The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Having SSL Certification doesn't mean that the website you are visiting is not a bogus website. SSL certificates protect web users in two ways, it encrypts sensitive information such as usernames, passwords, or credit card numbers and also verify the identity of websites. But today hackers and cyber criminals are using every tantrum to steal your credentials by injecting fake SSL certificates to the bogus websites impersonating Social media, e-commerce, and even bank website. Netcraft Security Researchers have discovered dozens of fake SSL Certificates being used to enact financial institutions, e-commerce site vendors, Internet Service Providers and social networking sites, which allegedly allows an attacker to carry out man-in-the-middle attacks. When you will visit a bogus website from any popular web browser; having self signed fake SSL Certificate, you will see a foreboding warning in the web browser, but the traffic originates from apps and other non-browser software fail...

The Distributed Denial of Service (DDoS) attack is the one of favourite weapon for the hackers to temporarily suspend services of a host connected to the Internet and till now nearly every big site had been a victim of this attack. Since 2013, Hackers have adopted new tactics to boost Distributed Denial of Service attack sizes, which is known as ' Amplification Attack ', that provide the benefits of obscuring the source of the attack, while enabling the bandwidth to be used to multiply the size of the attack. Just yesterday, hackers have succeeded in reaching new heights of the massive DDoS attack targeting content-delivery and anti-DDoS protection firm CloudFlare , reaching more than 400Gbps at its peak of traffic, striking at the company's data servers in Europe. " Very big NTP reflection attack hitting us right now. Appears to be bigger than the #Spamhaus attack from last year. Mitigating ," CloudFlare CEO Matthew Price said in a tweet. " Someone's got a big, new...

Adobe has released a security update to address critical vulnerabilities for Adobe Shockwave Player 12.0.7.148 and earlier versions of the Windows and Mac OS X systems. The Patch fixes two critical remote code execution vulnerabilities, that could potentially allow an attacker to remotely take control of the affected system. According to the Security  Advisory released by Adobe, the vulnerabilities labeled as CVE-2014-0500 and CVE-2014-0501, and very limited information is available at this moment. These vulnerabilities discovered and reported by Liangliang Song of Fortinet's FortiGuard Labs. ' An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. ' advisory explained. Adobe gave the update its highest 'Priority Ranking' of 1 , which indicates that a vulnerability is actively being targeted, or has ...

Python supply chain attacks are surging in 2025. Join our webinar to learn how to secure your code, dependencies, and runtime with modern tools and strategies.

A sophisticated cyber spying operation, The Mask , that has been under the radar for about 7 years and targeted approximately 31 countries, has now been unmasked by researchers at Kaspersky Labs . Researchers believe the campaign has been active since 2007 and is a highly sophisticated nation-state spying tool targeting government agencies, diplomatic offices, embassies, private companies, and activists. In the report published by Kaspersky, over 380 unique victims were identified. The name " Mask " comes from the Spanish slang word "Careto," meaning " Ugly Face " or " Mask ," which was found in several malware modules. Developers of The Mask (aka Careto ) used a complex toolset, including advanced malware, bootkits, and rootkits capable of: Sniffing encryption keys Intercepting VPN configurations, SSH keys, and RDP files Monitoring network traffic, keystrokes, Skype conversations, Wi-Fi traffic Capturing screens and tracking file op...

The US Government has allotted a large share of its ' Black Budget ' for secret military research and weapons programs, along with surveillance programs, that is harvesting hundreds of millions of Metadata from emails, web activity, chats, social networks, and everything else around the world. To make this happen, NSA has used a number of unethical ways, but labeled as legal solutions.  Today, on February 11th, we all unite to fight against the Government intrusion on the privacy of innocent people worldwide, under one banner of ' The Day We Fight Back ', along with other 7000 websites by hosting a large banner at the bottom of the websites; reading " Dear Internet, we're standing with 300+ nonprofits worldwide in demanding an end to mass, suspicionless surveillance ", asking people of the world to vote against proposed NSA reforms that the American Civil Liberties Union has labeled " Bad for Privacy ". The Banner, you can see at the bottom of this page, e...

Snapchat , a Smartphone application that lets users share snapshots with friends is catching fire among teenagers. It was first hacked in December when 4.6 million Snapchat users were exposed in a database breach. Later, the denial-of-service attack and CAPTCHA Security bypass were discovered by other researchers within last two-three weeks. Snapchat has no Vulnerability Reward Program, but still many penetration testers are working hard and free of cost to make the application more secure by disclosing flaws. Interestingly, this is not the end of vulnerabilities, Mohamed Ramadan , a security researcher with Attack-Secure from Egypt, has spotted a new vulnerability on Snapchat that allow an attacker to brute-force login credentials of the users. Brute-force is a process of trying multiple passwords against a username until you get a correct password. " This vulnerability allows anyone who knows your SnapChat email to brute force your account's password without any...

