The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Although Apple has its own operating system for both desktop (Mac OS X) and iPhone (iOS), the company has always tried to port its in-house applications to other OS platforms. Apple debuted on its rival mobile OS platform last year with the launch of Apple Music on Android. However, iTunes and Safari has already been made available for both Windows as well as Mac. Now, the company will soon move more of its mobile applications to Android if comments made by Chief Executive Tim Cook at the recent company-wide event for Apple employees are to be believed. iMessage App for Android Platform Cook reportedly told his staff that sooner Apple may bring other apps and exclusive services to the Android Systems, and added that bringing Apple Music to Android in November was "a way of testing the waters for growing its services division through other platforms," reports 9to5Mac. So, you could see iMessage , the company's encrypted messaging application, ex

Russian Group of Hackers reportedly cracked into the Kazan-based Energobank and messed up with the Ruble-Dollar exchange rates. In Feb 2015, a hacking group, known by the name METEL , successfully breached into the Russian Regional Bank for just 14 minutes and caused the exchange rate to fluctuate between 55 and 66 rubles per dollar, which finally resulted in the increment of Ruble's value. Here's how they did it: According to Russian security firm, Group-IB, who investigated the incident, the Metel Hacking group infected Kazan-based Energobank with a virus known as the Corkow Trojan and placed more than $500 million in orders at non-market rates. " This is the first documented attack using this virus, and it has the potential to do much more damage ," Dmitry Volkov, the head of Group-IB's cyber intelligence department, told Bloomberg . The hackers had taken the advantage of Spear Phishing Technique, which appears to come from a legit source. A single click

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

An unknown hacker who promised to release the personal information on government employees has dump online a list of nearly 20,000 Federal Bureau of Investigation (FBI) agents and 9,000 Department of Homeland Security (DHS) officers. Though the authenticity of the information has not been verified, at least, some of the leaked data appears to be legitimate. Here's What the Hacker Leaked: The hacker leaked first round of data belonging to roughly 9,000 DHS employees on Sunday, which was followed by the release of 20,000 FBI agents information on Monday. The hacker, who goes on Twitter by the username of @DotGovs , published the supposed data on an encrypted text-sharing website, including: Names Job titles Phone numbers Email addresses The Reason Behind the Hack The message at the top of the data dump includes the hashtag " #FreePalestine " and reads "Long Live Palestine, Long Live Gaza: This is for Palestine, Ramallah, West Bank,

Facebook's Free Basics Internet service has been Blocked in India. The Telecom Regulatory Authority of India (TRAI) has banned mobile carriers and broadband providers to charge customers based on what services or content they access over the Internet. Under Prohibition of Discriminatory Tariffs for Data Services Regulations, 2016, "no service provider shall offer or charge discriminatory tariffs for data services on the basis of content." With this, Facebook's Free Basics is dead in India. All Zero-Rated Internet Services are BLOCKED!  It is not just Facebook's Free Basics Internet program that has been blocked inside the country, but also the zero-rated internet services altogether. Zero-rated internet services means those services that allow people access to some websites and web services without utilizing any of their mobile data allowance. Under the new regulation, no such services are now allowed. Free Basics (previously known by Int

The world's most notorious financial hacking operation disrupted by Russian authorities in November, when they raided the offices associated with a Moscow-based film and production company named 25th Floor . According to the Russian authorities, 25th Floor was allegedly involved in distributing the notorious password-stealing malware known as Dyre Banking Trojan . Malware Costs Hundreds of $$$ Millions in Losses The Dyre banking Trojan was typically distributed via spam campaigns and was responsible for over hundreds of millions of dollars in losses at banking and financial institutions, including Bank of America Corp, PayPal, and JPMorgan Chase & Co. Dyre , also known as Dyreza , first appeared in July 2014 and updated to target Windows 10 systems and its newest Edge browser. However, Dyre has not been in use since the November raid, according to cyber security experts, who said the raid represents Russia's biggest effort up to date in cracking down

The US-based software maker Oracle delivered an unusual out-of-box emergency patch for Java in an effort to fix a during-installation flaw on the Windows platforms. The successful exploitation of the critical vulnerability, assigned CVE-2016-0603 , could allow an attacker to trick an unsuspecting user into visiting a malicious website and downloading files to the victim's system before installing Java 6, 7 or 8. Although the vulnerability is considered relatively complex to exploit, a successful attack results in " complete compromise " of the target's machine. What You Need to Know About the Java Exploit The successful attack requires an attacker to trick a suitably unskilled user for opening a Java release even though the user is nowhere near the Java Website. Since the existence of the loophole is only during the installation process, users are not required to upgrade their existing Java installations in order to address the vulnerability.

