#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

hacking news | Breaking Cybersecurity News | The Hacker News

N.Korea' Kim Jong Un Cartoon Appears on The Pirate Bay, HACKED or SneakyHINT?

N.Korea' Kim Jong Un Cartoon Appears on The Pirate Bay, HACKED or SneakyHINT?

Dec 27, 2014
Surprisingly, from yesterday a cartoon picture of the supreme leader of the Democratic People's Republic of Korea (North Korea) named Kim Jong-un appearing on The Pirate Bay website 's homepage, but WHY? At the beginning of this month, The Pirate Bay — an infamous Torrent website predominantly used to share copyrighted material such as films, TV shows and music files, free of charge — went dark from the internet during a raid operation carried out by Swedish Police. However, a number of clones and rumors of rebirths of the infamous The Pirate Bay (TPB) appeared online, but the official domain of The Pirate Bay ( ThePirateBay.se ) remained inaccessible, until last week. ThePirateBay.se , the official domain of TPB returned to life, but without an archive of torrent files and now showing a ticking clock, with the Jolly Roger (skull and crossbones Pirate flag) waving in the background, and an image with apparently random characters with the filename AES.png , hintin
South Korean Nuclear Power Plant Hacked

South Korean Nuclear Power Plant Hacked

Dec 24, 2014
Koreans have once again gain media attention but this time not as an accused of any kind of hack attack, but as a victim of a severe attack on computers systems at a nuclear power plant in South Korea by an unknown hacker or a group. South Korea was hit by a cyber attack on its nuclear power plant, causing the operator to conduct drills in order to test the ability of the nuclear plant to cope with a full-scale cyber-attack. Although the plant's operator says no critical data has been leaked. The cyber attack came into light after a hacker posted blueprints of nuclear reactors online and threatened further "leaks" unless authorities close down the reactors. According to the South Korean Yonhap News Agency, the hacker was able to access blueprints of reactors, floor maps and other internal information on the plant. Last week with the help of a Twitter account named " president of anti-nuclear reactor group ," the hacker posted leaked data revea
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
BitTorrent Invites Sony to Release 'The Interview' Movie On Its Paid Service

BitTorrent Invites Sony to Release 'The Interview' Movie On Its Paid Service

Dec 23, 2014
Sony was forced to pull the cinema release of " The Interview ," scheduled for Christmas day, after hacker group Guardians of Peace (GOP) threatened to attack any theater that decided to show the film. But the studio will release the controversial North Korean-baiting film via different alternatives. HACKERS WARNED OF TERROR ATTACK The massive hacking attack against Sony Pictures Entertainment is getting worst day by day. The hack has yet exposed about 200 gigabytes of confidential data belonging to the company from upcoming movie scripts to sensitive employees data, celebrities phone numbers and their travel aliases, and also the high-quality versions of 5 newest films leak , marking it as the most severe hack in the History. Week back, the hacker group GOP, who has claimed responsibility for the damaging Sony cyber-attack, demanded Sony to cancel the release of " The Interview " — the Seth Rogen and James Franco-starring comedy centered around a T
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Hackers Can Read Your Private SMS and Listen to Phone Calls

Hackers Can Read Your Private SMS and Listen to Phone Calls

Dec 19, 2014
Security researchers have discovered a massive security flaw that could let hackers and cybercriminals listen to private phone calls and read text messages on a potentially vast scale – no matter if the cellular networks use the latest and most advanced encryption available. The critical flaw lies in the global telecom network known as Signal System 7 that powers multiple phone carriers across the world, including AT&T and Verizon , to route calls, texts and other services to each other. The vulnerability has been discovered by the German researchers who will present their findings at a hacker conference in Hamburg later this month. "Experts say it's increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world's billions of cellular customers," said The Washington Post, which first uncovered flaws in the system earlier this year. NUMBER OF SECURITY FLAWS IN SS7 SS7 or
Router Vulnerability Puts 12 Million Home and Business Routers at Risk

