The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: programming

Get Lifetime Access to This 60-Hour Java Programming Training Bundle @ 97% Discount

Get Lifetime Access to This 60-Hour Java Programming Training Bundle @ 97% Discount
April 16, 2022The Hacker News
Java  is a very versatile programming language. From Android apps to Oracle databases, it can be used to power a wide range of software and systems. As with most  technical skills , the best way to learn Java is through building your own projects. But you can definitely speed things up with high-quality training. The Complete 2022 Java Coder Bundle  provides plenty of that — nine full-length video courses, in fact. The training comes from top-rated instructors, and you get plenty of hands-on projects to try. The included training is worth $1,791. But in a special deal for loyal readers of The Hacker News, you can pick up the bundle for just $39.99.  Special Offer — For a limited time, you can get unlimited lifetime access to over 60 hours of Java training for  just $39.99 . That's an unmissable deal! According to Indeed, the average salary for a Java developer in the US is around $115,000 a year. But even if you don't plan on becoming a specialist, learning Java is a smart move. T

BlackCat: A New Rust-based Ransomware Malware Spotted in the Wild

BlackCat: A New Rust-based Ransomware Malware Spotted in the Wild
December 10, 2021Ravie Lakshmanan
Details have emerged about what's the first Rust-language-based ransomware strain spotted in the wild that has already amassed "some victims from different countries" since its launch last month. The ransomware, dubbed  BlackCat , was  disclosed  by MalwareHunterTeam. "Victims can pay with Bitcoin or Monero," the researchers said in a series of tweets detailing the file-encrypting malware. "Also looks they are giving credentials to intermediaries" for negotiations. BlackCat, akin to many other variants that have sprung before it, operates as a ransomware-as-a-service (RaaS), wherein the core developers recruit affiliates to breach corporate environments and encrypt files, but not before stealing the said documents in a double extortion scheme to pressure the targets into paying the requested amount or risk exposure of the stolen data should the companies refuse to pay up. Security researcher Michael Gillespie  called  it a "very sophisticated

Shifting the focus from reactive to proactive, with human-led secure coding

Shifting the focus from reactive to proactive, with human-led secure coding
June 07, 2021The Hacker News
The same 10 software vulnerabilities have caused more security breaches in the last 20+ years than any others. And yet, many businesses still opt for post-breach, post-event remediation, muddling through the human and business ramifications of it all. But now,  a new research study  points to a new, human-led direction. ‍ The following discusses insights derived from a study conducted by Secure Code Warrior with Evans Data Corp titled 'Shifting from reaction to prevention: The changing face of application security' (2021) exploring developers attitudes towards secure coding, secure code practices, and security operations.  Read the report. ‍‍In the study, developers and development managers were asked about their common secure coding practices. The top three methods highlighted were: Scanning applications for irregularities or vulnerabilities after they are deployed Scrutinizing write code to inspect for irregularities or vulnerabilities The reuse of pre-approved code t

Android to Support Rust Programming Language to Prevent Memory Flaws

Android to Support Rust Programming Language to Prevent Memory Flaws
April 07, 2021Ravie Lakshmanan
Google on Tuesday announced that its open source version of the Android operating system will add support for Rust programming language in a bid to prevent memory safety bugs. To that end, the company has been building parts of the Android Open Source Project (AOSP) with Rust for the past 18 months, with plans in the pipeline to scale this initiative to cover more aspects of the operating system. "Managed languages like Java and Kotlin are the best option for Android app development," Google  said . "The Android OS uses Java extensively, effectively protecting large portions of the Android platform from memory bugs. Unfortunately, for the lower layers of the OS, Java and Kotlin are not an option." Stating that code written in C and C++ languages requires robust isolation when parsing untrustworthy input, Google said the technique of containing such code within a tightly constrained and unprivileged sandbox can be expensive, causing latency issues and additional

Researchers Spotted Malware Written in Nim Programming Language

Researchers Spotted Malware Written in Nim Programming Language
March 12, 2021Ravie Lakshmanan
Cybersecurity researchers have unwrapped an "interesting email campaign" undertaken by a threat actor that has taken to distributing a new malware written in  Nim  programming language. Dubbed " NimzaLoader " by Proofpoint researchers, the development marks one of the rare instances of Nim malware discovered in the threat landscape. "Malware developers may choose to use a rare programming language to avoid detection, as reverse engineers may not be familiar with Nim's implementation, or focused on developing detection for it, and therefore tools and sandboxes may struggle to analyze samples of it," the researchers said. Proofpoint is tracking the operators of the campaign under the moniker "TA800," who, they say, started distributing NimzaLoader starting February 3, 2021. Prior to the latest raft of activity, TA800 is known to have predominantly used BazaLoader since April 2020. While APT28 has been previously linked to delivering  Zeb

