Search results for cyber | Breaking Cybersecurity News | The Hacker News

Android have been a long time target for cyber criminals, but now it seems that they have turned their way towards iOS devices. Apple always says that hacking their devices is too difficult for cyber crooks, but a single app has made it possible for anyone to hack an iPhone. A security flaw in Apple's mobile iOS operating system has made most iPhones and iPads vulnerable to cyber attacks by hackers seeking access to sensitive data and control of their devices, security researchers warned. The details about this new vulnerability was published by the Cyber security firm FireEye on its blog on Monday, saying the flaw allows hackers to access devices by fooling users to download and install malicious iOS applications on their iPhone or iPad via tainted text messages, emails and Web links. MASQUE ATTACK - REPLACING TRUSTED APPS The malicious iOS apps can then be used to replace the legitimate apps, such as banking or social networking apps, that were installed thro

With the growing number of data breaches and cyber attacks, a significant number of companies and organizations have started Bug Bounty programs for encouraging hackers and bug hunters to find and responsibly report vulnerabilities in their services and get rewarded. Now, following the success of the " Hack the Pentagon " and "Hack the Army" initiatives, the United States Department of Defense (DoD) has announced the launch of the "Hack the Air Force" bug bounty program. Hacking or breaking into Defense Department networks was illegal once, but after " Hack the Pentagon " initiative, the DoD started rewarding outsiders to finding and reporting weaknesses in its private networks. "This is the first time the AF [Air Force] has opened up...networks to such a broad scrutiny," Peter Kim, the Air Force Chief Information Security Officer said in a statement. "We have malicious hackers trying to get into our systems every day.&quo

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Friday announced sanctions against an official associated with Hamas for his involvement in cyber influence operations. Hudhayfa Samir 'Abdallah al-Kahlut, 39, also known as Abu Ubaida, has served as the public spokesperson of Izz al-Din al-Qassam Brigades, the military wing of Hamas, since at least 2007. "He publicly threatened to execute civilian hostages held by Hamas following the terrorist group's October 7, 2023, attacks on Israel," the Treasury Department  said . "Al-Kahlut leads the cyber influence department of al-Qassam Brigades. He was involved in procuring servers and domains in Iran to host the official al-Qassam Brigades website in cooperation with Iranian institutions." Alongside Al-Kahlut, two other individuals named William Abu Shanab, 56, and Bara'a Hasan Farhat, 35, for their role in the manufacturing of unmanned aerial vehicles (UAVs) used by Hamas to cond

Following the bloody terror attacks in Paris where over 130 people were killed, the hacktivist collective Anonymous has declared total war against the Islamic State ( IS, formerly ISIS/ISIL ). Anonymous released a video message, posted in French, on YouTube Sunday announcing the beginning of #OpParis , a coordinated campaign to hunt down ISIS's social media channels and every single supporter of the jihadist group online. Also Read:  NO, We Can't Blame Edward Snowden and Encryption for Terror Attacks . The combat mission #OpParis was announced as revenge for the recent ISIS terror attacks that took place in Paris on Friday, November 13, 2015. Anonymous to ISIS: 'We will Hunt you Down!' Behind its signature Guy Fawkes mask, the group's spokesperson speaking in French said, "Anonymous from all over the world will hunt you down. Expect massive cyber attacks. War is declared. Get prepared." "You should know that we will find you, and we will not let yo

With mobile phones virtually taking over the role of a personal computer, the proposed amendments to the Information Technology Act, 2006, have made it clear that transmission of any text, audio or video that is offensive or has a menacing character can land a cellphone user in jail for two years. The punishment will also be attracted if the content is false and has been transmitted for the purpose of causing annoyance, inconvenience, danger or insult. And if the cellphone is used to cheat someone through personation, the miscreant can be punished with an imprisonment for five years. The need to define communication device under the proposed amendments became imperative as the current law is quiet on what kind of devices can be included under this category. The amended IT Act has clarified that a cellphone or a personal digital assistance can be termed as a communication device and action can be initiated accordingly. Accentuated by various scandals that hit the country during the

