Category Archives: trick

GlobalHackNews Is The Popular Blog of IT Security, Cybersecurity, and Latest Hacking News Update. Read Regular News to Improve Your Security.

Fake Pornhub apps are spreading online to lock you out of your Android device


Fake Pornhub apps are spreading online to lock you out of your Android device

Be careful regarding streaming any of the sexytime videos online on your smartphone– your device force just end up getting locked up and held hostage, but unquestionably not of the kinky sort.

According to cybersecurity organization ESET, fake Pornhub apps are out to affect Android smartphones, barring users out from using them, and then requiring ransom money to set the phone free.

While Pornhub effects surely have an Android app, Google doesn’t permit pornographic content to be hosted on the Play Store. This then led users of the service into looking for the app on the vast web, potentially falling into dangerous and malicious content one way or another.

Including some possibility like sideloading apps on Android, apps are made available via raw APK files. Since there is no official entry for Pornhub on the store, cybercriminals can easily cloak any app as the adult video service, inject malicious code, and then wait for unsuspecting victims to download the app.

If one of the rogue apps is installed, it will first say that it needs to check the phone for viruses before it can play any pornographic videos. However, during this process, it is silently installing a ransomware for Android, which will lock a user out of their device.

The lock screen demanding $100 to settle the case | via ESET
A “police ransomware” lock screen will be displayed subsequently, demanding that the victim pay $100 to be able to unlock the device. The report advances to take legal action should special victim refuse to pay, yet provided that one of the lock screen messages has such bad grammar, as shown above, it can easily be seen that the legal issue is not legitimate.


To be effective to rid this malware for good, ESET notifies victims to start their device in Safe mode, and then revoke the app’s Device Administrator privileges. Once these steps are taken, those infected can now proceed with uninstalling the app through Settings. If all else fails, resetting the device to factory settings is still an option.

With these rogue software in consideration, it pays to stay away from third-party apps as much as possible. Application discretion in sideloading APK files as well, as some might contain malware that can compromise you or your device’s security.

Apple iPhone X: apple iphone x release date and Features or Much More

Apple iPhone X: Its Features And Much More

Apple iPhone X: apple iphone x release date and Features or Much More
Photo By: iPhone

Apple has surprised its fan by introducing a special edition phone, the all-new iPhone X to celebrate.its 10th anniversary. Considered to be the phone of the future generation, the main feature that steals the show towards it is the Face ID Recognition and the new Super Retina display. Having an Apple
A11 Bionic chip in it, it makes iPhone X one of the best phones for now as this chip works really fast. The unique feature is in iPhone X, Apple has provided a full screen and the iPhone button is removed.

Expected to release in November this year, it is a slim model having IOS 11 and 64/256 GB of internal storage with 3GB Ram and A11 Apple Bionic Processor which is far more than enough for a user or an iPhone lover. Apple iPhone X provides a 12 MP Rear camera and 7 MP front camera which is really satisfying for a photo lover as we everyone know the camera quality of the iPhones.
While having introduced Face ID over Touch Id one big question is its Speed and accuracy, Though Apple has said that the Face ID is more accurate, incredibly fast and precise than the Touch ID, it’s merely hard to accept this until one uses this feature practically.

iPhone X supports wireless charging technology for the first time but it's not new for the smartphone the world as in past wireless charging was a specific feature of phones like Google Nexus, Nokia Lumia 1020 and Microsoft Lumia 950 and 950XL. Yet again the Apple’s facial recognition system may be advanced and more precise, but it's not Apple that has introduced this for the first time as facial recognition was first added by Google in its Android phones a way back in 2011. Facial recognition technology happens also to be one of the keys
the feature of Apple’s Rival Samsung’s Note 8, S8 and S8 Plus According to sources, Apple had been planning to build touch ID in the iPhone X’s Screen but had to abandon the idea very recently, due to manufacturing issues.



The iPhone X will be made available in 64GB and 256GB configurations, which will fetch £999 and £1,149 in the UK, respectively. Pricing in the US starts at $999. 

Apple will also make the handset available through its iPhone Upgrade Program, with monthly payments starting at £56.45.

Launching in November this year, it’s been one of the most awaited phones of 2017.

