Category Archives: TechNews
GlobalHackNews Is The Popular Blog of IT Security, Cybersecurity, and Latest Hacking News Update. Read Regular News to Improve Your Security.
Facebook’s Zuckerberg announces ‘dead serious’ of Russia, warns defense spending mind tried profits
Facebook CEO Mark Zuckerberg promised he’s “dead serious” regarding crashing down on evil activity on the monstrous social network after the Russia campaign to sow political discord and manipulate the 2016 presidential campaign.
He also warned investors that efforts to secure Facebook will significantly cut into profits.
“We’re bringing the same intensity to these security issues that we’ve brought to any adversary or challenge we’ve faced,” Zuckerberg said. “I’m dead serious about this, and the reason I’m talking about this on our earnings call is that I’ve directed our teams to invest so much in security — proceeding the leader of that additional advances we’re making — that it will significantly impact our profitability going forward, and I wanted our investors to hear that directly from me.”
Zuckerberg made the remarks as Facebook reported its best quarter yet. Extending its profits baking streak, Facebook decapitated Wall Street ratings with third-quarter earnings per share of $1.59 on revenue of $10.3 billion. It was expected to report earnings per share of $1.28 on revenue of $9.8 billion.
Facebook’s chief economic manager David Wehner warned that 2018 is growing up to be a “significant investment year” with operating expenses rising 45% to 50% as the Menlo Park, Calif., company increases security spending, as well as spending on the company’s push to add more video and to grow its augmented and virtual reality business. Subsequent Wehner’s example, pieces dropped more than 1% in after-hours dealing.
Wednesday’s results came right after Facebook wrapped up its third congressional hearing on Capitol Hill where its top lawyer, Colin Stretch, answered questions about the Kremlin-linked Russian influence campaign.
Facebook has 10,000 people working on safety and security issues and plans to add 10,000 more. Negative every one of the people decrees is employees but Facebook did not say how many contractors it would hire.
“We are going to invest in both people and technology,” Zuckerberg said.
Facebook on Wednesday also significantly raised estimates of how many duplicate accounts and fake accounts.
Duplicate accounts — an account that a user maintains in addition to his or her main account — accounts for 10% of Facebook’s nearly 2.1 billion monthly active users, up from 6%. Fake accounts also account that is run by bots, not individuals, realize 2%-3% of accounts, up from 1%, Facebook said.That means more than 200 million accounts are duplicates and as many as 60 million are fake.
Facebook said it raised the estimates based on a new methodology for measuring duplicate accounts and on improvements “to the data signals we rely on.”
That revelation suggests extra questions for Facebook about how secure its data
India had highest number of first-time internet users between 2012-15: UNCTAD
India saw the largest number of people operating online for the first time throughout 2012-15 season between all nations, according to a recent report of the UN Conference on Trade and Development (UNCTAD). About 17.8 crore people went online during this three-year period, which is much more than that of China, Brazil, Japan and neighboring countries of Pakistan and Bangladesh.
The report titled “Measuring the Evolving Digital Economy” that was released last week indicates that this trend of more people going online will spur the purchase of goods and services resulting in greater inclusion and involvement of citizens with the government and economic growth.
According to the report, in many developing countries, nearly half or more of the internet users went online for the first time in the last three years, as in Bangladesh, India, Iran and Pakistan. In Brazil and China, more than 50% people used the internet whereas in India only slightly more than a quarter use it.

google security ‘advanced protection’ is most at-risk hacking targets.
Still, if you stay extra paranoid, Google has just launched its biggest ever security feature, called “Advanced Protection,” which performs it easier for users, who are normally at high risk of targeted online attacks, to lock fluff their Google accounts like never before.
“We took this unusual step because there is an overlooked minority of our users that are at particularly high risk of targeted online attacks,” the company said in a blog post announcing the program on Tuesday.
“For example, these might be campaign staffers preparing for an upcoming election, journalists who need to protect the confidentiality of their sources, or people in abusive relationships seeking safety.”
Also if a hacker anyhow knows your key—using superior phishing attacks, zero-day achievements or spyware—and tries to enter your Google report, they will not be able to get in.To allow Google’s Advanced Protection point, yourself will require two corporeal security passkeys that work with FIDO Universal 2nd Factor (U2F)—which suggests a hardware-based two-factor authentication that does not need deep systems via SMS or emails.
