The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

IT security firm Trustwave has been sued by a Las Vegas-based casino operator for conducting an allegedly "woefully inadequate" investigation following a network breach of the casino operator's system. Affinity Gaming , an operator of 5 casinos in Nevada and 6 elsewhere in the United States, has questioned Trustwave's investigation for failing to shut down breach that directly resulted in the theft of credit card data, allowing credit card thieves to maintain their foothold during the investigation period. The lawsuit, filed in the US District Court in Nevada, is one of the first cases of its kind where a client challenges a cyber security firm over the quality of its investigation following a hacking attack. Casino Sued an IT Security Firm Affinity Gaming said it hired Trustwave in late 2013 to analyze and clean up computer network intrusions that allowed attackers to obtain its customers' credit card data. It was reported that the details

Apple Mac Computers are considered to be much safer than Windows computers at keeping out the viruses and malware, but the new Exploit discovered by researchers again proves it indeed quite false. Last year, The Hacker News reported a deadly simple exploit that completely bypassed one of the core security features in Mac OS X known as Gatekeeper . Apple released a patch in November, but now the same security researcher who discovered the original Gatekeeper bypass vulnerability said he found an equally obvious workaround. Patrick Wardle, ex-NSA staffer and head of research at security intelligence firm Synack, said the security patch released by Apple was " incredibly weak " and that the update was " easy to bypass " in minutes. Gatekeeper's Failure Once Again Introduced in July of 2012, Gatekeeper is Apple's anti-malware feature designed to block untrusted, dodgy apps from running, keeping Mac OS X systems safe from malware. Ho

As cyber threats loom large and data breaches continue to pose increasingly significant risks. Organizations and industries that handle sensitive information and valuable assets make prime targets for cybercriminals seeking financial gain or strategic advantage.  Which is why many highly regulated sectors, from finance to utilities, are turning to military-grade cyber defenses to safeguard their operations. Regulatory Pressures Impacting Cyber Decisions Industries such as finance, healthcare, and government are subject to strict regulatory standards, governing data privacy, security, and compliance. Non-compliance with these regulations can result in severe penalties, legal repercussions, and damage to reputation. To meet regulatory requirements and mitigate the ever-increasing risk, organizations are shifting to adopt more robust cybersecurity measures. Understanding the Increase of Threats Attacks on regulated industries have increased dramatically over the past 5 years, with o

Last month, the Norway police arrested five hackers accused of running the MegalodonHTTP Remote Access Trojan (RAT). The arrests came as part of the joint operation between Norway's Kripos National Criminal Investigation Service and Europol, codenamed " OP Falling sTAR ." According to the United States security firm, all the five men, aged between 16 and 24 years and located in Romania, France, and Norway, were charged with possessing, using and selling malware. One of those arrested also confessed to running his own web store where he sold malware, designed to take full control of target computers, harvesting passwords, and other personal data. Moreover, the malware can be used to hijack webcams in real-time, and steal documents, images, and videos as well. "Damballa's threat discovery center worked in cooperation with the Norway police over the last few months to track and identify the author of the malware dubbed MegalodonHTTP," threat

A 'Serious' security vulnerability has been discovered and fixed in OpenSSH – one of the most widely used open-source implementations of the Secure Shell (SSH) Protocol. The critical vulnerability could be exploited by hackers to force clients to leak their secret private cryptographic keys, potentially exposing users to Man-in-the-Middle (MITM) attacks. What Causes the Flaw to occur? The serious bug was actually the result of a code that enables an experimental " roaming " feature in the OpenSSH versions 5.4 to 7.1 in order to let users resume connections. However, The roaming feature contains two different vulnerabilities: An information sharing flaw ( CVE-2016-0777 ) A less harmless buffer overflow flaw ( CVE-2016-0778 ) The vulnerability does not have any catchy name like some previous OpenSSH flaws. Impact of the Vulnerability This new feature can be exploited by hackers, who could use a malicious OpenSSH server to trick a

The buzz around The Internet of Things (IoT) is growing, and it is growing at a great pace. Every day the technology industry tries to connect another household object to the Internet. One such internet-connected household device is a Smart Doorbell. Gone are the days when we have regular doorbells and need to open the door every time the doorbell rings to see who is around. However, with these Internet-connected Smart Doorbells, you get an alert on your smartphone app every time a visitor presses your doorbell and, in fact, you can also view who's in front of your door. Moreover, you can even communicate with them without ever opening the door. Isn't this amazing? Pretty much. But what if your doorbell Reveals your home's WiFi password ? Use Smart Doorbell to Hack WiFi Password Until now, we have seen how hackers and researchers discovered security holes in Smart Cars , Smart refrigerators , Smart kettles and Internet-connected Toys , raising