Gene Simmons v. Anonymous : FBI raids Gig Harbor home in search of hacker who targeted Kiss frontman The FBI has raided the Gig Harbor home of an alleged hacker suspected in a cyber attack against Kiss bassist Gene Simmons. The October attack purportedly conducted by Anonymous – the same hacker group Sony claims crashed the Playstation Network – left the 61-year-old glam rocker's websites down for about a week after he spoke at an anti-online piracy conference. Now, an FBI cyber crime squad has traced the attack to a Gig Harbor home where agents seized computer equipment late last month. In court documents filed with the U.S. District Court in Tacoma, a Los Angeles-based FBI special agent alleged the perpetrator of the attack was "most likely" someone living at the Gig Harbor residence. Writing the court, though, the agent, a member of the Bureau cyber crime unit, stopped short of saying so with certainty. "I believe that someone with access to the computer at the subject r

The Assembly of the Republic of Albania and telecom company One Albania have been targeted by cyber attacks, the country's National Authority for Electronic Certification and Cyber Security (AKCESK) revealed this week. "These infrastructures, under the legislation in force, are not currently classified as critical or important information infrastructure," AKCESK  said . One Albania, which has nearly 1.5 million subscribers, said in a  Facebook post  on December 25 that it had handled the security incident without any issues and that its services, including mobile, landline, and IPTV, remained unaffected. AKCESK further  noted  that the intrusions did not originate from Albanian IP addresses, adding it managed to "identify potential cases in real-time." The agency also said that it has been focusing its efforts on identifying the source of the attacks, recovering compromised systems, and implementing security measures to prevent such incidents from happening again in the future.

India is set to take steps to protect its cyber infrastructure and designate agencies for carrying out offensive cyber attacks on other countries. Indian Government announce the appointment of   first coordinator for The National cyber security agency. Mr. Gulshan Rai , who presently heads the Indian Computer Emergency Response Team (CERT-IN), will be the first coordinator. The move comes at a time when proof shows countries launching cyber attacks not only for intelligence gathering and many nations describing the attacks as an act of war. " The plan is in final stages with certain legal issues being clarified. Among the issues are some objections to the legal powers of the proposed National Critical Information Infrastructure Protection Centre (NCIPC), a command-and-control centre for monitoring the critical infrastructure. NCIPC is to be managed by the technical intelligence agency NTRO (National Technical Research Organisation), and could have all the powers th

Singapore will setup National Cyber Security Centre Singapore has said it will boost its national capability to counter cyber security threats through the setting up of a ' National Cyber Security Centre ' in the coming months. The Centre, which will be headed by the Singapore Infocomm Technology Security Authority, will help the government deal more effectively with cyber security threats and vulnerabilities by enhancing capabilities in early detection and prevention, Deputy Prime Minister Teo Chee Hean said. In his address at the Second Singapore Global Dialogue here yesterday, Teo, who is also coordinating minister for national security and home affairs minister, said a safe and functioning cyberspace was critical to " our society, economy and national security. "

ISIS hackers have hacked tens of thousands of Twitter accounts, including the accounts of the members of CIA and the FBI, in revenge for the US drone strike that killed a British ISIS extremist in August. The Cyber Caliphate , a hackers group set up by British ISIS member Junaid Hussain , urged its supporters and followers to hack Twitter accounts in order to take revenge of Husain's death. Over 54,000 Twitter Accounts Hacked! As a result, the hackers were able to hack more than 54,000 Twitter accounts. Most of the victims targeted by Jihadis appear to be based in Saudi Arabia though some of the them are British. One of the victims based in Saudi Arabia, whose Twitter account was compromised by the ISIS extremists, said, "I am horrified at how they got hold of my details." The extremists not only hacked thousands of Twitter accounts, but they also posted hacked personal information, including phone numbers and passwords, of the heads of: The

