#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

tor | Breaking Cybersecurity News | The Hacker News

Category — tor
HUMINT: Diving Deep into the Dark Web

HUMINT: Diving Deep into the Dark Web

Jul 09, 2024 Cybercrime / Dark Web
Discover how cybercriminals behave in Dark Web forums- what services they buy and sell, what motivates them, and even how they scam each other. Clear Web vs. Deep Web vs. Dark Web Threat intelligence professionals divide the internet into three main components: Clear Web - Web assets that can be viewed through public search engines, including media, blogs, and other pages and sites. Deep Web - Websites and forums that are unindexed by search engines. For example, webmail, online banking, corporate intranets, walled gardens, etc. Some of the hacker forums exist in the Deep Web, requiring credentials to enter. Dark Web - Web sources that require specific software to gain access. These sources are anonymous and closed, and include Telegram groups and invite-only forums. The Dark Web contains Tor, P2P, hacker forums, criminal marketplaces, etc. According to Etay Maor, Chief Security Strategist at Cato Networks , "We've been seeing a shift in how criminals communicate and co...
Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services

Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services

Apr 17, 2024 IoT Security / Network Security
Cisco is warning about a global surge in brute-force attacks targeting various devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services, since at least March 18, 2024. "These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies," Cisco Talos  said . Successful attacks could pave the way for unauthorized network access, account lockouts, or denial-of-service conditions, the cybersecurity company added. The attacks, said to be broad and opportunistic, have been observed targeting the below devices - Cisco Secure Firewall VPN  Check Point VPN Fortinet VPN SonicWall VPN RD Web Services  MikroTik  Draytek  Ubiquiti  Cisco Talos described the brute-forcing attempts as using both generic and valid usernames for specific organizations, with the attacks indiscriminately targeting a wide range of sectors across geographies. The sourc...
Want to Grow Vulnerability Management into Exposure Management? Start Here!

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Dec 05, 2024Attack Surface / Exposure Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...
Russia Blocks Tor Privacy Service in Latest Censorship Move

Russia Blocks Tor Privacy Service in Latest Censorship Move

Dec 10, 2021
Russia has stepped up its censorship efforts in the country by fully blocking access to the Tor web anonymity service, coinciding with the  ban  of six virtual private network (VPN) operators, as the government continues its efforts to control the internet and crack down on attempts to circumvent locally imposed web restrictions. The Federal Service for Supervision of Communications, Information Technology and Mass Media, also known as Roskomnadzor, the watchdog responsible for monitoring, controlling and censoring Russian mass media, announced the block, accusing it of enabling access to illegal content, Reuters  reported  this week. Russia  accounts  for 15% of all Tor users, with more than 310,000 daily users, second only to the U.S. Tor, short for The Onion Router,  enables  users to automatically encrypt and reroute their web requests through a network of Tor relays for anonymizing network traffic, as well as help bypass censorship and p...
cyber security

Innovate Securely: Top Strategies to Harmonize AppSec and R&D Teams

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
Researchers Demonstrate New Fingerprinting Attack on Tor Encrypted Traffic

Researchers Demonstrate New Fingerprinting Attack on Tor Encrypted Traffic

Nov 15, 2021
A new analysis of website fingerprinting (WF) attacks aimed at the Tor web browser has revealed that it's possible for an adversary to glean a website frequented by a victim, but only in scenarios where the threat actor is interested in a specific subset of the websites visited by users. "While attacks can exceed 95% accuracy when monitoring a small set of five popular websites, indiscriminate (non-targeted) attacks against sets of 25 and 100 websites fail to exceed an accuracy of 80% and 60%, respectively," researchers Giovanni Cherubin, Rob Jansen, and Carmela Troncoso  said  in a newly published paper. Tor browser  offers  "unlinkable communication" to its users by routing internet traffic through an overlay network, consisting of more than six thousand relays, with the goal of anonymizing the originating location and usage from third parties conducting network surveillance or traffic analysis. It achieves this by building a circuit that traverses via an ...
REvil Ransomware Gang Goes Underground After Tor Sites Were Compromised

