The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Do you have remote login software TeamViewer installed on your desktop? If Yes, then it could be possible that your system can be accessed by attackers to steal your personal details, including your bank and PayPal accounts, as several reports on Reddit and Twitter suggests. According to recent reports, the popular TeamViewer software that is used to remotely control PCs appears to have been HACKED ! Over the past few days, a number of users headed on to the Internet forums to report that unknown attackers are taking control of their computers through their TeamViewer accounts and, in some cases, trying to steal money through services like eBay or PayPal. This same behavior has also been reported by the IBM security researcher Nick Bradley, who said: "In the middle of my gaming session, I lose control of my mouse, and the TeamViewer window pops up in the bottom right corner of my screen. As soon as I realize what is happening, I kill the application. Then it dawns

Have you ever felt Facebook is showing you very relevant ads about topics you're only discussing around your phone? If yes, then you may find this news worth reading. Communications Professor Kelli Burns from the University of South Florida claims that Facebook is listening to all conversations people have while its app is open to serve more relevant ads for products related to what they are talking about. However, the social networking giant responds  it does listen to audio and collect information from users, but does not record or use sounds heard around people for targeted ads. " Facebook does not use microphone audio to inform advertising or News Feed stories in any way ," a Facebook spokesperson said. " Businesses are able to serve relevant ads based on people's interests and other demographic information, but not through audio collection. " Facebook rolled out a feature in May of 2014 when the company said that it might target ads " in t

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Russian authorities have arrested a gang of 50 hackers suspected of stealing more than 1.7 Billion Rubles ( over US$25 Million ) from banks and other financial institutions in the country since 2011. The same criminal gang had tried to steal a further 2.273 Billion Roubles by issuing false payment instructions, but that were blocked. The group allegedly used a Trojan called " Lurk " to set up a network of bots on infected computers to carry out the attacks, according to Russia's FSB ( Federal Security Service ). Initially identified in 2012, Lurk is a "fileless" Trojan that runs in RAM and has mostly been used for collecting banking credentials, especially for banks in Eastern Europe and the Russian Federation. The criminal gang allegedly seeded some of Russia's most popular websites with Lurk. Once infected, the malware downloaded more software modules, allowing the hackers to gain remote access to victims' computers. The hackers then stole

How much a Windows zero-day exploit that affects all versions of Windows operating system costs on the black market? It's $95,000, at least, for the one recently spotted by security researchers. Researchers from Trustwave's SpiderLabs team have uncovered a zero-day exploit on Russian underground malware forum exploit.in, affecting all versions of Microsoft Windows OS from Windows 2000 all the way up to a fully patched version of Windows 10. The zero-day exploit for the previously unknown vulnerability in " every version " of Windows is openly sold for $90,000 ( over £62,000 ). The security team originally discovered the zero-day exploit last month when the firm saw its ad on a Russian hacking forum for $95,000. However, the price has now been dropped to $90,000. The zero-day vulnerability in question claims to be a Local Privilege Escalation (LPE) bug in Windows that offers admin access to run malicious code on a victim's PC and is less dangerous th

Facebook is set to introduce end-to-end encryption for its Messenger app , allowing more than its 900 Million users to send and receive messages that can not be read or intercepted by law enforcement or even the social network itself. However, it's not the kind of end-to-end encrypted chat feature provided by Apple or WhatsApp in which all your conversation are entirely encrypted by default. Instead, the social networking giant will offer an end-to-end encrypted chat mode in Messenger as opt-in, just like Google's Allo smart chat app that provides encrypted chat feature only if users opt for it. Privacy advocates criticized Google for adding its ' incognito ' encrypted chat mode as an opt-in feature, rather than offering end-to-end encryption by default. Now, Facebook Messenger will roll out the same choice for its users in the next few months, when the company will roll out this new encrypted chat mode in Messenger as an opt-in feature, reports  The Guardian.

MySpace has suffered a major data breach in which hundreds of Millions of users have had their account details compromised. You may have forgotten Myspace and have not thought of it in years after Facebook acquired the market, but Myspace was once-popular social media website. On Tuesday, Myspace confirmed that the company was hacked in 2013 and that the stolen Myspace username and password combinations have been made available for sale in an online hacker forum. The hacker, nicknamed Peace, who is selling the database of about 360 Million Myspace accounts with 427 million passwords, is the same hacker who was recently in the news for leaking 164 Million LinkedIn and 65 Million Tumblr accounts . "We believe the data breach is attributed to Russian Cyberhacker 'Peace'," Myspace wrote in a blog post . "Email addresses, Myspace usernames, and Myspace passwords for the affected Myspace accounts created prior to June 11, 2013 on the old Myspace platform ar