The Hacker News: Cyber Security, Hacking, Int...

Home

Hacking

Tech News

Cyber Attacks

http://thehackernews.com/search?updated-ma...

Vulnerabilities

Malware

Encryption

Spying

cyber security degree online

Record-Breaking Deal: Dell to Buy EMC for

$67 Billion

Popular Stories
How to Weaponize your

Monday, October 12, 2015

Cat to Hack

Wang Wei

Neighbours Wi-Fi
Passwords
USB Killer v2.0
Latest USB Device that
Can Easily Burn Your
Computer
Google rewarded the
Guy who Accidentally
bought Google.com, But
he Donated it to Charity
British Intelligence
Agency Can Hack Any
Smartphone With Just a
Text Message

Yes, Dell is going to acquire data storage company EMC in a deal worth $67 BILLLLLLION
the largest tech deal of all time. It's record-breaking...

This Secure Operating

Computing giant Dell on Monday nally conrmed that the company is indeed going to
purchase the company for creating what it calls "the worlds largest privately-controlled,
integrated technology company."

Even if You Get Hacked

Most of you might not have heard of EMC corporation, but it is a tech titan that operates
many of the services you use nowadays.
EMC oers data center storage and data processing for big technology companies, and
now it is been acquired by Dell.
"The combination of Dell and EMC creates an enterprise solutions powerhouse
bringing our customers industry leading innovation across their entire technology
environment," Michael Dell, CEO and chairman of Dell, said in a statement.
The acquisition will benet Dell to create a new company that will sell a broad range of
both consumer as well as IT products, including:
Personal computers
Servers and data storage services for use in corporate data centers
Virtualization software that allows those data centers to run eiciently

System Can Protect You

Google Secretly Records

Your Voice Here's
How to Listen and
Delete It
This Guy Builds A
Thor-Like Hammer that
Only He Can Pick Up
Critical Netgear Router
Exploit allows anyone to
Hack You Remotely

EMC stockholders will receive about $27.25 per share in cash and a tracking stock in
VMware, a cloud software company bought by EMC in 2004, all of which will be worth
$33.15 per share.
However, VMware Inc. will remain an independent, publicly trading company under EMC
on the New York Stock Exchange (NYSE).

THN Weekly RoundUp 12 Hacking Stories

Collision Attack: Widely

Used SHA-1 Hash
Algorithm Needs to Die
Immediately
How to Activate
GodMode in Windows

You Dont Want To Miss This Week

10

Sunday, October 11, 2015

Swati Khandelwal
Here we are with our weekly roundup, showcasing last week's top cyber security threats
and challenges.

Ground Zero

Just in case you missed any of them (ICYMI), THN Weekly Round-Up helps you provide
all important stories of last week in one shot.
We advise you to read the full story (just click Read More because there's some valuable
advice in it as well).
Here's the list:
1. Facebook to Launch Its Own Satellite to Beam Free Internet
Facebook has revealed its plans to launch a $500 Million Satellite by next year in an
eort to provide free or cheap Internet access in the developing countries.
The

1 di 9

social

network

giant

has

teamed

up

with

the

French

satellite

14/10/2015 18:14

The Hacker News: Cyber Security, Hacking, Int...

http://thehackernews.com/search?updated-ma...

provider Eutelsat Communications to beam free Internet access to several parts of

countries in Sub-Saharan Africa.
For detailed information on Facebooks Satellite Project Read more
2. Angler Exploit Kit Campaign Generating $30 Million Took Down
Researchers took down a large ransomware campaign connected to the Angler Exploit
Kit that was making an estimated $30 Million a year in revenue for hackers.
The hacker or group of hackers generating $30 Million annually is responsible for up to
50% of Angler Exploit Kit activity, which simply means that the rest of Angler kit business
might be generating revenue of more than $60M annually for hackers worldwide.
For more information Read more
3. This Secure Operating System Protects You Even if You Get Hacked!
Qubes OS an open-source Linux-based security-oriented operating system for personal
computers runs everything inside the virtual machines.
The visualization mechanism of Qubes OS follows Security by Isolation (Software
Compartmentalization) principle to secure the systems, which means, enabling the
Principle of least privileges.
So, in case you become a victim of any malicious cyber attack, Qubes OS doesn't let an
attacker take over your entire computer.
For in-depth information on Qubes OS Read more
4. How to Activate GodMode in Windows 10

