hacking | Breaking Cybersecurity News | The Hacker News

Every company needs help with cybersecurity. No CISO ever said, "I have everything I need and am fully confident that our organization is fully protected against breaches." This is especially true for small and mid-sized enterprises that don't have the luxury of enormous cybersecurity budgets and a deep bench of cybersecurity experts. To address this issue, especially for small and mid-sized enterprises, we've seen a sharp rise in Managed Detection and Response (MDR) services. MDR is essentially an outsourced cybersecurity expert service that monitors a company's environment and provides an improved ability to detect, investigate, and respond to threats. Think of it as augmenting your existing staff with a group of highly skilled cybersecurity experts. MDR Services Cynet recently published a new whitepaper that reviewed all of the services provided by their MDR team, which they refer to as "CyOps" [you can download the whitepaper here] . Interestin...

The US government has charged hackers over the largest ever hacking case in financial history. The US Court of the Southern District of New York has charged three men accused of hacking into many financial institutions, including JPMorgan Chase that, according to the officials, was "the largest theft of user data from a U.S. financial institution in history." JPMorgan Chase is one of the world's biggest banks that controls total assets worth more than $2.59 Trillion . The Hackers targeted at least nine financial institutions between 2012 and mid-2015, including JPMorgan Chase, brokerages and a major business news publication, and stolen information of " over 100 Million customers ," Bloomberg reported Tuesday. The three men, including Gery Shalon , Ziv Orenstein , and Joshua Samuel Aaron were charged with 23 counts, including hacking, identity theft, securities fraud, and money laundering, among others. A separate indictment was also ...

Here're a good news and bad news for you. The good news is that if you lose the keys for your TSA-compliant "Travel Sentry" luggage locks then you can just 3D print your very own TSA master keys. The bad news is that anyone can now 3D print their own master keys to open your bags. Yes, the security of 300 Million TSA-approved Travel Sentry luggage locks has been compromised , and now anyone with a 3D printer can unlock every single TSA-approved padlocks. Thanks to a security blunder by the American government agency. A security researcher with online moniker " Xyl2k " published the 3D printing files for a range of master keys with blueprints to GitHub , allowing anyone to 3D print his or her own copies of TSA-approved locks—the ones the authorities can unlock with their keys during airport inspections. How did the Researcher get the Print? A story about the " Secret Life " of Baggage in the hands of the US Transportation Securi...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

The leaks of celebrity photos continue, revealing their first male victim in the fourth wave. As a result of the Fappening 4, Nick Hogan, the son of Hulk Hogan, became the first celebrity male to fall victim to the leaked private photos. The first three 'celebs photos leaks' usually include images of female celebrities, such as Jennifer Lawrence, Ariana Grande, Scarlett Johansson, Kim Kardashian, Kate Upton, Selena Gomez, Cara Delevingne, and others. The latest celebrity leaks include photos of Nick Hogan's private life. In this leak, Winona Ryder, 90210 star AnnaLynne McCord, Victoria's Secret model Erin Heatherton, singer Ingrid Michaelson, and a bunch of other stars have their selfies shared widely on social networks. According to several news outlets, this latest wave of celebrity undressed photographs is part of the "Fappening" controversy that started on Thursday. However, Reddit and 4Chan simply forced the forum to be closed and denied access in res...

An old vulnerability in Word for OS X is being used in increasing levels of attacks,  probably government-sponsored hacking programs  against Uyghur group, including Tibetans, NGOs and human rights organizations. A number of attacks have been seen directed at the World Uyghur Congress, a Munich-based organization that promotes human rights. Potential victims are often tricked by so-called spear phishing attacks, the targets receive an e-mail with a subject relevant to their interests, and a Word document attached.  When they open the document, TinySHell exploits a vulnerability and then infects the computer. Exploit allows long-term monitoring or even control of the compromised system though a backdoor it installs. The malware is configured to connect to command and control servers that have been used for years in APT attacks. All the attacks use exploits for the CVE-2009-0563 (Microsoft Office) vulnerability and The backdoor also includes hard...