5 Reasons Why Programmers Should Think like Hackers

5 Reasons Why Programmers Should Think like Hackers
December 16, 2019The Hacker News
Programming has five main steps: the identification and definition of the problem, the planning of the solution for the problem, coding of the program, testing, and documentation. It's a meticulous process that cannot be completed without going through all the essential points. In all of these, security must be taken into account. As you come up with a solution to the problem and write the code for it, you need to make sure security is kept intact. Cyber attacks are becoming more and more prevalent, and the trend is unlikely to change in the foreseeable future. As individuals, businesses, organizations, and governments become more reliant on technology, cybercrime is expected to only grow. Most of what people do in contemporary society involves the internet, computers, and apps/software. It's only logical for programmers to be mindful of the security aspect of making applications or software. It's not enough for programmers to produce something that works. After

Suspected Kelihos Botnet Operator Arrested in Spain

Suspected Kelihos Botnet Operator Arrested in Spain
April 10, 2017Wang Wei
Update (Tuesday, April 11):  The arrest of a Russian man in Spain was apparently for his role in Kelihos botnet responsible for sending hundreds of millions of spam emails worldwide. A Russian computer hacker and alleged spam kingpin was arrested in Barcelona, Spain, on Friday reportedly over suspicion of being involved in hacking attacks linked to alleged interference in last year's United States presidential election process . 36-year-old Peter Yuryevich Levashov  from St. Petersburg was detained by police in Barcelona after US authorities issued an international arrest warrant for his arrest. While the Russian embassy in Madrid announced Levashov's arrest on Sunday, it did not confirm the reason for his arrest. This is the second arrest made by the Spanish authorities since the US 2016 election. In January, the police detained Stanislav Lisov , 32, on suspicion of creating and operating the NeverQuest Banking Trojan and possibly influencing the presidential elec

Microsoft is Shutting Down CodePlex, Asks Devs To Move To GitHub

Microsoft is Shutting Down CodePlex, Asks Devs To Move To GitHub
April 03, 2017Wang Wei
Microsoft has announced to shut down CodePlex -- its website for hosting repositories of open-source software projects -- on December 15, 2017. Launched in 2006, CodePlex was one of the Microsoft's biggest steps towards the world of open source community -- where any programmer, anywhere can share the code for their software or download and tweak the code to their liking. However, Microsoft says that the service has dramatically fallen in usage and that fewer than 350 projects seeing a source code commit over the last 30 days, pointing to GitHub as the "de-facto place for open source sharing." GitHub – 'Facebook for Programmers' In a blog post published Friday, Microsoft Corporate VP Brian Harry wrote that the shutdown of CodePlex is because the open source community has almost entirely moved over to GitHub, which provides similar functionality for sharing code that people can collaborate on. "Over the years, we have seen a lot of amazing opti

A Typo in Zerocoin's Source Code helped Hackers Steal ZCoins worth $585,000

A Typo in Zerocoin's Source Code helped Hackers Steal ZCoins worth $585,000
February 18, 2017Mohit Kumar
Are you a programmer? If yes, then you would know the actual pain of... "forgetting a semicolon," the hide and seek champion since 1958. Typos annoy everyone. Remember how a hacker's typo stopped the biggest bank heist in the history, saved $1 billion of Bangladesh bank from getting stolen. But this time a typo in the Zerocoin source code costs the company more than $585,000 in losses. Zerocoin cryptocurrency protocol is designed to add true cryptographic anonymity to Zcoin transactions that take full advantage of "Zero-Knowledge proofs" to ensure the complete financial privacy of users. Zcoin announced Friday that " a typographical error on a single additional character " in the Zerocoin source code helped an attacker to steal 370,000 Zerocoin, which is over $585,000 at today's price. "We estimate the attacker has created about 370,000 Zcoins which has been almost completely sold except for about 20,000+ Zcoin and absorbed on

Critical glibc Flaw Puts Linux Machines and Apps at Risk (Patch Immediately)

Critical glibc Flaw Puts Linux Machines and Apps at Risk (Patch Immediately)
February 17, 2016Swati Khandelwal
A highly critical vulnerability has been uncovered in the GNU C Library (glibc) , a key component of most Linux distributions, that leaves nearly all Linux machines, thousands of apps and electronic devices vulnerable to hackers that can take full control over them. Just clicking on a link or connecting to a server can result in remote code execution (RCE), allowing hackers to steal credentials, spy on users, seize control of computers, and many more. The vulnerability is similar to the last year's  GHOST vulnerability (CVE-2015-0235) that left countless machines vulnerable to remote code execution (RCE) attacks , representing a major Internet threat. GNU C Library (glibc) is a collection of open source code that powers thousands of standalone apps and most Linux distributions, including those distributed to routers and other types of hardware. The recent flaw, which is indexed as CVE-2015-7547 , is a stack-based buffer overflow vulnerability in glibc's D

