs Telegram has blocked around 78 ISIS-affiliated channels that the terrorists used to: Communicate with their members Spread propaganda Recruit foreign supporters Plan operations Radicalize young people "We were disturbed to learn that Telegram

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

The online Hacktivist group Anonymous declared War against the Islamic State militant group (ISIS) that claimed responsibility for the horrific terrorist attacks that rocked Paris last week. In response to the Anonymous' warning of launching their "biggest operation ever" against the terrorist group, ISIS militants called Anonymous – "IDIOTS" . It seems like Anonymous has taken ISIS response very seriously and the group has started carrying out their attacks against the terror organisation. Anonymous First 'Cyber Attack' on ISIS Soon after its war declaration, Anonymous claimed to have taken down more than 5,500 pro-ISIS Twitter accounts in #OpParis (Operation Paris). In the past, hackers and organizations associated with Anonymous brought down websites allegedly connected with ISIS and claimed to have taken down thousands of ISIS accounts, disrupting their social media recruitment efforts. Also Read: Would Encryption Backdoor S

Google and Asus are finally ready to release their new micro Chrome OS computer called the Chromebit — that retails at a great price, just $85. That is quite cheap for what is essentially a portable computer that you can take anywhere in your pocket. Also Read:   CHIP — The World's First $9 Computer . Announced back in March, the Chromebit is a fully featured Computer-on-a-Stick that plugs into TV or any screen and turns it into what Google calls a " full-fledged Chrome OS-based computer. " All you need to do is: Plug the Chromebit into any HDMI port Hook up the power cable, a Bluetooth keyboard and a mouse Your instant computer is ready It has a smarter clinch on the business end so that you can easily plug the Chromebit into practically any HDMI port without the need for any extension cable. Also Read:   Mouse Box — An Entire Computer inside a Mouse . Despite its low price of just $85, the Chromebit offers you a complete Chrome OS experience,

The Anonymous Hacking group on Sunday declared Total War against the ISIS , the Islamic State terror organization that claimed responsibility for the Paris attacks on Friday that killed 129 people and hundreds more injured. In a sinister video posted on YouTube, the Cyber Hacktivists said they will launch their " biggest operation ever " with the warning that " Anonymous from all over the world will hunt you down." Also Read:   Would Encryption Backdoor Stop Paris-like Terror Attacks? Now, The Islamic State militant group (ISIS) has released a statement, responding to Anonymous's declaration of total war. They (ISIS) called Anonymous – IDIOTS , … and issued some anti-hacking tips to pro-ISIS supporters to protect against cyber attacks. The message from ISIS to Anonymous came through one of the ISIS-affiliated official channels, dubbed ELITE SECTION of IS , on the messaging app Telegram . The message read: " The #Anonymous hackers threatened in a new video r

With 129 people killed in Paris terror attacks and dozens critically wounded, the law enforcement and intelligence officials are reviving their efforts to force companies to put some backdoors in encryption so that they can access your information. How did the Intelligence agencies fail to Intercept terrorist plans of these attacks? In the wake of the Paris terror attacks, Former CIA Director Michael Morell argued on TV that encrypted communication services may have aided the planning and plotting of the Paris attacks, blaming Edward Snowden and US companies for the attacks. Also Read:  NO, We Can't Blame Edward Snowden and Encryption for Terror Attacks With more Surveillance and Encryption backdoor, Is it possible that Friday's attacks could have been stopped before they began? Morell suggested that recalcitrant US companies should be forced to install government backdoors in their software and hand over encryption keys to the government, thinking that Encryption Backd

Terrorist groups are increasingly using high-grade, advanced end-to-end encryption technologies so that no law enforcement can catch them. The deadliest terror attacks in Paris that killed 129 people were the latest example of it. How did the Terrorists Communicate and Organize the Plot? The Paris terrorists almost certainly used difficult-to-crack encryption technologies to organize the plot – locking law enforcement out, FBI Director James B. Comey told Congress Wednesday. Also Read:   ISIS Calls Anonymous "IDIOTS" in response to their "Total war" Cyber Threat . The ISIS mastermind behind the Friday's Paris massacre is identified to be Abdelhamid Abaaoud , who is based in Syria. So to transmit his plans to the suicide bombers and gunmen, he would have made use of secure communication to keep law enforcement out. FBI's Comey believes ISIS is making use of popular social media platforms to reach out to potential recruits and smartphone messaging app

The world watched in horror as coordinate attacks in Paris Friday night killed more than 130 people and  left over 352 injured. Over 20 attackers have so far been part of the terrorist cell that planned the deadly Paris attacks, with seven suicide bombers dead, seven attackers under arrest and a total of six people on the run. Also Read:  NO, We Can't Blame Edward Snowden and Encryption for Terror Attacks . The attacks were carried out by Islamic State (ISIS) , who later claimed responsibility for targeting innocent people at 'soft' locations that lack police or military protection, including Bataclan concert venue where at least 89 people lost their lives. Following the bloody terror attacks, the hacktivist collective Anonymous declared war on the Islamic State ( IS, formerly ISIS/ISIL ) saying, " We will launch the biggest operation ever against you. " But the Question here is: From Where did the terrorist cell that planned the brutal terrorist attacks i

Following the bloody terror attacks in Paris where over 130 people were killed, the hacktivist collective Anonymous has declared total war against the Islamic State ( IS, formerly ISIS/ISIL ). Anonymous released a video message, posted in French, on YouTube Sunday announcing the beginning of #OpParis , a coordinated campaign to hunt down ISIS's social media channels and every single supporter of the jihadist group online. Also Read:  NO, We Can't Blame Edward Snowden and Encryption for Terror Attacks . The combat mission #OpParis was announced as revenge for the recent ISIS terror attacks that took place in Paris on Friday, November 13, 2015. Anonymous to ISIS: 'We will Hunt you Down!' Behind its signature Guy Fawkes mask, the group's spokesperson speaking in French said, "Anonymous from all over the world will hunt you down. Expect massive cyber attacks. War is declared. Get prepared." "You should know that we will find you, and we will not let yo

