The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The multinational bank HSBC has blamed a denial of service attack for the downtime of many of its websites worldwide on Thursday night and the Anonymous group has been quick to take credit. " Banks are the sole cause of our current worldwide economic problems. They deserve to get hit. RBS, Lloyds TSB and Barclays are next, " FawkesSecurity said . " This denial-of-service attack did not affect any customer data, but did prevent customers using HSBC online services, including Internet banking. We are taking appropriate action, working hard to restore service. We are pleased to say that some sites are now back up and running. We are cooperating with the relevant authorities and will cooperate with other organizations that have been similarly affected by such criminal acts. " HSBC said. The timing of the group's Twitter postings lends credence to its claims, but Twitter users claiming to be Anonymous members have falsely claimed responsibility for at...

The most common approach to protect data during communication on the Android platform is to use the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols. Thousands of applications in the Google Play market that are using these implementations. A group of researchers including Sascha Fahl, Marian Harbach, Thomas Muders, Matthew Smith from Distributed Computing & Security Group - Leibniz University of Hannover, Hannover, Germany and Lars Baumgärtner, Bernd Freisleben from Department of Math. & Computer Science - Philipps University of Marburg, Marburg, Germany, have presented a paper that  most of these applications contain serious mistakes in the way that SSL/TLS is implemented, that leaving them vulnerable to man-in-the-middle attacks that could compromise sensitive user data such as banking credentials, credit card numbers and other information. Tests performed on 100 selected apps confirmed that 41 of them were vulnerable to known atta...

Android's App store is currently facing a new dilemma as its security has been compromised once again. Researchers from security firm TrustGo have recently spotted on Google Play a bogus app that supposedly automatizes the updating of a batch of other apps. The malicious code was hidden within an app named, "Updates" by developer Good Byte Labs (Package name: com.updateszxt) and was designed to look like an update to the Lookout™ mobile security application. The malware detected as Trojan!FakeLookout.A  is capable of stealing SMS and MMS messages and upload them to a remote server via FTP. This virus has the potential to steal all personal business sensitive data from the users' device. Though there are no reports of being infected by the users, it is believed that the infected users are not aware of it yet. " New approach being attempted by malware makers, " TrustGo said the site in question " contains a Trojan file that targets multiple platfo...

A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News Sites (BNS)—to deceive users into online investment fraud across 50 countries. These BNS pages are made to look like real news outlets: CNN, BBC, CNBC, or regional media. They publish fake stories that feature public figures, central banks, or financial brands, all claiming to back new ways to earn passive income. The goal? Build trust quickly and steer readers toward professional-looking scam platforms like Trap10, Solara Vynex, or Eclipse Earn. Scammers use sponsored ads on Google, Meta, and blog networks to push traffic to these sites. Ads often carry clickbait headlines—"You won't believe what a prominent public figure just revealed"—paired with official photos or national flags to make them feel legit. Clicking the ad directs users to a fake article, which then redirects them to a fraudulent trading platform. Many of these scams follow a...

A French hacker has been arrested for spreading a virus through fake smartphone applications. Prosecutors say he stole tiny sums from 17,000 people, amassing about 500,000 euros (£405,000) since 2011. Working from the basement of his parents' home in Amiens, France, he created malicious software that looked like normal smartphone apps, but these programs stole money through hidden transactions. He also used programs that sent him the usernames and passwords for gambling and gaming websites. The man admitted his crimes to police after he was arrested in the northern French city of Amiens. He told officials that he was motivated by a strong interest in computers and the desire to be a software developer.

Apple has discontinued its own Java plugin, issuing an 'update' that removes it from MacOS and encourages users to instead download Oracle's version of the software. Its another step by Apple towards making OS X safer on the web. Mac users may have noticed that Java-based websites are displaying a " Missing Plug-in " notification. The Apple Support page states that this update is for OS X 10.7 and later. Apart from stripping browsers of the Java plug-in, it also removes the Java Preferences application, since it is no longer required for applet setting configuration. Just to be clear, the update does not remove Java from your system if its installed, just the Java plugin from your web browsers. In August, Java was blasted as an unsafe plug-in that should only be used when absolutely necessary after a zero-day exploit was discovered, rolled into the user-friendly Blackhole exploit kit and used for nearly a week before Oracle issued a patch. That patch, however,...