Router Vulnerability Puts 12 Million Home and Business Routers at Risk

Dec 19, 2014
More than 12 million routers in homes and businesses around the world are vulnerable to a critical software bug that can be exploited by hackers to remotely monitor users' traffic and take administrative control over the devices, from a variety of different manufacturers. The critical vulnerability actually resides in web server " RomPager " made by a company known as AllegroSoft , which is typically embedded into the firmware of router , modems and other " gateway devices " from about every leading manufacturer. The HTTP server provides the web-based user-friendly interface for configuring the products. Researchers at the security software company Check Point have discovered that the RomPager versions prior to 4.34 — software more than 10 years old — are vulnerable to a critical bug, dubbed as Misfortune Cookie . The flaw named as Misfortune Cookie because it allows attackers to control the "fortune" of an HTTP request by manipulating cook
Critical Git Client vulnerability Allows Malicious Remote Code Execution

Critical Git Client vulnerability Allows Malicious Remote Code Execution

Dec 19, 2014
Developers running the open source Git code-repository software and tools, like GitHub, on Mac OS X and Windows computers are highly being recommended to install a security update that patches a major security vulnerability in Git clients that leverages an attacker to hijack end-user computers. The critical Git vulnerability affects all versions of the official Git client and all the related software that interacts with Git repositories, including GitHub for Windows and Mac OS X, according to a GitHub advisory published Thursday. HOW GIT BUG WORKS The vulnerability allows an attacker to execute remote code on a client's computer when the client software accesses Git repositories. The GitHub engineering team gave a detailed explanation on how attackers might exploit the vulnerability: "An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution
Global Internet Authority ICANN Has Been Hacked

Global Internet Authority ICANN Has Been Hacked

Dec 18, 2014
The Internet Corporation for Assigned Names and Numbers (ICANN) has been hacked by unknown attackers that allowed them to gain administrative access to some of the organization's systems, the organization confirmed. The attackers used " spear phishing " campaign to target sensitive systems operated by ICANN and sent spoofed emails disguised as internal ICANN communications to its staff members. The link in the emails took the staff to bogus login page, where they provided their usernames and passwords with the keys to their work email accounts. The data breach began in late November 2014 and was discovered a week later, ICANN, which oversees the Internet's address system, said in a release published Tuesday. ICANN is the organization that manages the global top-level domain system. " We believe a 'spear phishing' attack was initiated in late November 2014 ," Tuesday's press release stated. " It involved email messages that we
Anonymous Hacks Swedish Government in Revenge for 'Pirate Bay' Takedown

Anonymous Hacks Swedish Government in Revenge for 'Pirate Bay' Takedown

Dec 17, 2014
An online "hacktivist" group that calls itself Anonymous has claimed responsibility for hacking into email accounts of Swedish government in response to the seizure of world renowned The Pirate Bay website and server by Swedish police last week. Apart from Sweden government officials, the Anonymous hacktivist group also claimed to have hacked into the government email accounts of Israel, India, Brazil, Argentina, and Mexico, and revealed their email addresses with passwords in plain-text. The Anonymous group also left a message at the end of the leak: " Warning: Merry Christmas & a Happy New Year to all!! Bye :* " The hack was announced by Anonymous group on their official Twitter account. The tweet also shared a link of Pastebin where leaked data has been dumped with the list of the emails. The tweet reads: " BREAKING: Emails from Swedish government were hacked in retaliation for the seizure of servers of The Pirate Bay https://pastebin.c
Quantum Encryption Makes Credit Cards Fraud-Proof

Quantum Encryption Makes Credit Cards Fraud-Proof

Dec 17, 2014
Credit card frauds are very common these days – today a data breach occurs in retailer's shop, online shopping site or banking site and at the next moment millions of cards appears in the underground black market – how simple is that for cyber criminals nowadays. But imagine if there is no possible way to hack credit cards and ID cards. Seems like next to impossible, but quantum cryptography ensures that stealing people's personal data will soon be very difficult for hackers and cyber thieves due to an extra layer of verification. SECURE FRAUD-PROOF CREDIT CARDS The research at the University of Twente in Enschede, Netherlands has suggested that " fraud-proof " credit cards are possible to develop using Quantum Physics that will protect users' financial and personal information from hackers. Security researchers describe this extra layer of verification as Quantum-Secure Authentication (QSA) of a " classical multiple-scattering key ." With the
'SoakSoak' Malware Compromises 100,000 WordPress Websites

