#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
Get the Free Newsletter
GENERAL NEWS | Breaking Cybersecurity News | The Hacker News
HackAdemy – Free eLearning Platform
Oct 02, 2012
I talked with Marius Corici Co-founder and CEO for Hack a Server project about Hackademy – eLearning Platform . What is HackAdemy? It is a free, eLearning platform specializing in InfoSec courses. HackAdemy is a place where people can learn and teach eachother about online security using principles of Open Knowledge . On HackAdemy all courses will respect three criteria: Free of charge, Free to distribute and Hands on only . Security can be learned Hands on only. Why did we do this? There are two major reasons that made me do this: Searching the internet I realized that there is no such product; a free eLearning platform focused on security industry. That struck me, and from there it wasn't hard to think of and implement an eLearning platform dedicated to InfoSec industry free to everybody. Second, The Internet grows faster than the World's capacity to provide well trained system administrators as well as well-trained coders/programmers regarding securit
Beacon : A new advance payload for Cobalt Strike
Sep 30, 2012
Raphael Mudge (Creator of Cobalt Strike ) announced Another Advance Payload for Cobalt Strike called " Beacon ". In a conversation with The Hacker News Raphael said " A big gap in the penetration tester's toolbox are covert command and control options, especially for long engagements. Beacon is a new feature in Cobalt Strike to remedy this problem ." Cobalt Strikes's graphical user interface offers direct control of the 700+ exploits and advanced features in the open source Metasploit Framework. Beacon is a Cobalt Strike payload for long-term asynchronous command and control of compromised hosts. It works like other Metasploit Framework payloads. You may embed it into an executable, add it to a document, or deliver it with a client-side exploit. Beacon downloads tasks using HTTP requests. You may configure Beacon to connect to multiple domains. For extra stealth, Beacon may use DNS requests to check if a task is available. This limits the comm
Guide: How to Minimize Third-Party Risk With Vendor Management
Vendor Risk Management
Manage third-party risk while dealing with challenges like limited resources and repetitive manual processes.
How to Handle Retail SaaS Security on Cyber Monday
Nov 27, 2023
SaaS Security / Cyber Monday
If forecasters are right, over the course of today, consumers will spend $13.7 billion . Just about every click, sale, and engagement will be captured by a CRM platform. Inventory applications will trigger automated re-orders; communication tools will send automated email and text messages confirming sales and sharing shipping information. SaaS applications supporting retail efforts will host nearly all of this behind-the-scenes activity. While retailers are rightfully focused on sales during this time of year, they need to ensure that the SaaS apps supporting their business operations are secure. No one wants a repeat of one of the biggest retail cyber-snafus in history, like when one U.S.-based national retailer had 40 million credit card records stolen. The attack surface is vast and retailers must remain vigilant in protecting their entire SaaS app stack. For example, many often use multiple instances of the same application. They may use a different Salesforce tenant for eve
Serious Tumblr Cross Site Scripting Vulnerability can be used to Spread Worms
Jun 10, 2012
Serious Tumblr Cross Site Scripting Vulnerability can be used to Spread Worms Two Indian Security Researchers Aditya Gupta ( @adi1391 ) and Subho Halder ( @sunnyrockzzs ) have found a serious Cross Site Scripting vulnerability in one of the most famous social networking websites Tumblr. This could be used to steal the cookies of the authenticated user, as well as could be used to make a worm, like the one seen in MySpace (Samy Worm) and Orkut (Bom Sabado) earlier. " We have also tried to contact them via Twitter and mail earlier, but no response from their side. So we have decided to release it. Well, not exactly, where the vulnerability is, but just to let them know that it is vulnerable ." Tumblr is the one of the most popular social networking websites worldwide, and is ranked 37th by Alexa.