Internet Activist and collective hacker group "NullCrew" released a huge dump of 7,000 names-passwords database from US Government websites and 2000 names-passwords database from Military websites. Hacker claimed to hack into five websites, including Montana's Official State Website, United Nations, Louisiana Department of Environmental Quality, Texas Juvenile Justice Department, Force Health Protection & Readiness, domains are -  unescoetxea.org , www.mt.gov , www.la.gov, www.texas.gov and fhpr.osd.mil respectiverly. Few days back two Nullcrew members,  null and 0rbit_g1rl claimed to perform the hack into above sites using few vulnerabilities such as " Unproperly sanitized code, leading to disclosure of all files on a server and Boolean blind SQL injection " and they threatened to release the database soon. Today in a announcement via Twitter, hacker leaked the Database including 2000 and more Military, A...

When it comes to security, small and midsize businesses are largely unaware of the risks they face. Cybercrime is a serious problem which affects businesses of all sizes and can have devastating consequences. U.S. small businesses should understand they cannot completely remain safe from cyber-threats if they do not take the necessary precautions. Although such threats existed long before malware emerged, data theft, fraud and industrial spying are all now typically conducted through cyber-attacks. The picture painted is of an environment under siege, with an alarming 41% of businesses acknowledging themselves less than ready to face cyber-threats. Kaspersky Lab and B2B International recently conducted a survey among IT professionals working for large and medium-sized businesses to find out what IT specialists thought of corporate security solutions, to determine their level of knowledge about current threats, the sort of problems they most often face, and thei...

Researchers at Mocana, a security technology firm in San Francisco, recently demonstrated the ease with which they could hack into a popular Internet-ready HDTV model. They exploited a vulnerability in the software that displays websites on the TV, allowing them to control the information sent to the television. This flaw enabled them to create fake screens for sites like Amazon.com, prompting users to enter their credit card details. Additionally, they could monitor data sent from the TV to other sites. "Consumer electronics makers seem to be rushing to connect all their products to the Internet," said Adrian Turner, Mocana's CEO. "The design teams at these companies have not put enough thought into security." Mocana, along with similar firms, sells technology to protect devices and often highlights potential threats. This test underscores a warning from security experts: the rise of Internet TVs, smartphones, and other web-ready gadgets creates new opportun...

A group of hackers recently attacked and took offline several websites belonging to credit-card sharing groups, security experts, and other hacking communities that had neglected basic security practices. On Christmas morning, the administrators of six websites discovered their sites had been hacked. According to a newsletter published by the hackers on Dec. 25, the second issue of "Owned and Exposed" listed carders.cc, ettercap, exploit-db, backtrack, inj3ct0r, and free-hack as compromised sites. Free-hack was targeted for being "lame script kiddies," while the other sites had criminal ties or were security experts criticized for their poor security practices, as noted in the e-zine. Mati Aharoni, the administrator of exploit-db, a site cataloging known exploits and vulnerabilities, admitted the breach in a blog post but mentioned that the damage was minimal. "Other than our egos, the damage is not severe," Aharoni wrote. The hackers posted a copy of th...

A 29-year-old man was arrested on Tuesday for hacking into a girl's social networking profile, altering her photos, and posting inappropriate messages. The police apprehended Pramod Nana Bavdekar from his home in Andheri, seizing his computer and hard disk as evidence. The incident began on November 8, when the victim noticed her account was being used by someone else after she tried to log in. Consulting an expert, she learned her profile had been hacked. Shortly after, she was horrified to find her nude photos and a message stating, "I am a prostitute," on her profile. Additionally, her bank account number and other personal details were posted. The victim later received four letters via courier containing similar messages and photos, prompting her to file a complaint with the cyber division of the BKC police station. In her complaint, she mentioned her suspicion of Bavdekar, a former neighbor who had proposed to her two years earlier. According to the police, altho...