'SoakSoak' Malware Compromises 100,000 WordPress Websites

Dec 15, 2014
The users of WordPress , a free and open source blogging tool as well as content management system (CMS), are being informed of a widespread malware attack campaign that has already compromised more than 100,000 websites worldwide and still counting. The news broke throughout the WordPress community earlier Sunday morning when Google blacklisted over 11,000 domains due to the latest malware campaign , that has been brought by SoakSoak.ru , thus being dubbed the ' SoakSoak Malware ' epidemic. While there are more than 70 million websites on the Internet currently running WordPress, so this malware campaign could be a great threat to those running their websites on WordPress. Once infected, you may experience irregular website behavior including unexpected redirects to SoakSoak.ru web pages. You may also end up downloading malicious files onto your computer systems automatically without any knowledge. The search engine giant has already been on top of this infection a
Alibaba Marketplace Vulnerability Puts Millions Of Shoppers at Risk

Alibaba Marketplace Vulnerability Puts Millions Of Shoppers at Risk

Dec 12, 2014
Alibaba Group has patched a major security vulnerability in one of its e-commerce portals that exposed account details of tens of millions of Merchants and shoppers to cyber criminals. An Israeli application security firm, AppSec Labs, found a Cross site scripting (XSS) vulnerability in AliExpress, the company's English language e-commerce site that was found vulnerable to similar flaw a week ago that compromised personal information of Alibaba customers. The flaw was fixed shortly after Cybermoon security firm disclosed it to Alibaba. AliExpress is an online marketplace owned by Chinese E-Commerce giant Alibaba.com, also known as Google of China. The company serves more than 300 Million active users from more than 200 countries including the U.S., Russia and Brazil. But the critical vulnerability found by the researcher could allow an attacker to hijack merchant's account. Using AliExpress XSS vulnerability an attacker can inject any malicious payload script as value
Las Vegas Sands' Casino Network hit by Destructive Malware

Las Vegas Sands' Casino Network hit by Destructive Malware

Dec 12, 2014
Sony Pictures Entertainment hack that started at the end of the last month and so far has caused a severe damage to its reputation as well as resources, from internal system shutdown to upcoming movies and scripts leak. Now, a similar cyber attack against Casino operator Las Vegas Sands Corp has been revealed that occurred on February 2014. The cyber attack occurred on this year's February but the details of damages to the casino was not publicized until Bloomberg Businessweek exposed it in a story on Thursday. Hackers crippled thousands of servers and computers across the network of the giant Las Vegas Sands Corp. by wiping them with highly destructive malware. The hack attack was believed to be in response to the statement given by the chief executive officer and largest shareholder of Las Vegas Sands Corp., Sheldon Adelson . On October 2013, the billionaire made a statement at the Manhattan campus of Yeshiva University that Iran should be bombed to get the country to
Smartwatch Hacked... Data Exchange with Smartphone Not So Secure

Smartwatch Hacked... Data Exchange with Smartphone Not So Secure

Dec 11, 2014
We are living in an era of smart devices that we sync with our smartphones and make our lives very simple and easy, but these smart devices that inter-operates with our phones could leave our important and personal data wide open to hackers and cybercriminals. Security researchers have demonstrated that the data sent between a Smartwatch and an Android smartphone is not too secure and could be a subject to brute force hacks by attackers to intercept and decode users' data, including everything from text messages to Google Hangout chats and Facebook conversations. Well this happens because the bluetooth communication between most Smartwatches and Android devices rely on a six-digit PIN code in order to transfer information between them in a secure manner. Six-digit Pin means approx one million possible keys, which can be easily brute-forced by attackers into exposing entire conversations in plain text. Researchers from the Romania-based security firm Bitdefender ca
Sony Pictures Scarier Hack — Hackers Leak Scripts, Celebrity Phone Numbers and Aliases

Sony Pictures Scarier Hack — Hackers Leak Scripts, Celebrity Phone Numbers and Aliases