God Mode also known as 'Windows Master Control Panel Shortcut' is an inbuilt, but
hidden Windows' feature that provides additional customization options for the Microsofts
newest operating system.
Enabling God Mode in Windows 10 essentially unlocks a backdoor of the operating system
to access 260+ additional settings from a single folder.
To know how to activate GodMode in Windows 10 Read more
5. British Agency Can Hack Any Smartphone With Just a Text Message
The British Intelligence Agency GCHQ has powers to hack any smartphone devices with
just a text message, said the former NSA contractor and global surveillance whistleblower
Edward Snowden.
According to Snowden, GCHQ have special tools that let it take over your smartphones

2 di 9

14/10/2015 18:14

The Hacker News: Cyber Security, Hacking, Int...

http://thehackernews.com/search?updated-ma...

with just a text message and there is "very little" you can do to prevent the spying agency
having "total control" over your devices.
For the full interview of Edward Snowden with BBC investigative programme Panorama
Read more
6. Kemoge: Latest Android Malware that Can Root Your Smartphone
A new strain of malware, dubbed 'Kemoge Malware', has made its debut as an Adware on
Android devices, allowing third-party app stores to pilfer your device's information as well
as take full control of it.
Kemoge is an Adware in the disguise of popular Android Apps. The malware is distributed
in the names of popular apps, but actually repackages the malicious code that even has the
capability to root victims phones, targeting a wide range of device models.
For more information on How does Kemoge Work and How to protect against it Read
more
7. Microsoft Rewarded $24,000 Bounty to Hacker
Synack security researcher Wesley Wineberg won $24,000 from Microsoft for nding and
reporting a critical aw in Microsofts Live.com authentication system that could allow
hackers to gain access to victims complete Outlook account or other Microsoft services.
Wineberg developed a proof-of-concept exploit app, named 'Evil App', that allowed him to
bypass Microsofts OAuth protection mechanism, eectively gaining access to everything in
victim's account.
For detailed information and video demonstration Read more
8. End of the Most Widely used SHA-1 Hash Algorithm

One of the Internet's widely adopted cryptographic hash function SHA-1 is counting its last
breaths.
Researchers have claimed that SHA-1 is vulnerable to the Collision Attacks, which can be
exploited to forge digital signatures, allowing attackers to break communications encoded
with SHA-1.
For in-depth information on Collision attacks and how does it work Read more
9. Brute Force Amplication Attack Targeting WordPress Blogs
Security researchers have discovered a way to perform Amplied Brute Force
attacks against WordPress' built-in XML-RPC feature in an eort to crack down
administrator credentials.
XML-RPC protocol is used for securely exchanging data between computers across the
Internet. It uses the system.multicall method that allows an application to execute
multiple commands within one HTTP request.
The same method has been abused to amplify Brute Force attacks many times over by
attempting hundreds of passwords within just one HTTP request, without been detected.
Here's how the Brute Force Amplication attack works Read more
10. China Arrested Hackers at U.S. Government Request
Just two weeks before Chinese President Xi Jinping visited the United States; China
arrested a handful of hackers within its borders at the request of the United States
government.
The arrested hackers were suspected of stealing state commercial secrets from United
States rms and then selling or passing them to Chinese state-run companies.
For detailed information Read More
11. One-Minute Owner of Google.com Donated his Reward to Charity
The man who actually managed to buy Google.com got a huge reward from Google, but he
donated all his prize money to charity.
Sanmay Ved, an ex-Google employee and now-Amazon employee, managed to buy the

3 di 9

14/10/2015 18:14

The Hacker News: Cyber Security, Hacking, Int...

http://thehackernews.com/search?updated-ma...

world's most-visited domain via Google's own Domains service for only $12.
However, Ved owned Google.com for one minute before the company realized it was a
mistake and cancelled the transaction.
For in-depth information Read More
12. Critical Netgear Router Flaw Lets Anyone Hack You Remotely

