The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Nation's second largest Health insurer company, Anthem , alerted its customers on Wednesday that hackers had stolen the personal information of over 80 Millions of its customers, making it the largest data breach and double the number of payment cards affected by Target data breach occurred in 2013. The stolen personal information includes residential addresses, birthdays, medical identification numbers, Social Security Numbers, email addresses and some income data belonging to both current and former customers and employees, including its own chief executive. 80 Million is a vast number — it's roughly the populations of California, Texas and Illinois when combined together. So far, there is no evidence whether financial or medical information of the company's customers was compromised, according to a statement given by Anthem's vice president, Kristin Binns. The health giant, based in Indianapolis, has hired cybersecurity firm FireEye's Mandiant division to wo...

Cybercriminals are known to take advantage of everything that captures public attention in order to spread malware, and the recently launched web client of the most popular WhatsApp messaging application seems to be their next target. Last month, the messaging giant WhatsApp, with 700 million users worldwide, finally launched its web client to the public. The feature is called " WhatsApp Web ," which gives its users the ability to read and send messages directly from their web browsers. FAKE WHATSAPP WEB SPREADING BANKING TROJANS However, malicious hackers have taken the advantage of the latest WhatsApp Web and have started fooling users all over the world with fake downloads masquerading as a desktop variant of the WhatsApp mobile application. Security researchers at Kaspersky Labs have spotted a seemingly genuine WhatsApp Web for Windows in spam campaign available for fake download that actually spreads financial malware Trojans to the systems worldwide. ...

Werner Koch , the man who authored the free email encryption software , is running out of funding to continue the development of his crucial open-source GNU Privacy Guard (GnuPG) encryption tools.The code works on plenty of operating systems from Linux and FreeBSD to Windows and OS X. The popular Gnu Privacy Guard (GnuPG or GPG) email encryption software is the same used by the former United States National Security Agency (NSA) contractor and whistleblower Edward Snowden to keep his communication secure from law enforcement authorities. GPG uses the OpenPGP standard to safeguard the communications of millions of people, including journalists, dissidents and security-minded people, around the world from eavesdroppers and other miscreants. GPG EMAIL ENCRYPTION RELIES ON THIS GUY ONLY Werner Koch has been maintaining and improving the code of his own secure email software since its initial development in 1997, and since then he has worked at very low wages, but is now...

A critical zero-day vulnerability has been discovered in a popular WordPress plugin , called ' FancyBox for WordPress ', which is being used by hundreds of thousands of websites running on the most popular Blogging Platform Wordpress. 0-DAY FLAW EXPLOITED IN THE WILD The security researchers at network security firm Sucuri issued a warning Wednesday about the zero-day vulnerability that is being " actively exploited in the wild " by malicious hackers in order to infect as many as victims. While there are more than 70 million websites on the Internet currently running WordPress  content management system, over half a million websites use ' FancyBox for WordPress ' Plugin, making it one of the popular plugins of Wordpress for displaying images, HTML content and multimedia in a so-called " lightbox " that floats on top of Web pages.. HACKERS INJECT MALWARE INTO WEBSITES The vulnerability allows attackers to inject a malicious iframe...

A malware campaign has been found targeting iOS devices linked to a wide range of entities, including European defense organizations, governments, and media sectors with dangerous espionage spyware capable of breaching non-jailbroken devices, a recent report claims. The spyware campaign, dubbed " Operation Pawn Storm " by security experts, was first detected on Windows computers late last year, but has now made its way to iOS devices , a report by security researchers at TrendLabs noted. The researchers linked the campaign to the Russian government. XAGENT SPYWARE APP One of the two spywares used in the campaign is actually an application, the firm dubbed the app XAgent, that attempts to install and run on iOS devices. " The XAgent app is fully functional malware ," the researchers noted . " The exact methods of installing these malware is unknown; however, we do know that the iOS device doesn't have to be jailbroken ... We have seen one in...

The NSA and GCHQ have tracked and monitored the activities of independent and nation-state hackers, along with some of the foremost security researchers in order to gather information on targets and pilfer the stolen data from hackers' archives, top secret Snowden documents reveal. State-sponsored, individual Blackhat hackers and hacking groups target some or other organizations on an ongoing basis. So, by monitoring the work of 'freelance' and rival state hackers, the NSA and its allies get the stolen information, such as email accounts or chats owned by target of their interest, without doing much of hard work. HACKERS STOLE FROM TARGETS & AGENCIES STOLE FROM HACKERS According to the latest revealed documents provided by whistleblower Edward Snowden , the hacks and sophisticated breaches on the targets were carried out by the state-sponsored and freelance hackers, but the stolen data, referred to as 'take', was then pilfered by the agencies for...