Next Hacker to Organize Biggest Java Programming Competition In Germany

Next Hacker to Organize Biggest Java Programming Competition In Germany
January 16, 2016Swati Khandelwal
Great news for Hackers and Bug-hunters who enjoy Programming and playing around with Software. A worldwide group of like-minded computer programmers is hosting The Next Hacker IPPC event on the 26th and 27th of February in Berlin, Germany, where participants can meet hackers and programmers from around the world while getting an opportunity to participate in one of the major hacking-related events in history. Yes, The Next Hacker is inviting Java programmers to participate in its International Programming Player Competition (IPPC) , which is going to be held on the second day of the event, i.e., 27th of February. The first day of 2016 IPPC event will offer technical sessions on programming, an open panel discussion with renowned hackers and programmers, as well as an opportunity for the world's top programmers to meet leading high-tech companies worldwide. The Next Hacker is an outstanding programming event with more than 5,000 attendees – no less than 3,000 c

Raspberry Pi Zero — The $5 Tiny Computer is Here

Raspberry Pi Zero — The $5 Tiny Computer is Here
November 26, 2015Swati Khandelwal
Get ready for a ThanksGiving celebration from the Raspberry Pi Foundation. Raspberry Pi, the charitable foundation behind the United Kingdom's best-selling computer, has just unveiled its latest wonder – the Raspberry Pi Zero . Raspberry Pi Zero is a programmable computer that costs just $5 (or £4), may rank as the world's cheapest computer. Raspberry Pi Zero: Just $5 Computer Yes, Pi Zero is the smallest Raspberry Pi yet for just $5, but might be the biggest when looking at its specifications: Broadcom BCM2835 application processor (same as Pi 1) 1GHz ARM11 core (40 percent faster than Raspberry Pi 1) 512MB of LPDDR2 SDRAM Micro-SD card slot MiniHDMI socket for 1080p60 video output Micro-USB for data Micro-USB for power Unpopulated 40-pin GPIO connector Identical pinout to Model A+/B+/2B Unpopulated composite video connector Smallest ever form factor (i.e. 65mm x 30mm x 5mm) Get Your Raspberry Pi Zero Now! The Raspberry Pi is respon

Micro:bit — A Pocket-sized Programmable Computer

Micro:bit — A Pocket-sized Programmable Computer
July 09, 2015Mohit Kumar
The BBC has unveiled the final design of the Micro:bit — a pocket-sized computer board designed to lure U.K. school children to embedded electronics. The Micro:bit is essentially a codeable computer that lets kids get creative with technology. It measures 5cm by 4cm and will be available in different colors. The idea behind the Micro:bit is to encourage young children to learn how computers work, and to get kids into programming and engineering at the young age. What does this tiny little computer contain? The Micro:bit, made in collaboration with ARM, Barclays, element14, Freescale, Lancaster University, Microsoft, Nordic Semiconductor, Samsung and the Wellcome Trust, contains: A 32-bit ARM Cortex M0 CPU Programmable Array of 25 red LEDs Micro USB port through which it can be powered Three input-output (I/O) Ring Connectors to hook it up to other kits and sensors Bluetooth for connectivity A 3V output connector to power external devices A 20-pin edge

Internet Explorer Developer Channel - Early Access to Next-Generation Features For Developers

Internet Explorer Developer Channel - Early Access to Next-Generation Features For Developers
June 16, 2014Swati Khandelwal
In an effort to create more open and accessible atmosphere between the Internet Explorer team and the Web development community, Microsoft today announced the launch of The Developer Channel for Internet Explorer . Internet Explorer Developer Channel is a fully-functioning browser designed to provide Web programmers and early adopters an advance and better understanding of the features the team is currently working on and let them offer feedback before it reaches the broader public. " Today we're excited to announce the release of the Internet Explorer Developer Channel, a fully functioning browser designed to give Web developers and early adopters a sneak peek at the Web platform features we're working on, " Microsoft said in a blog post . Thankfully, Internet Explorer Developer Channel runs independently of the user's copy of IE and allows Web programmers to test newest Web technology and browser features without disrupting their current browser set

