The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

In my last article, we have learnt that how to encrypt our Emails using Gnu Privacy Guard . Previously we used Microsoft Outlook as a desktop mail client and a GpgOL plugin to handle encryption decryption of our communication. Since Microsoft is a US-based company, that has to follow all the laws of that contingent. Should we trust Microsoft product to save our e-mail password and data? Obviously NO!  This made me write a new article on the same topic is that today we are going to use an open source mail client i.e.  Mozilla Thunderbird , available for Windows, Mac OS X and Linux. Thunderbird Installation: Initially you need to download the Thunderbird mail client, and install it to make your email communication more secure and private. Open Thunderbird tool and configure your mail account, as shown: Installing and Configuring ENIGMAIL:  In the next step you need to install an Add-on in Thunderbird, called  ENIGMAIL . You can search and install add-on using...

The TARGET Hack was not the only massive Data breach that happened during the last Black Friday, but also other three major US Retailers were also hacked. Recently, Neiman Marcus also confirmed a data breach that involves Credit card theft from its customers during the holiday shopping season, using similar techniques to the one that penetrated Target last month. Neiman Marcus has 79 stores and reported total sales of $1.1 Billion in the Q4 2013. Neiman Marcus revealed that its customers are at risk after hackers breached servers of the company and accessed the payment information of those who visited its stores. The company is working to inform customers whose cards have been used for fraudulent purchases, but differently from the case of retailer Target, the company hasn't provided information on the nature of data leaked and on the number of customer records exposed. Neiman Marcus spokesperson Ginger Reeder announced that the company does not yet know the cause, size or dur...

Last year Samsung launched a security feature called ' KNOX ' for high-end enterprise mobile devices. It's a nice security addition and free with new Samsung handsets such as the Galaxy Note 3 and Samsung Galaxy S4. Samsung Knox is an application that creates a virtual partition (container) within the normal Android operating system that allows a user to run two different Android systems on a same device, so that you can securely separate your personal and professional activities. KNOX based virtual operating system of your phone requires a password to be accessed and helps you to securely store data that they're especially concerned about, such as personal pictures and video, in protected containers that would be resistant to hacking attempts on stolen devices. You can switch between Knox mode and personal mode using shortcuts in the app tray and notification tray. All the data and applications stored in the KNOX container system are completely isolated from the rest...

It could be the worst day ever for Microsoft's patch management and Incident response team. A group of pro-Syrian  hackers ' Syrian Electronic Army ' has successfully compromised the official Twitter account of the Microsoft News ( @MSFTNews ), Xbox Support. They also defaced the Microsoft's TechNet blog ( blogs.technet.com ), and posted deface not over the blog. Microsoft says the situation is under control and no customer data was compromised. It seems that hackers have more internal access to the mailer system of the Microsoft, as they shared a screenshots of the internal communications between Microsoft's Public relations team and Steve Clayton, who is the manager in charge of Microsoft's corporate media platforms.  Last week, the SEA hacked Skype's blog and official twitter page, to spread the information about the NSA spying i.e. " Hacked by Syrian Electronic Army.. Stop Spying! " and today we have seen similar tweets from the Microsoft's N...

Today is January 11, 2014 and the last year on the same day a 26-year-old, young hacker, Reddit cofounder and the digital Activist, Aaron H. Swartz committed suicide. He found dead in his Brooklyn, New York apartment, where he had hanged himself. Swartz was indicted by a federal grand jury in July 2011, accused of hacking the MIT JSTOR database and stealing over four million documents with the intent to distribute them. He could have prison for 50 years and $4 million in fines by the Court, but before that he committed suicide in fear. Swartz's father, Robert, later blamed the MIT and the judiciary system for his son's death. On the first Anniversary of Aaron Swartz , today the Anonymous group of hackers defaced the sub-domain of the Massachusetts Institute of Technology (MIT) website ( https://cogen.mit.edu/ ) for about an hour as part of #OPLASTRESORT. Defacement page was titled ' THE DAY WE FIGHT BACK '. The message posted on it, " Remember The Day We Fight Back,...