REvil Ransomware Gang Goes Underground After Tor Sites Were Compromised

Oct 18, 2021
REvil, the notorious ransomware gang behind a string of cyberattacks in recent years, appears to have gone off the radar once again, a little over a month after the cybercrime group staged a surprise return following a two-month-long hiatus. The development, first  spotted  by Recorded Future's  Dmitry Smilyanets , comes after a member affiliated with the REvil operation posted on the XSS hacking forum that unidentified actors had taken control of the gang's Tor payment portal and data leak website. "The server was compromised and they were looking for me. To be precise, they deleted the path to my hidden service in the  torrc file  and raised their own so that I would (sic) go there. I checked on others - this was not. Good luck everyone, I'm off," user 0_neday said in the post. As of writing, it isn't clear exactly who was behind the compromise of REvil's servers, although it wouldn't be entirely surprising if law enforcement agencies played a r...
Patch Tor Browser Bug to Prevent Tracking of Your Online Activities

Patch Tor Browser Bug to Prevent Tracking of Your Online Activities

Jun 23, 2021
Open-source Tor browser has been updated to version 10.0.18 with fixes for multiple issues, including a privacy-defeating bug that could be used to uniquely fingerprint users across different browsers based on the apps installed on a computer. In addition to  updating  Tor to 0.4.5.9, the browser's Android version has been upgraded to Firefox to version 89.1.1, alongside incorporating patches rolled out by Mozilla for several  security vulnerabilities  addressed in Firefox 89. Chief among the rectified issues is a new fingerprinting attack that came to light last month. Dubbed  scheme flooding , the vulnerability enables a malicious website to leverage information about installed apps on the system to assign users a permanent unique identifier even when they switch browsers, use incognito mode, or a VPN. Put differently, the  weakness  takes advantage of custom URL schemes in apps as an attack vector, allowing a bad actor to track a device's user ...
Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users

Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users

Feb 20, 2021
Brave has fixed a privacy issue in its browser that sent queries for .onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users' visits to dark web websites. The bug was addressed in a hotfix  release  (V1.20.108) made available yesterday. Brave ships with a built-in feature called " Private Window with Tor " that integrates the  Tor  anonymity network into the browser, allowing users to access .onion websites, which are hosted on the darknet, without revealing the IP address information to internet service providers (ISPs), Wi-Fi network providers, and the websites themselves. The feature was added in  June 2018 . This is achieved by relaying users' requests for an onion URL through a network of volunteer-run Tor nodes. At the same time, it's worth noting that the feature uses Tor just as a proxy and does not implement most of the privacy protections offered by Tor Browser. But according to a report fir...
Core Tor Contributor Leaves Project; Shutting Down Important Tor Nodes

Core Tor Contributor Leaves Project; Shutting Down Important Tor Nodes

Jul 19, 2016
Another blow to the Tor Project : One of the Tor Project's earliest contributors has decided to quit the project and shut down all of the important Tor nodes under his administration. Lucky Green was part of the Tor Project before the anonymity network was known as TOR. He probably ran one of the first 5 nodes in the TOR network at its inception and managed special nodes inside the anonymity network. However, Green announced last weekend that "it is no longer appropriate" for him to be part of the Tor Project, whether it is financially or by providing computing resources. TOR, also known as The Onion Router , is an anonymity network that makes use of a series of nodes and relays to mask its users' traffic and hide their identity by disguising IP addresses and origins. The TOR network is used by privacy-conscious people, activists, journalists and users from countries with strict censorship rules. Crucial and Fast TOR Nodes to be Shut Down Soon Alongs...
Tor Project to Start Bug Bounty Program — Get Paid for HACKING!

Tor Project to Start Bug Bounty Program — Get Paid for HACKING!

