The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Forget about security! It turns out that the Chip-and-PIN cards are just as easy to clone as magnetic stripe cards. It took researchers just a simple chip and pin hack to withdraw up to $50,000 in cash from an ATM in America in under 15 minutes. We have been told that EMV ( Europay, MasterCard and Visa ) chip-equipped cards provides an extra layer of security which makes these cards more secure and harder to clone than the old magnetic stripe cards. But, it turns out to be just a myth. A team of security engineers from Rapid7 at Black Hat USA 2016 conference in Las Vegas demonstrated how a small and simple modifications to equipment would be enough for attackers to bypass the Chip-and-PIN protections and enable unauthorized transactions. The demonstration was part of their presentation titled, "Hacking Next-Gen ATMs: From Capture to Washout," [ PDF ]. The team of researchers was able to show the audience an ATM spitting out hundreds of dollars in cash. Here

Over two weeks after the shutdown of Kickass Torrents and arrest of its admin in Poland, the world's biggest BitTorrent meta-search engine Torrentz.eu has apparently shut down its operation. The surprise shutdown of Torrentz marks the end of an era. Torrentz.eu was a free, fast and powerful meta-search engine that hosted no torrents of its own, but combined results from dozens of other torrent search engine sites including The Pirate Bay ,  Kickass Torrents and ExtraTorrent. The meta-search engine has announced " farewell " to its millions of torrent users without much fanfare, suddenly ceasing its operation and disabling its search functionality. At the time of writing, the Torrentz.eu Web page is displaying a message that reads in the past tense: " Torrentz was a free, fast and powerful meta-search engine combining results from dozens of search engines. " When try to run any search or click any link on the site, the search engine refuses to show

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

So finally, Apple will pay you for your efforts of finding bugs in its products. While major technology companies, including Microsoft , Facebook and Google , have launched bug bounty programs over last few years to reward researchers and hackers who report vulnerabilities in their products, Apple remained a holdout. But, not now. On Thursday, Apple announced  at the Black Hat security conference that the company would be launching a bug bounty program starting this fall to pay outside security researchers and white hat hackers privately disclose security flaws in the company's products. How much is a vulnerability in Apple software worth? Any Guesses? It's up to $200,000 . Head of Apple security team, Ivan Krstic, said the company plans to offer rewards of up to $200,000 (£152,433) to researchers who report critical security vulnerabilities in certain Apple software. While that's certainly a sizable bounty reward — one of the highest rewards offered in co

If you think that the HTTP/2 protocol is more secure than the standard HTTP ( Hypertext Transfer Protocol ), then you might be wrong, as it took researchers just four months to discover four flaws in the HTTP/2 protocol. HTTP/2 was launched properly just in May last year after Google bundled its SPDY project into HTTP/2 in February in an effort to speed up the loading of web pages as well as the browsing experience of the online users. Now, security researchers from data center security vendor Imperva today at Black Hat conference revealed details on at least four high-profile vulnerabilities in HTTP/2 – a major revision of the HTTP network protocol that the today's web is based on. The vulnerabilities allow attackers to slow web servers by flooding them with innocent looking messages that carry a payload of gigabytes of data, putting the servers into infinite loops and even causing them to crash. The HTTP/2 protocol can be divided into three layers: The transmissio

Yet another blow to Bitcoin: One of the world's most popular exchanges of the cryptocurrency has suffered a major hack, leading to a loss of around $72 Million worth of Bitcoins. Hong Kong-based Bitcoin exchange ' Bitfinex ' has posted a note on their website announcing the shutdown of its operation after discovering a security breach that allowed an attacker to steal some user funds. While the company did not mention a total amount lost in the breach, one of their employees — Bitfinex community director Zane Tackett — confirmed on Reddit that the total amount stolen was 119,756 bitcoins — worth up to $72 Million in cash. The cause of the security breach and the hacker behind the incident is still unclear, but the attackers appear to have mysteriously bypassed Bitfinex's mandated limits on withdrawals. "The theft is being reported to — and we are co-operating with — law enforcement," Bitfinex statement reads. "We will look at various options to