The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

If you spend more than a few hours a month doing patching; if you stay up until the middle of the night one Saturday each month doing patching; if you just flip on automatic updates and hope for the best; or if you email your users instructions on how to update their machines – then you're doing it wrong. Patching shouldn't be something that takes multiple days, nor is it something that should ruin one weekend a month. But it is critical and needs to be done right. If you think you're spending way too much time on patching, and have actually considered skipping a month because things didn't sound "that bad," then here's a post just for you. In it, we'll look at seven tips to save you time (and money) taking care of patch management. 1. Have a plan: First of all, you have to have a plan. Management has to support it, and you need to make sure it covers all the systems on your network. You don't want to patch at random, or try to remember every system that you have. Create a plan that...

After Snapchat hack, this can be another worst data breach of the new year. A Pakistani hacker ' H4x0r HuSsY ' has successfully compromised the official Forum of ' openSUSE ', a Linux distro developed, sponsored & supported by SUSE. The hacker managed to deface the Forum and uploaded its custom message page as shown and account information of 79,500 registered users' may have been compromised. (The forum was defaced at the time of writing - Check Here ) The popular website MacRumors's Forum was compromised  in last November using an alleged zero day exploit, which is based on  vBulletin , a famous forum software. The openSUSE Forum is also based upon  vBulletin . Another interesting fact is that openSUSE is still using vBulletin 4.2.1 , which is vulnerable to  inject rogue administrator accounts flaw. Whereas,  the latest patched  vBulletin 5.0.5 is available. Possibly, Hacker exploits same or another known vBulletin version 4.2.1 vuln...

United Arab Emirates (UAE) may terminate a $930 Million USD contract with France based companies for the supply of two two military Imaging satellites  due to the discovery of several US produced components in them. Now the deal is in danger because the UAE claims it has discovered backdoors in the  components  which are manufactured in the United States , reported by the Defense News . The contract, sealed in July 2013, includes a ground station, the Pleiades-type satellites (aka Falcon Eye) are due for delivery 2018. The revelation was provided by high-level UAE sources, the companies involved in the business are the prime contractor Airbus Defense and Space, and payload maker Thales Alenia Space. " If this issue is not resolved, the UAE is willing to scrap the whole deal ," he added. UAE authorities suspect the presence of vulnerabilities would " provide a back door to the highly secure data transmitted to the ground station ". An unnamed UAE source has confirmed...

After being an owner of Smartphones, now it's your turn to own a Smart Car. Wouldn't it sound great if you could use your favorite mobile apps on Car's dashboard display? Yes! You heard right.. Google has tied-up with several Auto manufacturers with the goal to bring Android to Cars with built-in controls and hardware by the end of this year. Google has announced at the CES technology trade show in Las Vegas, the Open Automotive Alliance (OAA) will achieve this with their partners i.e. General Motors, Honda, Audi, Hyundai and chipmaker Nvidia. This new project is designed to accelerate innovation in the Automotive sector, with the customized version of most popular mobile platform 'Android' for Cars, that will bring Google Places, Maps, Voice, Earth and developer support to cars. " This open development model and common platform will allow automakers to more easily bring cutting-edge technology to their drivers, and create new opportunities for developers to delive...

Google's primary search domain for Tajikistan had seemingly been hacked yesterday, along with other high profile domains including Yahoo, Twitter, Amazon -- redirected to a defaced page. Actually neither Google, nor Twitter servers have been hacked, rather website of Tajikistan's Domain registrar ( domain.tj ) authority has been hacked, that allows the hacker to access domain control panel. Server Kernel:  Linux mx.takemail.com 2.4.21-27.ELsmp #1 SMP Wed Dec 1 21:59:02 EST 2004 i686 Iranian hacker ' Mr.XHat' successfully managed to change the DNS records of attack websites and defaced them for about a day. Hacker told ' The Hacker News ' that he used Directory Traversal vulnerability to hack the website and still has the access to the control panel. Directory traversal is a type of HTTP exploit that is used by attackers to gain unauthorized access to restricted directories and files. Following the screenshot of compromised Domain Registrar's Control Panel:...

Staysure, a UK based Insurance company has suffered a massive data breach . More than 93,000 customers' sensitive financial data may have been compromised by unknown hackers. We became aware of the problem on November 14, and quickly informed the relevant card issuing bodies and subsequently The Financial Conduct Authority, the Information Commissioner's Office and the Police. The company notified that their systems have suffered cyber attack during the second half of October 2013 and Customers' Data including names, addresses, payment card details and CVV numbers has stolen. In that attack, encrypted payment card details of customers who purchased insurance from us before May 2012 were stolen, along with CVV details and customer names and addresses. From May 2012 we ceased to store this data. Credit card details were encrypted, but the CVV number was in the clear text, which is not good. Now this is not confirmed that their encryption implementation was secure or not. Howe...

