The Hacker News
Google Play Store Launches Bug Bounty Program to Protect Popular Android Apps
October 19th, 2017, 12:29 PM
Better late than never. Google has finally launched a bug bounty program for Android apps on Google Play Store, inviting security researchers to find and report vulnerabilities in some of the most popular Android apps. Dubbed "Google Play Security Reward," the bug bounty program offers security researchers to work directly with Android app developers to find and fix vulnerabilities in their
KRACK Demo: Critical Key Reinstallation Attack Against Widely-Used WPA2 Wi-Fi Protocol
October 19th, 2017, 12:29 PM
Do you think your wireless network is secure because you're using WPA2 encryption? If yes, think again! Security researchers have discovered several key management vulnerabilities in the core of Wi-Fi Protected Access II (WPA2) protocol that could allow an attacker to hack into your Wi-Fi network and eavesdrop on the Internet communications. WPA2 is a 13-year-old WiFi authentication scheme
Enable Google's New "Advanced Protection" If You Don't Want to Get Hacked
October 18th, 2017, 12:29 PM
It is good to be paranoid when it comes to cybersecurity. Google already provides various advanced features such as login alerts and two-factor authentication to keep your Google account secure. However, if you are extra paranoid, Google has just introduced its strongest ever security feature, called "Advanced Protection," which makes it easier for users, who are usually at high risk of
Dangerous Malware Allows Anyone to Empty ATMs—And It’s On Sale!
October 17th, 2017, 12:29 PM
Hacking ATM is now easier than ever before. Usually, hackers exploit hardware and software vulnerabilities to hack ATMs and force them to spit out cash, but now anyone can simply buy a malware to steal millions in cash from ATMs. Hackers are selling ready-made ATM malware on an underground hacking forum that anybody can simply buy for around $5000, researchers at Kaspersky Lab discovered
Learn Ethical Hacking — Get 8 Online Courses For Just $29
October 17th, 2017, 12:29 PM
With the rise in cyber-crimes, ethical hacking has become a powerful strategy in the fight against online threats. In general terms, ethical hackers are authorised to break into supposedly 'secure' computer systems without malicious intent, but with the aim of discovering vulnerabilities to bring about improved protection. Ethical Hackers are now kind of becoming the alchemists of the 21st
Microsoft Kept Secret That Its Bug-Tracking Database Was Hacked In 2013
October 17th, 2017, 12:29 PM
It was not just Yahoo among "Fortune 500" companies who tried to keep a major data breach incident secret. Reportedly, Microsoft had also suffered a data breach four and a half years ago (in 2013), when a "highly sophisticated hacking group" breached its bug-reporting and patch-tracking database, but the hack was never made public until today. According to five former employees of the
Serious Crypto-Flaw Lets Hackers Recover Private RSA Keys Used in Billions of Devices
October 17th, 2017, 12:29 PM
If you think KRACK attack for WiFi is the worst vulnerability of this year, then hold on… ...we have got another one for you which is even worse. Microsoft, Google, Lenovo, HP and Fujitsu are warning their customers of a potentially serious vulnerability in widely used RSA cryptographic library produced by German semiconductor manufacturer Infineon Technologies. It's noteworthy that this
How A Drive-by Download Attack Locked Down Entire City for 4 Days
October 16th, 2017, 12:29 PM
We don't really know the pain and cost of a downtime event unless we are directly touched. Be it a flood, electrical failure, ransomware attack or other broad geographic events; we don't know what it is really like to have to restore IT infrastructure unless we have had to do it ourselves. We look at other people's backup and recovery issues and hope we are smarter or clever enough to keep
Hackers Use New Flash Zero-Day Exploit to Distribute FinFisher Spyware
October 16th, 2017, 12:29 PM
FinSpy—the infamous surveillance malware is back and infecting high-profile targets using a new Adobe Flash zero-day exploit delivered through Microsoft Office documents. Security researchers from Kaspersky Labs have discovered a new zero-day remote code execution vulnerability in Adobe Flash, which was being actively exploited in the wild by a group of advanced persistent threat actors,
Yet Another Linux Kernel Privilege-Escalation Bug Discovered
October 16th, 2017, 12:29 PM
Security researchers have discovered a new privilege-escalation vulnerability in Linux kernel that could allow a local attacker to execute code on the affected systems with elevated privileges. Discovered by Venustech ADLab (Active-Defense Lab) researchers, the Linux kernel vulnerability (CVE-2017-15265) is due to a use-after-free memory error in the Advanced Linux Sound Architecture (ALSA)
Ukraine Police Warns of New NotPetya-Style Large Scale CyberAttack
October 14th, 2017, 12:29 PM
Remember NotPetya? The Ransomware that shut down thousands of businesses, organisations and banks in Ukraine as well as different parts of Europe in June this year. Now, Ukrainian government authorities are once again warning its citizens to brace themselves for next wave of "large-scale" NotPetya-like cyber attack. According to a press release published Thursday by the Secret Service of
New Ransomware Not Just Encrypts Your Android But Also Changes PIN Lock
October 14th, 2017, 12:29 PM
DoubleLocker—as the name suggests, it locks device twice. Security researchers from Slovakia-based security software maker ESET have discovered a new Android ransomware that not just encrypts users’ data, but also locks them out of their devices by changing lock screen PIN. On top of that: DoubleLocker is the first-ever ransomware to misuse Android accessibility—a feature that provides
Scam Alert: Your Trusted Friends Can Hack Your Facebook Account
October 13th, 2017, 12:29 PM
If you receive a message from any of your Facebook Friends asking for urgent help to recover their Facebook account, since they've added you as one of their 'Trusted Contacts'—just don’t blindly believe it. Researchers have detected a new Facebook phishing scam that can even trick an experienced technical user into falling victim to the scam, helping an attacker gain access to your Facebook
Online Training for CISA, CISM, and CISSP Cyber Security Certifications
October 12th, 2017, 12:29 PM
Believe it or not, but any computer connected to the Internet is vulnerable to cyber attacks. With more money at risk and data breaches at a rise, more certified cyber security experts and professionals are needed by every corporate and organisation to prevent themselves from hackers and cyber thieves. That's why jobs in the cyber security field have gone up 80% over the past three years
MS Office Built-in Feature Allows Malware Execution Without Macros Enabled
October 12th, 2017, 12:29 PM
Since new forms of cybercrime are on the rise, traditional techniques seem to be shifting towards more clandestine that involve the exploitation of standard system tools and protocols, which are not always monitored. Security researchers at Cisco's Talos threat research group have discovered one such attack campaign spreading malware-equipped Microsoft Word documents that perform code
Buggy Microsoft Outlook Sending Encrypted S/MIME Emails With Plaintext Copy For Months
October 12th, 2017, 12:29 PM
Beware, If you are using S/MIME protocol over Microsoft Outlook to encrypt your email communication, you need to watch out. From at least last 6 months, your messages were being sent in both encrypted and unencrypted forms, exposing all your secret and sensitive communications to potential eavesdroppers. S/MIME, or Secure/Multipurpose Internet Mail Extensions, is an end-to-end encryption
Israel Hacked Kaspersky, Caught Russian Spies Hacking American Spies, But...