Valentine's Day   - a day of hearts, Chocolates, Flowers and Celebrations when people express their emotions to their loved ones and most of us send E-cards, purchase special gifts with the help of various Online Shop Sites and many other tantrums making them feel special. While you are busy in Googling ideal gifts for your loved ones, the Cyber thieves are also busy in taking advantage of such events by spreading various malware , phishing campaigns and fraud schemes as these days come out to be a goldmine for the cyber criminals. Online Shopping Scams are popular among Cyber criminals as it is the easiest way for hackers to steal money in easy and untraceable ways. Security Researchers at Anti virus firm - Trend Micro discovered various Valentine's Day threats which are common at such occasion i.e. A flower-delivery service and it appears to be a normal promotional e-mail, but the links actually lead to various survey scams. The Malware threats also arr...

In past months, we have reported about critical vulnerabilities in many wireless Routers including Netgear, Linksys,  TP-LINK, Cisco, ASUS, TENDA and more vendors, installed by millions of home users worldwide. Polish Computer Emergency Response Team (CERT Polska) recently noticed a large scale cyber attack ongoing campaign aimed at Polish e-banking users. Cyber criminals are using known router vulnerability which allow attackers to change the router's DNS configuration remotely so they can lure users to fake bank websites or can perform Man-in-the-Middle attack. ' After DNS servers settings are changed on a router, all queries from inside the network are forwarded to rogue servers. Obviously the platform of a client device is not an issue, as there is no need for the attackers to install any malicious software at all. ' CERT Polska researchers said. That DNS Hijacking trick is not new, neither most of the router vulnerabilities are, but still millions of...

Last October, the social network ' LinkedIn ' launched a controversial Smartphone app called ' Intro ' that intercepts and route all of your emails through LinkedIn servers to inject LinkedIn profiles of the sender directly into the mails. The app was released for Android , as well as iOS devices. Why Controversial? The app puts the security and privacy of your data entirely in the company's hands, and at that time everyone criticized and reacted negatively, but LinkedIn defended Intro, claiming that all information was fully encrypted and deleted from LinkedIn's servers immediately. Just two days back, I got an e-mail from LinkedIn with the subject line " We're retiring LinkedIn Intro. " i.e. LinkedIn is giving up so quickly just four months of the launch! In a blog post today, LinkedIn SVP of products Deep Mishar explained, " We are shutting down LinkedIn Intro as of March 7, 2014. The intro was launched last year to bring the power of LinkedIn to your emai...

With the beginning of a new week, we always came across a new revelation of surveillance programs run by the U.S. Government. A Recent NYT Report disclosed that how whistleblower Edward Snowden downloaded 1.7 million classified files which are revealing a number of secret spying projects that are being executed by NSA. The only lesson we have learned, is about taking our PRIVACY very seriously.  To Communicate using electronic media, we need to explore something which can make the conversation more secure and private. The only point where my search ends is to 'Encrypt the message' to be sent with a robust encryption technique which might provide at least a handy balance of security and convenience. Recently, it was reported that most widely adopted encryption technique RSA had a backdoor for the NSA . So 'Privacy' becomes a question to all of us and what technology we should trust upon. We have various sets of options to choose encryption e.g. Advanced Encry...

Last Saturday millions of France Internet users saw a strange message on Google's Homepage, rather than any GOOGLE DOODLE, as shown above. Despite Paying €150,000 ($228,147)  Fine to France Government, Google has been forced to post a ' Privacy Fine Notice ' on its French Search Engine homepage for violating Data-Processing and Freedoms Laws. The French Data-protection authority - ' The Commission Nationale de l'information et des Liberties ' (CNIL) said on Friday that Google's appeal to suspend the order of January decision has been denied by the Conseil d'Etat i.e. The Administrative Court and the company is ordered to post a notice for 48 hours on its Google.fr page within eight days as of the notification of the decision. In 2012, Google's new privacy policy that combined several separate policies under one umbrella and allowed Google to take advantage of user data from multiple different services at once, was in violation of " fun...

National Security Agency (NSA) – the one that had ruled over the privacy of the entire world from countries to individuals, the one with master access to read anyone's data, intruded into large fiber networks, and can target anyone, at any time, at any place; but lapsed somewhere in protecting its own privacy and security of the confidential data. If I am wrong, then from where did Snowden gets hold over roughly 1.7 million NSA's confidential files in sequence? According to the Intelligence officials who has investigated the insider theft by Snowden, noticed that he had accessed all these documents using some ' web crawler ', a freely available automated tool also known as spiders, which used to search, index and backup a website, " scraped data out of our systems " he said. " We do not believe this was an individual sitting at a machine and downloading this much material in sequence ," he added. He used the web crawler tool against NSA 's internal network and 'probably...