7 Ways to Improve Your Network's Web Security
Mar 22, 2012
7 Ways to Improve Your Network's Web Security Admins looking to improve on their company's web security often turn to software solutions to help assess and automate their security tasks. Good web security software can make surfing the web safe and secure by protecting users from potential vulnerabilities in their operating systems or browsers, as well as helping them to avoid policy violations. The top web security software packages can help you to improve your network's web security in many ways. Here are seven of the major benefits web security software offers: 1. Automatic blocking of malicious content Compromised websites can lead to compromised workstations. Whether it's a malicious script or a media file, web security software can scan and block data before displaying it in a browser compromises a machine. 2. Scan downloads for malware Users frequently go to the Internet to download files, whether those are programs, music, or screensavers. Web security software can scan those
PS3 hacker Geohot arrested for possession of marijuana
Mar 15, 2012
PS3 hacker Geohot arrested for possession of marijuana George 'GeoHot' Hotz, who you might know as "geohot" who made the Sony console's root key available last year, has been banged up for carrying drugs. He was traveling by car with friends on his way to the SXSW conference in Austin to give a talk titled " The Final Frontier of Reverse Engineering " when he had to stop at a border patrol checkpoint in Sierra Blanca, Texas. Department of Homeland Security officers were using dogs to decide if a vehicle warranted a search, and Hotz's car was barked at. Geohot holds a medical marijuana license in California (for those pesky headaches, clearly) and as such, was legally allowed to tote around a confectionary treat bag of THC-infused sweets. Sadly for Geohot, as he may or may not have noticed, he wasn't in California when a sheriff pulled a 1/4 oz. of Mary Jane from the glove box, alongside a pack of chocolates said to contain less than 1/8 oz. of the same Wa
Microsoft Security Bulletin with Remote Desktop Flaws
Mar 14, 2012
Microsoft Security Bulletin with Remote Desktop Flaws Microsoft has released 6 updates in this month's patch Tuesday, including a patch for a critical hole which the software maker warns could be hit within the next 30 days. Microsoft is warning that there's a remote, pre-authentication, network-accessible code execution vulnerability in its implementation of the RDP protocol. A remote code execution vulnerability exists in the way that the Remote Desktop Protocol accesses an object in memory that has been improperly initialized or has been deleted. An attacker who successfully exploited this vulnerability could run abitrary code on the target system. An attacker could then install programs; view,change, or delete data; or create new accounts with full user rights, Read More . The vulnerability, which affects all versions of Windows, was privately reported to Microsoft's via the ZDI vulnerability broker service and the company said it was not yet aware of any attacks in the wild.
Finally Google Chrome gets hacked at Pwn2Own
Mar 12, 2012
Finally Google Chrome gets hacked at Pwn2Own Vupen Security and Sergey Glazunov independently managed to penetrate Google Chrome's security defenses at the Pwn2Own and 'Pwnium' contests respectively. The annual competition, which invites ethical hackers from around the world to attempt hacking into the most popular web browsers and in the process expose vulnerabilities and loopholes in the browser's security, while grabbing a handsome reward. At this year's competition, the co-founder and head of research of Vupen, Chaouki Bekrar and his team managed to break into Google Chrome in less than 5 minutes, in the process quashing talks about the browser's unquestionable security. They used "a pair of zero-day vulnerabilities to take complete control of a fully patched 64-bit Windows 7 (SP1) machine." For the successful break-in, Vupen has won itself 32 points. Google Chrome security knew that the Flash Player plugin sandbox is significantly weaker and that
Albania is the most Malware infected Nation
Mar 08, 2012
Albania is the most Malware infected Nation Researchers at Security firms Norman and Microsoft Analyse data from their security products that Albania is the most Malware infected Nation, with 65% of scanned computers reporting infections. Rest Most Infected Countries are South Korea, Guatemala, Vietnam, Indonesia, Argentina, Thailand, Georgia, the Philippines, Algeria, Venezuela, Lithuania and Pakistan according to Norman Report . Where as Microsoft also shows such reports that the most common category in Albania in Second quarter of 2011 was Worms, which affected 43.7 percent of all computers cleaned in Albania, down from 44.9 percent in First quarter of 2011. The most common threat family in Albania in Second quarter of 2011 was Win32/Autorun, which affected 25.2 percent of computers cleaned in Albania. Win32/Autorun is a family of worms that spreads by copying itself to the mapped drives of an infected computer. The mapped drives may include network or removable drives. T
#THN Monthly ( February ) News Archive, If you miss Something !