Dec 30, 2016
The non-profit organization behind TOR – the largest online anonymity network that allows people to hide their real identity online – will soon be launching a " Bug Bounty Program " for researchers who find loopholes in Tor apps. The bounty program was announced during the recurring ' State of the Onion' talk by Tor Project at Chaos Communication Congress held in Hamburg, Germany. Bug bounty programs are cash rewards gave by companies or organizations to white hat hackers and researchers who hunt for serious security vulnerabilities in their website or products and then responsibly disclose them. Bug bounties are designed to encourage security researchers and hackers to responsibly report the vulnerabilities they discovered, rather than exploiting it. Here's what one of the founders of the Tor Project, Nick Mathewson , said about the bug bounty program as reported by Motherboard: "We are grateful to the people who have looked at ou...
FBI denies paying $1 MILLION to Unmask Tor Users

FBI denies paying $1 MILLION to Unmask Tor Users

Nov 14, 2015
Just day before yesterday, the Tor Project Director Roger Dingledine accused the FBI of paying the Carnegie Mellon University (CMU) at least $1 Million to disclose the technique they had discovered to unmask Tor users and reveal their IP addresses. However, the Federal Bureau of Investigation has denied the claims. In a statement, the FBI spokeswoman said , "The allegation that we paid [CMU] $1 Million to hack into Tor is inaccurate." The Tor Project team discovered more than hundred new Tor relays that modified Tor protocol headers to track online people who were looking for Hidden Services , and the team believes that it belongs to the FBI in order to reveal the identity of Tor-masked IP addresses. One such IP address belongs to Brian Richard Farrell , an alleged Silk Road 2 lieutenant who was arrested in January 2014. The attack on Tor reportedly began in February 2014 and ran until July 2014, when the Tor Project discovered the flaw. Within few ...
FBI reportedly Paid $1 Million to University Researchers for UnMasking Tor Users

FBI reportedly Paid $1 Million to University Researchers for UnMasking Tor Users

Nov 12, 2015
The non-profit Tor Project has accused the FBI of paying the security researchers of Carnegie Mellon University (CMU) at least $1 Million to disclose the technique they had discovered that could help them… …Unmask Tor users as well as Reveal their IP addresses as part of a criminal investigation. As evidence, the Tor Project points to the cyber attack that it discovered last year in July. The team discovered more than hundred new Tor relays that modified Tor protocol headers to track people who were looking for Hidden Services – web servers hosted on Tor that offers more privacy. The Evidence The unknown attackers used a combination of nodes and exit relays, along with some vulnerabilities in the Tor network protocol that let them uncovered users' real IP addresses. The attack reportedly began in February 2014 and ran until July 2014, when the Tor Project discovered the vulnerability. Within few days, the team updated its software and rolled out new ve...
Tor Browser 4.0.4 Released

Tor Browser 4.0.4 Released

Feb 27, 2015
Tor — a privacy oriented encrypted anonymizing service, has announced the launch of its next version of Tor Browser Bundle, i.e. Tor version 4.0.4 , mostly supposed to improve the built-in utilities, privacy and security of online users on the Internet. Tor Browser helps users to browse the Internet in a complete anonymous way. The powerful Tor Browser Bundle, an anonymous web browser developed by the Tor Project, received some updates in its software. Tor Browser Bundle is basically an Internet browser based on Mozilla Firefox configured to protect the users' anonymity via Tor and Vidalia. The anonymity suite also includes 3 Firefox extensions: Torbutton, NoScript and HTTPS-Everywhere. NEW FEATURES The latest version, Tor Browser Bundle 4.0.4, has been recently released, with a few number of new features: Updated to Firefox to 31.5.0esr with important security updates. Update OpenSSL to 1.0.1l Update NoScript to 2.6.9.15 Update HTTPS-Everywhere to 4.0.3 B...
81% of Tor Users Can be Easily Unmasked By Analysing Router Information

81% of Tor Users Can be Easily Unmasked By Analysing Router Information

Nov 18, 2014
Tor has always been a tough target for law enforcement for years and FBI has spent millions of dollars to de-anonymize the identity of Tor users, but a latest research suggests that more than 81% of Tor clients can be "de-anonymised" by exploiting the traffic analysis software 'Netflow' technology that Cisco has built into its router protocols. NetFlow is a network protocol designed to collect and monitor network traffic. It exchanged data in network flows, which can correspond to TCP connections or other IP packets sharing common characteristics, such UDP packets sharing source and destination IP addresses, port numbers, and other information. The research was conducted for six years by professor Sambuddho Chakravarty , a former researcher at Columbia University's Network Security Lab and now researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology in Delhi. Chakravarty used a technique, in order to determine the Tor...
More than 400 Underground Sites seized by FBI in 'Operation Onymous'