Billions of Smartphone Users affected by Heartbleed Vulnerability

Billions of Smartphone Users affected by Heartbleed Vulnerability
April 13, 2014Swati Khandelwal
Heartbleed has left a worst impression worldwide affecting millions of websites and is also supposed to put millions of Smartphones and tablets users at a great risk. Heartbleed is a critical bug ( CVE-2014-0160 ) in the popular OpenSSL cryptographic software library, that actually resides in the OpenSSL's implementation of the TLS/DTLS heartbeat extension, which allows attackers to read portions of the affected server's memory, potentially revealing users data such as usernames, passwords, and credit card numbers, that the server did not intend to reveal. OpenSSL is a widely-used cryptographic library which implements the SSL and TLS protocol and protects communications on the Internet, and mostly every websites use either SSL or TLS, even the Apache web server that powers almost half of the websites over internet utilizes OpenSSL. But to assume that the users using desktop browsers to visit websites are vulnerable to the Heartbleed bug, will be wrong. Despite 40

NSA denies Report that Agency knew and exploited Heartbleed Vulnerability

NSA denies Report that Agency knew and exploited Heartbleed Vulnerability
April 12, 2014Swati Khandelwal
The Bloomberg claimed that the U.S. National Security Agency (NSA) knew about the most critical Heartbleed flaw and has been using it on a regular basis to gather " critical intelligence " and sensitive information for at least past two years and decided to keep the bug secret, citing two sources ' familiar with the matter '. In response to the above report, NSA has issued a ' 94 character' statement today denying the claims that it has known about the Heartbleed bug since two years and that it has been using it silently for the purpose of surveillance. " NSA was not aware of the recently identified Heartbleed vulnerability until it was made public ," the U.S. intelligence agency said on its Twitter feed . Heartbleed is one of the biggest Internet vulnerabilities in recent history that left large number of cryptographic keys and private data such as usernames, passwords, and credit card numbers, from the most important sites and services on the Int

German Developer responsible for HeartBleed Bug in OpenSSL

German Developer responsible for HeartBleed Bug in OpenSSL
April 12, 2014Mohit Kumar
We have already read so many articles on Heartbleed, one of the biggest iNternet threat that recently came across by a team of security engineers at Codenomicon , while improving the SafeGuard feature in Codenomicon's Defensics security testing tools.  The story has taken every media attention across the World, as the bug opened doors for the cyber criminals to extract sensitive data from the server's memory and almost every major site have been affected by it. UNINTENTIONAL  BIRTH OF HEARTBLEED More than two years ago, German programmer Robin Seggelmann introduced a new feature called " Heartbeat " in the most secured open source encryption protocol, OpenSSL , which is used by several social networks, search engines, banks and other websites to enable secure connections while transmitting data. But introducing heartbeat feature cost him dearly, as here the most critical bug resides. Dr. Seggelmann allegedly was just trying to improve OpenSSL and wo

Learn How DuckDuckGo Search Engine helps you to be a Good Programmer

Learn How DuckDuckGo Search Engine helps you to be a Good Programmer
February 21, 2014Anonymous
So you want to be a Programmer? Want to learn - How to code, Debug, and Program? The Web is full of free resources that can turn you into a programmer in no time, but never knew Where to start or How to troubleshoot your programs . Learning How to be a good programmer begins with learning logic concepts and language syntax and Google is a superb search engine, used by the majority of users online for finding information. But most of the time we don't get helping hands ' easily & quickly ' to debug our programs using Google or other Search engines. Learning to program is hard enough, but debugging is a critical skill, actually - it's frustrating ! DuckDuckGo , a private Search Engine that claims it gives complete anonymity to its users, has ' Programming Goodies ' for you and Software Engineers, i.e. provides a large number of programming tips and solutions from the a number of references, for various programming languages. Following are the

Web Application Security : PHP SuperGlobal Variables are vulnerable to Hackers

Web Application Security : PHP SuperGlobal Variables are vulnerable to Hackers
September 09, 2013Mohit Kumar
Hackers are focusing on vulnerabilities in the PHP web application development platform threatening 80% websites in the world, including many big website i.e. Facebook and Wikipedia. PHP has several predefined variables that are called SuperGlobals i.e. POST, GET, COOKIES, FILES etc. Imperva Releases Hacker Intelligence Initiative Report , particularly concerned about two vulnerabilities that can be used to execute code on servers running PHP and fail to stop PHP SuperGlobal parameter variables being modified by external sources. Dubbed as  CVE-2011-2505 , describes a vulnerability in the authentication feature in PhpMyAdmin (PMA) that enables attackers to modify the  _SESSION  SuperGlobal variable. CVE-2010-3065 describes a problem in the PHP's session serialization mechanism. By injecting malicious value into an internal variable using PHP's Superglobal mechanism, the attacker is able to change the application flow and execute arbitrary commands to take control over
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.