Any occasion that captures public attention – regardless of how sensitive – comes out to be an opportunity for spammers and hackers to snatch users' personal information and spread malware , and the tragedy of the crashed Malaysia Airlines flight MH17 is no exception. According to the U.S. intelligence officials, Malaysia Airline Flight MH17, a Boeing 777 aircraft carrying 283 passengers and 15 crew members, was struck by a ground-to-air missile. So far, it's unclear, whether the missile was launched by the Russian military or pro-Russian separatist rebels. Ukraine and the insurgents blamed each other. Spammers and cybercriminals are quick to take advantage of the tragedy and started spreading malware through the social media websites, abusing the mystery behind the crash of Malaysia Airline Flight MH17. Researchers at the anti-virus firm Trend Micro came across some suspicious tweets written in Indonesian language. The cybercriminals are using the trending #MH17 to lu

The wide-ranging adoption of cloud facilities and the subsequent mushrooming of organizations' networks, combined with the recent migration to remote work, had the direct consequence of a massive expansion of organizations' attack surface and led to a growing number of blind spots in connected architectures. The unforeseen  results of this expanded and attack surface  with fragmented monitoring has been a marked increase in the number of successful cyber-attacks, most notoriously, ransomware, but covering a range of other types of attacks as well. The main issues are unmonitored blind spots used by cyber-attackers to breach organizations' infrastructure and escalate their attack or move laterally, seeking valuable information.  The problem lies in discovery. Most organizations have evolved faster than their ability to keep track of all the moving parts involved and to catch up to catalog all past and present assets is often viewed as a complex and resource-heavy task wit

Security researchers have discovered a custom-built piece of malware that's wreaking havoc in Asia for past several months and is capable of performing nasty tasks, like password stealing, bitcoin mining, and providing hackers complete remote access to compromised systems. Dubbed Operation PZChao , the attack campaign discovered by the security researchers at Bitdefender have been targeting organizations in the government, technology, education, and telecommunications sectors in Asia and the United States. Researchers believe nature, infrastructure, and payloads, including variants of the Gh0stRAT trojan, used in the PZChao attacks are reminiscent of the notorious Chinese hacker group— Iron Tiger . However, this campaign has evolved its payloads to drop trojan, conduct cyber espionage and mine Bitcoin cryptocurrency. The PZChao campaign is attacking targets across Asia and the U.S. by using similar attack tactics as of Iron Tiger, which, according to the researchers, si

Ask an expert on cyber espionage and he for sure he will speak of China, the most active and advanced country in this sector, this time a clamorous campaign apparently originated from Korea has been discovered. Security company FireEye collected evidences of a cyber espionage campaign, named " Sanny ", attributable to Korea. FireEye hasn't revealed the real origin of the offensive, it's a mystery which Korea is responsible between North or South Korea, but it confirmed that 80% of victims are Russian organizations and companies belonging to space research industry, information, education and telecommunication. According Ali Islam, security researcher at FireEye declared " Though we don't have full concrete evidence, we have identified many indicators leading to Korea as a possible origin of attack."   The following are the indicators we have so far: 1. The SMTP mail server and CnC are in Korea 2. The fonts "Batang" and "KP CheongPong" used in the

According to report published by for the Defense Department and government and defense industry officials, Chinese hackers have gained access to the designs of many of the nation's most sensitive advanced weapons systems. The compromised U.S. designs included those for combat aircraft and ships, as well as missile defenses vital for Europe, Asia and the Gulf, including the advanced Patriot missile system, the Navy's Aegis ballistic missile defense systems, the F/A-18 fighter jet, the V-22 Osprey, the Black Hawk helicopter and the F-35 Joint Strike Fighter. The report comes a month before President Obama meets with visiting Chinese President Xi Jinping in California. The report did not specify the extent or time of the cyber-thefts, but the espionage would give China knowledge that could be exploited in a conflict, such as the ability to knock out communications and corrupting data. For the first time, the Pentagon specifically named the Chinese government a

