The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Ransomware is a type of malware that attempts to extort money from a computer user by infecting and taking control of the victim's machine, or the files or documents stored on it. This kind of malware has typically been the domain of Windows users, but has made its way to OS X. A new piece of FBI themed Ransomware Malware is targeting Mac OS X and hijacking the user's browser with a notice demanding payment of $300 in order to release control of the application and accusing them of illegally accessing pornography. The address bar shows a URL clearly trying to fool users - fbi.gov.id657546456-3999456674.k8381.com  and the warnings appearing to be from the FBI tell the victim: " you have been viewing or distributing prohibited Pornographic content.. To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $300. " According to Malwarebytes , ransomware page is being pushed onto unsuspecting users browsing r...

There's a scam spreading through Twitter Direct messages (DMs) and fake emails, appealing users to visit a fake twitter phishing site i.e " twittler.com ". Scam uses a hijacked Twitter account to send out direct messages that appear completely legitimate. Security blogger, Janne Ahlberg blogged about this new phishing scam, " This is a nasty trick especially when the sender is someone you know and trust. If you receive a suspicious DM or email from a person you know and trust, just warn him/her – the account is most likely hijacked and controlled by the attackers. " The webpage resembles a Twitter login page and is trying to obtain your Twitter login credentials with a domain name looks very similar to original Twitter.com , with two extra word "LL" in it.   To play it safe, double-check your browser address bar to make sure that's where you are on orginal website  twitter.com before logging in. If you enter your Twitter usern...

Edward Snowden has helped to make the world a little bit better and safer. A Swedish professor of sociology has nominated NSA whistleblower Edward Snowden for the 2014 Nobel Peace Prize. In his letter addressed to the Norwegian Nobel Committee, sociology professor Stefan Svallfors recommended the Snowden be a candidate, for his " heroic effort at a great personal cost " shedding light on the expansive cyber-spying conducted by the NSA . A nomination for Snowden would be symbolic because it shows ' that individuals can stand up for fundamental rights and freedoms .' he said. But it may be too late for Snowden to receive the award this year, so he will not be eligible for this year's prize, which will be awarded in December, but could be considered for 2014. The head of the International Committee of the Russian State Duma Aleksey Pushkov tweeted, " Not in a million years will the United States allow Snowden to get the Peace Prize. But h...

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead , Director of Cybersecurity at Avidity Biosciences, brings a forward-thinking security perspective that reflects the innovation behind Avidity's targeted RNA therapeutics. Last but not least, Michael Francess , Director of Cybersecurity Advanced Threat at Wyndham Hotels and Resorts, leads the charge in protecting the franchise. Each brought a unique vantage point to a common challenge: applying Continuous Threat Exposure Management (CTEM) to complex production environments. Gartner made waves in 2023 with a bold prediction: organizations that prioritize CTEM will be three times less likely to be breached by 2026. But here's the kicker -...

You've got to ask yourself one question. How much hassle does patching cause you? Is the second Tuesday of each month something you dread, or is it just another day for you? If you spend days and days testing and deploying patches; if you stay up until the wee hours of the morning one weekend each month; if you have a current profile on every single server in your environment; then patching is likely to be a heavy burden. But there is another way. Patching is not something that should be a major pain each month. It should be a simple and straightforward administrative task. Admins who patch by hand or are worried about some patch crashing critical systems each month should consider automated patch management. This strategy will boost efficiency and give you back your weekends, and ensure that your systems can be patched quickly, efficiently and safely. Automated patch management helps IT admins patch their servers and workstations in the most efficient way possible, by removi...

Edward Snowden has enough information to cause more damage to the US government in a minute alone than anyone else has ever had in the history of the United States, but he has insisted that they not be made public, including  the blueprints of NSA surveillance program . Glenn Greenwald, the Guardian journalist, who was the first to report on classified documents leaked by Edward Snowden, says the former National Security Agency contractor has what amounts to an " instruction manual for how the NSA is built. " The documents " would allow somebody who read them to know exactly how the NSA does what it does, which would in turn allow them to evade that surveillance or replicate it ," Greenwald said.  " In order to take documents with him that proved that what he was saying was true he had to take ones that included very sensitive, detailed blueprints of how the NSA does what they do. " Greenwald said that Snowden is planning more stories on domestic sp...

A group of  hackers from security firm iSEC found a way to tap right into verizon wireless cell phones using a signal-boosting devices made by Samsung for Verizon and cost about $250. They hack Verizon's signal-boosting devices, known as femtocells or network extenders, which anyone can buy online, and turned it into a cell phone tower small enough to fit inside a backpack capable of capturing and intercepting all calls, text messages and data sent by mobile devices within range. " This is not about how the NSA would attack ordinary people. This is about how ordinary people would attack ordinary people, " said Tom Ritter, a senior consultant, iSEC. They declined to disclose how they had modified the software on the device and but they plan to give more elaborate demonstrations in various hacking conferences this year. Verizon Wireless already released a Linux software update in March to fix the flaw that prevents its network extenders...

