The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Computer geeks already knew it was possible to hack into a car's computerized systems and finally, two U.S. hackers - Charlie Miller and Chris Valasek, sponsored by the Pentagon's research facility DARPA recently demonstrated just how easy it is for malicious hackers to physically hijack a modern car using a laptop. Feeling exiting ... ? You should worry too..It's all very concerning. Because you may never drive your car again after you see how a couple of government funded tech guys were able to hack into, and take control of car's steering, dashboard, and even its brakes. Forget hacking accounts, computers or mobile devices, this new threat to our vehicles is thanks to the evolution of electronic control units being installed in most new cars. Charlie Miller , a security engineer at Twitter, and Chris Valasek, the Director of Security Intelligence at IOActive received an $80,000 grant from the US government in order to research these new vulnerabilities . ...

The GPS expert Todd Humphreys , professors at the University of Texas, demonstrated that just using a cheap apparatus composed by a small antenna, an electronic GPS " spoofer " built in $3,000 and with a laptop, it is possible to exploit GPS vulnerability to obtain control of sophisticated navigation system aboard a 210-foot super-yacht in the Mediterranean Sea.  Humphreys demonstrated the exploit of a GPS vulnerability aboard the yacht " White Rose of Drachs " commanded by Capt. Andrew Schofield, the official and his crew were stunned by the effect of the attack. Humphreys is a famous GPS experts, we met him last year when we discussed about drones hacking . The Assistant Professor of the University of Texas with his team has created the world's most powerful GPS spoofer that was tested on GPS-based timing devices used in mobile phone transmitters. Humphreys reported the results of his experiment to the Foxnews explaining how his team exploited the GPS system ...

The passport control system at Istanbul Ataturk Airport International departure terminal was under cyber attack on Friday, while another airport in the Turkish largest city was also affected. Passengers stood in lines for hours and plane departures were delayed, because cyberattack shutdown passport control systems at two facilities. Later Authorities has restored the systems. Few local media said that the passport control system at the Sabiha Gokcen International Airport in Istanbul also broke down due to the malfunction of the Istanbul provincial security directorate's Polnet data system. They believe that systems were infected using some malwares, But Authorities also investigating if the malware yielded user details from the infected machines or not. No claim of responsibility or blame was attributed to the alleged cyberattack. However, this is another malware attacks been reported, targeting vital infrastructure so far. Cybersecurity has emerged as ...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

A spokesman for President Vladimir Putin says, " Russia has never extradited anyone, and will not extradite ,". Moscow security agency FSB is in talks with the FBI over Snowden , but the whistleblower will not be extradited to the US. The Russian immigration ministry granted Snowden a document this week that would allow him to leave the transit area of the Moscow airport, where he has been confined for a month, and live in Russia for up to a year. Russian President Vladimir Putin has said that if Snowden releases any more of the materials, Russia will not grant him temporary asylum . " Snowden has information enough to cause more damage to the U.S. government in a single minute than any other person has ever had in the history of the United States ," The Guardian reporter said. Russian President is not handling the case of the former CIA employee Edward Snowden, " Snowden has not filed any requests that would need to be considered by the head of stat...

Famous poker player 'Masaaki Kagawa' who won about $1.5 million in poker tournaments has been arrested by Japanese authorities for allegedly distributing Android malware. According to Symantec , He is just one of nine men arrested for distributing spam that included emails with links to Android malware ' Android.Enesoluty ', used to collect contact details stored on the owner's device. Security researchers discovered Android.Enesoluty first time in September 2012, it steals information and sends it to computers run by hackers. The operation began around September, 2012 and ended in April, 2013 when authorities raided the company office. Around 150 domains were registered to host the malicious apps and the group was able to collect approximately 37 million email addresses from around 810,000 Android devices. The company earned over 3.9 million US dollars by running a fake online dating service called Sakura site. " His passion for taking chances ...

A Group of Hackers, Four Russians and a Ukrainian allegedly broke computer networks of more than a dozen major American and international corporations and stole 160 million credit card numbers over the course of seven years, the largest data theft case ever prosecuted in the U.S.  They are accused of stealing usernames and passwords, personal identification information, and credit and debit card numbers. After stealing data, they sold it to resellers, who then sold it through online forums or to individuals and organizations. Since at least 2007, officials said the hackers have been infiltrating computer networks across the globe, including firms in New Jersey, where the first breach was detected. The group would then allegedly install " sniffers " within the networks to automatically obtain electronic data from tens of thousands of credit cards. The network allegedly charged $10 for American credit card information, $50 for European information and $15 for Ca...

Security Information & Event Management (SIEM) has evolved over the years to become one of the most trusted and reliable solutions for log management, security, and compliance. The demand for SIEM tools is constantly increasing within network and IT security teams. This is due particularly to the colossal surge of security breaches and cyber-attacks that impact corporations and cause financial loss and damaged reputations. When conducting research for an SIEM solution, it's important to be able to identify features that will enable effective detection, prevention, and response to security threats. Below, we'll discuss a number of critical topics to consider when selecting an SIEM solution. Log Correlation – The Heart of SIEM SIEM software works with the principle of log collection and correlation, therefore, it's important to ensure that log correlation happens effectively, in real time, and provides centralized visibility into potentially insecure and non-co...

Security expert Ebrahim Hegazy has found a Password disclosure vulnerability in Barracuda update servers which allows to gain access to employee credentials. The Egyptian information security advisor Ebrahim Hegazy( @Zigoo0 ) has found a Password disclosure vulnerability in one of Barracuda update servers which allows the attackers to gain access to all its employee data. When the system administrator needs to protect a directory with a second authentication layer (basic authentication ) besides the back-end authentication, he can do it with multiple methods, one of that methods is through the configuration of .htaccess and .htpasswd files. A proper configuration could prevent a visitor to surf reserved area (e.g /Cpanel or /admin), in this scenario a popup proposes to the user asking to enter authentication credentials, that credentials are saved inside .htpasswd file as: Username:Password In normal scenarios the .htpasswd file should be stored outside the we...

One of the most popular free calling App " Viber " for smartphones got hacked and defaced their one of the subdomain i.e https://support.viber.com/ by  Pro-Assad hacker group the   Syrian Electronic Army . According claimed to take backup of their partial database , as shown, " We weren't able to hack all Viber systems " hacker said. SEA hackers also suggested Viber (an instant-messaging and VoIP service) users to uninstall the application because company is spying and tracking each user, recording IP address of each user in database as shown above, " Warning: If you have "Viber" app installed we advise you to delete it " they tweeted . Earlier this year, Viber announced that it had over 200 million mobile users. Just today same hackers also managed to hacked into  Daily Dot News website and deleted an article against them and last weekend Millions of Phone Book records were stolen from Truecaller Database by SE...

Pro-Assad hacker group the Syrian Electronic Army claims to have breached the online news portal " Daily Dot " and deleted an article with a caricature of Syrian President Bashar al-Assad. SEA hackers gave an advance warning to Daily Dot editorial team via twitter , said " Dear @dailydot, please remove the attached picture in this article: https://www.dailydot.com/news/syrian-electronic-army-tango-me/ … or we will do something you will not like it. " But Daily Dot refused to comply, and hackers broke into the Gmail account of one of its staff, then into the site's administration panel and removed the article in question altogether, as challenged ! The attackers have published several pictures, including ones of emails sent out to Daily Dot staff about the Syrian Electronic Army's threat. Staff have been warned that the hackers use phishing emails to trick them into handing over their account credentials. " The stupid @dailydot administra...