Good News for Linux Techno Freaks! Do you usually mess with your Android smartphone by trying out the continual ins and outs of various apps and custom ROMs? Then this news would be a perfect pick for you! What If, you can effectively carry a Linux computer in your pocket? Hereby introducing a new Android-based Operating system named " Maru OS " that combine the mobility of a smartphone as well as the power of a desktop on a single device. Maru OS allows you to turn your smartphone into a desktop when plugging it with an HDMI cable. Maru custom ROM includes two operating systems: Android 5.1 Lollipop for mobile phones Debian-Linux for desktop monitor When you connect your phone (with Maru OS installed on it) via HDMI to a monitor, it will load Debian Linux automatically on your desktop screen in less than 5 seconds. "Your phone runs independently of your desktop so you can take a call and work on your big screen at the same time,"

Do you know about RFID chips and how many you are carrying at this moment? Today, RFID chips are built-in all sorts of items, including your credit cards, travel swipe cards, library books, grocery store cards, security tags, implanted medical records, passports and even the access cards provided by companies. But, What actually is an RFID chip? Radio frequency identification (RFID) is a small electronic device consisting of a chip on which data can be encoded, and an antenna used to transmit that data. It is typically used for short-distance communication of information. However, there is concern that these RFID chips could easily be hacked, and the information on these chips could easily be stolen by hackers. After all, they don't even require physical access to these chips in order to get data from it. The good news is: Researchers at MIT have developed a new way that prevents RFID chips from hacking. Although the information on RFID chip is pro

What can you do with Facebook Messenger? Chat with your friends Send GIFs, stickers, and photos Make video calls Send people money in Messenger Have you ever wondered to Play a game while you chat with friends? Yes, it is possible. Facebook had made it to the reality by building a hidden built-in functionality in Facebook Messenger that lets you play Chess with your friends without having to install a third-party app. It just takes one simple step to unlock this hidden game. All you need to do is: type " @fbchess play " and hit Enter, during a conversation, and a small square box would appear in the chat box. Here's how to play: The person who initiated the game would be assigned "White" side, to make the first movement. Although there is some standard algebraic notation like:- B for "Bishop" R for "Rook" Q for "Queen" K for "King" N for "Knight" P for "Pawn" Pawns could be moved by issuing the simple commands

VICTORY! As a result of the legal action against WikiLeaks founder Julian Assange by both British and Swedish Governments, he has been arbitrarily detained by the United Kingdom and Sweden since his arrest in London over five years ago. However, Assange filed a complaint against both the governments in September 2014 that has been considered by the United Nations Working Group on Arbitrary Detention. Last week, Assange gave a statement that if the ruling comes against him, then he will surrender himself to Britain . But, Victory! The decision is in favor of Assange. The UN group has ruled that the UK and Swedish authorities had illegally detained Assange in violation of their international human rights obligations. Julian Assange should be released immediately and allowed to leave the embassy as well as both the UK and Sweden should compensate him for his "deprivation of liberty", the UN Working Group on Arbitrary Detention said in a statement

Netgear, one of the most popular router manufacturers, has been vulnerable to two different flaws that could allow hackers to compromise your corporate network and connected devices. Reported critical vulnerabilities reside in the Netgear's ProSafe NMS300 Model ( Network Management System ) – a centralized and comprehensive management application for network administrators that enables them to discover, monitor, configure, and report on SNMP-based enterprise-class network devices. SNMP ( Simple Network Management Protocol ) is a network management protocol which facilitates Netgear's ProSafe NMS300 application to gather data from various network devices such as servers, printers, hubs, switches, and routers. Remotely collected data includes CPU load, routing tables, and network traffic statistics. Serious Flaws in Network Management System A joint security dug conducted by Pedro Ribeiro ( Security Researcher of UK Based firm Agile Information ) along

The Dridex banking trojan that is widely being used by cyber criminals to distribute malware onto users' machines has now been found distributing a security software. A portion of the Dridex banking Trojan botnet may have been hacked or compromised by an unknown Whitehat Hacker, who replaced the malicious links with  Avira Antivirus  installers. What is Dridex Banking Trojan? How it Works? Dridex malware – also known as Bugat and Cridex – is believed to have been created by cyber criminals in Eastern Europe in an effort to harvest online banking details. Even after a high-profile takedown operation in late 2015, the Dridex botnet seems to be active again. The Dridex virus typically distributes itself through spam messages or emails that include malicious attachments, most often a Microsoft Office file or Word document integrated with malicious macros. Once the malicious file has been clicked, the macros download and install the main payload of the virus – th

