The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Another day, another bad news for Bitcoin users. A leading Bitcoin information site is warning users that an upcoming version of the Blockchain consolidation software and Bitcoin wallets could most likely be targeted by "state-sponsored attackers." Recently, one of the world's most popular cryptocurrency exchanges, Bitfinex, suffered a major hack that resulted in a loss of around $72 Million worth of Bitcoins . Now, Bitcoin.org, the website that hosts downloads for Bitcoin Core, posted a message on its website on Wednesday warning users that the next version of the Bitcoin Core wallet, one of the most popular bitcoin wallets used to store bitcoins, might be replaced with a malicious version of the software offered by government-backed hackers. Specifically, Chinese bitcoin users and services are encouraged to be vigilant " due to the origin of the attackers. " Bitcoin.org doesn't believe it has sufficient resources to defend against the attack.

Ever since the creation of online chat rooms and then social networking, people have changed the way they interact with their friends and associates. However, when it comes to anonymous chatting services, you don't even know what kinds of individuals you are dealing with. Sharing identifiable information about yourself with them could put you at risk of becoming a victim of stalking, harassment, identity theft, webcam blackmail, and even phishing scams. Have you heard of Omegle? The popular, free online anonymous chat service that allows you to chat with random strangers, without any registration. The service randomly pairs you in one-on-one chat window where you can chat anonymously over text or webcam. But, are your chats actually Anonymous? No, all your chats are recorded and saved by the service. So, if you have shared your personal details such as your name, phone number, or email address, with anyone over the service, you are no more anonymous. Even the websi

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

'Microsoft loves Linux' and this has never been so true than now. Microsoft today made its PowerShell scripting language and command-line shell available to the open source developer community on GitHub under the permissive MIT license. The company has also launched alpha versions of PowerShell for Linux (specifically Red Hat, Ubuntu, and CentOS) and Mac OS X, in addition, of course, to Windows. Now, people can download binaries of the software, as well as access source code of the app from the new PowerShell GitHub page. "Users across Windows and Linux, current and new PowerShell users, even application developers can experience a rich interactive scripting language as well as a heterogeneous automation and configuration management that works well with your existing tools," Microsoft says in its blog post . "Your PowerShell skills are now even more marketable, and your Windows and Linux teams, who may have had to work separately, can now work toge

You might have heard about the recent ongoing drama of NSA hack that has sparked a larger debate on the Internet concerning abilities of US intelligence agencies as well as their own security. Saturday morning the news broke that a mysterious group of hackers calling themselves "The Shadow Brokers" claimed it hacked an NSA-linked group and released some NSA hacking tools with a promise to sell more private "cyber weapons" to the highest bidder. The group dumped a bunch of private hacking tools from " Equation Group " – an elite cyber attack unit linked to the NSA – on GitHub and Tumblr. The Shadow Brokers hacking group has published the leaked data in two parts; one includes many hacking tools designed to inject malware into various servers and another encrypted file containing the "best files" that they made available for sale for 1 Million Bitcoins. However, GitHub deleted the files from its page, not due to any government pressur

After TrueCrypt mysteriously discontinued itself, VeraCrypt became the most popular open source disk encryption software used by activists, journalists, and privacy conscious people. Due to the huge popularity of VeraCrypt, security researchers from the OSTIF ( The Open Source Technology Improvement Fund ) announced at the beginning of this month that it had agreed to audit VeraCrypt independently. Using funds donated by DuckDuckGo and VikingVPN, the OSTIC hired vulnerability researchers from QuarksLab to lead the audit, which would look for zero-day vulnerabilities and other security holes in VeraCrypt's code. Now, the most troubling part comes here: The OSTIF announced Saturday that its confidential PGP-encrypted communications with QuarkLabs about the security audit of VeraCrypt were mysteriously intercepted. "We have now had a total of four email messages disappear without a trace, stemming from multiple independent senders." the OSTIF said . "Not

An estimated 80 percent of Android smartphones and tablets running Android 4.4 KitKat and higher are vulnerable to a recently disclosed Linux kernel flaw that allows hackers to terminate connections, spy on unencrypted traffic or inject malware into the parties' communications. Even the latest Android Nougat Preview is considered to be vulnerable. The security flaw was first appeared in the implementation of the TCP protocol in all Linux systems deployed since 2012 (version 3.6 and above of the Linux OS kernel) and the Linux Foundation has already patched the Linux kernel on July 11, 2016. However, the vulnerability ( CVE-2016-5696 ) is now affecting a large portion of the Android ecosystem. According to a blog post published Monday by mobile security firm Lookout, the Linux flaw is present in Android version 4.4 KitKat and all future releases, including the latest developer preview of Android Nougat . Around 1.4 BILLLLLION Android Devices Affected This means that 80%

