The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Hackers broke into Adobe Systems' internal network on Thursday, stealing personal information on 2.9 million customers and the source code for several of Adobe's most popular products. This an absolutely massive blow to Adobe, especially their reputation. Adobe, which makes Photoshop and other programs, revealed that cyber attackers had access user information, including account IDs and encrypted passwords as well as credit and debit card numbers. The company did not specify which users of its various software programs were hit. But Products compromised in this attack include Adobe Acrobat, ColdFusion , and ColdFusion Builder. " We believe these attacks may be related. We are working diligently internally, as well as with external partners and law enforcement, to address the incident. " the company said in a customer security alert . Adobe's Arkin says the company is not aware of zero-day exploits or other specific threats to its customers due to the...

The world of mobile search is about to get a bit more anonymous. Thanks to the fears over government surveillance and corporate tracking, Anonymous Search Engine DuckDuckGo continues to break its own search records. DuckDuckGo Search & Stories - Android app deliver the same functionality as traditional services such as Google but with the added promise that your IP address and identity will not be recorded.  In June, Anonymous search engine  DuckDuckGo  had launched its app for  iOS  and Android and during recent update, DuckDuckGo's application for Android also integrated the Tor support. " Privacy is perhaps more important on mobile than on the web, and we haven't had many private alternatives ," DuckDuckGo founder Gabriel Weinberg said. To enable Tor with DuckDuckGo android app, user need to Check " Enable Tor " from setting. It will prompt the user to install about application to anonymize the Mobile data c...

Offering cash rewards for vulnerability reports has become something of a norm when it comes to big tech companies these days.  Yahoo has changed its bug bounty policies following a deluge of negative feedback in the wake of the news that ethical hackers were rewarded with $12.50 in gift vouchers for security flaw discoveries. The company unveiled a new program to reward reporters who shed light on bugs and vulnerabilities classified as new, unique and/or high risk issues. Starting October 31, 2013, individuals and firms who report bugs will be rewarded with anything between $150-$15,000. " The amount will be determined by a clear system based on a set of defined elements that capture the severity of the issue ," Director of security, Ramses Martinez, announced . Yahoo denied that its new program was a response to the criticism, saying it was already working on a new bug bounty system before the furore. Martinez begins by labelling himself as the ...

Nation-state driven cyber attacks are routinely conducted on a global scale to defend national sovereignty and project national power. We are living in the cyber era, human conflict is involving also the fifth domain of warfare , the cyberspace . As never before disputes take place with blows of bits, militias of every government are developing cyber capabilities dedicating great effort for the establishment of cyber units . Network security company, FireEye, has released a report titled " World War C: Understanding Nation-State Motives Behind Today's Advanced Cyber Attacks " which describes the effort spent by governments in cyber warfare context, the document analyzes in detail the different approaches adopted by various countries in conducting nation-state driven cyber attacks . Security experts highlight the intensification of state-sponsored attacks for both cyber espionage and sabotage purpose, campaigns such as Moonlight Maze and Titan Rain or the destruc...

During the summer, The Secure email provider 'Lavabit' and preferred service for PRISM leaker  Edward Snowden  decided to shut down after 10 years to avoid being complicit in crimes against the American people. The U.S. Government obtained a secret court order demanding private SSL key from Lavabit, which would have allowed the FBI to wiretap the service's users, according to Wired . Ladar Levison, 32, has spent ten years building encrypted email service Lavabit , attracting over 410,000 users. When NSA whistleblower Edward Snowden was revealed to be one of those users in July, Ladar received the court orders to comply, intended to trace the Internet IP address of a particular Lavabit user, but he refused to do so. The offenses under investigation are listed as violations of the Espionage Act and Founder was ordered to record and provide the connection information on one of its users every time that user logged in to check his e-mail. The Governm...

The FBI had seized a website called ' Silk Road ', that was considered one of the most popular Underground places on the Internet for buying drugs and other illicit goods and services. They arrested the site's alleged founder,  Ross William Ulbricht, known as " Dread Pirate Roberts ," in San Francisco, who reportedly had  26,000 Bitcoins worth $3.6 million. The FBI used information from Comcast in the investigation and collaborated with US Customs and Border Patrol, the Internal Revenue Service, the Drug Enforcement Administration, and the Department of Homeland Security. Ross Ulbricht Ross William Ulbricht, a 29-year-old graduate of the University of Pennsylvania School of Materials Science and Engineering  charged with one count each of narcotics trafficking conspiracy, computer hacking conspiracy and money laundering conspiracy, according to the filing. ' Silk Road '  website, which had operated since early 2011, also offered tut...

