The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Mr. Robot is the rare show that provides a realistic depiction of hacks and vulnerabilities that are at the forefront of cyber security. This is the reason it's been the most popular TV show of its kind. Throughout season 1 and season 2, we have seen that connected devices are the entry point of choice of Elliot and fsociety to breach networks and traditional security controls. Pwn Phone On Mr. Robot Show In this week's episode, Elliot uses a Pwnie Express Pwn Phone, which he describes as " a dream device for pentester ," to run a custom script he has written to take over someone else's phone. Security pros have long know about the Pwn Phone as a powerful mobile platform for penetration testing and security assessments, so it is not surprising to see it on Mr. Robot. The coolest part is that Pwnie Express is giving away a Pwn Phone , just like the one used in the show. The Pwn Phone is a mobile pentesting device that makes it incredibly easy to evaluate wired, wirel

Hackers have obtained credentials for more than 68 Million accounts for online cloud storage platform Dropbox from a known 2012 data breach. Dropbox has confirmed the breach and already notified its customers of a potential forced password resets, though the initial announcement failed to specify the exact number of affected users. However, in a selection of files obtained through sources in the database trading community and breach notification service Leakbase , Motherboard found around 5GB of files containing details on 68,680,741 accounts, which includes email addresses and hashed (and salted) passwords for Dropbox users. An unnamed Dropbox employee verified the legitimacy of the data. Out of 68 Million, almost 32 Million passwords are secured using the strong hashing function " BCrypt , " making difficult for hackers to obtain users' actual passwords, while the rest of the passwords are hashed with the SHA-1 hashing algorithm . These password hashes als

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Elisa , one of the biggest Finnish Internet Service Providers (ISP), claims to have achieved a new world record for 4G network with 1.9 gigabit-per-second (Gbps) data download speed using Huawei technology. Currently, Sweden and the United Kingdom have been crowned as the top countries across the world when it comes to fastest mobile 3G and 4G speeds, but now Finland is also working hard to give them a tough competition. Elisa set this record-breaking benchmark with the help of technology provided by Chinese telecom giant Huawei that could allow real-world mobile 4G users to download a Blu-ray film in just 40-45 seconds. 4G and 5G Technology: The future of Mobile Networks In February last year, a team of researchers from the University of Surrey managed to achieve a record-breaking speed of 1 Terabit per second (1Tbps) during a test of 5G wireless data connections, which is over 500 times faster than Elisa's 4G speed. While, in June last year, the International Tele

Famous Android developer Chainfire released an experimental hack with a new app, called " Suhide ," that allows users to hide the root status of their rooted Android devices on an app-by-app basis. Rooting your Android device can bring a lot of benefits by giving you access to a wide variety of apps and deeper access to the Android system...But at what cost? One of the major drawbacks of rooting your device is losing access to certain apps, which includes banking, payment and corporate security apps that work with financial and confidential data, such as your bank details. Such apps don't work on rooted devices. A great example for this is Google's Android Pay . Since its launch, developers has been working hard to get Android Pay working for rooted devices, but unfortunately, they have not gotten much success. But Why Rooted Devices? It's because Google cares about your security. SafetyNet — That's How Google Detects Tampered Devices Google

A group of unknown hackers or an individual hacker may have breached voter registration databases for election systems in at least two US states, according to the FBI, who found evidence during an investigation this month. Although any intrusion in the state voting system has not been reported, the FBI is currently investigating the cyberattacks on the official websites for voter registration system in both Illinois and Arizona, said Yahoo News . The FBI's Cyber Division released a " Flash Alert " to election offices and officials across the United States, asking them to watch out for any potential intrusions and take better security precautions. "In late June 2016, an unknown actor scanned a state's Board of Election website for vulnerabilities using Acunetix, and after identifying a Structured Query Language (SQL) injection (SQLi) vulnerability, used SQLmap to target the state website," the FBI alert reads. "The majority of the data exfiltr