Cyber threats | Breaking Cybersecurity News | The Hacker News

It should be the busiest day of the year for your business, but your website has just disappeared off the Internet and orders have dried up. If this happens to you, then you likely just become yet another victim of a distributed denial of service (DDoS) attack . By now, everyone who uses the Internet has come across DDoS attacks . It is one of the oldest attack technologies on the web, and a popular way of paralyzing the huge data centers. Just yesterday we have reported about a massive 100Gbps DDoS attack that hit World's 3rd Largest Chinese Bitcoin exchange for 9 hours. Arbor Networks, a leading provider of DDoS and advanced threat protection solutions, today released data on global distributed denial of service (DDoS) attack trends for the first three quarters of 2013, revealed that this kind of attack still represents a serious menace for IT security communities.  The document provides an interesting overview into Internet traffic patterns and threat evo...

The recent "disconcerting" reports that India was being spied upon by American intelligence agencies has opened an all new chapter in the cyber security space. The revelation that the Indian embassy in the US was among the list of 38 diplomatic missions which were being spied upon by American intelligence agencies, as per the latest top secret US National Security Agency documents leaked by the whistleblower Edward Snowden has raised questions like How much of liberty should the cyber space grant to maintain national security and at what cost?  So far, legality is the main rationale US officials have used to defend the government's PRISM spying program. It's all perfectly legal, approved by govt. and the courts, but a more potent argument might be just because something is legal doesn't necessarily make it a good thing. In the context of the recent findings and the debate that it has just drawn, The Hackers Conference 2013 will raise important questions on the th...

It's time of stocktaking, principal security firm are proposing their analysis to synthesize actual situation on cyber security, 2012 is widely considered a year when the malware has increased significantly thanks to the contributions of various actors that we will analyze shortly. WebSense has published a new interesting study, 2013 Threat Report , that confirms an extraordinary growth of cyber threats, the data that most of all alert the security community is the increasing number of sophisticated attacks able to elude traditional defense mechanisms. The analysis revealed that technologies most exposed to cyber attacks continue to be mobile platforms and social media, internet is confirmed as primary channel for cyber menaces, let's consider in fact that number of malicious web sites grew nearly 600% and 85% are represented by legitimate web hosts. Another concerning phenomenon is the use of Email as vector for cyber menace, attackers consider this carrier as ...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

When it comes to security, small and midsize businesses are largely unaware of the risks they face. Cybercrime is a serious problem which affects businesses of all sizes and can have devastating consequences. U.S. small businesses should understand they cannot completely remain safe from cyber-threats if they do not take the necessary precautions. Although such threats existed long before malware emerged, data theft, fraud and industrial spying are all now typically conducted through cyber-attacks. The picture painted is of an environment under siege, with an alarming 41% of businesses acknowledging themselves less than ready to face cyber-threats. Kaspersky Lab and B2B International recently conducted a survey among IT professionals working for large and medium-sized businesses to find out what IT specialists thought of corporate security solutions, to determine their level of knowledge about current threats, the sort of problems they most often face, and thei...

Microsoft has issued a warning about a significant flaw in the Internet Explorer browser that could allow hackers to control unprotected computers. The vulnerability permits hackers to inject malware into any system by tricking users into visiting malicious websites. This affects anyone using Internet Explorer (IE) versions 6 to 8. The exploit code for this bug has already been published. Although Microsoft has stated there is no current evidence of its use by criminals, they are "investigating" and working on a permanent fix, according to a report by the Daily Mail. Dave Forstrom, director of Microsoft's Trustworthy Computing group, said, "We're currently unaware of any attacks trying to use the claimed vulnerability or of customer impact." The bug targets how the browser manages a computer's memory when processing Cascading Style Sheets (CSS), which are design instructions that dictate the appearance of most web pages. Hackers can inject their own...

Stuxnet has both fascinated and horrified the cybersecurity community throughout 2010. Its multiple zero-day exploits, stealth capabilities, and precise control over industrial machinery mark it as a prime example of advanced cyber threats. Stuxnet represents both a nightmare and a dream for security researchers due to its sophisticated design and capabilities. Today, I moderated a panel on cybersecurity and infrastructure at the Washington Press Club, hosted by The Atlantic . I was eager to hear the panelists' insights on Stuxnet. I asked them to delve deeper than the usual "This is an existence proof of our worst fears" rhetoric and to identify more nuanced implications. The most intriguing response came from Bill Hunteman, senior advisor for cybersecurity at the Department of Energy. "This is just the beginning," Hunteman remarked. He explained that the advanced hackers who created Stuxnet "did all the hard work," and now the methods they develope...

A new information-stealing Trojan, believed to be of Chinese origin, has been identified by Avira researchers. This malware targets usernames and passwords for a variety of popular websites, including YouTube, Google, and PayPal, as well as Chinese sites like Youku, Tudou, Sogou, and Soho. The stolen credentials are sent to a server in China, reinforcing the researchers' belief about its origin. Unlike typical Trojans that modify registry keys or exploit the autorun feature to ensure execution, this Trojan exhibits unique behavior. It specifically targets shortcuts on the desktop or in special folders. The Trojan duplicates itself and places copies in folders containing the linked files, often executables. It renames the original files to click_[original-file-name].exe and assigns the original file names to its copies. As a result, each time a user clicks on a shortcut, the Trojan runs. To avoid detection for as long as possible, these copies are programmed to execute the rename...

The recent hacking of the Central Bureau of Investigation's (CBI) website by a group called the 'Pakistani Cyber Army' has raised concerns about the security measures of servers maintained by the National Informatics Centre (NIC). The NIC is responsible for government server maintenance. While the NIC remains silent on the issue, sources in the security establishment suggest that the NIC's safety mechanisms were inadequate. Several reminders had been sent to NIC, urging them to upgrade their hardware. The CBI's official website was hacked on the night of December 3rd to 4th. The CBI has registered a case against unknown individuals in connection with the hacking. A report titled "Shadows in the Cloud" by a Canadian think-tank, comprising the "Information Warfare Monitor" and "Shadows Server," earlier this year indicated evidence of a cyber-espionage network. This network compromised government, business, and academic computer systems ...

The Obama administration has revised federal policy, enabling the military to assist during a domestic cyber-attack, reported the New York Times on Oct. 21. Typically, the military cannot deploy units within the country's borders, except for natural disasters, and even then, a presidential order is required. However, under a new agreement between the Department of Defense and the Department of Homeland Security, military cyber experts can now be called upon if critical computer networks in the United States are attacked. Robert J. Butler, the Pentagon's deputy assistant secretary for cyber policy, told the Times that this policy change will allow agencies to focus on how to respond to such attacks more effectively. The two agencies "will help each other in more tangible ways than they have in the past," Butler stated in an article in Defense News, an Army Times publication. He added that closer collaboration will provide "an opportunity to explore new ways for ...