Reliance Jio 4G VoLTE Feature Phone specification #rs=500

Reliance Jio 4G VoLTE Feature Phone specification  #rs=500

India’s very own 4G industry disruptor, Reliance Jio 4G, is going to launch the much awaited 
VoLTE based feature phones in India very soon. The leaks have emerged to show that the product roadmap includes two feature phones with a host of nifty features

According to a report by 91mobiles, who cited unnamed sources, these smartphones are already under production and will be announced soon to the customers. This means that within a couple of months we’ll finally see these basic phones but having 4G LTE in our hands. This also means free calling over LTE network on basic phones.
The company has partnered with both Qualcomm and Spreadtrum to create the processor for these feature phones. These chips will help keep the prices of these phones very low, at the same time they will provide enough juice to the feature phone.

Specifications of the two features phones

  • 4-inch display
  • VoLTE support
  • Qualcomm or Spreadtrum-based processor chips
  • 512MB RAM, 4GB internal memory expandable using microSD cards
  • 2MP rear camera and a VGA front-facing camera
  • WiFi, GPS and NFC support built-in
  • The complete suite of Jio apps pre-installed in the phones
The inclusion of WiFi and NFC will completely shake up the market, as other phones with similar features are priced at almost triple the price of these smartphones. Reliance will keep the price of these smartphones low, at Rs. 999 and Rs. 1,199(depending on the chip).
Even though the manufacturing price of these handsets will be high, Reliance will try to offer them at reasonable rates to gain traction in the market. Micromax, Intex and Lava sell handsets at prices starting from Rs. 3,000 and they will be hurt the maximum by the launch of these products.
Moreover, Nokia recently introduced the Nokia 3310 feature phone, which has similar features, except it does not support VoLTE, WiFi or NFC. This shows the potential Reliance Jio has to disrupt the market.
Reliance wants to sell at least 50 million units in one year, which is quite an ambitious goal but then Jio 4G sim cards have been selling like hot cakes in India. Jio might include some interesting plans with these feature phones to increase the sales.
Let’s wait for the day Reliance announces these phones to the public because it could happen anytime before July 2017. If the phones come at the prices above, then competitors will be easily washed out and there will be dominance of Jio in the feature phone market.

Get $1M for reporting zero-day flaws in Tor to “help Govt fight crime”

Get $1M for reporting zero-day flaws in Tor to “help Govt fight crime”

Usually, a bug bounty program helps companies secure their software and products from zero-day vulnerabilities that can cause massive damage if cybercriminals get their hands on them.
In the record, Zerodium command grants a sum of $1 million to the successful member. But will the group share those zero-day flaws with Tor? Well, possibly not since the company’s Tor Bounty page suggests that some individual goal of launching the special bounty for Tor is to “help our government customers fight crime and make the world a better and safer place for all.”
“While Tor system and Tor Browser are fabulous plans that allow authorized users to adjust their privacy and security on each internet, the Tor network and browser are, in many cases, used by ugly people to conduct activities such as drug trafficking or child abuse,” states Zerodium.
Though Zerodium, an American erudition security organization, and premium zero-day acquisition policies have launched a Tor Browser Zero-Day Bounty; the purpose of which is to get hackers and contract researchers to find zero-day flaws in Tor browser on Tails Linux and Windows running system and report it to the company.
The premium application is disclosed until November of the aforementioned year but depending on that payout, the arrangements may be stopped before the limit date. Extra powerful practice to keep in mind is that while JavaScript exploits are eligible for submission, a hacker with fully functional zero-day exploit without JavaScript will go home with more money.
Zerodium must be promoting bug premium appointments for the last few years. In August, the partnership started memoranda to hack Messenger apps such as Telegram, WeChat, iMessage, WhatsApp, Signal and Facebook Messenger.
Moreover, the assent opinion analysis need rely on private, private, unknown, and unreported zero-days, and must bypass all exploit reductions applicable to each target category. The initial attack vector must be a web page targeting the latest versions of Tor Browser while The whole exploitation process should be achieved silently, without triggering any message or popup, and without requiring any user interaction except visiting a web page.

Get $1M for reporting zero-day flaws in Tor to “help Govt fight crime”
The group also invited hackers to find zero-day flaws in iPhone and remotely hack the device and receive $1,500,000 in return. Moreover, platforms like Windows 10, Chrome, Firefox, and WordPress, etc. are also in line for the hackers to try their skills.

