hacking news | Breaking Cybersecurity News | The Hacker News

Last month, the Norway police arrested five hackers accused of running the MegalodonHTTP Remote Access Trojan (RAT). The arrests came as part of the joint operation between Norway's Kripos National Criminal Investigation Service and Europol, codenamed " OP Falling sTAR ." According to the United States security firm, all the five men, aged between 16 and 24 years and located in Romania, France, and Norway, were charged with possessing, using and selling malware. One of those arrested also confessed to running his own web store where he sold malware, designed to take full control of target computers, harvesting passwords, and other personal data. Moreover, the malware can be used to hijack webcams in real-time, and steal documents, images, and videos as well. "Damballa's threat discovery center worked in cooperation with the Norway police over the last few months to track and identify the author of the malware dubbed MegalodonHTTP," threat

A 'Serious' security vulnerability has been discovered and fixed in OpenSSH – one of the most widely used open-source implementations of the Secure Shell (SSH) Protocol. The critical vulnerability could be exploited by hackers to force clients to leak their secret private cryptographic keys, potentially exposing users to Man-in-the-Middle (MITM) attacks. What Causes the Flaw to occur? The serious bug was actually the result of a code that enables an experimental " roaming " feature in the OpenSSH versions 5.4 to 7.1 in order to let users resume connections. However, The roaming feature contains two different vulnerabilities: An information sharing flaw ( CVE-2016-0777 ) A less harmless buffer overflow flaw ( CVE-2016-0778 ) The vulnerability does not have any catchy name like some previous OpenSSH flaws. Impact of the Vulnerability This new feature can be exploited by hackers, who could use a malicious OpenSSH server to trick a

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

The buzz around The Internet of Things (IoT) is growing, and it is growing at a great pace. Every day the technology industry tries to connect another household object to the Internet. One such internet-connected household device is a Smart Doorbell. Gone are the days when we have regular doorbells and need to open the door every time the doorbell rings to see who is around. However, with these Internet-connected Smart Doorbells, you get an alert on your smartphone app every time a visitor presses your doorbell and, in fact, you can also view who's in front of your door. Moreover, you can even communicate with them without ever opening the door. Isn't this amazing? Pretty much. But what if your doorbell Reveals your home's WiFi password ? Use Smart Doorbell to Hack WiFi Password Until now, we have seen how hackers and researchers discovered security holes in Smart Cars , Smart refrigerators , Smart kettles and Internet-connected Toys , raising

Nation's Top Spy Chief Got Hacked! The same teenage hacker who broke into the AOL email inbox of CIA Director John Brennan last October has now claimed to have broken into personal email and phone accounts of the US Director of National Intelligence James Clapper . Clapper was targeted by the teenage hacker, who called himself Cracka and claimed to be a member of the hacker group Crackas with Attitude ( CWA ) that made headlines in October for hacking into CIA Director's email and accessing several online portals and tools used by US law enforcement agencies. Also Read: FBI Deputy Director's Email Hacked by Cracka with Attitude . Trove of Information Related to Top Spy Chief Hacked! Cracka told Motherboard that he had access to a series of accounts connected to Clapper, including: Home telephone account Internet accounts Personal email accounts His wife's Yahoo email The spokesperson for the Office of the Director of National Intel

Yes, from today, Microsoft is ending the support for versions 8, 9 and 10 of its home-built browser Internet Explorer, thereby encouraging Windows users to switch on to Internet Explorer version 11 or its newest Edge browser . Microsoft is going to release one last patch update for IE8, IE9 and IE10 today, but this time along with an " End of Life " notice, meaning Microsoft will no longer support the older versions. So, if you want to receive continuous updates for your web browser and avoid being exposed to potential security risks after 12 January, you are advised to upgrade your browser to Internet Explorer 11, or its new Edge browser. End of Life of Internet Explorer 8, 9 and 10  "Internet Explorer 11 is the last version of Internet Explorer, and will continue to receive security updates, compatibility fixes, and technical support on Windows 7, Windows 8.1, and Windows 10," Microsoft says . This move could be part of Microsoft's bigger

A simple, yet effective flaw discovered on eBay's website exposed hundreds of millions of its customers to an advance  Phishing Attack . An Independent Security Researcher reported a critical vulnerability to eBay last month that had the capability to allow hackers to host a fake login page, i.e. phishing page, on eBay website in an effort to steal users' password and harvest credentials from millions of its users. The researchers, nicknamed MLT , said anyone could have exploited the vulnerability to target eBay users in order to take over their accounts or harvest thousands, or even millions, of eBay customers credentials by sending phishing emails to them. MLT published a blog post about the eBay flaw on Monday, demonstrating how easy it is to exploit the flaw like this and steal customers' passwords. Here's How ebay Hack Works The flaw actually resided in the URL parameter that allowed the hacker to inject his iFrame on the legitimate eBay

