The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Millions of embedded devices, including home routers, modems, IP cameras, VoIP phones, are shareing the same hard-coded SSH (Secure Shell) cryptographic keys or HTTPS (HTTP Secure) server certificates that expose them to various types of malicious attacks. A new analysis by IT security consultancy SEC Consult shows that the lazy manufacturers of the Internet of Things (IoTs) and Home Routers are reusing the same set of hard-coded cryptographic keys, leaving devices open to Hijacking. In simple words, this means that if you are able to access one device remotely, you can possibly log into hundreds of thousands of other devices – including the devices from different manufacturers. Re-Using Same Encryption Keys In its survey of IoT devices , the company studied 4,000 embedded devices from 70 different hardware vendors, ranging from simple home routers to Internet gateway servers, and discovered that… …over 580 unique private cryptographic keys for SSH and HTTPS a

A newly discovered flaw affecting all VPN protocols and operating systems has the capability to reveal the real IP-addresses of users' computers, including BitTorrent users, with relative ease. The vulnerability, dubbed Port Fail by VPN provider Perfect Privacy (PP) who discovered the issue, is a simple port forwarding trick and affects those services that: Allow port forwarding Have no protection against this specific attack Port Forwarding trick means if an attacker uses the same VPN ( Virtual Private Network ) as the victim, then the real IP-address of the victim can be exposed by forwarding Internet traffic to a specific port. "The crucial issue here is that a VPN user connecting to his own VPN server will use his default route with his real IP address, as this is required for the VPN connection to work," Perfect Privacy wrote in a blog post on Thursday. Also Read:  This Secure Operating System Can Protect You Even if You Get Hacked . Port Fail

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

Yes, Now it is possible to unlock a Windows Lumia Phone for Root Access and run custom ROMs. Both Microsoft as well as Nokia have made Windows Lumia smartphones difficult to break into at a low-level by locking down their bootloaders, but a software hacker, who go by the name HeathCliff , has just proven that it is not impossible. HeathCliff has released an excellent tool called " Windows Phone Internals " that allows Windows phone owners to unlock their smartphone's bootloaders, gain root access and even create and run custom ROMs. What's more interesting is the tool supports " most versions of Windows Phone 8.1 and Windows 10 Mobile ". HeathCliff is very well known XDA Developer and one of the Windows Phone legends. On Windows Phone part, HeathCliff is loved mostly for the WP7 Root Tools. Windows Phone Internals or WP Internals is completely free to download though HeathCliff welcomes donations by those who have found the tool useful.

Yes, it's time to shift from Wi-Fi to Li-Fi — an alternative technology that is 100 times faster than the average speeds of Wi-Fi . Scientists have just field-tested the new wireless technology called Li-Fi for the first time and achieved marvelous wireless speeds that are 100 times faster than current WiFi speeds. What is Li-Fi Technology? Li-Fi is a new wireless technology that transmits high-speed data using light (i.e. Visible Light Communication or VLC) rather than radio bands. In short, Li-Fi is a Super-Fast alternative to Wi-Fi. Earlier this year, scientists achieved mind-blowing speeds of 224 gigabits per second (Gbps) in the lab using Li-Fi. It's believed that this technology has the potential to change everything about the way we use the Internet today. And Yes, it will. Test Results: Li-Fi is 100 times Faster than Wi-Fi An Estonian startup company called Velmenni took the technology out of the laboratories and into the real-

Get ready for a ThanksGiving celebration from the Raspberry Pi Foundation. Raspberry Pi, the charitable foundation behind the United Kingdom's best-selling computer, has just unveiled its latest wonder – the Raspberry Pi Zero . Raspberry Pi Zero is a programmable computer that costs just $5 (or £4), may rank as the world's cheapest computer. Raspberry Pi Zero: Just $5 Computer Yes, Pi Zero is the smallest Raspberry Pi yet for just $5, but might be the biggest when looking at its specifications: Broadcom BCM2835 application processor (same as Pi 1) 1GHz ARM11 core (40 percent faster than Raspberry Pi 1) 512MB of LPDDR2 SDRAM Micro-SD card slot MiniHDMI socket for 1080p60 video output Micro-USB for data Micro-USB for power Unpopulated 40-pin GPIO connector Identical pinout to Model A+/B+/2B Unpopulated composite video connector Smallest ever form factor (i.e. 65mm x 30mm x 5mm) Get Your Raspberry Pi Zero Now! The Raspberry Pi is respon