“Nonetheless, because the company has insinuated that these exploits will be shared with government it will be important to see the response from privacy advocates since Microsoft a couple of a months before pushed administration companies for not sharing vulnerabilities with manufacturers and piling up codes of software that can be easily stolen by hackers and exploited for their own unscrupulous gain.
Tor network itself launched its first public bug bonus program back in July this year. Naturally, this premium for which is only $4000 since it’s run by a combination of volunteer-operated servers that enables people to improve their privacy and security on the Internet.

Zerodium Offers $1 Million for Tor Browser 0-Days That It will Resell to Governments

Zerodium—a company that specializes in acquiring and reselling zero-day exploits—just announced that it will pay up to USD 1,000,000 for working zero-day exploits for the popular Tor Browser on Tails Linux and Windows operating system.

Zero-day exploit acquisition platform has also published some rules and payout details on its website, announcing that the payout for Tor exploits with no JavaScript has been kept double than those with JavaScript enabled

It like Tor Browser zero-day achievements are in great need normal now—so many so that someone is willing to pay ONE MILLION dollars.

Tor browser users should take this news an early warning, especially who use Tails OS to protect their privacy.

.The company has also clearly mentioned that the exploit must leverage remote code execution vulnerability, the initial attack vector should be a web page and it should work against the latest version of Tor Browser.

Moreover, the zero-day Tor exploit must work without requiring any user interaction, except for victims to visit a web page.

Another assault vectors so as for express via hateful text is not suitable for this bounty, but ZERODIUM may, at its sole option, make a distinct offer to acquire such exploits.

Zerodium to Sell Tor Browser 0-Days to Law Enforcement Agencies.

The zero-day business has long held a profitable market for private firms that typically offer more payouts for undisclosed vulnerabilities than big technology companies, Zerodium says that it wants to resell the Tor browser exploits to law enforcement agencies to fight crime.

In an FAQ, the company has admitted that it will sell the acquired Tor zero-days to law enforcement agencies, and possibly the commercial malware development companies who sell spyware to governments.

“In many cases, [Tor] used by ugly people to conduct activities such as drug trafficking or child abuse. We have launched this special bounty for Tor Browser zero-days to help our government customers fight crime and make the world a better and safer place for all,” Zerodium said.

Payouts for Tor Browser 0-Day RCE Exploits.

Here is some list of  Zerodium payouts for Tor Browser Exploits:

  • RCE and LPE to Root/SYSTEM for Tor Browser on Tails 3.x (64bit) and on Windows 10 RS3/RS2 (64bit) without JavaScript: $250,000
  • RCE (No LPE) for Tor Browser on Tails 3.x (64bit) and on Windows 10 RS3/RS2 (64bit) without JavaScript: $185,000
  • RCE+LPE to Root/SYSTEM for Tor Browser on Tails 3.x (64bit) and on Windows 10 RS3/RS2 (64bit) with JavaScript: $125,000
  • RCE (No LPE) for Tor Browser on Tails 3.x (64bit) and on Windows 10 RS3/RS2 (64bit) with JavaScript: $85,000
  • RCE and LPE to Root/SYSTEM for Tor Browser on Tails 3.x (64bit) OR on Windows 10 RS3/RS2 (64bit) without JavaScript: $200,000
  • RCE (No LPE) for Tor Browser on Tails 3.x (64bit) OR on Windows 10 RS3/RS2 (64bit) without JavaScript: $175,000
  • RCE and LPE to Root/SYSTEM for Tor Browser on Tails 3.x (64bit) OR on Windows 10 RS3/RS2 (64bit) with JavaScript: $100,000
  • Only RCE (No LPE) for Tor Browser on Tails 3.x (64bit) OR on Windows 10 RS3/RS2 (64bit) with JavaScript: $75,000

Those interested can submit their exploit until November 30th, 2017 at 6:00 pm EDT. This company including that the premium may be canceled ere its close if the total payout to researchers transfers one million U.S. dollars ($1,000,000).  

Google Chrome will warn users of ‘man in the middle’ attack.

Google Chrome will warn users of ‘man in the middle’ attack.
Google Chrome will warn users of ‘man in the middle’ attack.