October 11th, 2017, 12:29 PM
The cold cyber war has just turned hot. According to a story published today by the New York Times, Israeli government hackers hacked into Kaspersky’s network in 2015 and caught Russian government hackers red-handed hacking US government hackers with the help of Kaspersky. In other words — Russia spying on America, Israel spying on Russia and America spying on everyone. What the F^#% is
Hackers Steal $60 Million from Taiwanese Bank; Two Suspects Arrested
October 11th, 2017, 12:29 PM
A Taiwanese bank has become the latest to fall victim to hackers siphoning off millions of dollars by targeting the backbone of the world financial system, SWIFT. SWIFT, or Society for Worldwide Interbank Telecommunication, is a global financial messaging system that thousands of banks and commercial organizations across the world use to transfer billions of dollars every day. Hackers
Microsoft Issues Patches For Severe Flaws, Including Office Zero-Day & DNS Attack
October 11th, 2017, 12:29 PM
As part of its "October Patch Tuesday," Microsoft has today released a large batch of security updates to patch a total of 62 vulnerabilities in its products, including a severe MS office zero-day flaw that has been exploited in the wild. Security updates also include patches for Microsoft Windows operating systems, Internet Explorer, Microsoft Edge, Skype, Microsoft Lync and Microsoft
OnePlus Secretly Collects Way More Data Than It Should — Here’s How to Disable It
October 11th, 2017, 12:29 PM
There is terrible news for all OnePlus lovers. Your OnePlus handset, running OxygenOS—the company's custom version of the Android operating system, is collecting way more data on its users than it requires. A recent blog post published today by security researcher Christopher Moore on his website detailed the data collection practice by the Shenzhen-based Chinese smartphone maker, revealing
Watch Out! Difficult-to-Detect Phishing Attack Can Steal Your Apple ID Password
October 10th, 2017, 12:29 PM
Can you detect which one of the above screens—asking an iPhone user for iCloud password—is original and which is fake? Well, you would agree that both screenshots are almost identical, but the pop-up shown in the second image is fake—a perfect phishing attack that can be used to trick even the most careful users on the Internet. Felix Krause, an iOS developer and founder of Fastlane.Tools,
Microsoft Cortana Can Now Read Your Skype Messages to Make Chat Smarter
October 10th, 2017, 12:29 PM
Microsoft today announced built-in support for Cortana—an artificial intelligence-powered smart assistant—in Skype messenger on Android as well as iOS devices. What purpose does it serve? Microsoft wants its AI-based smart assistance to understand your conversations and help you with quick suggestions, ideas and information right inside your chat window. "Cortana can also help you organize
Warning: Millions Of P0rnHub Users Hit With Malvertising Attack
October 10th, 2017, 12:29 PM
Researchers from cybersecurity firm Proofpoint have recently discovered a large-scale malvertising campaign that exposed millions of Internet users in the United States, Canada, the UK, and Australia to malware infections. Active for more than a year and still ongoing, the malware campaign is being conducted by a hacking group called KovCoreG, which is well known for distributing Kovter ad
FBI Arrests A Cyberstalker After Shady "No-Logs" VPN Provider Shared User Logs
October 9th, 2017, 12:29 PM
FBI recently arrested a psycho cyber stalker with the help of a popular VPN service and this case apparently exposed the company's lies about the "no logs" policy. Taking down cyber stalkers and criminals is definitely a good thing, and the FBI has truly done a great job, but the VPN company whose first line of the privacy policy is—"We Do Not monitor user activity nor do we keep any logs"—
Disqus Hacked: More than 17.5 Million Users' Details Stolen in 2012 Breach
October 7th, 2017, 12:29 PM
Another day, Another data breach disclosure. This time the popular commenting system has fallen victim to a massive security breach. Disqus, the company which provides a web-based comment plugin for websites and blogs, has admitted that it was breached 5 years ago in July 2012 and hackers stole details of more than 17.5 million users. The stolen data includes email addresses, usernames,