The Flashback Trojan, the most sophisticated piece of malware that infected over 600,000 Apple's Macs systems back in April, 2012 is still alive and has infected about 22,000 machines recently, according to the researchers from Intego . For a refresh, Flashback Trojan was first discovered in September 2011, basically a trojan horse that uses a social engineering to trick users into installing a malicious Flash player package. Once installed, the Flashback malware injects a code into that web browser and other applications like Skype to harvest passwords and other information from those program's users. The Trojan targets a known vulnerability in Java on Mac OS X systems. The system gets infected after the user redirects to a compromised website, where a malicious javascript code to load the exploit with Java applets. Then an executable file is saved on the local machine, which is used to download and run malicious code from a remote location. It took Apple months to recogni...

A few days back the developers of one of the most advance open source operating system for penetration testing called ' KALI Linux ' announced that they were planning to include " emergency self-destruction of LUKS ". They patched a utility called cryptsetup,  which introduces a self destruction feature that will allow the Kali user to encrypt the full hard disk to make the data inaccessible in an emergency case by entering a secret password at boot time. Offensive Security has finally announced today the release of the latest version i.e. Kali Linux 1.0.6 with Kernel version 3.12, and also added the Self Destruct feature along with many new penetration testing and hacking tools. The new release also includes an ARM image script, that allow the user to build Kali Linux images for various ARM devices. Some more scripts are also added that enables the user to build their own custom Amazon AMI and Google Compute cloud images. If you already have a Kali ...

I think you haven't forgotten the massive data breach occurred at TARGET , the third-largest U.S. Retailer during last Christmas Holidays. People shop during Black Friday sales in which over 40 million Credit & Debit cards were stolen, used to pay for purchases at its 1500 stores nationwide in the U.S. TARGET officially confirmed that the encrypted PINs (personal identification numbers) of payment cards were stolen in the breach, since the stolen pin data were in encrypted form so they were confident that the information was " Safe and Secure ", because PIN cannot be decrypted without the right key. The Breach was caused by a malware attack, that allowed the criminals to manipulate Point of Sale (PoS) systems without raising red flags and the card numbers compromised in the breach are now flooding underground forums for sale. Possibly a group of Eastern European cyber criminals who specializes in attacks on merchants and Point-of-Sale terminals either attached a physical de...

The Military Units that rely on very small aperture terminals (VSATs) for satellite communications in remote areas are vulnerable to cyber attack . Researchers from cyber intelligence company IntelCrawler recently identified nearly 3 million VSATs, many of them in the United States, and found that about 10,000 of them could be easily accessed because of configuration weaknesses. " We have scanned the whole IPv4 address space since 2010 and update the results in our Big Data intelligence database, including details about the satellite operator's network ranges, such as INMARSAT, Asia Broadcast Satellite, VSAT internet iDirect, Satellite HUB Pool, and can see some vulnerabilities, " Researchers have warned that terminals having data transmission rate 4kbps to 16 Mbps used in narrow and broadband data transmission are vulnerable to cyber attack. VSATs are most commonly used to transmit narrowband data such as credit card, polling or RFID data or broadband data for VoIP or ...

The most critical and worst target of a State-sponsored cyber-attack s could be Hospitals, Dams, Dykes and Nuclear power stations and this may cause military conflicts between countries. According to Japan Today , The Monju nuclear power plant in Tsuruga, Japan was accidentally targeted by a malware on 2nd January, when a worker updated the system to the latest version of the video playback program. Monju Nuclear Plant  is a sodium-cooled fast reactor, was launched in April 1994. It has not been operational for most of the past 20 years, after an accident in which a sodium leak caused a major fire. Employees over there are only left with a regular job of company's paperwork and maintenance. So the malware could have stolen only some sensitive documents, emails, training records and employees' data sheets. The Malware command-and-control server suspected to be from South Korea. The malware itself is not much sophisticated like Stuxnet  o...