The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Due to the worldwide promotion of Mirai botnet that knocked down half of the Internet last Friday, hackers and even script kiddies have started creating their own botnet networks by hacking millions of IoT devices and selling them as DDoS-for-hire service to overwhelm targets with data. A 19-year-old student from Hertford has pled guilty to running one such DDoS-for-hire service that shortly became one of the most popular DDoS booter tools in the market to conduct distributed denial of service (DDoS) attacks. Dubbed Titanium Stresser , the tool was used to conduct coordinated DDoS attacks around the world and brought Adam Mudd an income of more than US$385,000 (£315,000 A$505,000), according to the Eastern Region Special Operations Unit (ERSOU). On 28 October at the Old Bailey, Mudd pleaded guilty to two counts of the Computer Misuse Act and one count of money laundering offense and will be sentenced in December. Mudd, who was arrested at his home in 2015, admitted to comm...

Hey Webmasters, are you using Memcached to boost the performance of your website? Beware! It might be vulnerable to remote hackers. Three critical Remote Code Execution vulnerabilities have been reported in Memcached by security researcher Aleksandar Nikolich at Cisco Talos Group that expose major websites, including Facebook, Twitter, YouTube, Reddit, to hackers. Memcached is a fabulous piece of open-source distributed caching system that allows objects to be stored in memory. It has been designed to speed up dynamic web applications by reducing stress on the database that helps administrators to increase performance and scale web applications. Memcached is widely used by thousands upon thousands of websites, including popular social networking sites such as Facebook, Flickr, Twitter, Reddit, YouTube, Github, and many more. Nikolich says that he discovered multiple integer overflow bugs in Memcached that could be exploited to remotely run arbitrary code on the targeted s...

Google's Threat Analysis Group publically disclosed on Monday a critical zero-day vulnerability in most versions of Windows just 10 days after privately disclosed both zero days to Microsoft and Adobe. While Adobe rushed an emergency patch for its Flash Player software on October 26, Microsoft had yet to release a fix. Microsoft criticized Google's move, saying that the public disclosure of the vulnerability — which is being exploited in the wild — before the company had time to prepare a fix, puts Windows users at "potential risk." The result? Windows Vista through current versions of Windows 10 is still vulnerable , and now everybody knows about the critical vulnerability. Now, Microsoft said that the company would be releasing a patch for the zero-day flaw on 8th November, as part of its regular round of monthly security updates. Russian Hackers are actively exploiting critical Windows kernel bug Microsoft acknowledged the vulnerability in a blog ...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

With rapidly growing web-based services and widely expanding locations, organizations are using more and more SSL certificates as well as SSH keys than ever. From authentication, confidentiality, and integrity to preventing the organization from industrial espionage, SSL certificates play an important role. Managing SSL certificates across networks to ensure protection and prevent unanticipated failures is critical, and it also becomes complicated with multiple locations, divisions as well as the fastest growing use of external cloud-based services. This not only complicates the process of managing individual SSL certificate and SSH key for an administrator but also costs organizations heavily. A key solution for this issue is to use an advanced and efficient SSL certificate and SSH Key management system. An effective solution enables an organization to know what kinds of certificates and keys it has, simplifies certificate discovery and monitor across multiple vendors, an...

Can you believe that it's been 6 years since we first launched The Hacker News? Yes, The Hacker News is celebrating its sixth anniversary today on 1st November. We started this site on this same day back in 2010 with the purpose of providing a dedicated platform to deliver latest infosec news and threat updates for Hackers, Security researchers, technologists, and nerds. Times flies when you are having fun! The Hacker News has become one of the World's popular and trusted Hacking News channel that went from ~100,000 readers to more than 10 million monthly readers — all because of THN readers high enthusiasm. In this short span of time, The Hacker News has achieved a series of milestone: The Hacker News Facebook page is going to hit 1.5 Million Followers, More than 1.6 Million followers on Google Plus+ , Over 200,000 Email Subscribers , And around 307,000 Twitter Followers. What's more? The Twitter Account of The Hacker News became officially verified (...