Google has introduced a new security feature in its search engine to flag more web pages that might have been compromised by hackers. This new feature expands Google's long-standing program that marks websites hosting malicious software with a "This site may harm your computer" warning. Now, a new notation, "This site may be compromised," will indicate pages that may not be malicious but show signs that the site might not be fully controlled by its legitimate owner. This often happens when spammers add invisible links or redirects to unrelated websites, such as pharmacy sites. Additionally, Google will identify sites that have had phishing pages added by hackers. According to the Anti-Phishing Working Group, between 75% and 80% of phishing sites are legitimate sites that have been hacked and seeded with phishing kits to mimic trusted e-commerce and banking sites. It remains to be seen if Google can speed up the process of re-vetting sites flagged as compromised after th...

The guest keynote speakers at technology conferences can vary in quality, but Hitachi Data Systems (HDS) Canada (NYSE: HIT) made a smart choice by inviting Michael Calce, also known as Mafiaboy, to speak at their recent Information Forum event in Toronto. Calce gained notoriety as a teenage hacker from Montreal, who became the subject of an RCMP/FBI manhunt after a massive distributed denial-of-service (DDoS) attack in 2000. This attack brought down the websites of major companies like CNN, Amazon, Dell, and Yahoo. At the forum, he recounted his youthful indiscretions and delivered a stern warning about the dangers of over-sharing in the information age. Calce began his computing journey early, receiving his first white box PC at the age of six. He was engrossed by its capabilities, particularly playing games and storing data. His first programming venture was creating an application to track his hockey card collection, reflecting his passion for the Montreal Canadiens. By age nine, ...

A lot of people are gawking at Gawker Media this morning, though not for reasons that will bring much cheer to its founder, Nick Denton. Gawker, the parent company of popular blogs like Gizmodo, Lifehacker, Jezebel, and ValleyWag, has suffered a significant breach. A hacker group known as Gnosis has taken over the site. Gnosis accessed Gawker's source code and posted it on torrent sites. They also hacked into Gawker's content management system, posting a fake story on the home page linking to the source code torrents. Additionally, the group infiltrated the site's database, gaining access to the email addresses and passwords of Gawker's staff and over 1 million registered readers. These details have also been released on torrent sites, available for free download. Why is Gnosis targeting Gawker? They believe Gawker was picking on 4chan, a group known for creating the vigilante group Anonymous and various internet memes like lolcats and Rickrolling. Gnosis hacked Gawke...

McDonald's is collaborating with law enforcement after malicious hackers infiltrated another company's database and stole information about an unknown number of the fast-food chain's customers. McDonald's has alerted potentially affected customers via email and through a message on its website . "We have been informed by one of our long-time business partners, Arc Worldwide, that limited customer information collected in connection with certain McDonald's websites and promotions was obtained by an unauthorized third party," a McDonald's spokeswoman said via email on Saturday. McDonald's hired Arc to develop and coordinate the distribution of promotional email messages. Arc, in turn, relied on an unidentified email company to manage the customer information database. This email company's systems were hacked. The data, provided voluntarily by customers, does not include Social Security numbers, credit card numbers, or any sensitive financial info...

The cyber war between Pakistani and Indian hackers is intensifying. A group called the Indian Cyber Army (ICA) has claimed access to scripts from more than 375 Pakistani websites, including those belonging to the government, high-level organizations, and notable individuals. Hackers from both countries are targeting significant public and private websites. Last week, a group named Pak Cyber Army (PCA) hacked approximately 300 Indian websites. The ICA has warned it could hack another 375 Pakistani websites by December 31, 2010. In response to these threats, the government has taken serious measures. A special cell under the Federal Investigation Agency (FIA), known as the National Response Centre for Cyber Crimes (NR3C), has been established to monitor Pakistani websites, particularly government sites, according to Inam Ghani, Project Director NR3C. He added that the cybercrime wing of the FIA has already recovered 36 hacked websites. To prevent further attacks on public websites, a...