A jury has found Silk Road founder Ross Ulbricht  a.k.a Dread Pirate Roberts  guilty on all seven counts and faces Life In Prison for running an underground black market i.e.  Silk Road . Ross Ulbricht, a San Francisco 30-year-old web developer was arrested by FBI in a sting operation in October 2013 accusing him of being the criminal mastermind running Silk Road, where hundreds of millions of dollars in illegal goods were traded. Ross Ulbricht had claimed that he had built Silk Road, but he was not the site's notorious ringleader " Dread Pirate Roberts. " The trial went on for just over three weeks and today the jury of six men and six women charged Ross Ulbricht with seven counts including money laundering, drug trafficking and computer hacking among other things. " The supposed anonymity of the dark web is not a protective shield from arrest and prosecution ," according to Manhattan U.S. Attorney Preet Bharara in a statement af...

After almost two months of untimely and unexpected outage, The Pirate Bay (TPB) finally came back this weekend. But the re-launch of the infamous torrent-indexing website raised a question among those suspicious about this new setup — Is it really The Pirate Bay? A few days back we reported that The Pirate Bay – a widely popular file-sharing website predominantly used to share copyrighted material free of charge – had made its return to the Internet once again after suffering two months of outage following a police raid in Sweden late last year. Many users, including I, thought the site left dead as last took down was the longest outage the torrenting site has ever experienced. But history repeats and The Pirate Bay made its way a day before it claimed. Pirate lovers around the world rejoiced while others noticed something very suspicious. IS THE FBI RUNNING THE PIRATE BAY ? The truth behind The Pirate Bay , like who was driving the re-emergence of the site or who w...

A serious vulnerability has been discovered in all the latest versions of Microsoft's Internet Explorer that allows malicious hackers to inject malicious code into users' websites and steal cookies, session and login credentials. UNIVERSAL XSS BUG WITH SAME ORIGIN POLICY BYPASS The vulnerability is known as a Universal Cross Site Scripting (XSS) flaw. It allows attackers to bypass the Same-Origin Policy, a fundamental browser security mechanism, in order to launch highly credible phishing attacks or hijack users' accounts on any website. The Same Origin Policy is one of the guiding principles that seek to protect users' browsing experience. SOP actually prevents one site from accessing or modifying the browser properties, such as cookies, location, response etc, by any other site, ensuring that no third-party can inject code without the authorization of the owner of the website. DEMONSTRATION Recently, a proof-of-concept exploit published by a group, known as Deusen, sho...

With the rise in mobile market, last year we have seen sharp growth in malicious ' adware ' — the most prevalent mobile threat in the world. And now, security researchers have once again found Google Play Store offering malicious apps that are infecting millions of Android users with adware . It's not at all surprising that the Android operating system is surrounded by a number of unwanted intrusions that may gain users' attention to fall victim for one, but this issue might be even worse than we thought. WHAT IS ADWARE ? For those not familiar with adware, adware is a software that automatically displays or downloads advertising material like banners or pop-ups when a user is online. Doesn't sound dangerous, Right? But adware could result in a serious threat to users. Android Adware can pose a major threat to users' privacy, since some ad networks gather personal information like phone number, email address, and many more. Depending on where the ad netwo...

The popular DSL wireless router model from D-Link are allegedly vulnerable to a software bug that could allow remote hackers to modify the DNS (Domain Name System) settings on affected routers and to hijack users' traffic. The main goal of DNS hijacking is to secretly redirect user's traffic from a legitimate websites to a malicious one controlled by hackers. The vulnerability might also affects other devices because it is located in the same, widely-used wireless router firmware used by different manufacturers. Bulgarian security researcher Todor Donev discovered the flaw which exists in a widely deployed ZynOS firmware from ZyXEL Communications Corporation, that is used in network hardware from TP-Link Technologies, ZTE and D-Link. According to the security researcher, D-Link's popular DSL2740R wireless router and a number of other D-Link routers, particularly the DLS-320B, are vulnerable. Late last year, similar router vulnerability was discovered in the ...