The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Now this was to be done, Sooner or Later – The Government. In the wake of the recent deadly Paris terror attacks, the French government is considering new laws that would Ban access to Free Wi-Fi and the Tor anonymity network, according to a recent report by French newspaper Le Monde. The report cites an internal document from the Ministry of Interior by French Department of Civil Liberties and Legal Affairs (DLPAJ) that lists two proposed bills – one around the State of Emergency and the other on combating counter-terrorism. Last month's Paris attacks started blame games, calling Edward Snowden and end-to-end encrypted services responsible for the ISIS-sponsored massacre. Also Read: Anonymous declares War on ISIS: 'We will Hunt you Down!' Now, the government has started renewing their assault on encryption and reviving their efforts to force tech companies to hand over encryption keys, and the document obtained by Le Monde hints the same. Proposed Pieces of Legis

As much as you protect your electronics from being hacked, hackers are clever enough at finding new ways to get into your devices. But, you would hope that once a flaw discovered it would at least be fixed in few days or weeks, but that's not always the case. A three-year-old security vulnerability within a software component used by more than 6.1 Million smart devices still remains unpatched by many vendors, thereby placing Smart TVs, Routers, Smartphones, and other Internet of Things (IoT) products at risk of exploit. Security researchers at Trend Micro have brought the flaw to light that has been known since 2012 but has not been patched yet. Remote Code Execution Vulnerabilities  Researchers discovered a collection of Remote Code Execution (RCE) vulnerabilities in the Portable SDK for UPnP , or libupnp component – a software library used by mobile devices, routers, smart TVs, and other IoT devices to stream media files over a network. The flaws occur du

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

The man accused of being "a senior advisor" and mentor of Ross Ulbricht , the convicted operator of the illegal drug marketplace Silk Road , has been arrested in Thailand and charged with conspiring to traffic drugs and money laundering. The US Department of Justice (DoJ) announced on Friday that Roger Thomas Clark , 54, is accused of being " Variety Jones ," who was a close confidante of Ulbricht's who: Advised Ulbricht on all aspects of Silk Road's operations Helped Ulbricht grow the notorious website into an extensive criminal enterprise Clark was arrested Thursday in Thailand and is now awaiting extradition to face United States charges of: Narcotics Trafficking Conspiracy – carries a maximum sentence of life in prison. Money Laundering Conspiracy – carries a maximum sentence of 20 years in prison. Life in Prison If convicted, Clark faces at least 10 years and as long as life in prison, according to a statement from Manhattan U.S. Attorney Preet

A new research showed that Scripting languages, in general, give birth to more security vulnerabilities in web applications, which raised concerns over potential security bugs in millions of websites. The app security firm Veracode has released its State of Software Security: Focus on Application Development report ( PDF ), analyzing more than 200,000 separate applications from October 1, 2013, through March 31, 2015. The security researchers crawled popular web scripting languages including PHP, Java, JavaScript, Ruby, .NET, C and C++, Microsoft Classic ASP, Android, iOS, and COBOL, scanning hundreds of thousands of applications over the last 18 months. Also Read:  A Step-by-Step Guide — How to Install Free SSL Certificate On Your Website Researchers found that PHP – and less popular Web development languages Classic ASP and ColdFusion – are the riskiest programming languages for the Internet, while Java and .NET are the safest. Here's the Top 10 List:

Bluestacks , the first app player for running Android apps on Windows, has launched the latest version of its Android emulator platform with one major upgrade: The Ability to Run Multiple Android apps Simultaneously. BlueStacks 2 Released Bluestacks previously only run a single app at a time. However, with the launch of BlueStacks 2 , the app adds a tabbed interface that allows you to jump between multiple Android apps in the same window. This is great for you to run gaming and messaging apps, or news and messaging apps at the same time. The update also adds a toolbar that allows you to quickly tell the Android emulator to simulate rotating the device screen or to perform other functions, such as copying and pasting. In BlueStacks 2, players now have options to marry gameplay and app discovery, meaning when they click an advertisement, a new tab will appear so that the players can continue playing their games without being interrupted. How to Run Mult

Next in the queue, Kazakhstan is also planning to Spy on encrypted Internet Traffic of its citizens, but in the most shameless way. Unlike other spying nations that are themselves capable of spying on their citizens, Kazakhstan will force every internet user in the country to install bogus security certs on their PCs and mobile devices, allowing the 'Dictator' Government to: Intercept users' Internet traffic to any Secure website, i.e. Man-in-the-Middle  Attack Access everything from user's web browsing history to usernames and passwords to secure and HTTPS-encrypted traffic This Program will seriously restrict Citizens' Freedom of Speech and Expression. What the F… is "National Internet Security Certificate"? On Monday, the nation's largest Internet service provider Kazakhtelecom JSC published a notice, which said: Citizens are "obliged" to install a so-called " National Internet Security Certificate "