We likely all agree that 2020 was a year we won't soon forget - for many reasons. One area particularly impacted last year was (and continues to be) cybersecurity.  While Internet access allowed many businesses to continue functioning during the COVID-19 stay at home requirements, the unprecedented number of people accessing company assets remotely introduced many new challenges for cybersecurity professionals. With a history of leveraging societal maladies to their advantage, cyber criminals leverage the confusion and unpreparedness created by the global pandemic in their cyber attacks.  In just the last two months of 2020, several high-profile organizations and government entities were successfully attacked using clever approaches that were overlooked by cybersecurity experts. Making sense of how attacks have changed and what new defensive strategies should be taken is no easy task. Cybersecurity company Cynet will help by reviewing the 2020 high profile attacks in depth and

At least two federal agencies in the U.S. fell victim to a "widespread cyber campaign" that involved the use of legitimate remote monitoring and management (RMM) software to perpetuate a phishing scam. "Specifically, cyber criminal actors sent phishing emails that led to the download of legitimate RMM software – ScreenConnect (now ConnectWise Control) and AnyDesk – which the actors used in a refund scam to steal money from victim bank accounts," U.S. cybersecurity authorities  said . The joint advisory comes from the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC). The attacks, which took place in mid-June and mid-September 2022, have financial motivations, although threat actors could weaponize the unauthorized access for conducting a wide range of activities, including selling that access to other hacking crews. Usage of remote software by criminal grou

The German software company behind TeamViewer, one of the most popular software in the world that allows users to access and share their desktops remotely, was reportedly compromised in 2016, the German newspaper Der Spiegel revealed today. TeamViewer is popular remote-support software that allows you to securely share your desktop or take full control of other's PC over the Internet from anywhere in the world. With millions of users making use of its service, TeamViewer has always been a target of interest for attackers. According to the publication , the cyber attack was launched by hackers with Chinese origin who used Winnti trojan malware, activities of which have previously been found linked to the Chinese state intelligence system. Active since at least 2010, Winnti advanced persistent threat (APT) group has previously launched a series of financial attacks against software and gaming organizations primarily in the United States, Japan, and South Korea. The group i

The United States could soon have a geek gap on its hands unless it starts graduating more computer science majors.   At time when computer hacking and security have become crucial issues for the government and the private sector, the U.S. is producing only 9,000 computer science graduates a year—of whom only 700 are computer and information systems security majors. That's not nearly enough, when you consider that a single defense contractor, Booz Allen Hamilton, alone needs 1,000 computer security specialists.   Meanwhile, the military is dealing with the rapid onset of cyber warfare. It is becoming increasingly clear that while it is highly unlikely that the United States would be attacked by a military force, the nation's economic system could be vulnerable to a cyber attack. Conversely, the U.S. can use its cyber strength to attack other countries. In September, Iran's nuclear program was disrupted by a computer virus. Although there is no confirmation of who launche

To succeed as a cybersecurity analyst, you need to understand the traits, values, and thought processes of hackers, along with the tools they use to launch their attacks.  During a  webinar called The Hacker Mindset,  a Red Team Researcher shared how you can use some of these tools for your own detection and prevention of breaches. He also demonstrated how an attack takes place using the  Follina exploit  as an example. So, what does "the hacker mindset" mean?  The hacker mindset can be characterized by three core values: a strong sense of curiosity, an adversarial attitude, and persistence.  3 core values of a hacker's mindset  1  —  "Curiosity might have killed the cat, but it had nine lives." Curiosity drives hackers to explore and understand systems, networks, and software in order to identify vulnerabilities. Not only are they constantly seeking new knowledge and skills to improve their abilities and stay ahead of security measures, they're cons