Mar 01, 2012
#THN Monthly ( February ) News Archive,If you miss Something ! # Censorship - Global Concern, THN Magazine March Edition : https://goo.gl/bktRz # Forget terrorists attacks here are 2012's Most Vulnerable Cities At Risk for Cyber Crime (Idiots) : https://goo.gl/4VYGf # Slum Dog India demands Real time monitoring on Indian Gmail & Yahoo Emails. Do they really have nothing better to do? https://goo.gl/iYO5H # Iran will probably drop nuclear development cause they think they need to Develop their own security Software, No more foreign Solution, they might suggest banning the Burka too! : https://goo.gl/QVheH # Three Greek Anonymous hackers arrested for defacing Government Sites. They couldn't make the street protest! : https://goo.gl/EyMux # Facebook Hacking - Student jailed for eight months. They ought to jail Facebook for having such a stupid site : https://goo.gl/PwkHt # FAQ : DNSChanger Trojan, Impact and Solutions : https://goo.gl/IE2Qh # How Hackers can Tr
Occupy Obama's Google+ ,Chinese Internet Users Flood G+ Page
Feb 27, 2012
Occupy Obama's Google+ ,Chinese Internet Users Flood G+ Page Many Chinese have taken up a call to " Occupy Obama's Google+ " over the weekend in the style of Occupy Wall Street in order to feel "close" to the popular world leader as well as air some of their views. Hundreds of Chinese have flooded US President Barack Obama's Google+ page, apparently taking advantage of a glitch in China's censorship system to post about human rights and green cards. At first glance, it looks like the official Google+ page is being spammed, but taking a look at some of the comments left in English, you'll realise that it's Chinese citizens who have taken to the social network to decry their government's appalling human rights track record. Some netizens urged Obama to help free activists such as blind lawyer Chen Guangcheng, who is currently under house arrest, or Liu Xiaobo, the jailed Nobel Peace Prize winner. Some comments left by the Chinese called for free speech and human rights. Other
India demands Real time monitoring on Indian Gmail & Yahoo Emails
Feb 22, 2012
India demands Real time monitoring on Indian Gmail & Yahoo Emails Looks like the Government Of India is really after the digital communication in India. Internet content providers Yahoo, Gmail and others would be asked to route all emails accesed in India through the country even if the mail account is registered outside the country. In a written statement filed in a civil court here, Yahoo India has dubbed a suit filed against it and several other websites alleging that they hosted objectionable content as " motivated " and an " abuse of the process of law ." The Government Of India wants that all the email accessed by Indians should route through servers physically located in India even if the email account was created outside India. Government is ensuring that the security agencies will have direct, real-time access to the digital communication among Indians. The need for this was felt after security agencies failed to access accounts of suspected terrorists of Indian Mujahid
Zulu - Zscaler Malware Scanning Service
Jan 28, 2012
Zulu - Zscaler Malware Scanning Service Zscaler has launched a new freE online service called Zulu that can assess the security risk associated with URLs by analyzing the content they point to, as well as the reputation of their corresponding domain names and IP addresses. Zulu allows security savvy users who investigate various web attacks to choose what User-Agent and Referrer headers the scanner will use when accessing a URL. " A unique benefit of this approach is that we can deliver a risk score even when the page content is no longer available ," said Michael Sutton, vice president of security research at Zscaler. " While we can't access the page, we can still assess the URL and host and when they deliver a high risk score despite a lack of page content, one can often conclude the page was indeed malicious but has since been taken down ," he explained. Depending on the type of content a URL points to, Zulu can perform an antivirus scan using the Vir
India orders Net firms to censor themselves
Dec 26, 2011
India orders Net firms to censor themselves Some of the world's top websites will have to purge themselves of all content that is offensive to Indians by February 6. The companies must update their progress on the effort within two weeks, a court in New Delhi ordered on Saturday, the reports say. The demand is the Indian government's latest attempt to monitor and control electronic information. Facebook, Microsoft, YouTube, Google, among 21 others will have to strip their websites off any objectionable content. Given that some of the Internet scandals that have hit India recently that will include all images of women kissing men. Reports say India is pressing major Internet firms to filter out what the government considers unacceptable material, including religiously sensitive images and altered images of politicians. 21 social networking sites, including the ones mentioned above have been " issued summons " by the court, on grounds of carrying objectionable content.
