The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The massive data breach that Yahoo! confirmed to the world last week is claimed by the company to have been carried out by a "state-sponsored actor" in 2014, which exposed the accounts of at least 500 Million Yahoo users . But, now it seems that Yahoo has downplayed a mega data breach and trying to hide it's own security blunder. Recently the information security firm InfoArmor that analyzed the data breach refuted the Yahoo's claim, stating that the data breach was the work of seasoned cyber criminals who later sold the compromised Yahoo accounts to an Eastern European nation-state. Over 1 Billion Accounts May Have Been Hacked Now, there's one more twist in the unprecedented data heist. A recent advancement in the report indicates that the number of affected Yahoo accounts may be between 1 Billion and 3 Billion. An unnamed, former Yahoo executive who is familiar with the company's security says that the Yahoo's back-end system's arch

Well, there's some good news for Hackers and Bug hunters, though a terrible news for Apple! Exploit vendor Zerodium has tripled its bug bounty for an Apple's iOS 10 zero-day exploit, offering a maximum payout of $US1.5 Million. Yes, $1,500,000.00 Reward. That's more than seven times what Apple is offering (up to $200,000) for iOS zero-days via its private, invite-only bug bounty program. Zerodium, a startup by the infamous French-based company Vupen that buys and sells zero-day exploits to government agencies around the world, previously offered US$500,000 for remote iOS 9 jailbreaks, which was temporarily increased to $1 Million for a competition help by the company last year. The company paid out $1 million contest reward for the first three iOS 9 zero-days in November to an unnamed hacker group, then lowered the price again to $500,000. With the recent release of iOS 10, Zerodium has agreed to pay $1.5 Million to anyone who can pull off a remote jail

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

One of the FBI's Most Wanted Hackers who was arrested in Germany earlier this year has pleaded guilty to federal charges for his role in a scheme that hacked computers and targeted the US government, foreign governments, and multiple US media outlets. Peter Romar, 37, pleaded guilty Wednesday in a federal court in Alexandria to felony charges of conspiring to receive extortion proceeds and to illegally access computers in his role as a member of the infamous hacking group calling itself the Syrian Electronic Army (SEA), the Department of Justice (DoJ) announced . Romar was previously extradited from Germany on request of the United States. "Cybercriminals cannot hide from justice," said U.S. Attorney Dana J. Boente for the Eastern District of Virginia. "No matter where they are in the world, the United States will vigorously pursue those who commit crimes against U.S. citizens and hold them accountable for their actions." In March, the US charged thr

If you own a D-Link wireless router, especially DWR-932 B LTE router , you should get rid of it, rather than wait for a firmware upgrade that never lands soon. D-Link DWR-932B LTE router is allegedly vulnerable to over 20 issues, including backdoor accounts, default credentials, leaky credentials, firmware upgrade vulnerabilities and insecure UPnP (Universal Plug-and-Play) configuration. If successfully exploited, these vulnerabilities could allow attackers to remotely hijack and control your router, as well as network, leaving all connected devices vulnerable to man-in-the-middle and DNS poisoning attacks. Moreover, your hacked router can be easily abused by cybercriminals to launch massive Distributed Denial of Service (DDoS) attacks, as the Internet has recently witnessed record-breaking 1 Tbps DDoS attack that was launched using more than 150,000 hacked Internet-connected smart devices. Security researcher Pierre Kim has discovered  multiple vulnerabilities in the D-Li

Today, most users surf the web unaware of the fact that websites collect their data and track their locations – and if this is not enough, then there are hackers and cyber criminals who can easily steal sensitive data from the ill-equipped. In short, the simple truth is that you have no or very little privacy when you're online. So, if you're worried about identity thieves, or ISPs spying on or throttling your traffic, the most efficient way to secure your privacy on the Internet is to avoid using public networks; use a Virtual Private Network (VPN) instead. When it comes to digital security, the first thing most users probably think of is a good Antivirus for protecting their sensitive data on their systems. But, what they forget is that the data they send over the Internet needs protection, too. That's where Virtual Private Network (VPN) services come in. VPN allows you to access a private network securely and to share data remotely through public networks,