To log into your Google description from a computer or laptop will require a special USB staff while obtaining from a smartphone or folder will similarly require a Bluetooth-enabled dongle, paired with your phone.
“They [security devices] use public-key cryptography and digital signatures to prove to Google that it’s really you,” the post reads. “An attacker who does not have your Security Key is automatically blocked, even if they have your password.”
Google’s Advanced Protection offer three highlights to keep your account secure:
- Physical Security Key: Signing into your account requires a U2F security key, checking other people (even with access to your password) from logging into your account.
- Limit data access and sharing: Enabling this feature allows only Google apps to get access to your account for now, though other trusted apps will be added over time.
- Blocking fraudulent account access: If you lose your U2F security key, the report improvement method will require further steps, “including additional studies and applications for more details about why you’ve lost entrance to your account” to prevent fraudulent account access.
Advanced Protection piece is not produced for everyone, but simply for characters, like announcers, government leaders, and activists, who are at a bigger risk of being targeted by difficulty or complicated hackers and ready to reduce some relief for considerably increased e-mail protection.
Recently, if you require enrolling in the Advanced Protection Program, you will demand Google Chrome, because only Chrome supports the U2F measure for Security Keys. Nevertheless, that technology requires different browsers to incorporate this feature soon.
FBI Arrests A Cyberstalker After Shady “No-Logs” VPN Provider Shared User Logs
Taking down cyber stalkers and criminals is definitely a good thing, and the FBI has truly done a great job, but the VPN company whose first line of the privacy policy is
—“We Do Not monitor user activity nor do we keep any logs”—has literally betrayed its customer’s trust.

Is your VPN also lying to you? Well, it’s the right time to think about this twice.
It’s no secret that most VPN services—which claim to shield your Internet traffic from prying eyes, assuring you to surf the web anonymously—are not as secure as they claim.
In this post-Snowden era, a majority of VPN providers promise that their service is anonymous, with no log policy, but honestly, there is no way you can verify this.
PureVPN Helped the FBI with Logs
A 24-year-old Massachusetts man, Ryan Lin, has been arrested in a Cyberstalking case after one of the largest VPN providers, PureVPN, helped the FBI with information that linked Lin to his alleged cyber crimes.
In an FBI affidavit published last week by the US Department of Justice (DoJ), Lin is accused of stalking and harassing his housemates and former-roommates online while evading local police by using various services like Tor, VPNs, and Textfree.
Lin tormented his former-roommate, Jennifer Smith, for one and a half year after stealing credentials for some of her online profiles from her unlocked MacBook, and other personal files, including photographs, from her iCloud and Google Drive accounts.
According to the affidavit, Lin released Smith’s personal details online (known as ‘doxing’), posted intimate photographs without her face suggesting they were of Smith, and emailed her private information to her contacts, including her family, relatives, and colleagues.
Additionally, Lin allegedly posted fake profiles of her to websites “dedicated to prostitution, sexual fetishes, and other sexual encounters,” shared information about her medical background that she never shared with anyone, and sent “images that likely constitute child pornography” to her family and friends.
Suspect Also Made Bomb, Death and Rape Threats
What’s more? Lin often spoofed Smith’s identity to send bomb, death and rape threats to schools and lone individuals, which even tricked one of her friends into calling the police to her house.
To conduct all these illegal actions and hide his tracks, Lin used various privacy services like ProtonMail, VPN clients, and Tor, anonymised international text messaging services and offshore private e-mail providers.
However, the suspect made a mistake by using a work computer for some of his illegal campaigns. The feds were able to recover some forensic artifacts from his work computer, even though he had been terminated and the OS had been reinstalled on the computer.
In the unallocated space of the system’s hard drive, the FBI found artifacts referencing:
- Bomb threats against local schools.
- Username for TextNow, the anonymous texting service being Lin’s most-visited Website.
- Lin’s name on Protonmail.
- Lin had visited Rover.com (pet sitting site) and FetLife.com which were used in the cyberstalking campaigns.
- Lin repeatedly accessed his personal Gmail account.
- He used PureVPN in the cyberstalking campaign.
Learn more:- Network Programmability Fundamentals – Learn the basics of network programming.
How FBI Investigated the Cyberstalking Case
PureVPN Helped the FBI with LogsThe FBI then managed to obtain logs from PureVPN, which linked himself to the illegal campaigns against Smith and his other former roommates.