Looks like Google is finally taking serious measure to secure its most used product the Chrome web browser  And giant have announced that upcoming Chrome 63 browser will be equipped with a new security feature aiming to alert users of ‘man in the middle’ attacks in which an attacker intercepts communication between two systems.

Google Chrome will warn users of ‘man in the middle’ attack.

Coming this year in December, Chrome 63 will send notification after detecting a large number of SSL connection errors implying and the attacker is trying to intercept your system web traffic. The new security measure will also send notifications for malware as well as legitimate applications. That means in case your firewall or anti-virus software fails to detect and notify you or a malware evades anti-virus detection Chrome 63 will have your back.

Behind developing this feature is Sasha Prego who announced the news on Twitter. “Excited to announce my intern project is launching in @Google Chrome M63! New error pages to help users struggling with MITM software,” tweeted Prego‏.

Excited to announce my intern project is launching in @GoogleChrome M63! New error pages to help users struggling with MITM software. ?✨

— Sasha Perigo (@sashaperigo) September 8, 2017

1 error page, we say a user has “misconfigured” software if they Did not  have the root required for the “ man in the middle” attack  program – 2 We check the error code the certificate validator threw, and check fields on the missing cert to see if it is a man of the middle attack  software – 3 This error page will only be shown to users who were already seeing SSL errors. If you’re not seeing SSL errors right now, you’re all good”, Prego.

Google plans to release the Chrome 63 browser on 5th December however you can test the feature on Chrome Canary.

Remember, about six months ago; Google introduced “Safe Browsing” feature for mac-OS that sends a notification to users whenever they visit a malicious website or download a file containing malware. Moreover, Google also launched bug bounty program for Android operating system showing its commitment to a secure mobile operating system. Let’s hope for a secure web. 


Facebook slapped with $1.43 million fine for violating users’ privacy in Spain

Facebook slapped with $1.43 million fine for violating users' privacy in Spain
photo by ::

Facebook is once again in trouble regarding its users’ privacy.
The social media giant has recently been heavily fined once again for a series of privacy violations in Spain.

Recently, Google also incurred a record-breaking fine of $2.7 billion (€2.42 billion) by the European antitrust officials for unfairly manipulating search results since at least 2008.
Now, the Spanish Data Protection Agency (AEPD) has issued a €1.2 Million (nearly $1.4 Million) fine against Facebook for breaching laws designed to protect its people’s information and confidentiality.

According to the data protection watchdog, the social network collects its users’ personal data without their ‘unequivocal consent’ and makes the profit by sharing the data with advertisers and marketers.

The AEPD also found Facebook collects sensitive data on user’s ideology, religious beliefs, sex and personal tastes and navigation—either directly from its own services or through third parties—without clearly informing its users how this information would be used.

This activity constituted a “very serious” infringement of the country’s local data protection law (LOPD), for which the authority fined the company €600,000 ($718,062).

The regulator also identified two “serious” violations of privacy laws, including:
  1. Tracking people through the use of “Like” button social plug-ins embedded in other non-Facebook web pages—for which it is fined €300,000 ($359,049).
  2. Failing to delete data collected from users once it has finished using it, in fact, the company “retains and reuses it later associated with the same user”—which resulted in another €300,000 ($359,049) fines.
The AEPD also said that Facebook’s existing privacy policy contains “generic and unclear terms,” and doesn’t “adequately collect the consent of either its users or nonusers, which constitutes a serious infringement.”
“Users choose which information they want to add to their profile and share with others,” said Sally Aldous, a company spokeswoman. “We do not use this information to target adverts to people.”
While the Spanish agency has become one of the few privacy watchdogs worldwide to issue financial penalties against the social networking giant, the fine represents a mere rounding error to the company’s tens of billions of dollars of revenue generated each year.
In May, the French data protection authority also finds Facebook €150,000 — its maximum fine — for violations similar to what was discovered by its Spanish counterpart. The social network denies any wrongdoing.
Facebook has become a lightning rod for controversy over how it collects and uses people’s online information, as well as its role in disseminating potential fake news and hate speech to users around the globe

Microsoft shrugs off Windows kernel bug that can block malware detection

Microsoft shrugs off Windows kernel bug that can block malware detection

According to a write-up on security blog, Breaking Malware, the bug in the system is a coding error that affects the PsSetLoadImageNotifyRoutine, which is supposed to monitor what modules are loading.“During research into the Windows kernel, we came across an interesting issue with PsSetLoadImageNotifyRoutine which as its name implies, notifies of module loading,” explains the security firm enSilo on its blog.

