The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

When Hillary Clinton's private email server was hacked earlier this year, she was criticized for her bad security practices that exposed top secret documents stored in emails on that private server. The FBI called her behavior 'extremely careless.' Republican presidential candidate Donald Trump and his supporters are continuously criticizing Clinton's use of a private email server. And here's what Trump lectured in a debate about cybersecurity: "The security aspect of cyber is very, very tough. And maybe it's hardly doable. But I will say, we are not doing the job we should be doing. But that's true throughout our whole governmental society. We have so many things that we have to do better, Lester, and certainly, cyber is one of them." Forget Clinton; Trump has so worryingly insecure internet setup that anyone with little knowledge of computers can expose almost everything about Trump and his campaign. Security researcher Kevin Beaumont,

Don't believe everything you read on Facebook. Despite so many awareness about Facebook hoaxes, online users fall for them and make them viral. One such viral post is circulating on Facebook that suggests everything that you have ever posted on the social media platform will become public tomorrow. Don't worry — it's a hoax. Yes, it's still a hoax. The latest Facebook privacy hoax message looks like this: Deadline tomorrow !!! Everything you've ever posted becomes public from tomorrow. Even messages that have been deleted or the photos not allowed. It costs nothing for a simple copy and paste, better safe than sorry. Channel 13 News talked about the change in Facebook's privacy policy. I do not give Facebook or any entities associated with Facebook permission to use my pictures, information, messages or posts, both past, and future. With this statement, I give notice to Facebook it is strictly forbidden to disclose, copy, distribute, or take any oth

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

After TrueCrypt mysteriously discontinued its service, VeraCrypt became the most popular open source disk encryption software used by activists, journalists, as well as privacy conscious people. First of all, there is no such thing as a perfect, bug-free software. Even the most rigorously tested software, like the ones that operate SCADA Systems, medical devices, and aviation software, have flaws. Vulnerabilities are an unfortunate reality for every software product, but there is always space for improvements. Due to the enormous popularity of VeraCrypt, security researchers from the OSTIF (The Open Source Technology Improvement Fund) agreed to audit VeraCrypt independently and hired researchers from QuarksLab in August to lead the audit. And it seems like VeraCrypt is not exactly flawless either. Now after one month of the audit, researchers have discovered a number of security issues, including 8 critical, 3 medium, and 15 low-severity vulnerabilities in the popular

Early Monday, Whistleblowing site WikiLeaks tweeted that the internet connection of its co-founder, Julian Assange, was intentionally cut down , for which it blamed an unidentified " state party ." But most surprisingly, it was Ecuador who was behind the act. WikiLeaks has confirmed that its founder Julian Assange 's Internet access was cut down in its London embassy by the government of Ecuador on Saturday. The move was in response to the organization's publication of another batch of leaked emails related to US presidential candidate Hillary Clinton. "We can confirm Ecuador cut off Assange's internet access Saturday, 5 pm GMT, shortly after [the] publication of Clinton's Goldman Sachs [speeches]," WikiLeaks tweeted . Assange has been living in Ecuador's London embassy since June 2012, when he was granted asylum by the Ecuador government after a British court ordered his extradition to Sweden to face questioning on a rape allegation.

Don't worry — Julian Assange is alive and kicking! But his Internet connection is dead. Earlier today, Wikileaks tweeted that its co-founder, Julian Assange, had his internet connection intentionally cut by an unidentified " state party ." The non-profit organization said it had " activated appropriate contingency plans ," giving no further explanation. The tweet came after Wikileaks posted a series of three cryptic tweets , each containing a 64-character code. In no time, the tweets sparked bizarre rumors that Julian Assange has died. The tweets referenced Ecuador, Secretary of State John Kerry and the United Kingdom's Foreign Commonwealth Office. What exactly are those Mysterious Wikileaks Tweets? Some users on Twitter, Reddit, and various discussion forums speculated that the tweets in question were the result of a " dead man's switch " that has been triggered in the event of Julian Assange's untimely death. Users on Twitter a

