#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Vevo Music Video Service Hacked — 3.12TB of Internal Data Leaked

Vevo Music Video Service Hacked — 3.12TB of Internal Data Leaked

Sep 16, 2017
OurMine is in headlines once again—this time for breaching the popular video streaming service Vevo . After hunting down social media accounts of HBO and defacing WikiLeaks website , the infamous self-proclaimed group of white hat hackers OurMine have hacked Vevo and leaked about 3.12 TB worth of internal files. Vevo is a joint venture between Sony Music Entertainment, Universal Music Group, Abu Dhabi Media, Warner Music Group, and Google's parent company Alphabet Inc. OurMine managed to get hold of Vevo's "sensitive" data including its internal office documents, videos and promotional materials after the hacking collective successfully hacked into the Vevo servers. The group then posted the stolen documents (approximately 3.12 terabytes) from Vevo on its website on late Thursday, though OurMine removed the stolen information from its website on Vevo's request. Although it's not clear what prompted OurMine to hack Vevo, the group noted on its
Yet Another Android Malware Infects Over 4.2 Million Google Play Store Users

Yet Another Android Malware Infects Over 4.2 Million Google Play Store Users

Sep 15, 2017
Even after so many efforts by Google, malicious apps somehow managed to fool its Play Store's anti-malware protections and infect people with malicious software. The same happened once again when at least 50 apps managed to make its way onto Google Play Store and were successfully downloaded as many as 4.2 million times—one of the biggest malware outbreaks. Security firm Check Point on Thursday published a blog post revealing at least 50 Android apps that were free to download on official Play Store and were downloaded between 1 million and 4.2 million times before Google removed them. These Android apps come with hidden malware payload that secretly registers victims for paid online services, sends fraudulent premium text messages from victims' smartphones and leaves them to pay the bill—all without the knowledge or permission of users. Dubbed ExpensiveWall by Check Point researchers because it was found in the Lovely Wallpaper app, the malware comes hidden in fre
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
75,000 Turks Arrested So Far for Downloading Encrypted Messaging App

75,000 Turks Arrested So Far for Downloading Encrypted Messaging App

Sep 15, 2017
WARNING: If you are Turkish and using or have installed ByLock —a little-known encrypted messaging app—you could be detained by Turkish authorities. You might be thinking why??? Because using this app in Turkish is illegal since last year. The background story begins here... Remember the deadliest Turkey's failed coup attempt? In July 2016, a section of the Turkish military launched a coordinated operation—by deploying soldiers, tanks on the streets of major Turkish cities—to topple the government and unseat President Recep Tayyip Erdogan . The Turkish government blamed Muhammed Fethullah Gülen, a Turkish preacher who lives in the United States, for leading the July 15-16 attempted coup , though Gülen denied any involvement. In the aftermath of the coup attempt, Milli İstihbarat Teşkilatı (MİT), the Turkish intelligence agency investigated and found that the ByLock messaging app was used as a communication tool by tens of thousands of Gülen movement followers to c
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Windows 10 to Give More Control Over App-level Permissions

Windows 10 to Give More Control Over App-level Permissions

Sep 14, 2017
Microsoft has been gradually changing its privacy settings in Windows 10 with the Fall Creators Update to give its users more controls over their data. In April, Microsoft addressed some initial privacy concerns in the Windows 10 Creators Update with simplified data collection levels—Security, Basic, Enhanced, and Full—and eventually revealed its data collection practices . Now, the software giant is making another privacy-related change with the upcoming Windows 10 Fall Creators Update, which is due for release in October 2017, giving you much more control over what apps can do with your device. Just like apps on your smartphone's app store, apps on Windows Store also require permission to access your computer's critical functionalities like camera, microphone, calendar, contacts, and music, pictures and video libraries. While Android and iOS allow you to limit an app's permissions to access these sensitive things, these permissions have currently been provided
Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw

Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw

Sep 14, 2017
The massive Equifax data breach that exposed highly sensitive data of as many as 143 million people was caused by exploiting a flaw in Apache Struts framework, which Apache patched over two months earlier of the security incident, Equifax has confirmed. Credit rating agency Equifax is yet another example of the companies that became victims of massive cyber attacks due to not patching a critical vulnerability on time, for which patches were already issued by the respected companies. Rated critical with a maximum 10.0 score, the Apache Struts2 vulnerability (CVE-2017-5638) exploited in the Equifax breach was disclosed and fixed by Apache on March 6 with the release of Apache Struts version 2.3.32 or 2.5.10.1. This flaw is separate from CVE-2017-9805, another Apache Struts2 vulnerability that was patched earlier this month, which was a programming bug that manifests due to the way Struts REST plugin handles XML payloads while deserializing them, and was fixed in Struts versio
Zerodium Offers $1 Million for Tor Browser 0-Days That It will Resell to Governments

Zerodium Offers $1 Million for Tor Browser 0-Days That It will Resell to Governments

Sep 13, 2017
It seems like Tor Browser zero-day exploits are in high demand right now—so much so that someone is ready to pay ONE MILLION dollars. Zerodium—a company that specialises in acquiring and reselling zero-day exploits—just announced that it will pay up to USD 1,000,000 for working zero-day exploits for the popular Tor Browser on Tails Linux and Windows operating system. Tor browser users should take this news an early warning, especially who use Tails OS to protect their privacy. Zero-day exploit acquisition platform has also published some rules and payout details on its website, announcing that the payout for Tor exploits with no JavaScript has been kept double than those with JavaScript enabled. The company has also clearly mentioned that the exploit must leverage remote code execution vulnerability, the initial attack vector should be a web page and it should work against the latest version of Tor Browser. Moreover, the zero-day Tor exploit must work without requiring an
Immediately Patch Windows 0-Day Flaw That's Being Used to Spread Spyware

Immediately Patch Windows 0-Day Flaw That's Being Used to Spread Spyware

Sep 13, 2017
Get ready to install a fairly large batch of security patches onto your Windows computers. As part of its September Patch Tuesday , Microsoft has released a large batch of security updates to patch a total of 81 CVE-listed vulnerabilities, on all supported versions of Windows and other MS products. The latest security update addresses 27 critical and 54 important vulnerabilities in severity, of which 38 vulnerabilities are impacting Windows, 39 could lead to Remote Code Execution (RCE). Affected Microsoft products include: Internet Explorer Microsoft Edge Microsoft Windows .NET Framework Skype for Business and Lync Microsoft Exchange Server Microsoft Office, Services and Web Apps Adobe Flash Player .NET 0-Day Flaw Under Active Attack According to the company, four of the patched vulnerabilities are publicly known, one of which has already been actively exploited by the attackers in the wild. Here's the list of publically known flaws and their impact: W
Cybersecurity Resources