#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

NASA HACKED! AnonSec tried to Crash $222 Million Drone into Pacific Ocean

NASA HACKED! AnonSec tried to Crash $222 Million Drone into Pacific Ocean
Feb 02, 2016
Once again the Red Alarm had been long wailed in the Security Desk of the National Aeronautics and Space Administration ( NASA ). Yes! This time, a serious hacktivism had been triggered by the Hacking group named " AnonSec " who made their presence in the cyber universe by previous NASA Hacks. The AnonSec Members had allegedly released 276 GB of sensitive data which includes 631 video feeds from the Aircraft & Weather Radars; 2,143 Flight Logs and credentials of 2,414 NASA employees, including e-mail addresses and contact numbers. The hacking group has  released a self-published paper named " Zine " that explains the magnitude of the major network breach that compromised NASA systems and their motives behind the leak. Here's How AnonSec Hacked into NASA The original cyber attack against NASA was not initially planned by AnonSec Members, but the attack went insidious soon after the Gozi Virus Spread that affected millions of systems a

They Named it — Einstein, But $6 Billion Firewall Fails to Detect 94% of Latest Threats

They Named it — Einstein, But $6 Billion Firewall Fails to Detect 94% of Latest Threats
Feb 02, 2016
The US government's $6 Billion firewall is nothing but a big blunder. Dubbed EINSTEIN , the nationwide firewall run by the US Department of Homeland Security (DHS) is not as smart as its name suggests. An audit conducted by the United States Government Accountability Office (GAO) has claimed that the firewall used by US government agencies is failing to fully meet its objectives and leaving the agencies open to zero-day attacks. EINSTEIN, which is officially known as the US' National Cybersecurity Protection System (NCPS) and has cost $5.7 Billion to develop, detects only 6 percent of today's most common security vulnerabilities and failed to detect the rest 94 percent. How bad is EINSTEIN Firewall in reality? In a series of tests conducted last year, Einstein only detected 29 out of 489 vulnerabilities across Flash, Office, Java, IE and Acrobat disclosed via CVE reports published in 2014, according to a report [ PDF ] released by the GAO late las

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu

Microsoft Starts automatically Pushing Windows 10 to all Windows 7 and 8.1 Users

Microsoft Starts automatically Pushing Windows 10 to all Windows 7 and 8.1 Users
Feb 02, 2016
As warned last year, Microsoft is pushing Windows 10 upgrades onto its user's PCs much harder by re-categorizing Windows 10 as a " Recommended Update " in Windows Update, instead of an " optional update. " Microsoft launched Windows 10 earlier last year and offered the free upgrade for Windows 7 and Windows 8 and 8.1 users. While the company has been successful in getting Windows 10 onto more than 200 Million devices , Microsoft wants to go a lot more aggressive this year. So, If you have enabled Automatic Windows Update on your Window 7, 8 or 8.1 to install critical updates, like Security Patches, you should watch your steps because… ...From Monday, Windows Update will start upgrading your PC to the newest Windows 10 as a recommended update, Microsoft confirmed. Must Read: How to Stop Windows 7 or 8 from Downloading Windows 10 Automatically . This means Windows 10 upgrade process will download and start on hundreds of millions of d

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

Google Patches Critical Remotely-exploitable Flaws in Latest Android Update

Google Patches Critical Remotely-exploitable Flaws in Latest Android Update
Feb 02, 2016
Google has released the February Security Update for Android that patches multiple security vulnerabilities discovered in the latest version of Android operating system. In total, there were five "critical" security vulnerabilities fixed in the release along with four "high" severity and one merely "moderate" issues. Remote Code Execution Flaw in WiFi A set of two critical vulnerabilities has been found in the Broadcom WiFi driver that could be exploited by attackers to perform Remote Code Execution (RCE) on affected Android devices when connected to the same network as the attacker. The vulnerabilities (CVE-2016-0801 and CVE-2016-0802) can be exploited by sending specially crafted wireless control message packets that can corrupt kernel memory, potentially leading to remote code execution at the kernel level. "These vulnerabilities can be triggered when the attacker and the victim are associated with the same network," read

Hacking Smartphones Running on MediaTek Processors

Hacking Smartphones Running on MediaTek Processors
Feb 01, 2016
A dangerous backdoor has been discovered in the MediaTek processor that could be exploited to hack Android devices remotely. MediaTek is a Taiwan-based hardware company that manufacture hardware chips and processor used in the smartphones and tablets. The backdoor was discovered by security researcher Justin Case , who already informed MediaTek about the security issue via Twitter, as the chipset manufacturer had no proper vulnerability reporting mechanism in place. The vulnerability is apparently due to a debug tool that was opened up for carriers to test the device on their networks, but unfortunately, it was left open in the shipped devices, thus leaving the serious backdoor open to hackers. If exploited, the debug feature could allow hackers to compromise personal data of an Android device, including user's private contacts, messages, photos, videos and other private data. MediaTek acknowledged the issue, saying "We are aware of this issue, and it has bee

