The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Forget about security! It turns out that the Chip-and-PIN cards are just as easy to clone as magnetic stripe cards. It took researchers just a simple chip and pin hack to withdraw up to $50,000 in cash from an ATM in America in under 15 minutes. We have been told that EMV ( Europay, MasterCard and Visa ) chip-equipped cards provides an extra layer of security which makes these cards more secure and harder to clone than the old magnetic stripe cards. But, it turns out to be just a myth. A team of security engineers from Rapid7 at Black Hat USA 2016 conference in Las Vegas demonstrated how a small and simple modifications to equipment would be enough for attackers to bypass the Chip-and-PIN protections and enable unauthorized transactions. The demonstration was part of their presentation titled, "Hacking Next-Gen ATMs: From Capture to Washout," [ PDF ]. The team of researchers was able to show the audience an ATM spitting out hundreds of dollars in cash. Here

Over two weeks after the shutdown of Kickass Torrents and arrest of its admin in Poland, the world's biggest BitTorrent meta-search engine Torrentz.eu has apparently shut down its operation. The surprise shutdown of Torrentz marks the end of an era. Torrentz.eu was a free, fast and powerful meta-search engine that hosted no torrents of its own, but combined results from dozens of other torrent search engine sites including The Pirate Bay ,  Kickass Torrents and ExtraTorrent. The meta-search engine has announced " farewell " to its millions of torrent users without much fanfare, suddenly ceasing its operation and disabling its search functionality. At the time of writing, the Torrentz.eu Web page is displaying a message that reads in the past tense: " Torrentz was a free, fast and powerful meta-search engine combining results from dozens of search engines. " When try to run any search or click any link on the site, the search engine refuses to show

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

So finally, Apple will pay you for your efforts of finding bugs in its products. While major technology companies, including Microsoft , Facebook and Google , have launched bug bounty programs over last few years to reward researchers and hackers who report vulnerabilities in their products, Apple remained a holdout. But, not now. On Thursday, Apple announced  at the Black Hat security conference that the company would be launching a bug bounty program starting this fall to pay outside security researchers and white hat hackers privately disclose security flaws in the company's products. How much is a vulnerability in Apple software worth? Any Guesses? It's up to $200,000 . Head of Apple security team, Ivan Krstic, said the company plans to offer rewards of up to $200,000 (£152,433) to researchers who report critical security vulnerabilities in certain Apple software. While that's certainly a sizable bounty reward — one of the highest rewards offered in co

If you think that the HTTP/2 protocol is more secure than the standard HTTP ( Hypertext Transfer Protocol ), then you might be wrong, as it took researchers just four months to discover four flaws in the HTTP/2 protocol. HTTP/2 was launched properly just in May last year after Google bundled its SPDY project into HTTP/2 in February in an effort to speed up the loading of web pages as well as the browsing experience of the online users. Now, security researchers from data center security vendor Imperva today at Black Hat conference revealed details on at least four high-profile vulnerabilities in HTTP/2 – a major revision of the HTTP network protocol that the today's web is based on. The vulnerabilities allow attackers to slow web servers by flooding them with innocent looking messages that carry a payload of gigabytes of data, putting the servers into infinite loops and even causing them to crash. The HTTP/2 protocol can be divided into three layers: The transmissio

Yet another blow to Bitcoin: One of the world's most popular exchanges of the cryptocurrency has suffered a major hack, leading to a loss of around $72 Million worth of Bitcoins. Hong Kong-based Bitcoin exchange ' Bitfinex ' has posted a note on their website announcing the shutdown of its operation after discovering a security breach that allowed an attacker to steal some user funds. While the company did not mention a total amount lost in the breach, one of their employees — Bitfinex community director Zane Tackett — confirmed on Reddit that the total amount stolen was 119,756 bitcoins — worth up to $72 Million in cash. The cause of the security breach and the hacker behind the incident is still unclear, but the attackers appear to have mysteriously bypassed Bitfinex's mandated limits on withdrawals. "The theft is being reported to — and we are co-operating with — law enforcement," Bitfinex statement reads. "We will look at various options to