Just day before yesterday, the Tor Project Director Roger Dingledine accused the FBI of paying the Carnegie Mellon University (CMU) at least $1 Million to disclose the technique they had discovered to unmask Tor users and reveal their IP addresses. However, the Federal Bureau of Investigation has denied the claims. In a statement, the FBI spokeswoman said , "The allegation that we paid [CMU] $1 Million to hack into Tor is inaccurate." The Tor Project team discovered more than hundred new Tor relays that modified Tor protocol headers to track online people who were looking for Hidden Services , and the team believes that it belongs to the FBI in order to reveal the identity of Tor-masked IP addresses. One such IP address belongs to Brian Richard Farrell , an alleged Silk Road 2 lieutenant who was arrested in January 2014. The attack on Tor reportedly began in February 2014 and ran until July 2014, when the Tor Project discovered the flaw. Within few

A security researcher has discovered an interesting loophole in Gmail Android app that lets anyone send an email that looks like it was sent by someone else, potentially opening doors for Phishers. This is something that we call E-mail Spoofing – the forgery of an e-mail header so that the email appears to have originated from someone other than the actual source. Generally, to spoof email addresses, an attacker needs: A working SMTP (Simple Mail Transfer Protocol) server to send email A M ailing Software However, an independent security researcher, Yan Zhu , discovered a similar bug in official Gmail Android app that allowed her to hide her real email address and change her display name in the account settings so that the receiver will not be able to know the actual sender. How to Send Spoofed Emails via Gmail Android App? To demonstrate her finding, Zhu sent an email to someone by changing her display name to yan ""security@google.com" (w

If you own a Samsung Galaxy Phone – S6, S6 Edge or Note 4 , in particular – there are chances that a skilled hacker could remotely intercept your voice calls to listen in and even record all your voice conversations. Two security researchers, Daniel Komaromy of San Francisco and Nico Golde of Berlin, have demonstrated exactly the same during a security conference in Tokyo. The duo demonstrated a man-in-the-middle (MITM) attack on an out-of-the-box and most updated Samsung handset that allowed them to intercept voice calls by connecting the device to fake cellular base stations. The issue actually resides in the Samsung's baseband chip , which comes in Samsung handsets, that handles voice calls but is not directly accessible to the end user. How to Intercept Voice Calls? The researchers set up a bogus OpenBTS base station that nearby Samsung devices, including the latest Samsung S6 and S6 Edge , think is a legitimate cellular tower. Once connected to

Hackers have found a new way to hack your Android smartphone and remotely gain total control of it, even if your device is running the most up-to-date version of the Android operating system. Security researcher Guang Gong recently discovered a critical zero-day exploit in the latest version of Chrome for Android that allows an attacker to gain full administrative access to the victim's phone and works on every version of Android OS. The exploit leverages a vulnerability in JavaScript v8 engine , which comes pre-installed on almost all (Millions) modern and updated Android phones. All the attacker needs to do is tricking a victim to visit a website that contains malicious exploit code from Chrome browser. Once the victim accessed the site, the vulnerability in Chrome is exploited to install any malware application without user interaction, allowing hackers to gain remotely full control of the victim's phone. Also Read:   This Malware Can Delete and Replace Yo

Facebook is planning to offer you the popular Snapchat feature in its Messenger app – ' Self-Destructing' Messages . Yes, Facebook is testing a new feature within its Messenger app that will allow its users to send self-destructing messages. Some Facebook users in France have spotted this new feature in the Messenger app that lets them send messages that only last for an hour. How to Turn ON the Feature? Users can turn on the self-destructing message feature within Messenger through an hourglass icon on the top-right corner of the conversation. The icon, when tapped, sets the messages to self-destruct after an hour of sending it. Tapping the hourglass icon again will turn off the feature, with everything going back to normal. Here's what Facebook says about the feature: "We're excited to announce the latest in an engaging line of optional product features geared towards making Messenger the best way to communicate with the people that

The fight to protect your company's data isn't for the faint of heart. As an embattled IT warrior, with more systems, apps, and users to support than ever before, keeping everything up and running is a battle in itself. When it comes to preventing the worst-case scenario from happening, you need all the help you can get, despite your super-hero status. According to SANS, there are 6 key phases of an incident response plan. Preparation - Preparing users and IT to handle potential incidents in case they happen Identification - Figuring out what we mean by a "security incident" (which events can we ignore vs. which we must act on right now?) Containment - Isolating affected systems to prevent further damage Eradication - Finding and eliminating the root cause (removing affected systems from production) Recovery - Permitting affected systems back into the production environment (and watching them closely) Lessons Learned - Writing everything down and reviewing an

The non-profit Tor Project has accused the FBI of paying the security researchers of Carnegie Mellon University (CMU) at least $1 Million to disclose the technique they had discovered that could help them… …Unmask Tor users as well as Reveal their IP addresses as part of a criminal investigation. As evidence, the Tor Project points to the cyber attack that it discovered last year in July. The team discovered more than hundred new Tor relays that modified Tor protocol headers to track people who were looking for Hidden Services – web servers hosted on Tor that offers more privacy. The Evidence The unknown attackers used a combination of nodes and exit relays, along with some vulnerabilities in the Tor network protocol that let them uncovered users' real IP addresses. The attack reportedly began in February 2014 and ran until July 2014, when the Tor Project discovered the vulnerability. Within few days, the team updated its software and rolled out new ve