The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Forbes  is the latest victim in a long line of high-profile attacks by the Syrian Electronic Army (SEA) , sending a reminder to the international community that cyber warfare is alive and well. The pro-Assad group also took responsibility for hacking multiple Forbes websites and hijacked three Twitter accounts related to the website. According to the screenshots published by the team, it appears the hackers gained the access to the Wordpress administration panel of Forbes website and  edited several articles posted earlier on Forbes by authors Travis Bradberry, Matthew Herper, Andy Greenberg, John Dobosz, Steve Forbes  and titled then as " Hacked by Syrian Electronic Army ". Hackers tweeted, " Syrian Electronic Army was here " from the compromised Twitter accounts, including accounts of Social media editor Alex Knapp @TheAlexKnapp and Personal finance report Samantha Sharf  @Samsharf , and @ForbesTech account. The  Syrian Electronic Arm...

After Silk Road , another underground online marketplace ' Utopia ' has been seized by Dutch National Police ,  where users could buy illegal drugs and guns for home delivery. The police started their investigation under Codename ' Operation Commodore ' in 2013,   and finally  seized Utopia's Germany-based servers and arrested total 5 suspects for running this marketplace. One arrested in  Germany and  other four suspects, aged 29 to 46, were detained in The Netherlands.  Two of them had also been involved in another similar underground website ' Black Market Reloaded ', which was closed in December 2013. Utopia  reportedly launched only last week ( https://ggvow6fj3sehlm45.onion/ ),  intended to become a direct competitor of the Silk Road, was  a ' d ark web ' website, which is accessible only by using Tor anonymity software. The website is now displaying a message:  " This hidden ...

We are quite aware of the leaks that the Whistleblower Edward Snowden carried out against the US National Security Agency (NSA) and after reading every related update, watching every document that he provided to various news websites, you all are left with a question in mind that,  How he could carry out this whole operation without any helping hand? Yes, you are right! The former NSA contractor Edward Snowden allegedly managed to access thousands of the classified documents by stealing one of his coworker's passwords, according to an unclassified NSA memorandum obtained by the NBC News . Three Members, one NSA's civilian employee, an active duty member of the U.S. Military and a contractor were found involved in the actions that may have aided Snowden's operation; from which NSA 's civilian employee has been stripped of his security clearance and has resigned. Other two has been obstructed from accessing National Security Agency (NSA) facilities, th...

It seems you cannot go a day without hearing about someone or some group hacking a website or stealing credit card and other sensitive data from e-commerce sites. The Market of E-commerce is at its boom, and that provides even more opportunities to hackers. There are many readymade e-commerce platforms available on the Internet, that are easy to install and easy to manage at no extra cost and 'Magento' is one of the most popular out of them. Recently security researchers at Securatary  have reported a critical cross-store vulnerability in the Magento platform that lets attackers to escalation privilege by creating an administrative user on any ' Gostorego' online store. The authentication bypass vulnerability left 200,000 merchants data vulnerable to hackers before it was patched. To exploit the flaw, an attacker only needed to modify the HOST header to the URI of the target account in the GET request. They dubbed it as " Stealth mode ",...

Having SSL Certification doesn't mean that the website you are visiting is not a bogus website. SSL certificates protect web users in two ways, it encrypts sensitive information such as usernames, passwords, or credit card numbers and also verify the identity of websites. But today hackers and cyber criminals are using every tantrum to steal your credentials by injecting fake SSL certificates to the bogus websites impersonating Social media, e-commerce, and even bank website. Netcraft Security Researchers have discovered dozens of fake SSL Certificates being used to enact financial institutions, e-commerce site vendors, Internet Service Providers and social networking sites, which allegedly allows an attacker to carry out man-in-the-middle attacks. When you will visit a bogus website from any popular web browser; having self signed fake SSL Certificate, you will see a foreboding warning in the web browser, but the traffic originates from apps and other non-browser software fail...

The Distributed Denial of Service (DDoS) attack is the one of favourite weapon for the hackers to temporarily suspend services of a host connected to the Internet and till now nearly every big site had been a victim of this attack. Since 2013, Hackers have adopted new tactics to boost Distributed Denial of Service attack sizes, which is known as ' Amplification Attack ', that provide the benefits of obscuring the source of the attack, while enabling the bandwidth to be used to multiply the size of the attack. Just yesterday, hackers have succeeded in reaching new heights of the massive DDoS attack targeting content-delivery and anti-DDoS protection firm CloudFlare , reaching more than 400Gbps at its peak of traffic, striking at the company's data servers in Europe. " Very big NTP reflection attack hitting us right now. Appears to be bigger than the #Spamhaus attack from last year. Mitigating ," CloudFlare CEO Matthew Price said in a tweet. " Someone's got a big, new...