The Internet has created many new global business opportunities for enterprises conducting online commerce. However, the many security risks associated with conducting e-commerce have resulted in security becoming a major factor for online success or failure. Whether you are an individual or a company, you should approach online security in the same way that you would approach physical security for your home or business. Not only does it make you feel safer but it also protects people who visit your home, place of business, or website. It is important to understand the potential risks and then make sure you are fully protected against them. In the fast-paced world of technology, it is not always easy to stay abreast of the latest advancements. For this reason it is wise to partner with a reputable Internet security company. Here we have a very cool guide from  Symantec , This guide will de-mystify the technology involved and give you the information you need to ...

Eugene Kaspersky is working with his engineers at Russian security firm Kaspersky Lab to create a secure-by-design OS for ICS. In an interview Kaspersky said " It's true no one else ever tried to make a secure operating system. This may sound weird because of the many efforts Microsoft, Apple and the open source community have made to make their platforms as secure as possible. With all respect, we should admit they were developing a universal solution for a wide range of application and various kinds of users. And security and usability is always a matter of compromise! With a universal OS a developer inevitably sacrifices security for usability ." Companies that maintain ICS are forced to try to patch them on the fly in the event of a malware attack, a process usually easier said than done. Instead, Kaspersky suggests that the solution lies in a secure operating system, one in which ICS can be installed. Such an OS could help ensure that industrial systems stay healthy ...

Yesterday I have reported about a huge mysterious hack in wordpress servers, that cause compromise of 15000 wordpress account and hacker managed to post same spam article of " Money making sites " with title - " Im getting paid! " on each blog. We explained how hacker was earning in thousands of dollars by just sharing his Referral link on all these hacked sites. The campaign include some malicious domains where hacker is redirecting all readers and service from a well known email marketing company - Getresponse . Using the same dork -- site:wordpress.com "Im getting paid!" , today we tried to find out number of hacked accounts and once again another shocking number - its 59300 blogs in compromised list on 2nd day of hacking campaign. So many blogs have been compromised without any known method and wordpress team still not in action. As mentioned in last article, yesterday I tried to contact with Getresponse response team whose ...

Official Twitter account of Rock band ' Garbage ' has been compromised and hacker is posting Spam tweets and links using adf.ly, which is a url shortener service that pays on clicks. Hacked twitter account hack around 55,563 Followers. Hacker can post malicious links also, but in this case we can see that purpose is not to infect other, instead hacker want to make some money by spreading links. Even he has mention this in a tweet, " All you people saying I'm dumb. I've made over 19 dollars by spamming ad.fly links. I hack twitters and spam them great money ," How hacker got access to twitter account is not yet clear, may be phishing, social engineering or can be a  password guess, but once readers should learn the importance of strong password. Yesterday we have posted another Exclusive report that, how 15000 wordpress blogs hacked and hacker is making money from referral system by posting spam articles on each...

Hacker group Anonymous may have tracked down the sex-obsessed cyberbully who drove a 15-year-old girl to kill herself last week. Today Anonymous posted a video on YouTube naming a 32-year-old man from British Columbia, as the person responsible for the October 10th suicide of 15-year-old Amanda Todd. Anonymous has started #OpRIP to hunt down those who bullied Todd. " This is the pedophile that social engineered Amanda Todd into supplying him nude pictures ," Anonymous said in a Pastebin post before identifying a 30-year-old man living in New Westminster, B.C. Todd committed suicide after years of online abuse by a man who blackmailed her, posted her topless photo online and sent it to her peers. In Todd's video, on handwritten note cards, she detailed the story of a man she said threatened to send photos of her breasts to friends and relatives unless she put on a sexual show for him. She apparently refused and he later made good on that promise, polic...