The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

As warned last year, Microsoft is pushing Windows 10 upgrades onto its user's PCs much harder by re-categorizing Windows 10 as a " Recommended Update " in Windows Update, instead of an " optional update. " Microsoft launched Windows 10 earlier last year and offered the free upgrade for Windows 7 and Windows 8 and 8.1 users. While the company has been successful in getting Windows 10 onto more than 200 Million devices , Microsoft wants to go a lot more aggressive this year. So, If you have enabled Automatic Windows Update on your Window 7, 8 or 8.1 to install critical updates, like Security Patches, you should watch your steps because… ...From Monday, Windows Update will start upgrading your PC to the newest Windows 10 as a recommended update, Microsoft confirmed. Must Read: How to Stop Windows 7 or 8 from Downloading Windows 10 Automatically . This means Windows 10 upgrade process will download and start on hundreds of millions of d

Google has released the February Security Update for Android that patches multiple security vulnerabilities discovered in the latest version of Android operating system. In total, there were five "critical" security vulnerabilities fixed in the release along with four "high" severity and one merely "moderate" issues. Remote Code Execution Flaw in WiFi A set of two critical vulnerabilities has been found in the Broadcom WiFi driver that could be exploited by attackers to perform Remote Code Execution (RCE) on affected Android devices when connected to the same network as the attacker. The vulnerabilities (CVE-2016-0801 and CVE-2016-0802) can be exploited by sending specially crafted wireless control message packets that can corrupt kernel memory, potentially leading to remote code execution at the kernel level. "These vulnerabilities can be triggered when the attacker and the victim are associated with the same network," read

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

A dangerous backdoor has been discovered in the MediaTek processor that could be exploited to hack Android devices remotely. MediaTek is a Taiwan-based hardware company that manufacture hardware chips and processor used in the smartphones and tablets. The backdoor was discovered by security researcher Justin Case , who already informed MediaTek about the security issue via Twitter, as the chipset manufacturer had no proper vulnerability reporting mechanism in place. The vulnerability is apparently due to a debug tool that was opened up for carriers to test the device on their networks, but unfortunately, it was left open in the shipped devices, thus leaving the serious backdoor open to hackers. If exploited, the debug feature could allow hackers to compromise personal data of an Android device, including user's private contacts, messages, photos, videos and other private data. MediaTek acknowledged the issue, saying "We are aware of this issue, and it has bee

You may have seen number of viral entertainment videos on the Internet, titled: Hawk attacks Drone! Angry Bird takes down Quadcopter, and the best one… Eagle attack: Drone Kidnapped by two Eagles, ...showing eagles, not-so-natural predators, attacking and bringing down drones when someone with a camera tries to invade their private airspace. Inspired from this: The  Dutch National Police  force is training eagles to take down rogue drones, instead of shooting them, using radio jammers,  net-wielding interceptor drones  or anti-drone rifle . We already know the role Sniffer Dogs play for Anti-Bomb squads in detecting hidden bombs and weapons. If dogs can be trained, so can eagles. Keeping this in mind, it is the first time any police authority has trained eagles to safely bring down bad quadcopters in emergency cases. Dutch police reportedly collaborated with a raptor training company called 'Guard From Above ', to train eagles to recogni

Attention Tor Onion Hosters! A year old loophole in Apache Web Server, uncovered by an unknown Computer Science Student, could potentially unmask the real identity of .onion-domains and servers hidden behind the Tor-network. Although the loophole was reported on Reddit and to the Tor Project months back, it recently came to the limelight soon after a tweet by Alec Muffet , a well-known security enthusiast and current software engineer at Facebook. What is Tor Hidden (.onion) Service? Dark Web websites (generally known as 'onion services') with a special domain name that ends with .onion, are called Tor Hidden Service and reachable only via the Tor network. Tor Hidden Service is a widely popular anonymity network used by Whistleblowers, Underground Markets, Defense Networks and more in order to maintain secrecy over the Internet. An Onion Website can be hosted on the top of any web servers. But, if you are choosing Apache, then you need to rethink.