The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Famous poker player 'Masaaki Kagawa' who won about $1.5 million in poker tournaments has been arrested by Japanese authorities for allegedly distributing Android malware. According to Symantec , He is just one of nine men arrested for distributing spam that included emails with links to Android malware ' Android.Enesoluty ', used to collect contact details stored on the owner's device. Security researchers discovered Android.Enesoluty first time in September 2012, it steals information and sends it to computers run by hackers. The operation began around September, 2012 and ended in April, 2013 when authorities raided the company office. Around 150 domains were registered to host the malicious apps and the group was able to collect approximately 37 million email addresses from around 810,000 Android devices. The company earned over 3.9 million US dollars by running a fake online dating service called Sakura site. " His passion for taking chances ...

A Group of Hackers, Four Russians and a Ukrainian allegedly broke computer networks of more than a dozen major American and international corporations and stole 160 million credit card numbers over the course of seven years, the largest data theft case ever prosecuted in the U.S.  They are accused of stealing usernames and passwords, personal identification information, and credit and debit card numbers. After stealing data, they sold it to resellers, who then sold it through online forums or to individuals and organizations. Since at least 2007, officials said the hackers have been infiltrating computer networks across the globe, including firms in New Jersey, where the first breach was detected. The group would then allegedly install " sniffers " within the networks to automatically obtain electronic data from tens of thousands of credit cards. The network allegedly charged $10 for American credit card information, $50 for European information and $15 for Ca...

Security Information & Event Management (SIEM) has evolved over the years to become one of the most trusted and reliable solutions for log management, security, and compliance. The demand for SIEM tools is constantly increasing within network and IT security teams. This is due particularly to the colossal surge of security breaches and cyber-attacks that impact corporations and cause financial loss and damaged reputations. When conducting research for an SIEM solution, it's important to be able to identify features that will enable effective detection, prevention, and response to security threats. Below, we'll discuss a number of critical topics to consider when selecting an SIEM solution. Log Correlation – The Heart of SIEM SIEM software works with the principle of log collection and correlation, therefore, it's important to ensure that log correlation happens effectively, in real time, and provides centralized visibility into potentially insecure and non-co...

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead , Director of Cybersecurity at Avidity Biosciences, brings a forward-thinking security perspective that reflects the innovation behind Avidity's targeted RNA therapeutics. Last but not least, Michael Francess , Director of Cybersecurity Advanced Threat at Wyndham Hotels and Resorts, leads the charge in protecting the franchise. Each brought a unique vantage point to a common challenge: applying Continuous Threat Exposure Management (CTEM) to complex production environments. Gartner made waves in 2023 with a bold prediction: organizations that prioritize CTEM will be three times less likely to be breached by 2026. But here's the kicker -...

Security expert Ebrahim Hegazy has found a Password disclosure vulnerability in Barracuda update servers which allows to gain access to employee credentials. The Egyptian information security advisor Ebrahim Hegazy( @Zigoo0 ) has found a Password disclosure vulnerability in one of Barracuda update servers which allows the attackers to gain access to all its employee data. When the system administrator needs to protect a directory with a second authentication layer (basic authentication ) besides the back-end authentication, he can do it with multiple methods, one of that methods is through the configuration of .htaccess and .htpasswd files. A proper configuration could prevent a visitor to surf reserved area (e.g /Cpanel or /admin), in this scenario a popup proposes to the user asking to enter authentication credentials, that credentials are saved inside .htpasswd file as: Username:Password In normal scenarios the .htpasswd file should be stored outside the we...

One of the most popular free calling App " Viber " for smartphones got hacked and defaced their one of the subdomain i.e https://support.viber.com/ by  Pro-Assad hacker group the   Syrian Electronic Army . According claimed to take backup of their partial database , as shown, " We weren't able to hack all Viber systems " hacker said. SEA hackers also suggested Viber (an instant-messaging and VoIP service) users to uninstall the application because company is spying and tracking each user, recording IP address of each user in database as shown above, " Warning: If you have "Viber" app installed we advise you to delete it " they tweeted . Earlier this year, Viber announced that it had over 200 million mobile users. Just today same hackers also managed to hacked into  Daily Dot News website and deleted an article against them and last weekend Millions of Phone Book records were stolen from Truecaller Database by SE...

Pro-Assad hacker group the Syrian Electronic Army claims to have breached the online news portal " Daily Dot " and deleted an article with a caricature of Syrian President Bashar al-Assad. SEA hackers gave an advance warning to Daily Dot editorial team via twitter , said " Dear @dailydot, please remove the attached picture in this article: https://www.dailydot.com/news/syrian-electronic-army-tango-me/ … or we will do something you will not like it. " But Daily Dot refused to comply, and hackers broke into the Gmail account of one of its staff, then into the site's administration panel and removed the article in question altogether, as challenged ! The attackers have published several pictures, including ones of emails sent out to Daily Dot staff about the Syrian Electronic Army's threat. Staff have been warned that the hackers use phishing emails to trick them into handing over their account credentials. " The stupid @dailydot administra...