Hackers have publicly exploited a serious aw discovered in Netgear routers in order to

bypass authentication mechanism on vulnerable routers.
Hackers could leverage the vulnerability to bypass authentication mechanism and then
change the Domain Name System (DNS) settings of victims' routers to the rogue IP
address.
The aected Netgear routers are JNR1010v2, JWNR2000v5, JWNR2010v5, WNR614,
WNR618, WNR1000v4, WNR2020 and WNR2020v2.
For more details Read more

Apple Kicks Out some Malicious Ad-Blocker

Apps from its Online Store
Saturday, October 10, 2015

Khyati Jain

Apple has removed several apps from its oicial iOS App Store that have the ability to
compromise encrypted connections between the servers and the end-users.
Apple has oicially said:
We have removed a "few" apps from the iOS App Store that could install root
certicates and allow monitoring your data.
It's like- they have analyzed and admitted that they lacked in the auditing of the App Store
hosted Apps.
The company is also advising its users to uninstall the malicious apps from their iPhones,
iPads and iPods in order to prevent themselves from monitoring, though it has yet to name
the oending apps.
App Store Apps Spy on Encrypted Traic
The challenge that stood before Apple was, they discovered that "few" of the Apps in the
iOS App Store were capable of spying on the users by compromising SSL/TLS security
solutions of their online communication.

4 di 9

14/10/2015 18:14

The Hacker News: Cyber Security, Hacking, Int...

http://thehackernews.com/search?updated-ma...

Root certicates are the fundamental part of how encrypted connections like HTTPS verify
the site users are connecting to and creating a secure environment for them to get access
to various resources. Their updates also happen on a timely basis.
Root certicates allow public key encryption to browsers and other services to validate
certain types of encryption and ensure that user is redirected to that website or server that
he requested.
However, in Apple's case, the fraudulent apps were acting as an interface between the
secure connections and exposing all private Internet traic of the user.
However, to get rid of the problem, Apple has removed various apps from their App Store
that could decrypt the "Encrypted Connection" between the user and the server to which
the user is connected to.
Apple Yet to Disclose the names of Oending App
Apple did not disclose the names of such Apps, instead said that there are few of them with
bitter intents and for which, they left the users displeased, as:
They want the users to uninstall the Apps, but which ones to remove they are least
bothered.
Also, they have given directions for "How to delete an app that has a conguration prole
on your iPhone, iPad, or iPod touch," on their support page, but
...Does that make any dierence?
As how are the people going to identify which Apps to uninstall!
Furthermore, in a similar incident developer of an app commonly known as Been Choice
was removed from the iOS store, consequently the developer posted on Twitter about they
being Pulled O from iOS store and mentioned that:
"We'll remove ad blocking for FB, Google, Yahoo, and Pinterest apps."
Therefore, it can be assumed that Been Choice's, Ad-blocker app which functioned in such
a way that it installs root certicates in order to block ads inside apps, might be gathering
private details of the user through ad blocking facility via installing root certicates.
One thing is important to note here, which is- Apple allowed such Apps that were installing
Root certicates on the users' device.
Meanwhile, all the iPhone, iPad and iPod touch device holders are requested to uninstall
any suspicious app from there device; until Apple reveals the names of those apps.

Critical Netgear Router Exploit allows anyone

to Hack You Remotely
Friday, October 09, 2015

Khyati Jain

Yes, NETGEAR Routers have once again become a victim of DNS Monitoring, potentially
aecting 11,000 Devices.
This week, we reported about a Vigilante Hacker, who protected users by installing
malware on their Wi-Fi routers, forcing them to use a secure password.
Now within few days, a security researcher has discovered a serious vulnerability in
Netgear routers that has been publicly exploited by hackers.
The critical aw could allow hackers to bypass authentication mechanism and change the
Domain Name System (DNS) settings of victims' routers to the malicious IP address.
[Exploit Code]
A security researcher, named Joe Giron, gave the details of his experience to BBC, saying
that he noticed some anonymous activities in his machine and on investigating he learned
that:
The admin settings on his personal router have been modied on 28

5 di 9

14/10/2015 18:14

The Hacker News: Cyber Security, Hacking, Int...

http://thehackernews.com/search?updated-ma...