Microsoft Security Response Center has been sitting on the bug all year bug in the Microsoft Windows kernel can render security tools useless by blocking the detection of malware threats by a system utility written specifically to highlight potential threats to security software
“The thing is, after registering a notification routine for loaded PE images with the kernel the callback may receive invalid image names.
“After digging into the matter, what started as a seemingly random issue proved to originate from a coding error in the Windows kernel itself. This flaw exists in the most recent Windows 10 release and past versions of the operating system, dating back to Windows 2000.”
The bug defeats the purpose of the PsSetLoadImageNotifyRoutine, which is designed to spot malware threats as they make their way through Windows. It is also rather ironic. Bleeping Computer has spoken to one of the security researchers, Omri Misgav, who said that Microsoft did not see the issue as a security problem.
“We did not test any specific security software,” Misgav told Bleeping Computer. “We are aware that some vendors do use this mechanism, however at this point in time we cannot say if and how the use of the faulty [PsSetLoadImageNotifyRoutine] information affects them.”

Samsung wants you to hack its devices and get up to $200,000

Samsung wants you to hack its devices and get up to $200,000
It’s a fact that Android is one of the most vulnerable mobile operating systems and at the same time, people around the world mostly use Samsung’s smartphones. Keeping both facts in mind; this combination makes Android devices a perfect and lucrative target for hackers and cyber criminals.
While Google is implementing security measures to tackle this threat, Samsung has launched a bug bounty program urging hackers and IT security researchers to find critical security flaws and vulnerabilities so the tech giant can fix them before malicious criminal elements get their hand on it.
In return, the company will pay between USD 200 and USD 200,000 for valid reports. An important thing to keep in mind about this bug bounty program is that Samsung will only facilitate reports demonstrating remote attacks, not the physical ones. Also, vulnerabilities found in the third-party application are not eligible for submission.
“Through this rewards program, we hope to build and maintain valuable relationships with researchers who coordinate disclosure of security issues with Samsung Mobile,” said Samsung
 Security vulnerability report must be applied to eligible Samsung Mobile devices, services, applications developed and signed by Samsung Mobile, or eligible 3rd party applications developed for Samsung.

  • Eligible Samsung Mobile Devices in their latest available Android version and firmware:

Samsung wants you to hack its devices and get up to $200,000

  • Galaxy S series (S8, S8+, S8 Active, S7, S7 edge, S7 Active, S6 edge+, S6, S6 edge, S6 Active) 
  • Galaxy Note series (Note 8, Note FE, Note 5, Note 4, Note edge)
  • Galaxy A series (A3 (2016), A3 (2017), A5 (2016), A5 (2017), A7 (2017))
  • Galaxy J series (J1 (2016), J1 Mini, J1 Mini Prime, J1 Ace, J2 (2016), J3 (2016), J3 (2017), J3 Pro, J3 Pop, J5 (2016), J5 (2017), J7 (2016), J7 (2017), J7 Max, J7 Neo, J7 Pop)
  • Galaxy Tab series (Tab S2 L Refresh, Tab S3 9.7)
“We take security and privacy issues very seriously; and as an appreciation for helping Samsung Mobile improve the security of our products and minimizing risk to our end-consumers, we are offering a rewards program for eligible security vulnerability reports,” explained Samsung.

4X Human Traffic To Your Blogger Blog In No Time

4X Human Traffic To Your Blogger Blog In No Time
Photo Credit: : Harsh Agrawal sir 

A few month ago Harsh Agrawal sir showed off his page views for June 2017 and his earnings. Many persons were shocked and someone even said it’s because he has been in the game for long, to an extent TRUE but when you look at it from another perspective it’s FALSE.

Driving such huge traffic of 1.5million to your blog in a month desire you being long in the game, it also requires you to know what to do. Harsh is one of the bloggers I have seen making various research, from proper SEO optimization, to Email Marketing and now his latest trend is Push Notification.

Picking from his words ” If you are looking for one takeaway from this traffic report, it would be focusing on SEO and making sure to offer quality articles to your readers are always good things to do.