“Further, records from PureVPN show that the same email accounts—Lin’s Gmail account and the teleportfx Gmail account—were accessed from the same WANSecurity IP address,” the complaint reads.
And then the complaint goes on to say what would be quite worrying for those who believe VPNs are their best way to protect their activities online:
“Significantly, PureVPN was able to determine that their service was accessed by the same customer from two originating IP addresses: the RCN IP address from the home Lin was living in at the time, and the software company where Lin was employed at the time.”
Being one of the largest and well-known VPN providers, Hong Kong-based PureVPN is used by hundreds of thousands of users across the world, which eventually handed over details which a VPN is supposed to protect against.
Lin was arrested by the authorities on October 5, and if found guilty, he faces up to 5 years in prison and up to 3 years of “supervised release,” according to the DoJ.
Russian hackers allegedly used popular antivirus software to steal NSA secrets
Russian hackers supposedly used popular antivirus software to steal NSA secrets
United States Government has been banned federal agencies from using Kaspersky antivirus software over spying fear?
Though there’s no solid evidence still available, an article published by WSJ requires that the Russian state-sponsored hackers stole highly classified NSA documents from a builder in 2015 with the help of a defense plan created through Russia-based security firm Kaspersky Lab.
Currently, there is no way to independently confirm if the claims on the popular security vendor published by the Wall Street Journal is accurate—and the story does not even prove the involvement of Kaspersky.
“As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight,” Kaspersky said in a statement.
NSA contractor managing with the American intelligence agency, whose identification has not yet been uncovered, reportedly downloaded a reserve of highly classified information from government systems and moved it to a special computer at home, which is a clear violation of known protection procedures.
Ordering few anonymous sources, the Journal says that the targeted computer was running Kaspersky antivirus—the same app the U.S. Department of Homeland Security (DHS) recently banned from all government computer systems over spying fear.
The classified documents taken to home by the contractor contained details about how the NSA breaks into foreign computer networks for cyber espionage operations as well as defends its systems against cyber attacks.
Although what role Kaspersky played in the breach is not entirely clear, US officials believe antivirus scan performed by Kaspersky Lab’s security software on the contractor’s computer helped Russian hackers in identifying the files containing sensitive information.
In response to the WSJ story, Kaspersky CEO Eugene Kaspersky said his company “has not been provided with any evidence substantiating the company’s involvement in the alleged incident. The only conclusion sees to be that Kaspersky Lab is caught in the middle of a geopolitical fight.”
Also, it is not clear exactly how the files were stolen, but it has been speculated that the antivirus’ practice of uploading suspicious files (malware executables) on the company’s server, located in Russia, may have granted the Russian government access to the data.
Another possibility is that Russian hackers stole the confidential data by exploiting vulnerabilities in Kaspersky Lab software installed on the targeted system, according to the person, who asked not to be identified.
“Now, if we assume that what is reported is true: that Russian hackers exploited a weakness in our products installed on the PC of one of our users, and the government agencies charged with protecting national security knew about that, why didn’t they report it to us?” Kaspersky said.
“We patch the most severe bugs in a matter of hours; so why not make the world a bit more secure by reporting the vulnerability to us? I cannot imagine an ethical justification for not doing so.”
This breach of NSA classified files, which is being called “one of the most significant security breaches in recent years,” was occurred in 2015, but detected in 2016.
OK, here is our official statement re the recent article in WSJ. pic.twitter.com/rdH6YcsZBZ— Eugene Kaspersky (@e_kaspersky) October 5, 2017
However, it is not clear whether this security incident has any ties to the Shadow Brokers campaign, an ongoing public leak of NSA hacking tools that many officials and experts have linked to the Russian government.
It is another embarrassing breach for the NSA, which has long struggled with contractor security—starting from Edward Snowden to Harold Thomas Martin and Reality Winner.
Facebook will use facial recognition to unlock your account
Best Method to Crack a Facebook Password & How to Protect Yourself from Them
Reset the Password
- The first step would be to get your friend’s Facebook email login. If you don’t already know it, try looking on their Facebook page in the Contact Info section. Still stuck? Hackers use scraping tools like TheHarvester to mine for email addresses, so check out our guide here to find a user’s email that you don’t already know.
- Next, click on Forgotten your password? and type in the victim’s email. Their account should come up. Click This is my account.