Security expert Dan Melamed discovered a critical vulnerability in Facebook platform that allow an attacker to take complete control over any account. The vulnerability is considered critical because it would allow a hacker to hack potentially any Facebook account. Dan Melamed presented the discovery on his blog . Dan demonstrated that how a hacker can reset the victim's account password just by tricking him to visit a malicious exploit code. The flaw affects the Facebook " claim email address " component. When an user tries to add an email address already registered to Facebook platform, he has the option to " claim it ". The loophole exists here, when user claim an email address, Facebook did not check from whom the request came from. This allows an email to be claimed on any Facebook account. The exploit is possible provided that: An existing account having the email address that the attacker wants to claim. Another existing account to initiate the claim p...

" Ransomware " may be a term you haven't heard before. This type of criminal malware, which spread around the world on PCs in 2012, encrypts some or all the files on a computer and holds them for ransom and  Cyber thieves have already made millions through such methods. Ransomware is no longer all about computers. It has evolved to now target mobile devices, specifically Androids platform. For a hacker, a pop up message is just one more way to steal money by sending fake alerts and serious warnings that scare a user into making a payment. For example, in the case of PCs, we have encountered malware that encrypts crucial data on a user's hard disk, asking the victim to pay a sum to the attacker in order to recover his/her data. Last year in November at many Hacking Conferences, Security Researcher Mohit Kumar ( @Unix_Root ) already demonstrated one the most sophisticated android malware called " Android Malware Engine ", one of its kind yet ...

According to a secret agreement it signed in 2001 with the FBI and US Department of Justice - Telstra, Australia's largest phone company is storing huge volumes of electronic communications it carried between Asia and the US for potential surveillance by US intelligence agencies. The contract was prompted by Telstra's undersea telecommunications joint venture called Reach . Undersea cabling " physically located in the United States, from which Electronic Surveillance can be conducted pursuant to Lawful US Process. " The document also specifies the facility should be run exclusively by US staff.  The document was signed by Douglas Gration, a barrister who was then Telstra's company secretary and official liaison for law enforcement and national security agencies. The venture also guaranteed it would be able to provide U.S. authorities with copies of stored data, call logs, subscriber information, and billing data, according to the document. Those were to be sto...

Whistleblower Edward Snowden made a public appearance yesterday at a Moscow airport, beside a staff member of the Wikileaks organization, met with representatives of a half-dozen or so human rights groups. Snowden has not been seen in public and was stuck in the transit area of Moscow's Sheremetyevo Airport since arriving there on June 23 from Hong Kong . A 30 second video posted on youtube, which did not name the source for this clip. Notable because no press were permitted inside, and no video was allowed. Snowden said that he wants asylum in Russia before moving on to Latin America and assailing U.S. surveillance programs as illegal and immoral, but Immigration officials in Russia say they've not received any application from Edward Snowden . As Snowden explained it Friday, he disputes the notion that his actions are doing damage to the United States. As a result, Putin's condition doesn't apply. Snowden said that he has received offers of asylum...

In 2010 the Indian authorities threatened to shut down BlackBerry's infrastructure unless it agreed to comply with lawful access requirements providing the government a way to intercept messages in order to prevent terrorist attacks. The long time dispute between the Indian government and BlackBerry over monitoring, tracking and interception is now resolved. Blackberry is ready to provide the Indian authorities with a way to lawful intercept consumers' messages sent and received on its platform including mails and peripherals, chats and browsing history on BlackBerry devices. But BlackBerry Enterprise Server has been left out of the interception solution which means corporate emails won't be under scrutiny. According to an internal document of the Department of Telecommunications (DoT), nine out of 10 telecom networks offering Blackberry services were in the process of making it possible for authorities to carry out intercepts. Blackberry train 5 ...

A Clickjacking vulnerability existed on LinkedIn that allowed an attacker to trick users for sharing and posting links on behalf of victim. Narendra Bhati(R00t Sh3ll), Security Analyst at Cyber Octet informed us about LinkedIn Bug.  Clickjacking , also referred as "User Interface redress attack" is one type of website hacking technique where an attack tricks a web user into clicking a button, a link or a picture, etc. that the web user did not intend to click, typically by overlaying the web page with an iframe. Flaw allows attacker to open LinkedIn page  https://www.linkedin.com/shareArticle? , used to share links and articles summary, in a hidden iframe. Proof of Concept:  1.) Semi Transparent Iframe Layers : 2.) Fully activated page with zero Transparency ifarme: Video Demonstration: Many countermeasures have been described that help web users protect against clickjacking attacks. X-FRAME-OPTIONS is a browser-based defense method. In order to bring...