A vulnerability in the latest firmware of the network-enabled Samsung TV models allows potential attackers to crash the vulnerable devices using Denial of Service ( DoS ) Attack, according to security researcher Malik Mesellem . According to Malik, The web server (DMCRUIS/0.1) installed on Smart TVs on port TCP/5600 can be crashed to reboot the device, if attacker will send a long HTTP GET request on TV's ip address. Malik successfully tested the exploit on his Samsung PS50C7700 plasma TV, as shown in the video demonstration below: In the Demo, The TV is connected by ethernet cable to a home network, and after running the exploit against TV's ip address - A few seconds later, the TV would restart and repeat the process. This means that a potential attacker only needs to obtain access to the LAN that the TV has joined, in order to attack it. This can be done either by breaking into a wireless access point or by infecting a computer on the same network with...

Spammers have now leveraged the popularity of Harry Potter's star Emma Watson in a Facebook scam that offering tape of popular Hollywood movie star Emma Watson with a malicious link, actually spreading the malicious links and Porn images on infected user's profiles. This isn't the first time Emma Watson has been used as the bait in a scam and it surely won't be the last. The worm hitting Facebook Profiles and Groups with post of malicious porn link and tagging others too in same  post. Spammers are abusing Google Translate and Short url services to keep their links unblocked by Facebook's automated malware scanner. Click that link will redirect user to a webpage asking for "Age Verification" , as shown below: Website will ask user to follow some step, before offering the video. In Step one asking them to Click a link, that will be used in Step two and three for generating an activation code. Once user will click "Activate", he wil...

SIM cards are among the most widely-deployed computing platforms with over 7 billion cards in active use. Cracking SIM cards has long been the Holy Grail of hackers because the tiny devices are located in phones and allow operators to identify and authenticate subscribers as they use networks. A German cryptographer Karsten Nohl, the founder of Security Research Labs claims to have found encryption and software flaws that could affect millions of SIM cards, and allows hackers to remotely gain control of and also clone certain mobile SIM cards. This is the first hack of its kind in a decade. Nohl will be presenting his findings at the Black Hat security conference this year. He and his team tested close to 1,000 SIM cards for vulnerabilities, exploited by simply sending a hidden SMS. According to him, Hackers could use compromised SIMs to commit financial crimes or engage in espionage. Once a hacker copies a SIM, it can be used to make calls and send text messages imper...

It's been over a day now since Apple 's online Dev Center went offline, and latest message can be seen in the screenshot, which explains that the current maintenance has took a lot longer than they expected. " We apologize that maintenance is taking longer than expected. If your program membership was set to expire during this period, it has been extended and your app will remain on the App Store. If you have any other concerns about your account, please contact us. Thank you for your patience. " message said. Since that time, developers have been unable to access the site and cannot visit the forums or download Mac or iOS SDKs, the iOS 7 beta, or the Mavericks beta. It was first seemed like Apple having some backend issues but according to tweets from many developers, they have received a message from Apple that an attempt was made to reset their user ID's password . Such notices pointing that Apple's Developer Center website may have been compromised. But if it is a sec...

Ubuntuforums.org , The popular Ubuntu Forums site, has posted a message on its index page, informing its near 2 million users that it has suffered a serious security breach. " There has been a security breach on the Ubuntu Forums, " reads the page. The site was defaced by hacker with Twitter handle " Sputn1k_ " and Unfortunately the attacker have gotten every user's local username, encrypted password, and email address from the Ubuntu Forums database. " The Canonical IS team is working hard as we speak to restore normal operations ." page said. Canonical advises users who have used their same forum password on other sites to change it immediately. " Ubuntu One, Launchpad and other Ubuntu/Canonical services are not affected by the breach, " company stated.

Last week we explained a critical vulnerability in Facebook that discloses the primary email address of facebook user. Later the bug was patched by Facebook Security Team. Today another similar interesting Facebook hack disclosed by another bug hunter, Roy Castillo. On his blog he explained a new facebook hack method that allows anyone to grab primary emails addresses of billions of Facebook users easily. Facebook Provides a App Dashboard for creating and managing your Facebook apps, with a range of tools to help you configure, build and debug your Facebook apps. The flaw exists in App settings, where application admin can add developer's profile also, but if the user is not a verified user, a error messages on page will disclose his primary email address. Using following mentioned steps, one was able to grab email addresses of all facebook users: Collect profile links of all facebook users from Facebook People Directory i.e https://www.facebook.com/directo...