Beware Internet Users! Cryptowall 4.0 – the newest version of the world's worst Ransomware – has surfaced in the Nuclear exploit kit , one of the most potent exploit kits available in the underground market for hacking into computers. Ransomware threat has emerged as one of the biggest threats to internet users in recent times. Typically, a Ransomware malware encrypts all files on victim's computer with a strong cryptographic algorithm, then demand a ransom to be paid in Bitcoin (range between $200 and $10,000). Cryptowall is currently among the most widespread and sophisticated family of Ransomware backed by a very robust back-end infrastructure. Also Read: Anyone can Now Create their Own Ransomware using This Hacking ToolKit The recent report dated back to last month suggested that the authors of Cryptowall 3.0 ransomware virus have managed to raise more than $325 Million in revenue in the past year alone. With the debut of Cryptowall 4.0 at the beg

That's a lot of Login credentials fetch by a single hacker. The FBI believes a single hacker who goes by the moniker Mr.Grey has stolen login credentials for over 1.2 Billion online accounts – apparently the biggest heist of log-in credentials the FBI has investigated thus far. Yeah, that's not Fifty, but 1.2 Billion Shades of Grey . The information came from the court documents the federal agents submitted to support its search warrant request in 2014, Reuters reported . The cyber security firm ' Hold Security ' initially reported the theft of the credentials last year. It found out that Russian hacking group CyberVor has stolen 1.2 Billion login details and an additional 500 Million email accounts. Botnet Breach These data were said to have been harvested from over 420,000 websites via botnets looking for SQL injection flaws ; the same technique recently used to hack TalkTalk . Botnets are usually employed to attack an individual targ

Russian hackers have discovered a novel technique to rip off Millions of dollars from banks and ATMs. Criminals in Russia used a technique, called " Reverse ATM Attack ," and stole 252 Million Rubles ( US$3.8 Million ) from at least five different banks, according to the information obtained by Russian digital intelligence firm Group-IB . What is Reverse ATM Attack? According to the intelligence firm, an attacker would deposit sums of 5,000, 10,000 and 30,000 Rubles into legitimate bank accounts using ATMs, and immediately withdraw the same amounts right away with a printed receipt of the payment transaction. The details included in the receipt, containing a payment reference number and the amount withdrawn, would then be transferred to a partner hacker, who had remote access to the infected POS terminals, usually located outside of Russia. Also Read: German Bank ATMs vulnerable to Hackers The partner hacker would then use these details to perform a reversal

Imagine you have lost your credit card and applied for a fresh credit card from your bank. What if some criminal is using your new credit card before you have even received it? Yes, it's possible at least with this $10 device. Hardware hacker Samy Kamkar has built a $10 device that can predict and store hundreds of American Express credit card numbers, allowing anyone to use them for wireless payment transactions, even at non-wireless terminals. The device, dubbed MagSpoof , guesses the next credit card numbers and new expiration dates based on a cancelled credit card's number and when the replacement card was requested respectively. This process does not require the three or four-digit CVV numbers that are printed on the back side of the credit cards. Also Read:  How Hackers Can Hack Your Chip-and-PIN Credit Cards The tiny gadget would be a dream of any card fraudster who can pilfer cash from the stolen credit cards even after they have been blocked

Remember Junaid Hussain ? Junaid Hussain – a hacker turned ISIS cyber mastermind who was killed in a US drone strike in August this year. But something has emerged what we don't know about the death of Hussain. The infamous hacker who in the past hacked the Anonymous pseudo-official Twitter accounts, now claims he served as an FBI informant to help the US government track down Junaid Hussain. The hacker, goes by the online alias Shm00p ( @5hm00p ), is a member of the hacking collective Rustle League and believes he is "99.9% sure" that the information given by him to the FBI agents led to the extrajudicial killing of Hussain. "What the fuck have I done," Shm00p tweeted early Sunday morning. Over 15 hours later after his first tweet, Shm00p made a series of tweets at the FBI Twitter account. "I lost a lot of good friendship and my fucking honor," Shm00p tweeted at the FBI. You can see an archived copy of his now deleted t