More than 400 Underground Sites seized by FBI in 'Operation Onymous'

Nov 10, 2014
The joint operation by authorities of the U.S. Federal Bureau of Investigation (FBI) and European law enforcement seized Silk Road 2.0 , an alternative to the notorious online illegal-drug marketplace last week, and arrested 26-year-old operator Blake Benthall, but that wasn't the end. US and European authorities over the weekend announced the seizure of 27 different websites as part of a much larger operation called Operation Onymous , which led to take-down of more than "410 hidden services" that sell illegal goods and services from drugs to murder-for-hire assassins by masking their identities using the Tor encryption network. " The action aimed to stop the sale, distribution and promotion of illegal and harmful items, including weapons and drugs, which were being sold on online 'dark' marketplaces, " according to the Europol press release . This globally-coordinated take down is the combined efforts of 17 nations which includes the law enforcemen...
Unmasking Google Users With a New Timing Attack

Unmasking Google Users With a New Timing Attack

Sep 10, 2014
Researcher has discovered a new Timing attack that could unmask Google users under some special conditions. Andrew Cantino, the vice president of engineering at Mavenlink, detailed his attack in a blogpost st week. According to him, the attack could be used by an attacker to target a particular person or organization. A cyber criminal could share a Google document with an email address, un-checking the option by which Google sends the recipient a notification. TIMING ATTACK USED TO DE-MASK TOR USER'S IDENTITY Now, using timing attack exploit technique, a cyber criminal could figure out when someone logged into any one of the shared addresses visits the their site, Cantino said. An attacker could even use this attack in spear phishing campaigns or even could unmask the identity of Tor users if they're logged in to Google while using the Tor browser . Timing attack can allow to unmask targeted Google users as they browse the web. Cantino said the attack is straightforwa...
Warrant Authorized FBI to Track and Infect Computers with Malware

Warrant Authorized FBI to Track and Infect Computers with Malware

Aug 06, 2014
Tor has always been a tough target for law enforcement for years, but the United States Federal Bureau of Investigation ( FBI ) has found a way to successfully track users across the network. Just a few days back, Tor made a difficult announcement that an attack on its system likely exposed its users of anonymity. Now, a new report from Wired suggests that the FBI has been running a malware campaign to identify Tor users by infecting their computers for years on a large scale. FBI USES DRIVE-BY HACKING TO TRACK USERS Tor is generally thought to be a place where users come online to hide their activities and remain anonymous, but a court case has revealed an opposite story. FBI has been using a tactic called drive-by hacking to track computers using the Tor anonymous computing system. Security researchers call the tactic a " drive-by download " in which a hacker infiltrates a high-traffic website to deliver the malware to large swaths of visitors. That simply means t...
Attackers Compromise TOR Network to De-Anonymize Users of Hidden Services

Attackers Compromise TOR Network to De-Anonymize Users of Hidden Services

Jul 30, 2014
A critical vulnerability in Tor — an encrypted anonymizing network considered to be one of the most privacy oriented service, which is used by online users in order to hide their activities from law enforcement, government censors and others — was probably being used to de-anonymize the identity of Tor users, Tor project warned on Wednesday. 115 MALICIOUS ToR RELAYS WERE DE-ANONYMIZING USERS According to a security advisory , Tor Team has found a group of 115 malicious fast non-exit relays (6.4% of whole Tor network), those were actively monitoring the relays on both ends of a Tor circuit in an effort to de-anonymize users. " While we don't know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected, " Tor said. When you use Tor anonymizing network, your IP address remains hidden and it appears that your connection is coming from the IP address of a Tor exit rela...
Expert Insights / Articles Videos
Cybersecurity Resources