Think twice before using some words like ' Bomb ', ' Attack ', ' Blast ' or ' kill ' in your Facebook status update, tweets or emails, because this may flag you as a potential terrorist under a surveillance project of Indian Security agencies. This Indian Internet surveillance project named as NETRA ( Network Traffic Analysis) ,   capable of detecting and capture any dubious voice traffic passing through software such as Skype or Google Talk, according to  the Economic Times . In Hindi, NETRA means " eye " and this project is an Indian version of PRISM i.e. A spying project by US National Security Agency (NSA), that also allows the government to monitor the Internet and telephone records of citizens. Reportedly, NETRA is under testing right now by the Indian Intelligence Bureau and Cabinet Secretariat and after on success will be deployed by all Indian National security agencies. Centre for Artificial Intelligence and Robotics (CAIR), a lab under Defe...

In the category of Ransomware Malware, a nasty piece of malware called  CRYPTOLOCKER  is on the top, that threatened most of the people around the world, effectively destroying important files of the victims. Cryptolocker, which strongly encrypts victims' hard drives until a ransom is paid, is now again back in action to haunt your digital life with an additional feature. Until now, CryptoLocker has been spread via spam email, with victims tempted to download an attachment or click on a link to a malicious website, but now it can spread itself as a worm through removable USB drives . Security Researchers at Trend Micro have recently reported a new variant of Cryptolocker which is capable of spreading through removable USB drives. As Previously reported by our Security experts at The Hacker News , Cryptolocker is a malware which locks your files and demand a ransom to release it. The files are encrypted so removing the malware from the system doesn't unlo...

Have you seen the Coca-Cola " Freestyle " soda fountain yet? Instead of levers for different sodas, you have got a touchscreen, interface like an iPad and with a Push button you can have 127 Flavors of sodas. There are more than 3,500 such machines are installed inside the world's Burger Kings and all of them are connected to the internet, so that Coca-Cola can track inventory and making stock decisions. Last week the developer of GNU MACChanger software, Alvaro Lopez Ortega found that Coca-Cola has reserved a huge block of MAC addresses, i.e. 16 Million. These could conceivably be used in the future for tagging physical devices, Freestyle Soda machines or vending machines. Media Access Control address, a hardware address that uniquely identifies each node of a network. Every piece of hardware on your local network has a MAC address in addition to the IP address assigned to it by the local router or a server. IEEE has a Registration Authority called OUI that m...

Internet advertisement networks provide hackers with an effective venue for targeting wide range computers through malicious advertisements. Previously it was reported by some security researchers that Yahoo's online advertising Network is one of the top ad networks were being abused to spread malware by cyber criminals . Recent report published by Fox-IT, Hackers are using Yahoo's advertising servers to distribute malware to hundreds of thousands of users since late last month that affecting thousands of users in various countries. " Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious ," the firm reported . More than 300,000 users per hour were being redirected to malicious websites serving 'Magnitude Exploit Kit', that exploits vulnerabilities in Java and installs a variety of different malware i.e. ZeuS Andromeda Dorkbot/Ngrbot Advertisement clicking malware Tinba/Zusy Necurs "...

Image Credit: The guardian  If I say that  NSA (National Security Agency) will never stop spying on us then it won't be wrong. After the exposure of the large number of surveillance scandals including PRISM, DROPOUTJEEP, XKeyscore and many many more which are now publicly known as well as unknown, Will NSA ever stop Privacy  breach? Obviously ' NO' . That I can predict from another Snowden leak published by the Washington Post news website recently i.e. US National Security Agency (NSA) is trying to develop a futuristic super computer called ' Quantum computer'  that could be capable of breaking almost every kind of encryption on the computer used to protect banks, medical, business including top-secret information held by government around the world. The Project is specified as " Penetrating Hard Targets " in the document and is a part of $79.7 million research program. The Washington Post says that the research is being done at the University of Mar...

Ransomware is one of the most blatant and obvious criminal's money making schemes out there. Ransomware malware was mostly known by the people when Cryptolocker comes into play. At the time when readers were getting aware of ransomware, Cryptolocker threat had touched the peak and other money motivated cyber criminals have started developing their own Cryptolocker versions. Two hackers going by the name of ' gyx ' and ' Porphyry ' (admin of maldev.net hacking forum) are advertizing a new ramsomware malware tool-kit called "Prison Locker" on various hacking forums with tutorials. They have developed the Prison Locker a.k.a Power Locker ramsomware toolkit in C/C++ programming language, proving a GUI version with customizable features for customers. The Ransomware is using BlowFish encryption to encrypt all available files on the victim's hard disk and shared drives except . exe , . dll , . sys , other system files. During encryption it will ge...