The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Security researchers are warning of a new, easy-to-exploit email trick that could allow an attacker to turn a seemingly benign email into a malicious one after it has already been delivered to your email inbox. Dubbed Ropemaker (stands for Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky), the trick was uncovered by Francisco Ribeiro, the researcher at email and cloud security firm Mimecast. A successful exploitation of the Ropemaker attack could allow an attacker to remotely modify the content of an email sent by the attacker itself, for example swapping a URL with the malicious one. This can be done even after the email has already been delivered to the recipient and made it through all the necessary spam and security filters, without requiring direct access to the recipient's computer or email application, exposing hundreds of millions of desktop email client users to malicious attacks. Ropemaker abuses Cascading Style Sheets (CSS) and Hyp

Over 500 different Android apps that have been downloaded more than 100 million times from the official Google Play Store found to be infected with a malicious ad library that secretly distributes spyware to users and can perform dangerous operations. Since 90 per cent of Android apps is free to download from Google Play Store, advertising is a key revenue source for app developers. For this, they integrate Android SDK Ads library in their apps, which usually does not affect an app's core functionality. But security researchers at mobile security firm Lookout have discovered a software development kit (SDK), dubbed Igexin, that has been found delivering spyware on Android devices. Developed by a Chinese company to offer targeted advertising services to app developers, the rogue 'Igexin' advertising software was spotted in more than 500 apps on Google's official marketplace, most of which included: Games targeted at teens with as many as 100 million download

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

It seems like celebrities have not taken their security seriously, which once again resulted in the leaking of personal photographs of more a-listed celebrities. Dozens of personal and intimate photos of Anne Hathaway, Miley Cyrus, Kristen Stewart, Katharine McPhee, golfer Tiger Woods and his ex Lindsey Vonn have reportedly been surfaced on the Internet, and have widely been shared on Reddit, Tumblr and Twitter. The incident comes a few months after " The Fappening 2.0 " surfaced, leaking alleged pictures of many female celebrities, including Emma Watson and Amanda Seyfried on Reddit and 4chan. The latest release of celebs private photos seems to have come after an unidentified hacker or group of hackers has gained access to celebs' Apple iCloud accounts and stolen private iPhone photos and videos. A similar trick was used in the 2014 Fappening incident , where anonymous hackers flooded the Internet with private photographs of major celebrities, including Jennife

While the moon was eclipsing the sun, Google announced the launch of its new mobile operating system called Android 8.0 Oreo in an Eclipse-themed launch event in New York City. Yes, the next version of sugary snack-themed Android and the successor to Android Nougat will now be known as Android Oreo , the company revealed on Monday. Google has maintained the tradition of naming its Android operating system by the names of alphabetically-ordered sugary delights beginning with Android Cupcake and followed by Donut, Eclair, Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, KitKat, Lollipop, Marshmallow and Nougat. The good news is that the Android team has brought several significant features to your smartphone and tablet with the release of Android Oreo to make its mobile platform more secure, fast, power efficient and offer better multitasking. The new updated mobile operating system, which has been available for the last few months in developer beta, will arriv

After hacking social media accounts of HBO and its widely watched show Game of Thrones , a notorious group of hackers calling itself OurMine took control over the official Twitter and Facebook accounts for Sony's PlayStation Network (PSN) on Sunday. After taking over the accounts, OurMine, Saudi Arabian group of hackers which claims to be a "white hat" security firm, posted its first tweet on Sunday evening, claiming to have breached PlayStation Network and stolen its database. The tweet followed by a series of tweets encouraging the company to contact the hacking group through its website to buy its IT security service in an effort to protect itself from future cyber attacks. "PlayStation Network Databases leaked #OurMine," the first tweet by OurMine on the compromised PlayStation Twitter account read.  "No, we aren't going to share it, we are a security group if you work at PlayStation then please go to our website," the followed Twe

More Ethereum Stolen! An unknown hacker has so far stolen more than $471,000 worth of Ethereum—one of the most popular and increasingly valuable cryptocurrencies—in yet another Ethereum hack that hit the popular cryptocurrency investment platform, Enigma . According to an announcement made on their official website an hour ago, an "unknown entity" has managed to hack their website, slack account and email newsletter accounts, and uploaded a fake pre-sale page with a fake ETH address to send money. The hackers also spammed their fake address in Enigma's newsletter and slack accounts for pre-sale coins, tricking victims to send their cryptocurrencies to hacker's address. Etherscan, a popular search engine for the Ethereum Blockchain that allows users to look up, confirm and validate transactions easily, has already flagged the address as compromised, but people are still sending ETH to the fake address (given below). 0x29d7d1dd5b6f9c864d9db560d72a247c178ae86

Biohacking could be a next big thing in this smart world. At the beginning of this month, several dozen employees of Three Square Market (32M) received microchip implants in their hands during a "chip party," allowing them to log into their office computers, open doors, and pay for food and drinks, by simply waving their hands, AP reported . But, biohacking is already becoming common in Russia. It has been reported that a Siberian doctor has already implanted not one, but at least six microchips underneath his skin and turned his body into a multi-functional gadget for doing a number of jobs by just a wave of his hands. Alexander Volchek , who is an obstetrician/gynaecologist in a hospital in the Novosibirsk region in Russia's north, got his first microchip implant in 2014 and since then he acquired a few more and now has a total of six chips under his skin. However, Volchek does not want to stop here and hopes to implant a cryptosystem and a glucometer mic

The new documents leaked by former NSA contractor Edward Snowden has exposed a United States secretive facility located near a remote town in Australia's Northern Territory for covertly monitoring wireless communications and aiding US military missions. The leaked documents have come from the massive trove of classified material stolen by Snowden from the US National Security Agency (NSA) in 2013 that exposed the extent of the US government's global surveillance programs. The newly released classified documents, obtained by The Intercept, contained references to a secretive facility, which was codenamed "Rainfall," but is officially known as the Joint Defence Facility Pine Gap . The documents reveal that the Joint Defence Facility Pine Gap, located outside Alice Springs, deployed cutting-edge satellite technology for detailed geolocation intelligence that helps the US military locate targets for special forces and drone strikes . The use of unmanned air v

If your smartphones, tablets, smart refrigerators, smart TVs and other smart devices are smart enough to make your life easier, their smart behavior could also be leveraged by hackers to steal data, invade your privacy or spy on you, if not secured properly. One such experiment has recently been performed by a team of student hackers, demonstrating a new attack method to turn smart devices into spying tools that could track your every move, including inferring sexual activity. Dubbed CovertBand , the attack has been developed by four researchers at the University of Washington's Paul G. Allen School of Computer Science & Engineering, and is so powerful that it can record what a person is doing through a wall. The CovertBand tracking system makes use of the built-in microphones and speakers—found in smartphones, laptops, tablets, smart assistant and other smart devices—as a receiver to pick up reflected sound waves, tracking the movements of anyone near the audio sourc

The infamous mobile banking trojan that recently added ransomware features to steal sensitive data and lock user files at the same time has now been modified to steal credentials from Uber and other booking apps as well. Security researchers at Kaspersky Lab have discovered a new variant of the Android banking Trojan called Faketoken that now has capabilities to detect and record an infected device's calls and display overlays on top of taxi booking apps to steal banking information. Dubbed Faketoken.q , the new variant of mobile banking trojan is being distributed using bulk SMS messages as their attack vector, prompting users to download an image file that actually downloads the malware. Malware Spy On Telephonic Conversations Once downloaded, the malware installs the necessary modules and the main payload, which hides its shortcut icon and begins monitoring everything—from every calls to launched apps—that happens on the infected Android device. When calls are m