The Hacker News — Latest Cyber Security, Hacking & Tech News

A prolific hacker who carried out phishing scams against hundreds of companies worldwide has been ordered to pay back more than $1.1 million (over £922,000) worth of cryptocurrencies to his victims. Grant West , a 27-year-old resident of Kent, England, targeted several well-known companies around the world since 2015 to obtain the financial data of tens of thousands of customers and then sold that data on underground forums in exchange for Bitcoins or other cryptocurrencies. West, who operated under the online moniker of 'Courvoisier,' stashed the resulting cryptocurrencies in multiple accounts and wallets, which was confiscated by the Metropolitan police after West's arrest in September 2017 following a two-year-long investigation code-named ' Operation Draba .' Metropolitan Police Cyber Crime Unit (MPCCU) also seized an SD card from West's home, which contained approximately 78 million individual usernames and passwords as well as 63,000 credit and de

Google today announced a new initiative—called Privacy Sandbox —in an attempt to develop a set of open standards that fundamentally enhances privacy on the web while continuing to support a free, open and democratic Internet through digital advertisements. A lot of websites on the Internet today, including The Hacker News, rely on online advertisements as their primary source of funding to operate and keep their professionally created content open and freely accessible to everyone. However, with the evolution of online advertising, the targeted advertisement technologies have become too much invasive because of involved intrusive practices and more prudent approaches to accurately curate users' personal information, thereby raising serious privacy concerns among Internet users. In its latest blog post , Google acknowledged that ad tracking is "now being used far beyond its original design intent," but also highlights that unplanned attempts to address privacy con

In a move to protect its users based in Kazakhstan from government surveillance, Google, Apple and Mozilla finally today came forward and blocked Kazakhstan's government-issued root CA certificate within their respective web browsing software. Starting today, Chrome, Safari and Firefox users in Kazakhstan will see an error message stating that the " Qaznet Trust Network " certificate should not be trusted when attempting to access a website that responds with the government-issued certificate. As The Hacker News reported last month , all major Kazakh Internet Service Providers (ISPs) are forcing their customers into installing a government-issued root certificate on their devices in order to regain access to their Internet services. The root certificate in question, labeled as " trusted certificate " or "national security certificate," if installed, allows ISPs to intercept, monitor, and decrypt users' encrypted HTTPS and TLS connections,

Silence APT , a Russian-speaking cybercriminal group, known for targeting financial organizations primarily in former Soviet states and neighboring countries is now aggressively targeting banks in more than 30 countries across America, Europe, Africa, and Asia. Active since at least September 2016, Silence APT group's most recent successful campaign was against Bangladesh-based Dutch-Bangla Bank, which lost over $3 million during a string of ATM cash withdrawals over a span of several days. According to a new report Singapore-based cybersecurity firm Group-IB shared with The Hacker News, the hacking group has significantly expanded their geography in recent months, increased the frequency of their attack campaigns, as well as enhanced its arsenal. The report also describes the evolution of the Silence hacking group from "young and highly motivated hackers" to one of the most sophisticated advanced persistent threat (APT) group that is now posing threats to bank

Well, here we have great news for Facebook users, which is otherwise terrible for marketers and publishers whose businesses rely on Facebook advertisement for re-targeted conversations. Following the Cambridge Analytica scandal , Facebook has taken several privacy measures in the past one year with an aim to give its users more control over their data and transparency about how the social media giant and other apps on its platform use that data. Now in its new effort, Facebook has launched a new privacy feature that allows its users to control data that the social media platform receives from other apps and websites about their online activity. Dubbed " Off-Facebook Activity ," the feature was initially announced by Facebook CEO Mark Zuckerberg last year as "Clear History," allowing users to clear the data that third-party websites and apps share with Facebook. "Off-Facebook Activity lets you see a summary of the apps and websites that send us infor

A fully functional jailbreak has been released for the latest iOS 12.4 on the Internet, making it the first public jailbreak in a long time—thanks to Apple. Dubbed " unc0ver 3.5.0 ," the jailbreak works with the updated iPhones, iPads and iPod Touches by leveraging a vulnerability that Apple previously patched in iOS 12.3 but accidentally reintroduced in the latest iOS version 12.4. Jailbreaking an iPhone allows you to install apps and other functions that are usually not approved by Apple, but it also disables some system protections that Apple put in place to protect its users, opening you up to potential attacks. Usually, iPhone Jailbreaks are sold for millions of dollars by exploit brokers, but if you want to jailbreak your Apple device, you can do it for free. An anonymous researcher who goes by the online alias "Pwn20wnd" has released a free jailbreak for iOS 12.4 on GitHub that exploits a use-after-free vulnerability in iOS kernel responsibly repor

Managing a WordPress website can sap a lot of your time and energy, which otherwise you'd spend on managing your business. If you're looking to cut down on the hours, you spend troubleshooting WordPress technical and security problems, better managing and monitoring your website and users, or your customers, you need a WordPress activity log plugin . This post explains how to use the WP Security Audit Log plugin to keep a WordPress security audit log (aka activity log). It also highlights five ways an activity log helps you better manage your website and users and improve its security. WordPress Security Audit Logs - Introduction and Benefits An activity log is a record of everything that happens on your WordPress website. This includes a record of plugins, themes, and WordPress core changes, users activity (such as content changes), site settings changes, break-in attempts, WooCommerce store, and product changes, and everything else that happens on your website. WordP

Following the public disclosure of a critical zero-day vulnerability in Webmin last week, the project's maintainers today revealed that the flaw was not actually the result of a coding mistake made by the programmers. Instead, it was secretly planted by an unknown hacker who successfully managed to inject a backdoor at some point in its build infrastructure—that surprisingly persisted into various releases of Webmin (1.882 through 1.921) and eventually remained hidden for over a year. With over 3 million downloads per year, Webmin is one of the world's most popular open-source web-based applications for managing Unix-based systems, such as Linux, FreeBSD, or OpenBSD servers. Webmin offers a simple user interface (UI) to manage users and groups, databases, BIND, Apache, Postfix, Sendmail, QMail, backups, firewalls, monitoring and alerts, and much more. The story started when Turkish researcher Özkan Mustafa Akkuş publicly presented a zero-day remote code execution vul

The European Central Bank (ECB) confirmed Thursday that it had been hit by a cyberattack that involved attackers injecting malware into one of its websites and potentially stealing contact information of its newsletter subscribers. Headquartered in Germany, the European Central Bank (ECB) is the central bank of the 19 European Union countries which have adopted the euro and is itself responsible for supervising the data protection practices of the banking system across these countries. In an official statement published Thursday, the ECB said unknown "unauthorized parties" had managed to breach its Banks' Integrated Reporting Dictionary (BIRD) website, which was hosted by a third-party provider, eventually forcing the bank to shut down the site. Launched in 2015, BIRD is a joint initiative of the Eurosystem to the euro zone's central banks and the banking system, which provides banks with a precise description of the data that aims to help reporting agents e