Dutch authorities announced the arrest of a 16-year-old hacker involved in the pro-WikiLeaks attacks on the websites of MasterCard and PayPal. The Dutch National Prosecutors Office reported that the teen, whose name was not disclosed, was arrested by a high-tech crime team last night. The arrest follows a series of attacks organized by the group known as Anonymous. This group has previously targeted entities such as the Church of Scientology and the Australian government. Recently, they launched distributed denial-of-service (DDoS) attacks on companies distancing themselves from WikiLeaks. These attacks use thousands of computers to overwhelm a target by making simultaneous connections. Yesterday, Visa.com was briefly taken offline, though the company assured CNET that no payments or transactions were affected. MasterCard.com was also unreachable in the morning. Additionally, the website for the Swedish prosecution agency, which is seeking the extradition of WikiLeaks editor Julian A...

Hacking is a core aspect of Facebook's culture. Whether we are developing the next big product at one of our hackathons or creating a smarter search algorithm, we constantly hack to find better solutions. We are launching the Hacker Cup to unite engineers worldwide in a multi-round programming competition. Participants must solve algorithmic problem statements to advance, being ranked by accuracy and speed. What: An annual algorithmic programming contest open to hackers globally. Where: Three online rounds with finals at Facebook's headquarters in California. When: Registration opens on December 20th. The three online rounds will occur throughout January 2011, followed by the world finals. Finals: We will cover the travel and accommodation expenses for the top 25 hackers from the 3rd online round to our campus. Prizes: The top hacker will win $5,000 and the title of world champion. The second place will receive $2,000, third place $1,000, and fourth to twenty-fifth place...

Hackers rushed to defend WikiLeaks on Wednesday, launching attacks on MasterCard, Visa, Swedish prosecutors, a Swiss bank, and others who acted against the site and its jailed founder, Julian Assange. Internet "hacktivists" under the banner "Operation Payback" claimed responsibility in a Twitter message for causing severe technological problems on MasterCard's website. MasterCard had recently severed ties with WikiLeaks. Although MasterCard acknowledged a disruption in its Secure Code system for verifying online payments, spokesman James Issokson assured that consumers could still use their credit cards securely. Later on Wednesday, Visa's website also became inaccessible. These online attacks are part of a broader wave of support for WikiLeaks sweeping the Internet. Twitter was flooded with messages of solidarity for the group, while its Facebook page reached 1 million fans. However, late Wednesday, Operation Payback itself faced difficulties as many of i...

Two college students from Kohat, missing since October, have been formally charged by the Federal Investigation Agency (FIA) for allegedly sharing information about the Chief Justice of the Supreme Court of Pakistan with an Indian hacker, officials and parents have reported. The FIA's Cyber Crime Wing registered a case against Saim Ali Shah, son of Zulfiqar Ali Shah, and Salal Ali Shah, son of Sajid Ali Shah. The charges were filed in the Rawalpindi circle under Sections 419, 420, 468, and 41 of the Pakistan Penal Code and the Anti-Terrorism Ordinance (ATO) related to cyber crimes. On October 13, 2010, a special unit of FIA, Rawalpindi, raided a house in Garhi Banoorian. They took both cousins, along with their computers and CDs, without informing the local police or their parents. Zulfiqar Ali Shah, speaking to this scribe, explained that his son and nephew had developed an online friendship with an Indian national in August. This individual claimed to have hacked the official ...

The recent hacking of the Central Bureau of Investigation's (CBI) website by a group called the 'Pakistani Cyber Army' has raised concerns about the security measures of servers maintained by the National Informatics Centre (NIC). The NIC is responsible for government server maintenance. While the NIC remains silent on the issue, sources in the security establishment suggest that the NIC's safety mechanisms were inadequate. Several reminders had been sent to NIC, urging them to upgrade their hardware. The CBI's official website was hacked on the night of December 3rd to 4th. The CBI has registered a case against unknown individuals in connection with the hacking. A report titled "Shadows in the Cloud" by a Canadian think-tank, comprising the "Information Warfare Monitor" and "Shadows Server," earlier this year indicated evidence of a cyber-espionage network. This network compromised government, business, and academic computer systems ...