Adobe has released a security update to address critical vulnerabilities for Adobe Shockwave Player 12.0.7.148 and earlier versions of the Windows and Mac OS X systems. The Patch fixes two critical remote code execution vulnerabilities, that could potentially allow an attacker to remotely take control of the affected system. According to the Security  Advisory released by Adobe, the vulnerabilities labeled as CVE-2014-0500 and CVE-2014-0501, and very limited information is available at this moment. These vulnerabilities discovered and reported by Liangliang Song of Fortinet's FortiGuard Labs. ' An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. ' advisory explained. Adobe gave the update its highest 'Priority Ranking' of 1 , which indicates that a vulnerability is actively being targeted, or has ...

A sophisticated cyber spying operation, The Mask , that has been under the radar for about 7 years and targeted approximately 31 countries, has now been unmasked by researchers at Kaspersky Labs . Researchers believe the campaign has been active since 2007 and is a highly sophisticated nation-state spying tool targeting government agencies, diplomatic offices, embassies, private companies, and activists. In the report published by Kaspersky, over 380 unique victims were identified. The name " Mask " comes from the Spanish slang word "Careto," meaning " Ugly Face " or " Mask ," which was found in several malware modules. Developers of The Mask (aka Careto ) used a complex toolset, including advanced malware, bootkits, and rootkits capable of: Sniffing encryption keys Intercepting VPN configurations, SSH keys, and RDP files Monitoring network traffic, keystrokes, Skype conversations, Wi-Fi traffic Capturing screens and tracking file op...

The US Government has allotted a large share of its ' Black Budget ' for secret military research and weapons programs, along with surveillance programs, that is harvesting hundreds of millions of Metadata from emails, web activity, chats, social networks, and everything else around the world. To make this happen, NSA has used a number of unethical ways, but labeled as legal solutions.  Today, on February 11th, we all unite to fight against the Government intrusion on the privacy of innocent people worldwide, under one banner of ' The Day We Fight Back ', along with other 7000 websites by hosting a large banner at the bottom of the websites; reading " Dear Internet, we're standing with 300+ nonprofits worldwide in demanding an end to mass, suspicionless surveillance ", asking people of the world to vote against proposed NSA reforms that the American Civil Liberties Union has labeled " Bad for Privacy ". The Banner, you can see at the bottom of this page, e...

Snapchat , a Smartphone application that lets users share snapshots with friends is catching fire among teenagers. It was first hacked in December when 4.6 million Snapchat users were exposed in a database breach. Later, the denial-of-service attack and CAPTCHA Security bypass were discovered by other researchers within last two-three weeks. Snapchat has no Vulnerability Reward Program, but still many penetration testers are working hard and free of cost to make the application more secure by disclosing flaws. Interestingly, this is not the end of vulnerabilities, Mohamed Ramadan , a security researcher with Attack-Secure from Egypt, has spotted a new vulnerability on Snapchat that allow an attacker to brute-force login credentials of the users. Brute-force is a process of trying multiple passwords against a username until you get a correct password. " This vulnerability allows anyone who knows your SnapChat email to brute force your account's password without any...

Valentine's Day   - a day of hearts, Chocolates, Flowers and Celebrations when people express their emotions to their loved ones and most of us send E-cards, purchase special gifts with the help of various Online Shop Sites and many other tantrums making them feel special. While you are busy in Googling ideal gifts for your loved ones, the Cyber thieves are also busy in taking advantage of such events by spreading various malware , phishing campaigns and fraud schemes as these days come out to be a goldmine for the cyber criminals. Online Shopping Scams are popular among Cyber criminals as it is the easiest way for hackers to steal money in easy and untraceable ways. Security Researchers at Anti virus firm - Trend Micro discovered various Valentine's Day threats which are common at such occasion i.e. A flower-delivery service and it appears to be a normal promotional e-mail, but the links actually lead to various survey scams. The Malware threats also arr...

In past months, we have reported about critical vulnerabilities in many wireless Routers including Netgear, Linksys,  TP-LINK, Cisco, ASUS, TENDA and more vendors, installed by millions of home users worldwide. Polish Computer Emergency Response Team (CERT Polska) recently noticed a large scale cyber attack ongoing campaign aimed at Polish e-banking users. Cyber criminals are using known router vulnerability which allow attackers to change the router's DNS configuration remotely so they can lure users to fake bank websites or can perform Man-in-the-Middle attack. ' After DNS servers settings are changed on a router, all queries from inside the network are forwarded to rogue servers. Obviously the platform of a client device is not an issue, as there is no need for the attackers to install any malicious software at all. ' CERT Polska researchers said. That DNS Hijacking trick is not new, neither most of the router vulnerabilities are, but still millions of...