The whole world is still dealing with the Mirai IoT Botnet that caused vast internet outage last Friday by launching massive distributed denial of service (DDoS) attacks against the DNS provider Dyn, and researchers have found another nasty IoT botnet. Security researchers at MalwareMustDie have discovered a new malware family designed to turn Linux-based insecure Internet of Things (IoT) devices into a botnet to carry out massive DDoS attacks. Dubbed Linux/IRCTelnet , the nasty malware is written in C++ and, just like Mirai malware , relies on default hard-coded passwords in an effort to infect vulnerable Linux-based IoT devices. The IRCTelnet malware works by brute-forcing a device's Telnet ports, infecting the device's operating system, and then adding it to a botnet network which is controlled through IRC (Internet Relay Chat) – an application layer protocol that enables communication in the form of text. So, every infected bot (IoT device) connects to a mali...

Google has once again publicly disclosed a zero-day vulnerability in current versions of Windows operating system before Microsoft has a patch ready. Yes, the critical zero-day is unpatched and is being used by attackers in the wild. Google made the public disclosure of the vulnerability just 10 days after privately reporting the issue to Microsoft, giving the chocolate factory little time to patch issues and deploy a fix. According to a blog post by Google's Threat Analysis Group, the reason behind going public is that it has seen exploits for the vulnerability in the wild and according to its internal policy , companies should patch or publicly report such bugs after seven days. Windows Zero-Day is Actively being Exploited in the Wild The zero-day is a local privilege escalation vulnerability that exists in the Windows operating system kernel. If exploited, the flaw can be used to escape the sandbox protection and execute malicious code on the compromised system. ...

The hacker group calling itself the Shadow Brokers, who previously claimed to have leaked a portion of the NSA's hacking tools and exploits, is back with a Bang! The Shadow Brokers published more files today, and this time the group dumped a list of foreign servers allegedly compromised by the NSA-linked hacking unit, Equation Group, in various countries to expand its espionage operations. Top 3 Targeted Countries — China, Japan, and Korea The data dump  [ Download / File Password: payus ] that experts believe contains 306 domain names, and 352 IP addresses belong to at least 49 countries. As many as 32 domains of the total were run by educational institutes in China and Taiwan. A few target domains were based in Russia, and at least nine domains include .gov websites. The top 10 targeted countries include China, Japan, Korea, Spain, Germany, India, Taiwan, Mexico, Italy, and Russia. The latest dump has been signed by the same key as the first Shadow Brokers' dum...

Get ready for faster Internet because the WiFi you know today is about to change and get much, much faster. The WiFi Alliance, a self-described "worldwide network of companies that brings you Wi-Fi," has finally certified " WiGig ," an ultra-fast, short-range wireless network technology that will nearly double Wi-Fi's current top speed. As many as 180 Million devices, including routers, smartphones, laptops, tablets, and other devices, arriving by the end of next year will support WiGig or multi-gigabit Wi-Fi 802.11ad on the 60 gigahertz band, the Alliance announced . This certification program aims to encourage the production of devices and hardware that not only operate in the "less congested" 60 GHz spectrum but can also fall back to the regular Wi-Fi – 2.4 or 5 gigahertz bands – for maximum interoperability. "Wi-Fi has delighted users for more than 15 years, and WiGig now gives users even higher performance in a rich variety of appl...

Just last month, researchers explained how an attacker can knock the 911 service offline in an entire state by launching automated Distributed Denial of Service (DDoS) attacks using a botnet of just 6000 smartphones. But, doing so, in reality, could not only land public in danger but the attacker as well. The same happened to an 18-year-old teen from Arizona, who was arrested this week following a severe disruption of 911 emergency systems caused due to one of his iOS exploits. Meetkumar Hiteshbhai Desai discovered an iOS vulnerability that could be exploited to manipulate devices, including trigger pop-ups, open email, and abuse phone features, according to a press release from the Cyber Crimes Unit of Maricopa County Sheriff's Office. In order to prove the flaw, Desai allegedly created several exploits and posted a link to one of his JavaScript exploits on his Twitter account and other websites. People accessing the exploit link from their iPhones and iPads were ...