September.
Specically, Domain Name System (DNS) settings on his router were changed to a
suspicious IP address.
As an outcome of which the hacked router was sending web browsing data to a malicious
Internet address.
"Normally I set mine to Google's [IP address], and it was not that, it was something
else," Giron said. "For two or three days all my DNS traic was being sent over to
them."
Aected Netgear Routers
JNR1010v2
JWNR2000v5
JWNR2010v5
WNR614
WNR618
WNR1000v4
WNR2020
WNR2020v2
Giron contacted Netgear about the serious issue, to which they replied that the
vulnerability discovered their products is 'serious,' but "aects fewer than 5,000 devices."
Further, Giron switched o his router to avoid anymore mishappenings.
Is it Serious Flaw...?
In another statement, Jonathan Wu, senior director of product management at Netgear
said, "Is it serious? Yes, it denitely is."
Currently, any patch is not available for the rmware on the aected devices. However,
Netgear assures its users that the company will release a patch by October 14 to x the
issue.
Therefore, we would suggest all the Netgear router's users not to use their devices, until
the vulnerability is patched; as you might be one of those 5000.
Grab more information about DNS Spoong and Router Hacks and Vulnerabilities,
and Follow Us!

CyberSpace China arrested Hackers at U.S.

Government Request
Friday, October 09, 2015

Swati Khandelwal

For the very rst time in history, China has arrested hackers within its borders at the
request of the United States government.
The helping hands of China made me remind of recent Hollywood movie, The Martian, in
which China's CNSA helped the United States' NASA to rescue astronaut Mark Watney who
was mistakenly presumed dead and left behind on the planet Mars.
Although China did not rescue anyone, rather it did arrest, but the point is China helped
the United States.
Just two weeks before Chinese President Xi Jinping visited the U.S., the Chinese
government took unprecedented step by complying with a United States request and
arresting a handful of hackers within its borders, anonymous U.S. oicials told the
Washington Post.
The arrested hackers were suspected of stealing commercial secrets from U.S. rms
and then selling or passing on those secrets to Chinese state-run companies.

6 di 9

14/10/2015 18:14

The Hacker News: Cyber Security, Hacking, Int...

http://thehackernews.com/search?updated-ma...

The hackers were part of a wanted list drawn up by the U.S. intelligence and law
enforcement agencies.
An unknown source familiar with the matter said Obama administration oicials told
China, "We need to know that you are serious. So we gave them a list, and we said
'Look, here's the guys. Round them up.'"
Is the Arrest an Empty Gesture?
At the moment, there is no publicly available information related to the arrests about who
exactly was arrested or what punishments they face but
The U.S. oicials are now hoping for public trials to see whether the China will follow
through prosecutions, or whether these arrests will be nothing more than an empty gesture
intended to rectify tensions with the U.S.
The arrests are believed to be part of the recent cyber deal the US President Barack
Obama struck with Chinese President Xi Jinping last month, in which both the nations
agreed that neither side will participate in commercial espionage against one another.
Though the arrests indicate a promising step towards a better relationship between China
and the United States, the real test will be how long the Chinese government can stick to
the agreement.
No let's see, would America do the same on China's request? Hit the comments below.

Obama Encryption Policy: White House Will

Not Force Companies To Decode Encrypted
Data
Friday, October 09, 2015

Khyati Jain

After the revelations that Whistleblower Edward Snowden made about the United States
National Security Agency (NSA), the U.S. citizens are in need of more transparent digital
security.
The Citizens of the United States have appealed to the Obama Administration through a
campaign for rejecting any policy, mandate or law that stands against their security in the
cyberspace and adopt strong encryption for them.
The Washington Post reported that the Obama Administration has agreed partially on the
encrypted communications issue.
"The administration has decided not to seek a legislative remedy now, but it makes
sense to continue the conversations with industry," James B. Comey, FBI Director,
said at a Senate hearing Thursday of the Homeland Security and Governmental
Aairs Committee.
This decision is considered as the Status Quo. It is like a win-win situation to decrease the
tension because of the Petition and regard the law enforcement agencies as well as the
citizens.
What does the Law Enforcement want?
The Law Enforcement Agencies (LEA) nd it diicult to assess the encrypted information
that they get from gaining access to the communications of criminals, terrorists and spies.
Even the state and local agencies investigating crimes like child kidnappings and car
crashes nd it diicult in the digital era with the increase in pieces of evidence that are
electronic devices they cant access without a search warrant.
Further, if the cyber criminal "Pleads the Fifth," it becomes more challenging for the LEA.
What do the Citizens need?
The Citizens of the United States have stood up for a temporary alliance, where they are