A 26-year-old hacker has been sentenced to 334 years in prison for identity theft as well as mass bank fraud in Turkey, or in simple words, he has been sentenced to life in prison . Named Onur Kopçak , the hacker was arrested in 2013 for operating a phishing website that impersonated bank site, tricking victims into providing their bank details including credit card information. Kopçak's website was part of a big credit card fraud scheme in which he and other 11 operators were making use of the illegally obtained bank account details to carry out fraudulent operations. During his arrest in 2013, Turkish law authorities charged Kopçak with: Identity fraud Website forgery Access device fraud Wire fraud... ...and sentenced him to 199 years 7 months and 10 days in prison, following complaints from 43 bank customers. However, during the investigation, 11 other bank customers also filed complaints about their payment card fraud, thus triggering a new trial

Cyber attacks are getting evil and worst nightmare for companies day-by-day, and the Distributed Denial of Service (DDoS) attack is one of the favorite weapon for hackers to temporarily suspend services of a host connected to the Internet. Until now, nearly every big website had been a victim of this attack, and the most recent one was conducted against the BBC 's websites and Republican presidential candidate Donald Trump 's main campaign website over this past holiday weekend. Out of two, the largest DDoS attack in the history was carried out against the BBC website: Over 600 Gbps . Largest DDoS Attack in the History The group calling itself New World Hacking claimed responsibility for taking down both the BBC's global website and Donald Trump's website last week. The group targeted all BBC sites, including its iPlayer on-demand service, and took them down for at least three hours on New Year's Eve. At the moment, the BBC news organiz

Romanian law enforcement authorities have arrested eight cyber criminals suspected of being part of an international criminal gang that pilfered cash from ATMs ( automatic teller machines ) using malware. The operation said to be one of the first operations of this type in Europe, was conducted in Romania and Moldova by Romanian National Police and the Directorate for Investigating Organised Crimes and Terrorism ( DIICOT ), with assistance from Europol, Eurojust and other European law enforcement authorities. Europol did not provide names of any of the eight criminals arrested but said that the gang allegedly used a piece of malware, dubbed Tyupkin , to conduct what are known as Jackpotting attacks and made millions by infecting ATMs across Europe and beyond. With the help of Tyupkin malware, the suspects were able to empty cash from infected ATMs by issuing commands through the ATM's pin pad. " The criminal group was involved in large scale ATM Jackpotting

Ransomware is now a common practice for money-motivated cyber criminals. It's basically a type of software written in any system-based programming language that has the ability to hijack victim's computer, encrypts files and then ask for a ransom amount to get them back. One such ransomware dubbed Linux.Encoder targets Linux-powered websites and servers by encrypting MySQL, Apache, and home/root folders associated with the target site and asks for 1 Bitcoin ( $453.99 ) to decrypt those crucial files. But, the good news is it is very easy to get rid of it. The Malware author released the third version of the Linux.Encoder ransomware, which security researchers from Bitdefender have managed to crack, yet again, after breaking previous two versions. However, before the team managed to release the Linux.Encoder decryption tool, the third iteration of Linux.Encoder ransomware, which was first discovered by antivirus maker Dr.Web, has infected a nearly 600 servers w

Who else didn't see this coming? It was so obvious as I stressed earlier that the  Let's Encrypt free HTTPS certificates would not just help legitimate website operators to encrypt its users' traffic, but also help criminals to bother innocent users with malware through secure sites. Let's Encrypt allows anyone to obtain free SSL/TLS ( Secure Socket Layer/Transport Layer Security ) certificates for their web servers that encrypt all the Internet traffic passed between a server and users. Let's Encrypt is recognized by all major browsers, including Google's Chrome, Mozilla's Firefox and Microsoft's Internet Explorer. The organization started offering Free HTTPS certs to everyone from last month, and it is very easy for anyone to set up an HTTPS website in a few simple steps ( How to Install Free SSL Cert ). However, the most bothersome part is that Let's Encrypt free SSL certs are not only used by website owners to secure its

A well-known company popular for buying and selling zero-day vulnerabilities is now offering up to $100,000 for providing a working zero-day exploit for bypassing the Flash Player's Heap Isolation mitigation . Few months back, Adobe deployed Heap Isolation in Flash version 18.0.0209 with an aim at making the Use-After-Free (UAF) vulnerabilities more difficult for cybercriminals to exploit. Zerodium is a startup by the infamous French-based company Vupen that Buys and Sells zero-day exploits and vulnerabilities. Zerodium, which describes itself as " the premium zero-day acquisition platform ," recently paid $1 Million bounty to a hacker for submitting a remote browser-based iOS 9.1/9.2b Jailbreak (untethered) Exploit. What is "Isolated Heap" Mitigation Technique? The use-after-free vulnerability is a type of memory corruption flaw that can be exploited by Hackers to execute arbitrary code or even allows full remote code execution capab

SCADA system has always been an interesting target for cyber crooks, given the success of Stuxnet malware that was developed by the US and Israeli together to sabotage the Iranian nuclear facilities a few years ago, and " Havex " that previously targeted organizations in the energy sector. Now once again, hackers have used highly destructive malware and infected, at least, three regional power authorities in Ukraine, causing blackouts across the Ivano-Frankivsk region of Ukraine on 23rd December. The energy ministry confirmed it was investigating claims a cyber attack disrupted local energy provider Prykarpattyaoblenergo, causing the power outage that left half of the homes in Ivano-Frankivsk without electricity just before Christmas. According to a Ukrainian news service TSN, the outage was the result of nasty malware that disconnected electrical substations. Related Read: Dragonfly Russian Hackers Target 1000 Western Energy Firms . First Malware to