IT Security is the name of the game and no matter how big or small the size of your organization, you will always invest enough on securing certain aspects of your IT network. In many organizations, it starts with monitoring your network for vulnerabilities that may enter the network to access potentially sensitive information in the form of security attacks . For example, you may have firewalls as your first line of defense, followed by vulnerability management, intrusion detection and prevention systems, managing your network configurations and so on.  These are crucial because: Your routers can be easily breached without proper configuration and restrictions.  If a firewall isn't configured correctly, a hacker can easily spot a port that is accidentally left open and can gain access to the network.  Rogue access points, botnet malware and social engineering can make your wireless a porthole into your LAN. Why Logs? The very purpose of IT secu...

Today more and more companies are looking for external security researchers to help identify vulnerabilities and weaknesses in their applications through Bug Bounty Programs. While companies like Facebook and Google are paying out hundreds of dollars to researchers for reporting security vulnerabilities, But according to Yahoo! Your email's security worth only $12.50 ! Yahoo is not having very good run in the reputation department when it comes to user security. Researchers at High-Tech Bridge found a few bugs, and were not exactly impressed with Yahoo's reward. They pointed out cross-site scripting (XSS) flaws affecting two Yahoo domains and in return they received $12.50 bounties for each vulnerability they found. This amount was given as a discount code that can only be used in the Yahoo Company Store, which sells Yahoo's corporate T-shirts, cups, pens and other accessories. This isn't exactly a great reward for spending time reporting security ...

The very first question we always try to figure before choosing a trusted VPN service - Can't a VPN provider just look at my traffic all they want and see what I'm doing? Well, a reputated  VPN provider today answers the Question and admitted that they sniffed the traffic on one of its United States-based servers in order to catch an alleged hacker. Proxy.sh , a quality VPN service with no-logging policy, made a surprise announcement : " We are unfortunate to announce that there have been abuses complaints about hacking activities on our U.S. Illinois 1 node. We have been saddened to learn that these actions were harmful to individuals (human beings). As a result, we will open this node again and monitor it with Wireshark for a period of 7 days. Torrentfreak  noticed that there was no mention of any legal process, court order, police action or other similar outside influence compelling Proxy. sh to do so. The monitoring was triggered after Proxy....

In a series of high profile hacks, ' Syrian Electronic Army (SEA) ' just a few minutes before took control twitter account and website of ' GlobalPost ', a US based news agency. 'Syrian Electronic Army is an organized hacking group loyal to the Syrian President Bashar al-Assad and known for their high profile cyber attacks. The hacker posted two tweets from the victim's account, saying " Think twice before you publish untrusted information about Syrian Electronic Army " and " This time we hacked your website and your Twitter account, the next time you will start searching for new job :) " (as shown in the screenshot). GlobalPost's Deputy Social Media and News Desk Editor 'Kyle Kim' also tweeted that " We've been hacked ". At this point it is unclear that How group managed to access the website and twitter account. We are connecting to the hackers for further information, stay tuned to the page f...

Here we go again! Earlier this week, Apple released iOS 7.0.2 just to fix some Lockscreen bugs in iOS 7 and but a researcher has found a new Lockscreen bug in new iOS 7.0.2. This new Lockscreen bug is found by Dany Lisiansky , and he uploaded a proof of concept video on YouTube with the complete step by step guide. Unlike the previous bugs it will not expose your Email, Photos, Facebook and Twitter but allows attackers to access your phone call history, voicemails and entire list of contacts. A step by step guide released by iDownloadblog : Make a phone call (with Siri / Voice Control) Click the FaceTime button When the FaceTime App appears, click the Sleep button Unlock the iPhone Answer and End the FaceTime call at the other end Wait a few seconds Done. You are now in the phone app Video demonstration  It would be easy for someone who knows you or your love partner or your business partner to obtain your phone and call themselve...

The Wall Street Journal reported that Iranian hackers have successfully penetrated unclassified US Navy computers , the allegations were made by US officials that consider the attacks a serious intrusion within the Government network. " The U.S. Officials said the attacks were carried out by hackers working for Iran's government or by a group acting with the approval of Iranian leaders. The most recent incident came in the week starting Sept. 15, before a security upgrade, the officials said. Iranian officials didn't respond to requests to comment." US officials revealed that a group of Iranian state-sponsored hackers have repeatedly violated US Navy computer systems for cyber espionage purpose, despite no sensitive information has been leaked the event is considered very concerning. US Intelligence fears that such attacks could expose confidential information like the blueprints of a new cyber weapon. US officials added that Congress has been bri...