Six arrested for Million Pounds phishing scam
Dec 09, 2011
Six arrested for Million Pounds phishing scam Six people from London and the North West were being questioned by police on Friday in connection with a £1 million phishing scam that drained the bank accounts of hundreds of UK students. That is a lot of beer and book money, and the police said that hundreds of students had been caught out by the scammers. Today the Metropolitan Police said its Police Central e-Crime Unit (PCeU) arrested the suspects yesterday after four months of investigation. On Thursday, the police arrested a 38 year old man in Bolton; a 26 year old man and a 25 year old woman in Manchester; a 25 year old man in Deptford, London; and a 49 year old woman and a 31 year old man in Stratford, London. Police also seized computers and equipment from premises in London, Manchester and Bolton. The police said that on average the scammers, four men and two women, took amounts of money ranging from £1,000 to £5,000 at a time. They have been arrested on suspicion of conspirac
Report says : US considered cyber war on Libya
Oct 18, 2011
Report says : US considered cyber war on Libya Officials in the US Obama administration considered compromising Libya's government computer networks to block early-warning data gathering and missile launches on NATO war planes during the American-led strikes, but decided against it, according to The New York Times. The report goes on to claim that, while the use of what is believed to be a pre-existing armoury of Trojans, viruses, malware and military hackers was suggested, the cyber-attack was never actually carried out. The attack would have tried to disrupt Libya's early-warning radar system and thus cripple the North African country's ability to fire back at attacking NATO aircraft.But the Obama administration and the Pentagon chose instead to mount a conventional attack, partly because an American cyberattack might have set a dangerous precedent, and Libya might not have been worth the risk. In the end, American officials rejected cyberwarfare and used convent
'Good to Know' campaign : Google Collaborates with Citizens Advice Bureau for Online Safety
Oct 17, 2011
'Good to Know' campaign : Google Collaborates with Citizens Advice Bureau for Online Safety Google's first ever advertising campaign for online safety launches today, in association with the Citizens Advice Bureau. It covers topics such as choosing a password, scam emails and using two factor authentication.The company said future campaigns may deal more extensively with how Google uses people's personal data. The two organisations by using various means and methods, like using adverts in newspapers, on public transports and online, will try to encourage users to adopt secure passwords, log out of web browsers and computers after using them and also to adopt more complex ways to sign in their email accounts which is known as "two-factor authentication".The campaign also focuses on child protection and use of 'cookies' in web browsers. This is the first campaign by Google, which is promoting something different than products such as web browser Chrome. The campaign is p
Armorize Partners With Symantec to Provide Powerful Anti-Malvertising Technology
Oct 17, 2011
Armorize Partners With Symantec to Provide Powerful Anti-Malvertising Technology Armorize Partners With Symantec to Provide Its Powerful Anti-Malvertising Technology to Symantec's New Solution, AdVantage, to Help Customers Protect Themselves From the Growing Threat of Malicious Advertising Attacks. The partnership will utilize the advanced malware detection engine from Armorize's successful HackAlert product lines to power Symantec's new cloud-based anti-malvertising solution, Symantec AdVantage.The Symantec AdVantage solution will provide its customers with the ability to monitor the ads displayed on their websites for web malware. The product dashboard will also present valuable statistics which enable publishers to compare the quality of ads and ad networks they work with based on the safety ratings and reputation scores for each specific ad or network. Some of the users who visited KickassTorrents (KAT), one of the most popular torrent trackers on the Internet,
