The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Imagine a pocket-sized hard drive capable of storing the entire list of 35 Million Songs? This isn't yet practical, but IBM has just taken a big step towards improving computing technology: IBM researchers just discovered a way to store data on a single atom. Data storage is undergoing dramatic evolution, recently researchers successfully stored digital data — an entire operating system, a movie, an Amazon gift card, a study and a computer virus — in strands of DNA. The IBM Research results announced Wednesday that the researchers have developed the world's smallest magnet using a single atom and they packed it with one bit of digital data. Currently, hard drives use about 100,000 atoms to store a single bit of information — a 1 or 0 — using traditional methods. So, this breakthrough could allow people to store 1,000 times more information in the same amount of space in the future applications. Scientists Store 1 Bit of data on a single Atom, whereas modern hard dri

Bought a brand new Android Smartphone? Do not expect it to be a clean slate. At least 36 high-end smartphone models belonging to popular manufacturing companies such as Samsung, LG, Xiaomi, Asus, Nexus, Oppo, and Lenovo, which are being distributed by two unidentified companies have been found pre-loaded with malware programs. These malware infected devices were identified after a Check Point malware scan was performed on Android devices. Two malware families were detected on the infected devices: Loki and SLocker. According to a blog post published Friday by Check Point researchers, these malicious software apps were not part of the official ROM firmware supplied by the smartphone manufacturers but were installed later somewhere along the supply chain, before the handsets arrived at the two companies from the manufacturer's factory. First seen in February 2016, Loki Trojan inject devices right inside core Android operating system processes to gain powerful root privi

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

This week WikiLeaks published "Vault 7" — a roughly 8,761 documents and files claiming to detail surveillance tools and tactics of the Central Intelligence Agency (CIA). The leak outlined a broad range of flaws in smartphones and other devices that the agency uses to intercept communications and spy on its targets, making even China and Germany worried about the CIA's ability to hack all manner of devices. While WikiLeaks promised the "Vault 7" release is less than one percent of its 'Year Zero' disclosure, and there's more to come, we are here with some new developments on the CIA leak. But, before knowing about the latest developments in the CIA hacking tool leak, I would suggest you read my previous piece to know 10 important things about 'WikiLeaks-CIA Leak .' We believe the US intelligence agencies have access to much bigger technical resources and cyber capabilities than the leak exposed in the leak. The dump so far just

The Dutch police have managed to decrypt a number of PGP-encrypted messages sent by criminals using their custom security-focused PGP BlackBerry phones and identified several criminals in an ongoing investigation. PGP, or Pretty Good Privacy, an open source end-to-end encryption standard that can be used to cryptographically sign emails, files, documents, or entire disk partitions in order to protect them from being spied on. You'll be surprised to know how the police actually decrypted those PGP messages. In April last year, the Dutch Police arrested a 36-year-old man on suspicion of money laundering and involvement in selling customized BlackBerry Phones with the secure PGP-encrypted network to criminals that were involved in organized crimes. At the time, the police also seized a server belonging to Ennetcom, the company owned by Danny Manupassa, which contains data of end-to-end encrypted communications belong to a large number of criminal groups. Later, in Januar

Security researchers have discovered a Zero-Day vulnerability in the popular Apache Struts web application framework, which is being actively exploited in the wild. Apache Struts is a free, open-source, Model-View-Controller (MVC) framework for creating elegant, modern Java web applications, which supports REST, AJAX, and JSON. In a blog post published Monday, Cisco's Threat intelligence firm Talos announced the team observed a number of active attacks against the zero-day vulnerability (CVE-2017-5638) in Apache Struts. According to the researchers, the issue is a remote code execution vulnerability in the Jakarta Multipart parser of Apache Struts that could allow an attacker to execute malicious commands on the server when uploading files based on the parser. "It is possible to perform an RCE attack with a malicious Content-Type value," warned Apache. "If the Content-Type value isn't valid an exception is thrown which is then used to display an erro

The secure messaging app used by staffers in the White House and on Capitol Hill is not as secure as the company claims. Confide, the secure messaging app reportedly employed by President Donald Trump's aides to speak to each other in secret, promises "military-grade end-to-end encryption" to its users and claims that nobody can intercept and read chats that disappear after they are read. However, two separate research have raised a red flag about the claims made by the company. Security researchers at Seattle-based IOActive discovered multiple critical vulnerabilities in Confide after a recent audit of the version 1.4.2 of the app for Windows, Mac OS X, and Android. Confide Flaws Allow Altering of Secret Messages The critical flaws allowed attackers to: Impersonate friendly contacts by hijacking an account session or guessing a password, as the app failed to prevent brute-force attacks on account passwords. Spy on contact details of Confide users, incl

Yesterday WikiLeaks published thousands of documents revealing top CIA hacking secrets , including the agency's ability to break into iPhones, Android phones, smart TVs, and Microsoft, Mac and Linux operating systems. It dubbed the first release as Vault 7 . Vault 7 is just the first part of leak series " Year Zero " that WikiLeaks will be releasing in coming days. Vault 7 is all about a covert global hacking operation being run by the US Central Intelligence Agency (CIA). According to the whistleblower organization, the CIA did not inform the companies about the security issues of their products; instead held on to security bugs in software and devices, including iPhones, Android phones, and Samsung TVs, that millions of people around the world rely on. One leaked document suggested that the CIA was even looking for tools to remotely control smart cars and trucks, allowing the agency to cause "accidents" which would effectively be "nearly undetectable assas

Is it wrong to hack back in order to counter hacking attack when you have become a victim? — this has been a long time debate. While many countries, including the United States, consider hacking back practices as illegal, many security firms and experts believe it as "a terrible idea" and officially "cautions" victims against it, even if they use it as a part of an active defense strategy. Accessing a system that does not belong to you or distributing code designed to enable unauthorized access to anyone's system is an illegal practice. However, this doesn't mean that this practice is not at all performed. In some cases, retribution is part of current defense offerings, and many security firms do occasionally hack the infrastructure of threat groups to unmask several high-profile malware campaigns. But a new proposed bill intended to amend section 1030 of the Computer Fraud and Abuse Act that would allow victims of ongoing cyber-attacks to fight

WikiLeaks has published a massive trove of confidential documents in what appear to be the biggest ever leak involving the US Central Intelligence Agency (CIA). WikiLeaks announced series Year Zero , under which the whistleblower organization will reveal details of the CIA's global covert hacking program. As part of Year Zero, Wikileaks published its first archive, dubbed Vault 7 , which includes a total of 8,761 documents of 513 MB ( torrent  | password ) on Tuesday, exposing information about numerous zero-day exploits developed for iOS, Android, and Microsoft's Windows operating system. WikiLeaks claims that these leaks came from a secure network within the CIA's Center for Cyber Intelligence headquarters at Langley, Virginia. The authenticity of such dumps can not be verified immediately, but since WikiLeaks has long track record of releasing such top secret government documents, the community and governments should take it very seriously. CIA's Zero-D

As vast volumes of digital data are created, consumed and shared by companies, customers, employees, patients, financial institutions, governments and so many other bodies, information protection becomes a growing risk for everyone. Who wants to see personal customer purchasing data flying into the hands of strangers? What company can tolerate the pilfering of its intellectual property by competitors? What government can stand idly by while its military secrets are made public? To protect their valuable and private information, organizations purchase numerous cyber security systems – like intrusion detection systems, firewalls, and anti-virus software – and deploy them across their networks and on all their computers. In fact, a typical bank, manufacturer or government department might have dozens of such products operating at all times. Cyber security systems work non-stop to thwart network infiltration and data-theft. Whenever they notice an activity that seems outside the sc