Doing conversations with your friend on iMessage and thinking that they are safe and out of reach from anyone else other than you and your friend? No, it's not. End-to-end encryption doesn't mean that your iMessages are secure enough to hide your trace because Apple not only stores a lot of information about your iMessages that could reveal your contacts and location, but even share that information with law enforcement via court orders. According to a new document obtained by The Intercept , Apple records a log of which phone numbers you typed into their iPhone for a message conversation, along with the date and time when you entered those numbers as well as your IP address, which could be used to identify your location. Actually, every time a user type a phone number into their iPhone for a message conversation, iMessage contacts Apple servers to find out whether to route a given message over the iMessage system. "Apple records each query in which your phone c

Do you know — Your Smart Devices may have inadvertently participated in a record-breaking largest cyber attack that Internet has just witnessed. If you own a smart device like Internet-connected televisions, cars, refrigerators or thermostats, you might already be part of a botnet of millions of infected devices that was used to launch the biggest DDoS attack known to date, with peaks of over 1 Tbps of traffic. France-based hosting provider OVH was the victim to the record-breaking Distributed Denial of Service (DDoS) attacks that reached over one terabit per second (1 Tbps) over the past week. As the Internet of Things (IoT) or connected devices are growing at a great pace, they continue to widen the attack surface at the same time, giving attackers a large number of entry points to affect you some or the other way. 1 Tbps DDoS Attack Hits OVH IoTs are currently being deployed in a large variety of devices throughout your home, businesses, hospitals, and even entire cities (

OSquery , an open-source framework created by Facebook that allows organizations to look for potential malware or malicious activity on their networks, was available for Mac OS X and Linux environments until today. But now the social network has announced that the company has developed a Windows version of its osquery tool , too. When Facebook engineers want to monitor thousands of Apple Mac laptops across their organization, they use their own untraditional security tool called OSquery. OSquery is a smart piece of cross-platform software that scans every single computer on an infrastructure and catalogs every aspect of it. Then SQL-based queries allow developers and security teams to monitor low-level functions in real-time and quickly search for malicious behavior and vulnerable applications on their infrastructure. In simple words, OSquery allows an organization to treat its infrastructure as a database, turning OS information into a format that can be queried using SQL

Just last month, the most popular messaging app WhatsApp updated its privacy policy and T&Cs to start sharing its user data with its parent company, and now both the companies are in trouble, at least in Germany and India. Both Facebook, as well as WhatsApp, have been told to immediately stop collecting and storing data on roughly 35 Million WhatsApp users in Germany. The Hamburg Commissioner for Data Protection and Freedom of Information Johannes Caspar even ordered Facebook on Tuesday to delete all data that has already been forwarded to WhatsApp since August. Also in India, the Delhi High Court on September 23 ordered WhatsApp to delete all users' data from its servers up until September 25 when the company's new privacy policy came into effect. When Facebook first acquired WhatsApp for $19 billion in cash in 2014, WhatsApp made a promise that its users' data would not be shared between both companies. But now apparently this has changed, which, according to Caspa

Google's long-rumored Android-Chrome hybrid operating system is expected to debut at the company's upcoming hardware event on October 4. The company has been working to merge the two OSes for roughly 3 years with a release planned for 2017, but an "early version" to show things off to the world in 2016. Android + Chrome = Andromeda The hybrid OS, currently nicknamed 'Andromeda,' could be come on a new Pixel laptop as well as Huawei Nexus tablet from Google by Q3 2017, if not sooner, according to new leaks from 9to5Google and Android Police . Andro id + Ch rome = Andromeda The laptop, officially codenamed " Bison " and nicknamed "Pixel 3," is a reference to the "Chromebook Pixel," but since this edition is not running Chrome operating system, one can not call it a "Chromebook" anymore. Andromeda is separate from the company's Fuchsia OS , which is focused on Internet-of-Thing (IoT) devices. Moreove