We have heard a lot about data breaches nowadays. And if you think that switching to an encrypted messaging service may secure you and your data, then you may be wrong. No good deed today can help you protect yourself completely. Reuters and several media outlets are reporting that the phone numbers of 15 Million users in Iran and more than a dozen accounts on the Telegram instant messaging service have been compromised by Iranian hackers exploiting an SMS text message flaw. Telegram is a messaging app " with a focus on security " that promotes itself as an ultra secure instant messaging system as all data is end-to-end encrypted. The service claims to have 100 Million active subscribers. According to research conducted by two security researchers, Collin Anderson and Claudio Guarnieri, this attack has threatened the communications of activists, journalists and other people in Iran, where around 20 Million people use Telegram. The incident is even said to be the

Is my smartphone battery leaking details about me? Unfortunately, YES! Forget about supercookies, apps, and malware; your smartphone battery status is enough to monitor your online activity, according to a new report. In 2015, researchers from Stanford University demonstrated a way to track users' locations – with up to 90 percent accuracy – by measuring the battery usage of the phone over a certain time. The latest threat is much worse. Two security researchers, Steve Engelhard and Arvind Narayanan, from Princeton University, have published a paper describing how phone's battery status has already been used to track users across different websites. The issue is due to the Battery Status API (application programming interface). How Does Battery Status API Help Advertisers Track You? The battery status API was first introduced in HTML5 and had already shipped in browsers including Firefox, Chrome, and Opera by August last year. The API is intended to allo

Google has rolled out a new feature for Android users to keep its users account more secure: Native Android Push Notification when a new device accesses your Google account. Google has already been offering email notification for newly added devices, but since people usually ignore emails, the tech giant will now send a push notification to your device screen, giving you a chance to change your password immediately before an intruder gets in. Although it's a little change, the company believes people pay four times more attention on push notifications on their devices compared to email notification. The new feature " increases transparency to the user of what actions they've performed and allows them to flag any suspicious activity they may be seeing on the device, " the company says in its official blog post . So, from now on, when a new device is added to your Google account, or, in other words, when a new device accesses your account, you will receive a

Hardly a day goes without headlines about any significant data breach. In the past few months, over 1 Billion account credentials from popular social network sites, including LinkedIn , Tumblr , MySpace and VK.com were exposed on the Internet. Now, the same hacker who was responsible for selling data dumps for LinkedIn, MySpace, Tumblr and VK.com is now selling what is said to be the login information of 200 Million Yahoo! users on the Dark Web . 200 Million Yahoo! Logins for 3 BTC The hacker, who goes by the pseudonym " Peace " or "peace_of_mind," has uploaded 200 Million Yahoo! credentials up for sale on an underground marketplace called The Real Deal for 3 Bitcoins (US$1,824). Yahoo! admitted the company was "aware" of the potential leak, but did not confirm the authenticity of the data. The leaked database includes usernames, MD5-hashed passwords and date of births from 200 Million Yahoo! Users. In some cases, there is also the backup e

An FBI electronics technician has pleaded guilty to acting as a Chinese secret agent and passing along sensitive information about the Feds to a Chinese government official. Kun Shan "Joey" Chun , 46, admitted in federal court in Manhattan on Monday that he violated his security clearance on several occasions between 2011 and 2016 in an effort to pass on secret information to China in exchange for money. Chun is a 19-year FBI veteran from Brooklyn who was born in China but was employed by the FBI in 1997. His duties with the FBI included " accessing sensitive and, in some instance, classified information ." The g-man, as a double agent, sent confidential government information – including the identity and travel plans of an FBI special agent, the internal structure of the FBI and spying technology used by the Bureau – to a Chinese official. Chun, who was initially arrested in March, got a top secret security clearance in 1998, at the time he did not reveal h