Another tip that I can give you is to take advantage of push notifications. Use PushEngage or another similar service as this could be a great source of returning traffic for you.”

For a blogger who received 1.5million page views in a month to make mention of a source and also build more on it that tells you there is power in push notification.

Photo Credit: ShoutMeLoud.comHarsh Agrawal sir 

Push Notification

No nobody read emails sincerely speaking. If I subscribed to your blog on any occasion just know I have never read any of your emails but Push Notifications are unavoidable both mobile push and browser notifications. 

So what is push notification? – These are messages sent to anyone who has accepted to receive notifications from your blog. Instead of, you sending them emails, you simply send them a preview of the post on their browser.When a user is offline, he gets to see it immediately he comes online and when he is online he sees it right away.

Push notification has been one of the die hard source of real human traffic for a blog. To test this out myself and see whether users always clicked on push notification I got myself subscribed to Entclass blog 

My Experience With Push Notification.

Entclass blog is a blog for cheats and technology so to test out how push messages work, I got subscribed to their list hoping to turn down messages but I could not prevent myself from avoiding it.

Whenever I am online, I would receive the message instantly, the compelling titles always made me click and when am offline, I meet the notification ones I log in. That experiment taught me two good things about push notification and with these 2 things you can drive in 4X of your daily blogger blog visitors.

Why your push notification setup failed!.

I have seen many Nigerian bloggers enable the push notification without even knowing how it works, at the end, they fail at it!. Getting traffic is a system that needs you to be creative and wise. There are some things you need to do, to get a head start on your competitors.

Often times we mess things up. You could easily go to one of the websites and set up push notification and at the end, you will fail. simply because you saw someone talking about it and you did not care to know how it works.

Best Push Notification Practices That Drives Traffic.

1. Market your sign in button.

By default, a pop-up box normally shows up asking your users to allow push notification and I know you think that will do the job. You are wrong!. I personally will never accept that because in the world where you have people sending others virus, hijacking bloggers etc. You expect me to just allow such a function?.

The truth here, is many of your readers don’t know what push notification is, most of them feel as if it is spam and this is why you are getting low subscribers daily.

whats the solution? – Educate your audience on it, tell them what that option would do for them and how it can help them get updated instantly, often times promote it just the same way you promote the subscribe here box because it has a potential of driving your blog thousands of daily visitors.

2. Push Titles

If you just copied and pasted the title of your post as the title of your push notification you are getting it all wrong again. Except for the title of your post have been properly optimized for power and SEO don’t use itWhat do I mean? You need a title that can convert for you.

Believe it or leave it, if your title is awful users will just close the box. You need to optimize your push title with positive power words that command people to click. Be specific, keep it short and make sure it properly describe what the blog post is simply about.

3. Daily Updates BandWidth.

The number of messages you send to my browser every day will tell whether I will remain on your list. Some bloggers can post you rubbish!. Send only the important and highly anticipated posts. Not all articles should be sent out, there are some, even you yourself knows can not stand to change to pull a crowd.

News and Gossip bloggers always find good headlines and push always work for them. Explore your blog and share even old posts as long as you know, it can pull a crowd.

2 Free Push Notification Services that actually works.

To round it all up, I will be showing you two great push notifications services that actually work.

  1. PushEngage
  2. Pushify


This free service is awesome and can drive millions of views daily. It is used and endorsed by ShoutMeLoud. I started with it and though not yet certain, I am still experimenting with it. PushEngage is a functional push notification service that can drive traffic from both mobile and desktop browsers.

It has many optin forms, down to a sidebar sliding “Get Notification” box that encourages your users to subscribe.


I recently got to know about this anyway and have not used it because my template is built for AMP and don’t accept external JS. Pushify is one of the very best services with an awesome start up process though I have not used them, I believe they are good at what they do.

Push Notifications Vs FaceBook Sharing

I will keep this short because I know you would love to compare. This seems to be a huge topic which should actually be an article on its own. They both drive in traffic but now it all depends on your subscription list and also on the groups you are sharing your posts.

If you shared a post to a group of 500k persons you don’t expect a subscriber list of just 200 people to drive in more traffic.

But in terms of conversions based on percentage, Push notification converts more even more than email marketing.