Dec 10, 2014
The massive hacking attack against Sony Pictures Entertainment has reached a more scarier phase following another huge leak of sensitive, confidential documents revealing celebrity contact details and upcoming film scripts. The so-called Guardians of Peace (GoP) group taking responsibility for the massive hack attack against Sony Pictures Entertainment claimed to have released a new trove of more confidential data including private information of its employees, celebrity phone numbers and their travel aliases, film budgets, upcoming film scripts and many more. By the end of past two weeks before Sony Pictures Entertainment faced cyber attacks that shut down the company's computer system, the group revealed nearly 40 GB of data which contained confidential information of Sony employees such as salaries, addresses, and the US Social Security Numbers. Also, high-quality versions of five newest films distributed by Sony Pictures were also leaked online. On Monday, s
'The Pirate Bay' Goes Down After Swedish Police Raid Server Room

'The Pirate Bay' Goes Down After Swedish Police Raid Server Room

Dec 10, 2014
The Pirate Bay — an infamous Torrent website predominantly used to share copyrighted material such as films, TV shows and music files, free of charge — went dark from the internet on Tuesday after Swedish Police raided the site's server room in Stockholm and seized several servers and other equipment. The piracy site knocked offline worldwide on Tuesday morning and remained unavailable for several hours, but the site appeared back online in the late hours with a new URL hosted under the top-level domain for Costa Rica. Paul Pintér , national coordinator for IP enforcement for the Swedish police, issued only a brief statement on Tuesday, saying that the operation was " a crackdown on a server room in Greater Stockholm" that was "in connection with violations of copyright law. " The raid was also confirmed by Fredrik Ingblad , a prosecutor who specializes in file-sharing cases on behalf of the Swedish government, although he would not share furthe
POODLE SSL Vulnerability Now Attacking TLS Security Protocol

POODLE SSL Vulnerability Now Attacking TLS Security Protocol

Dec 09, 2014
POODLE , a critical SSL flaw discovered in October that was patched and fixed by webmasters around the world after Google alerted software and hardware vendors, has again made its way and this time the vulnerability affects implementations of the newer Transport Layer Security (TLS) protocol . Yes, the serious POODLE vulnerability that affected the most widely used web encryption standard Secure Sockets Layer (SSL) 3.0 has once again returned and is likely to affect some of the most popular web sites in the world — including those owned or operated by Bank of America, the US Department of Veteran's Affairs, and Accenture. POODLE (Padding Oracle On Downgraded Legacy Encryption) flaw, disclosed two months ago by Google security team, allowed attackers to perform Man-in-the-Middle (MitM) attack in order to intercept traffic between a user's browser and an HTTPS website to decrypt sensitive information, like the user's authentication cookies. Now, the dangerous flaw
Powerful Linux Trojan 'Turla' Infected Large Number of Victims

Powerful Linux Trojan 'Turla' Infected Large Number of Victims

Dec 09, 2014
Security researchers have discovered a highly nasty Linux trojan that has been used by cybercriminals in state sponsored attack in order to steal personal, confidential information from government institutions, military and pharmaceutical companies around the world. A previously unknown piece of a larger puzzle called " Turla ," one of the most complex Advanced Persistent Threats (APTs) uncovered by researchers at Kaspersky Lab in August, remained hidden on some systems for at least four years. The malware was notable for its use of a rootkit that made it extremely hard to detect. The German security company G Data believed that Turla campaign is linked to Russia and has in the past exploited a variety of Windows vulnerabilities, at least two of which were zero-days, to infect government institutions, embassies, military, education, research, and pharmaceutical companies in more than 45 countries. Recently, security researchers from Moscow-based Kaspersky Lab
Sony Pictures Employees Receive Threatening Email After Hack

Sony Pictures Employees Receive Threatening Email After Hack

Dec 06, 2014
The massive hacking attack against Sony Pictures Entertainment have reached a totally unbelievable and scary phase as multiple media sources are saying that Sony Pictures employees received e-mails from hackers threatening to harm them and their family members . Said one employee, " It's really crazy and scary. " It seems like matters for Sony Pictures is getting worse with time. Last month hacking attack on Sony Pictures Entertainment made the studio's internal corporate systems offline and spewed confidential information onto the Internet. Hackers group that identifies itself as # GOP ( Guardians of Peace ) claimed responsibility for the hack and apparently stolen reams of internal corporate data as well. Just a week after the cyber-attack on Sony Pictures Entertainment, high-quality versions of five newest films – Annie , Fury , Still Alice , Mr. Turner and To Write Love on Her Arms – distributed by Sony Pictures leaked online during Black Friday.
Cybersecurity Resources