A Few Months Back, Microsoft impressed the world with ' Microsoft loves Linux ' announcements, including, development of a custom Linux-based OS for running Azure Cloud Switch and selecting Ubuntu as the operating system for its  Cloud-based Big Data services . Also Read:  Microsoft Drops a Cloud Data Center Under the Ocean . Now, a renowned Windows Hacker and computer expert, who goes by the name ' WalkingCat ', discovered that the latest version of Windows 10 may have a Linux subsystem secretly installed inside. According to his tweets, hacker spotted two mysterious files, LXss.sys and LXCore.sys, in the most latest Windows 10 Redstone Build 14251 , which are suspected to be part of Microsoft's Project Astoria . Project Astoria , also known as Windows Bridge for Android , is a toolkit that allows running Android apps on Windows 10 Mobile devices. The naming convention for latest discovered files is very similar to the Android Subsystem files from Proj

Beware Comodo Users! Have you Safeguarded your PC with a Comodo Antivirus? Then you need to inspect your system for privacy and security concerns. First of all, make sure whether your default browser had been changed to " Chromodo " -- a free browser offered by Comodo Antivirus. If your head nod is " Yes ," then you could be at risk! Chromodo browser, which is supplied along with the installation of Comodo Anti-Virus Software and marketed as 'Private Internet Browser' for better security and privacy, automatically overrides system settings to set itself as your 'Default Browser.' And secondly, the main security concern about Comodo Antivirus is that the Chromodo browser has 'Same Origin Policy' (SOP) disabled by default. Google's security researcher Tavis Ormandy , recently shouted at Comodo for disabling SOP by default in its browser settings that violates one of the strongest browser security policy. Orm

Where tech companies like Facebook and Google prefer to move their data centers to colder countries to reduce their air conditioning bill, Microsoft has come up with an even better home for data centers while cutting high energy costs for cooling them: Under the Sea . Here's what Microsoft says: "50% of us live near the coast. Why doesn't our data?" Building massive data centers underwater might sound crazy, but it is exactly something Microsoft is testing with its first submarine data center, dubbed Leona Philpot . World's First Underwater Data Center The testing is part of Microsoft's plan dubbed Project Natick — an ongoing research project to build and run a data center that is submerged in the ocean, which the company believes, could make data centers faster, cost-effective, environmentally friendly and easier to set up. Leona Philpot (named after the Halo character from Microsoft's Xbox) was tested last August, when engineer

The decision of the United Nations investigation into the Julian Assange case is set to be revealed and could order the release of Wikileaks founder on February 5 . " BREAKING: UN set to announce decision on #Assange's release on Friday, "BREAKING: UN set to announce decision on #Assange's release on Friday," Wikileaks has tweeted . Assange has been living in the Ecuadorian embassy in London for over 3 years, after being granted political asylum by the Ecuadorian government of the South American country. Assange has been residing in the embassy since 2012 to avoid extradition: First to Sweden where he is facing sexual assault allegations, which he has always denied. Ultimately to the United States where he could face cyber espionage charges for publishing classified US military and diplomat documents via his website Wikileaks. The leak of publishing secret documents has amounted to the largest information leak in United States history

Once again the Red Alarm had been long wailed in the Security Desk of the National Aeronautics and Space Administration ( NASA ). Yes! This time, a serious hacktivism had been triggered by the Hacking group named " AnonSec " who made their presence in the cyber universe by previous NASA Hacks. The AnonSec Members had allegedly released 276 GB of sensitive data which includes 631 video feeds from the Aircraft & Weather Radars; 2,143 Flight Logs and credentials of 2,414 NASA employees, including e-mail addresses and contact numbers. The hacking group has  released a self-published paper named " Zine " that explains the magnitude of the major network breach that compromised NASA systems and their motives behind the leak. Here's How AnonSec Hacked into NASA The original cyber attack against NASA was not initially planned by AnonSec Members, but the attack went insidious soon after the Gozi Virus Spread that affected millions of systems a

The US government's $6 Billion firewall is nothing but a big blunder. Dubbed EINSTEIN , the nationwide firewall run by the US Department of Homeland Security (DHS) is not as smart as its name suggests. An audit conducted by the United States Government Accountability Office (GAO) has claimed that the firewall used by US government agencies is failing to fully meet its objectives and leaving the agencies open to zero-day attacks. EINSTEIN, which is officially known as the US' National Cybersecurity Protection System (NCPS) and has cost $5.7 Billion to develop, detects only 6 percent of today's most common security vulnerabilities and failed to detect the rest 94 percent. How bad is EINSTEIN Firewall in reality? In a series of tests conducted last year, Einstein only detected 29 out of 489 vulnerabilities across Flash, Office, Java, IE and Acrobat disclosed via CVE reports published in 2014, according to a report [ PDF ] released by the GAO late las