- It will ask if you would like to reset the password via the victim’s emails. This doesn’t help, so press No longer have access to these?
- It will now ask How can we reach you? Type in an email that you have that also isn’t linked to any other Facebook account.
- It will now ask you a question. If you’re close friends with the victim, that’s great. If you don’t know too much about them, make an educated guess. If you figure it out, you can change the password. Now you have to wait 24 hours to login to their account.
- If you don’t figure out the question, you can click on Recover your account with help from friends. This allows you to choose between three and five friends.
- It will send them passwords, which you may ask them for, and then type into the next page. You can either create three to five fake Facebook accounts and add your friend (especially if they just add anyone), or you can choose three to five close friends of yours that would be willing to give you the password.
How to Protect Yourself
- Use an email address specifically for your Facebook and don’t put that email address on your profile.
- When choosing a security question and answer, make it difficult. Make it so that no one can figure it out by simply going through your Facebook. No pet names, no anniversaries — not even third grade teacher’s names. It’s as easy as looking through a yearbook.
- Learn about recovering your account from friends. You can select the three friends you want the password sent to. That way you can protect yourself from a friend and other mutual friends ganging up on you to get into your account.
Method 2Use a Keylogger
How to Protect Yourself
- Use a firewall. Keyloggers usually send information through the internet, so a firewall will monitor your computer’s online activity and sniff out anything suspicious.
- Install a password manager. Keyloggers can’t steal what you don’t type. Password mangers automatically fill out important forms without you having to type anything in.
- Update your software. Once a company knows of any exploits in their software, they work on an update. Stay behind and you could be susceptible.
- Change passwords. If you still don’t feel protected, you can change your password bi-weekly. It may seem drastic, but it renders any information a hacker stole useless.
Method 3Phishing
How to Protect Yourself
- Don’t click on links through email. If an email tells you to login to Facebook through a link, be wary. First check the URL (Here’s a great guide on what to look out for). If you’re still doubtful, go directly to the main website and login the way you usually do.
- Phishing isn’t only done through email. It can be any link on any website / chat room / text message / etc. Even ads that pop up can be malicious. Don’t click on any sketchy looking links that ask for your information.
- Use anti-virus & web security software, like Norton or McAfee.
Method 4Man in the Middle Attack
Apple macOS High Sierra Abuse! Lets Hackers Steal Keychain Passwords in Plaintex.
Ex-NSA hacker and now head of the investigation at security firm Synack found a critical zero-day vulnerability in macOS that could allow any fixed application to steal usernames and plaintext passwords of online accounts stored in the Mac Keychain.
The macOS Keychain is a created-in password control system that helps Apple users securely cache passwords for applications, servers, websites, cryptographic keys and credit card numbers—which can be located using only a user-defined master password Typically no statement can access the contents of Keychain unless the user enters the master password.
“I discovered a flaw where malicious non-privileged code (or apps) could programmatically access the keychain and dump all this data …. including your plain text passwords. This is not something that is supposed to happen! :(patrick wardle.)
The safety flaw actually resides in macOS’s kernel extension SKEL (Secure Kernel Extension Loading) security feature, which was disclosed earlier this month, allowing an attacker to run any third-party at kernel level extension without requiring user approval.
patrick wardle recently posted a proof-of-concept video of the achievement, demonstrating how the hack can be used to exfiltrate every single plaintext password from Keychain without requiring the user to enter the master password.
Steal y0 (macOS) Keychain from patrick wardle on Vimeo..
This video shows whereby a malicious installed application, signed or unsigned, enabled an attacker to remotely steal all the passwords stored in the keychain and does not notify the user of the attack either.
“macOS is intended to be secure by default, and Gatekeeper warns users against installing unsigned apps, like the one shown in this proof of concept, and prevents them from launching the app outdoors explicit approval,” said Apple in a statement released today.
“We assist users to download software only from trusted sources like the Mac App Store and to pay careful attention to security dialogs that macOS presents.”
patrick wardle maintained that he announced the issue to Apple last month, and made the public disclosure when the company planned to release High Sierra without fixing the vulnerability, which not only affects the newest version but also older versions of macOS.
Passwords For 540,000 Car Tracking Devices Leaked Online.
Over 500,000 car tracking devices’ passwords accidentally leaked due to misconfigured cloud server
Download Hacking book free |