Are millions of enterprise users, who rely on the next-generation firewalls for protection, actually protected from hackers? Probably Not. Just less than a month after an unauthorized backdoor found in Juniper Networks firewalls, an anonymous security researcher has discovered highly suspicious code in FortiOS firewalls from enterprise security vendor Fortinet. According to the leaked information, FortiOS operating system, deployed on Fortinet's FortiGate firewall networking equipment, includes an SSH backdoor that can be used to access its firewall equipment. Anyone can Access FortiOS SSH Backdoor Anyone with " Fortimanager_Access " username and a hashed version of the " FGTAbc11*xy+Qqz27 " password string, which is hard coded into the firewall, can login into Fortinet's FortiGate firewall networking equipment. However, according to the company's product details, this SSH user is created for challenge-and-response authenti

Nation's Top Spy Chief Got Hacked! The same teenage hacker who broke into the AOL email inbox of CIA Director John Brennan last October has now claimed to have broken into personal email and phone accounts of the US Director of National Intelligence James Clapper . Clapper was targeted by the teenage hacker, who called himself Cracka and claimed to be a member of the hacker group Crackas with Attitude ( CWA ) that made headlines in October for hacking into CIA Director's email and accessing several online portals and tools used by US law enforcement agencies. Also Read: FBI Deputy Director's Email Hacked by Cracka with Attitude . Trove of Information Related to Top Spy Chief Hacked! Cracka told Motherboard that he had access to a series of accounts connected to Clapper, including: Home telephone account Internet accounts Personal email accounts His wife's Yahoo email The spokesperson for the Office of the Director of National Intel

If you have installed Trend Micro's Antivirus on your Windows computer, then Beware. Your computer can be remotely hijacked, or infected with any malware by even through a website – Thanks to a critical vulnerability in Trend Micro Security Software. The Popular antivirus maker and security firm Trend Micro has released an emergency patch to fix critical flaws in its anti-virus product that allow hackers to execute arbitrary commands remotely as well as steal your saved password from Password Manager built into its AntiVirus program. The password management tool that comes bundled with its main antivirus is used to store passwords by users and works exactly like any other password manager application. Even Websites Can Hack Into Your Computer Google's Project Zero security researcher, Tavis Ormandy, discovered the remote code execution flaw in Trend Micro Antivirus Password Manager component, allowing hackers to steal users' passwords. In short, o

Yes, from today, Microsoft is ending the support for versions 8, 9 and 10 of its home-built browser Internet Explorer, thereby encouraging Windows users to switch on to Internet Explorer version 11 or its newest Edge browser . Microsoft is going to release one last patch update for IE8, IE9 and IE10 today, but this time along with an " End of Life " notice, meaning Microsoft will no longer support the older versions. So, if you want to receive continuous updates for your web browser and avoid being exposed to potential security risks after 12 January, you are advised to upgrade your browser to Internet Explorer 11, or its new Edge browser. End of Life of Internet Explorer 8, 9 and 10  "Internet Explorer 11 is the last version of Internet Explorer, and will continue to receive security updates, compatibility fixes, and technical support on Windows 7, Windows 8.1, and Windows 10," Microsoft says . This move could be part of Microsoft's bigger

A simple, yet effective flaw discovered on eBay's website exposed hundreds of millions of its customers to an advance  Phishing Attack . An Independent Security Researcher reported a critical vulnerability to eBay last month that had the capability to allow hackers to host a fake login page, i.e. phishing page, on eBay website in an effort to steal users' password and harvest credentials from millions of its users. The researchers, nicknamed MLT , said anyone could have exploited the vulnerability to target eBay users in order to take over their accounts or harvest thousands, or even millions, of eBay customers credentials by sending phishing emails to them. MLT published a blog post about the eBay flaw on Monday, demonstrating how easy it is to exploit the flaw like this and steal customers' passwords. Here's How ebay Hack Works The flaw actually resided in the URL parameter that allowed the hacker to inject his iFrame on the legitimate eBay