Hackers enjoy much playing with PlayStation and Xbox, rather than playing on them. And this time, they have done some crazy things with Sony's PlayStation gaming console. It appears that a console-hacking that goes by the name of Fail0verflow have managed to hack PlayStation 4 (PS4) to run a Linux kernel-based operating system. Fail0verflow announced this week that they successfully cracked the PlayStation 4 and managed to install a full version of Linux on the system, turning the PlayStation 4 into a real PC . With this latest PS4 hack, the console-hacking group gave the homebrew software community hope that Sony's popular game console will soon become a valuable tool in their arsenal. Group Managed to Run Game Boy Advance and Pokémon on PS4 What's even more interesting? The hacking group didn't stop with Linux. The group also managed to install an emulator for the Game Boy Advance and a version of Pokémon , dubbing it the "PlayStat

Following in the footsteps of Twitter, Facebook and Google, Microsoft promises to notify users of its e-mail ( Outlook ) and cloud storage ( OneDrive ) services if government hackers may have targeted their accounts. The company already notifies users if an unauthorized person tries to access their Outlook or OneDrive accounts. But from now on, the company will also inform if it suspects government-sponsored hackers. Ex-Employee: Microsoft Didn't Notify When China Spied Tibetans Leaders The move could be taken in the wake of the claims made by Microsoft's former employees that several years ago Chinese government hacked into more than a thousand Hotmail email accounts of international leaders of Tibetan and Uighur minorities , but the company decided not to tell the victims, allowing the hackers to continue their campaign. Instead of alerting those leaders of the hacking attempts, Microsoft simply recommended them to change their passwords without disclosi

The non-profit organization behind TOR – the largest online anonymity network that allows people to hide their real identity online – will soon be launching a " Bug Bounty Program " for researchers who find loopholes in Tor apps. The bounty program was announced during the recurring ' State of the Onion' talk by Tor Project at Chaos Communication Congress held in Hamburg, Germany. Bug bounty programs are cash rewards gave by companies or organizations to white hat hackers and researchers who hunt for serious security vulnerabilities in their website or products and then responsibly disclose them. Bug bounties are designed to encourage security researchers and hackers to responsibly report the vulnerabilities they discovered, rather than exploiting it. Here's what one of the founders of the Tor Project, Nick Mathewson , said about the bug bounty program as reported by Motherboard: "We are grateful to the people who have looked at ou

North Korea has its own homegrown computer operating system that looks remarkably just like Apple's OS X, which not only prevents potential foreign hacking attempts but also provides extensive surveillance capabilities. Two German researchers have just conducted an in-depth analysis of the secretive state's operating system and found that the OS does more than what is known about it. Dubbed Red Star OS , the operating system based on a Linux 2009 version called Fedora 11 limits its users to a government-approved view of the world and has the tendency to ' watermark ' files on USB sticks to track user's shuttling contraband material. Red Star OS Tracks User's Every Move In short, whenever a user inserts a USB storage device containing photos, videos or other documents, into a computer running Red Star, the OS takes the current hard disk's serial number, encrypts that number, and writes that encrypted serial into the file, marking it. The p

A former employee of Russian search engine Yandex allegedly stole the source code and key algorithms for its search engine site and then attempted to sell them on the black market to fund his own startup. Russian publication Kommersant reports that Dmitry Korobov downloaded a type of software nicknamed " Arcadia " from Yandex's servers, which contained highly critical information, including the source code and some of the "key algorithms," of its search engine. Korobov then tried to sell the stolen codes to an electronics retailer called NIX, where a friend of his allegedly worked, and on the dark underground market in search of potential buyers. But What's the Punchline? The funniest part is that Korobov requested only $25,000 and 250,000 rubles (a total of almost $29,000) for Yandex's source code and algorithms, which actually cost "Billions of Rubles," or somewhere near $15 Million USD . However, Korobov was arrest

Have you recently purchased a Windows computer? Congratulations! As your new Windows computer has inbuilt disk encryption feature that is turned on by default in order to protect your data in case your device is lost or stolen. Moreover, In case you lost your encryption keys then don't worry, Microsoft has a copy of your Recovery Key. But Wait! If Microsoft already has your Disk Encryption Keys then what's the use of using disk encryption feature? Doesn't Encryption mean Only you can unlock your disk ? Microsoft Probably Holds your Encryption Keys Since the launch of Windows 8.1, Microsoft is offering disk encryption as a built-in feature for Windows laptops, Windows phones and other devices. However, there is a little-known fact, highlighted by The Intercept, that if you have logged into Windows 10 using your Microsoft account, your system had automatically uploaded a copy of your recovery key to Microsoft's servers secretly, and you can't pre