Dutch Police Training Eagles to Take Down Rogue Drones

Dutch Police Training Eagles to Take Down Rogue Drones
Feb 01, 2016
You may have seen number of viral entertainment videos on the Internet, titled: Hawk attacks Drone! Angry Bird takes down Quadcopter, and the best one… Eagle attack: Drone Kidnapped by two Eagles, ...showing eagles, not-so-natural predators, attacking and bringing down drones when someone with a camera tries to invade their private airspace. Inspired from this: The  Dutch National Police  force is training eagles to take down rogue drones, instead of shooting them, using radio jammers,  net-wielding interceptor drones  or anti-drone rifle . We already know the role Sniffer Dogs play for Anti-Bomb squads in detecting hidden bombs and weapons. If dogs can be trained, so can eagles. Keeping this in mind, it is the first time any police authority has trained eagles to safely bring down bad quadcopters in emergency cases. Dutch police reportedly collaborated with a raptor training company called 'Guard From Above ', to train eagles to recogni

Default Apache Configuration Can Unmask Tor Hidden Services

Default Apache Configuration Can Unmask Tor Hidden Services
Feb 01, 2016
Attention Tor Onion Hosters! A year old loophole in Apache Web Server, uncovered by an unknown Computer Science Student, could potentially unmask the real identity of .onion-domains and servers hidden behind the Tor-network. Although the loophole was reported on Reddit and to the Tor Project months back, it recently came to the limelight soon after a tweet by Alec Muffet , a well-known security enthusiast and current software engineer at Facebook. What is Tor Hidden (.onion) Service? Dark Web websites (generally known as 'onion services') with a special domain name that ends with .onion, are called Tor Hidden Service and reachable only via the Tor network. Tor Hidden Service is a widely popular anonymity network used by Whistleblowers, Underground Markets, Defense Networks and more in order to maintain secrecy over the Internet. An Onion Website can be hosted on the top of any web servers. But, if you are choosing Apache, then you need to rethink.

How Spy Agencies Hacked into Israeli Military Drones to Collect Live Video Feeds

How Spy Agencies Hacked into Israeli Military Drones to Collect Live Video Feeds
Feb 01, 2016
Featured Image Only. See Original leaked images below. In a joint surveillance program, the US intelligence agency NSA ( National Security Agency ) and the British intelligence agency GCHQ ( Government Communications Headquarters ) hacked into, decrypted, and tracked live video feeds of Israeli Military Drones and Fighter Jets . This could be one of the most shocking and embarrassing disclosures for Israel, who is the United States' ally and prides itself on its technical capabilities. Published by The Intercept, the newly released documents from the former NSA contractor Edward Snowden revealed that in an operation dubbed " Anarchist ," UK and US intelligence officials have been… ...regularly accessing Israeli drone cameras, allowing them to watch live video feeds from drones and fighter jets while Israel bombed Gaza and spied on Syria. But, how the intelligence officials were able to do so. Also Read: Google Wants to Fly Drones Over Your Head

Warning — Popular 'Hot Patching' Technique Puts iOS Users At Risk

Warning — Popular 'Hot Patching' Technique Puts iOS Users At Risk
Feb 01, 2016
Do you know?… Any iOS app downloaded from Apple's official App Store has an ability to update itself from any 3rd-party server automatically without your knowledge. Yes, it is possible, and you could end up downloading malware on your iPhone or iPad. Unlike Google, Apple has made remarkable efforts to create and maintain a healthy and clean ecosystem of its official App Store. Although Apple's review process and standards for security and integrity are intended to protect iOS users, developers found the process time consuming and extremely frustrating while issuing a patch for a severe bug or security flaw impacting existing app users. To overcome this problem, Apple designed a set of solutions to make it easier for iOS app developers to push straightway out hotfixes and updates to app users without going through Apple's review process. Sounds great, but here's the Kick: Malicious app developers can abuse These solutions, potentially allowing th

Google Wants to Fly Drones Over Your Head to Deliver High Speed 5G Internet

Google Wants to Fly Drones Over Your Head to Deliver High Speed 5G Internet
Jan 30, 2016
Would you enjoy If Drones hovering outside your window or above your head, just because it is offering High-Speed Internet Service? Most Americans may simply prefer to "Shoot Down" unwelcome items. Well, Google is working on a similar secret project, codenamed Project Skybender , to beam faster internet service, as fast as 5G , from the air. Google is currently testing multiple prototypes of Solar-powered Internet Drones in the New Mexico desert, as per some documents obtained by the Guardian under public records laws. To ensure security, Google is also said to have installed its own dedicated flight control centre near Spaceflight Operations Center at the Spaceport America facility in the town of Truth or Consequences, New Mexico. Google's Project SkyBender Drones are equipped with millimetre-wave radio transmissions to deliver next generation 5G wireless Internet, up to 40 times faster than 4G LTE systems. Drones  —  Privacy Nightmare
Cybersecurity Resources