7 di 9

14/10/2015 18:14

The Hacker News: Cyber Security, Hacking, Int...

http://thehackernews.com/search?updated-ma...

petitioning the President for privacy, security, and integrity of their communications and
systems.
The campaign initiated by the U.S. citizens requires participation of their fellow citizens by
signing the petition on the website Savecrypto.org, and the stats say they need 50,000
more number of participation from the people.
If they reach a majority of 100,000, then they will get a reply from the White House. Also, if
they get more than 370,000 votes, it will be the most popular WhiteHouse.gov petition
ever.
How Encryption comes into Play?
Companies that provide encryption are the ones that reside in between both the primary
entities (LEA and Citizens) because they are ones allowing us to encrypt our information
over:
Voice or Text communication
Any electronic Device
In the matter of text, the companies oer encryption in which the only persons who can
read that message are the sender and the receiver.
Whereas, in the case of a device, only its owner has the access to the device's data.
However, the companies themselves leave 'backdoors' or keys to decrypt that data for
the government, even if served with search warrants or intercept orders.
As, decoding the communication is a challenging task for the LEA, certain members of
Congress and the FBI want to force these companies to give the government special access
to the citizens
data.
And to achieve this they want these companies to:
Build security vulnerabilities
Give them a "golden key" to unlock the citizens encrypted communications.
However, the "security experts agree that it's not possible to give the government what it
wants without creating vulnerabilities that could [even] be exploited by bad actors," quoted
the Savecrypto.org.
It's like having no meaning of "Encryption" and "Security."
If this is the way Obama Administration is going to handle the Encryption policy for
communications for the citizens, it would be a No-win situation.
The decision was declared at a Cabinet meeting on October 1, 2015, and, as the president
has said, the US will "work to ensure that malicious actors can be held to account
without weakening our commitment to strong encryption."
National Security Council spokesman Mark Stroh also replied and said, "As part of
those eorts, we are actively engaged with private companies to ensure they
understand the public safety and national security risks that result from malicious
actors' use of their encrypted services and products."
To know more about NSA's background, follow The Hacker News.

Google rewarded the Guy who Accidentally

bought Google.com, But he Donated it to
Charity
Friday, October 09, 2015

Swati Khandelwal

Sanmay Ved the man who actually managed to buy Google.com got a huge reward from
Google, but he donated all money to charity.
Last week, an ex-Google employee and now-Amazon employee managed to buy the world's
most-visited domain Google.com via Google's own Domains service for only $12.

8 di 9

14/10/2015 18:14

The Hacker News: Cyber Security, Hacking, Int...

http://thehackernews.com/search?updated-ma...

However, Ved owned Google.com for one whole minute before the Mountain View company
realized it was a mistake and cancelled the transaction.
After acknowledging the mistake, Google rewarded Ved with some unknown amount of
cash, but when Ved generously suggested donating his prize money to charity instead,
Google just doubled the reward.
Google Rewarded Ved with More than $10,000
Ved believed that his real reward was just being the person who bought Google.com for a
whole minute.
"I do not care about the money," Ved told in an interview with Business Insider. "It
was never about the money. I also want to set an example that [there are] people who
[wish] to nd bugs that it's not always about the money."
Ved donated his reward to "The Art of Living India," an Indian foundation that focuses on
providing education to poorer areas of the country.
Ved did not disclose the exact sum of cash Google had awarded him, but he did say that the
amount was more than of $10,000.
That is a lot for just a few clicks!

Prev Page

About

9 di 9

Next Page

| THN Magazine | The Hackers Conference | Sitemap | Advertise on THN | Submit News | Privacy Policy | Contact

14/10/2015 18:14