Reality Based Cyber Crime Novella Explores Aftermath of Stuxnet Attack On Iran
Oct 14, 2011
Reality Based Cyber Crime Novella Explores Aftermath of Stuxnet Attack On Iran GRAND RAPIDS – Cyber Styletto is a new novella by a journalist, a writer, and a security expert who have pooled their talents to create an enthralling good read that is future forward and predictive. The facts are based on real vulnerabilities in the way the Internet is constructed. Recent cyber security attacks using sophisticated malware (think Stuxnet) and social engineering techniques have raised the bar for defenders. Cyber Styletto pivots off these cyber events to educate and entertain. It is written as fact-based fiction. The story comes from the minds of Gian DeTorre and Mike Brennan. DeTorre is the pen name of an award winning fiction writer and literary critic whose stories and reviews have been published worldwide. " Cyber Styletto is a new genre in literature, bringing the modern, secretive world of cyber espionage together with a good, old-fashioned thriller ," DeTorre said. I hope our a
Apple iOS 5 Released - Download Now !
Oct 12, 2011
Apple iOS 5 Released ! Apple's iOS 5 has been released, with owners of the iPhone 4, iPhone 3GS, iPad and iPad 2, along with the third- and fourth-gen iPod touch all getting the latest version of the mobile platform as a free update. Available to download for existing devices via iTunes, iOS 5 will also be preloaded on the new iPhone 4S, Apple's fifth-gen smartphone that goes on sale this Friday. " On non-mobile devices, our lives are quickly shifting from native applications [i.e. coded for a specific computer or smartphone's operating system] to Web applications, but by Apple dominating the consumer smartphone market first, and executing it beautifully, they have started to set some really unhealthy precedents that the rest of the industry is copying while simply trying to keep pace ," said Zeke Shore, the Co-Founder and Creative Director of design firm Type/Code. iOS 5 also brings with it iCloud, Apple's new synchronization and backup system that promises to deli
Your Browser Matters - Microsoft Launches Tool For Checking Browser Security
Oct 12, 2011
Your Browser Matters - Microsoft Launches Tool For Checking Browser Security Microsoft launched a website today designed to give users a detailed look at how secure their browser is. The site, called Your Browser Matters , automatically detects the visitor's browser and returns a browser security score on a scale of four points. When you visit the site, called Your Browser Matters, it allows you to see a score for the browser you're using. Well, if you're using IE, Chrome, or Firefox—other browsers are excluded. Not surprisingly, Microsoft's latest release, Internet Explorer 9, gets a perfect 4 out of 4: If you visit the site with the most recent public releases of Firefox or Google Chrome, however, the results are less than perfect. Here, for example, are the detailed results for Chrome 14 and Firefox 7: Microsoft's new site is primarily intended to encourage users of older versions of Internet Explorer to upgrade. The bane of the existence of Web developers everywhere,
Befriend Your Mom with Technology
Explain cybersecurity with Moonlock
Discover Our Unparalleled Threat Detection Capabilities
Try Fidelis Elevate for 30 days and discover threats your current provider missed.
Webinar: A New Approach to Mitigating Insider Risks
Learn how you can easily mitigate the modern security risks introduced by your employees.
Advance in the Field of Cybersecurity with Georgetown
Learn cybersecurity strategies from the experts. Attend a sample class on Nov. 30.
Join 120,000+ Professionals
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.