The UK's Signals Intelligence and Cyber Security agency GCHQ has launched its first ever puzzle book, challenging researchers and cryptographers to crack codes for charity. Dubbed " The GCHQ Puzzle Book ," the book features more than 140 pages of codes, puzzles, and challenges created by expert code breakers at the British intelligence agency. Ranging from easy to complex, the GCHQ challenges include ciphers and tests of numeracy and literacy, substitution codes, along with picture and music challenges. Writing in the GCHQ Puzzle Book's introduction, here's what GCHQ Director, Robert Hannigan says: "For nearly one hundred years, the men and women of GCHQ, both civilian and military, have been solving problems. They have done so in pursuit of our mission to keep the United Kingdom safe. GCHQ has a proud history of valuing and supporting individuals who think differently; without them, we would be of little value to the country. Not all are geniuses

Over two months ago, the world's third largest Bitcoin Exchange Bitfinex lost around $72 Million worth of Bitcoins in a major hack. Shortly after the company encountered a $72,000,000 Bitcoin theft, an unnamed Bitfinex user from Cambridge, Massachusetts, filed a police report in September, alleging that $1.3 Million of funds were stolen from his account. Since then the Cambridge police have handed the case over to the FBI, which is working with the Bitcoin exchange as well as European authorities to recover funds stolen from the Bitfinex user, Coindesk reports . The individual claimed that he held $3.4 Million in Bitcoin in his personal wallet hosted by the Bitfinex Bitcoin exchange. But following the August's Bitfinex breach, he was left with $2.1 Million in his account. Bitfinex then notified the individual of his initial loss of approximately $1.3 Million in Bitcoin, but after the company issued IOU tokens as an emergency measure to keep the exchange operating, the l

While some payment card companies like Mastercard have switched to selfies as an alternative to passwords when verifying IDs for online payments, hackers have already started taking advantage of this new security verification methods. Researchers have discovered a new Android banking Trojan that masquerades primarily as a video plugin, like Adobe Flash Player, pornographic app, or video codec, and asks victims to send a selfie holding their ID card, according to a blog post published by McAfee. The Trojan is the most recent version of Acecard that has been labeled as one of the most dangerous Android banking Trojans known today, according to Kaspersky Lab Anti-malware Research Team. Once successfully installed, the trojan asks users for a number of device's permissions to execute the malicious code and then waits for victims to open apps, specifically those where it would make sense to request payment card information. Acecard Steals your Payment Card and Real ID det

Are your internet-connected devices spying on you? Perhaps. We already know that the Internet of Thing (IoT) devices are so badly insecure that hackers are adding them to their botnet network for launching Distributed Denial of Service (DDoS) attacks against target services. But, these connected devices are not just limited to conduct DDoS attacks ; they have far more potential to harm you. New research [ PDF ] published by the content delivery network provider Akamai Technologies shows how unknown threat actors are using a 12-year-old vulnerability in OpenSSH to secretly gain control of millions of connected devices. The hackers then turn, what researchers call, these " Internet of Unpatchable Things " into proxies for malicious traffic to attack internet-based targets and 'internet-facing' services, along with the internal networks that host them. Unlike recent attacks via Mirai botnet , the new targeted attack, dubbed SSHowDowN Proxy , specifically ma

U.S. drones are again in news for killing innocent people. The Air Force is investigating the connection between the failure of its classified network, dubbed SIPRNet, at Creech Air Force Base and a series of high-profile airstrikes that went terribly wrong in September this year. Creech Air Force Base is a secret facility outside Las Vegas, where military and Air Force pilots sitting in dark and air-conditioned rooms, 7100 miles from Syria and Afghanistan, remotely control their " targeted killing " drone campaign in a video-game-style warfare. From this ground zero, Air Force pilots fire missiles just by triggering a joystick on a targeted areas half a world away, as well as operate drones for surveillance and intelligence gathering. Drone operation facility at Creech Air Force Base -- a key base for worldwide drone and targeted killing operations -- has been assigned as ' Special Access Programs ', to access SIPRnet. What is SIPRnet? SIPRNet, or Secret Int