China has taken one more step forward towards achieving success in Quantum communication technology. China has launched the world's first quantum communications satellite into orbit aboard a Long March-2D rocket earlier today in order to test the fundamental laws of quantum mechanics at space. 'Hack-Proof' Communications System The satellite, dubbed Quantum Science Satellite, is designed to develop a ' Hack-Proof ' communications system in this age of global electronic surveillance and cyber attacks by transmitting uncrackable encryption keys from space to the ground. The 600-plus-kilogram Quantum Science Satellite , better known as Quantum Experiments at Space Scale (QUESS) satellite, took off from the Jiuquan Satellite Launch Center in Gobi Desert at 1:40 AM local time on a 2-year mission on Tuesday. The QUESS satellite will help China perform unprecedented levels of experiments in quantum communication by sending entangled photons from the satellite

It seems like the NSA has been HACKED! Update: The NSA Hack — What, When, Where, How, Who & Why? Explained Here. An unknown hacker or a group of hackers just claimed to have hacked into " Equation Group " -- a cyber-attack group allegedly associated with the United States intelligence organization NSA -- and dumped a bunch of its hacking tools (malware, private exploits, and hacking tools) online. I know, it is really hard to believe, but some cybersecurity experts who have been examining the leak data, exploits and hacking tools, believe it to be legitimate. Hacker Demands $568 Million in Bitcoin to Leak All Tools and Data Not just this, the hackers, calling themselves " The Shadow Brokers ," are also asking for 1 Million Bitcoins ( around $568 Million ) in an auction to release the 'best' cyber weapons and more files. Also Read:   Links Found between NSA, Regin Spy tool and QWERTY Keylogger Widely believed to be part of the NSA, Equati

It's 2016, and now, you can earn some dollars by contributing into well-organized DDoS attack scheme. Do you know while mining Bitcoins you are actually contributing a significant computational power to keep the Bitcoin network running? In Bitcoins, the miners actually build and maintain massive public ledger containing a record of every Bitcoin transaction in history. When one user tries to send Bitcoins to another user, the miners validate the transfer by checking the ledger to make sure the sender is not transferring money he/she does not have, adding the transaction to the ledger and then finally sealing it behind layers and layers of computational work to protect that ledger from getting compromised or hacked. So for this, miners are rewarded with Bitcoins. So, basically, you are contributing the massive amount of computing power that keeps the Bitcoin transactions running and makes you earn some cryptocurrency in return as an incentive. However, Bitcoin has long be

Hong Kong-based Bitcoin exchange 'Bitfinex' that lost around $72 Million worth of its customers' Bitcoins last week is now offering a reward of $3.5 Million to anyone who can provide information that leads to the recovery of the stolen Bitcoins. Bitfinex revealed on August 2 that the cryptocurrency exchange had suffered a major security breach, which resulted in the loss of nearly 120,000 BTC. The hack led to a 36 percent loss for each Bitfinex customer, who will be issued tokens to be redeemed as the company is able to reimburse the losses. Now, the exchange is willing to offer 5% of the lost funds ( nearly 6,000 BTC ) as a reward for the recovery of the stolen bitcoins. The news came after a Reddit user, using alias someguy916, inquired about a reward Bitfinex would be willing to offer for the stolen bitcoins. In response to the question, Bitfinex community director Zane Tackett stated that a bounty would be awarded to anyone who has information that would hel

The hacker, who recently claimed responsibility for the high-profile hack of Democratic National Committee (DNC), has now taken credit for hacking into the Democratic Congressional Campaign Committee (DCCC) as well. To prove his claims, the hacker, going by the moniker Guccifer 2.0, dumped on Friday night a massive amount of personal information belonging to nearly 200 Democratic House members onto his blog . The notorious hacker published several documents that include cell phone numbers, home addresses, official and personal e-mail addresses, names of staffers, and other personal information for the entire roster of Democratic representatives. The data dump also includes several memos from House Minority Leader Nancy Pelosi's personal computer, detailing fundraisers and campaign overviews. "As you see the US presidential elections are becoming a farce, a big political performance where the voters are far from playing the leading role," the hacker wrote in a

Air-gapped computers that are isolated from the Internet and other computers are long considered to be the most secure and safest place for storing data in critical infrastructures such as industrial control systems, financial institutions, and classified military networks. However, these systems have sometimes been targeted in the past, which proves that these isolated systems are not completely secure. Previous techniques of hacking air gap computers include: AirHopper that turns a computer's video card into an FM transmitter to capture keystrokes; BitWhisper that relies on heat exchange between two computer systems to stealthily siphon passwords or security keys; Hacking air-gapped computer using a basic low-end mobile phone with GSM network; and Stealing the secret cryptographic key from an air-gapped computer placed in another room using a Side-Channel Attack. Now, researchers have devised a new method to steal data from an infected computer even if it has no