The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Security researchers have discovered thousands of backdoored plugins and themes for the popular content management systems (CMS) that could be used by attackers to compromise web servers on a large scale. The Netherlands-based security firm Fox-IT has published a whitepaper revealing a new Backdoor named "CryptoPHP . " Security researchers have uncovered malicious plugins and themes for WordPress, Joomla and Drupal . However, there is a slight relief for Drupal users, as only themes are found to be infected from CryptoPHP backdoor. In order to victimize site administrators, miscreants makes use of a simple social engineering trick. They often lured site admins to download pirated versions of commercial CMS plugins and themes for free. Once downloaded, the malicious theme or plugin included backdoor installed on the admins' server. "By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is...

Researchers have uncovered a highly advanced, sophisticated piece of malware they believe was used to spy on a wide-range of international targets including governments, infrastructure operators and other high-profile individuals since at least 2008. The nasty malware, dubbed "Regin" , is said to be more sophisticated than both Stuxnet and Duqu , according to the researchers at antivirus software maker Symantec Corp. DEVELOPED BY NATION STATE The research showed that the Regin malware is believe to be developed by a wealthy "nation state" and is a primary cyber espionage tool of a nation state because of the financial clout needed to produce code of this complexity with several stealth features to avoid detection. But, the antivirus software maker didn't identify which country was behind it. "It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabili...

Security researchers have discovered a new type of "Man-in-the-Middle" (MitM) attack in the wild targeting smartphone and tablets users on devices running either iOS or Android around the world. The MitM attack, dubbed DoubleDirect , enables an attacker to redirect a victim's traffic of major websites such as Google, Facebook and Twitter to a device controlled by the attacker. Once done, cyber crooks can steal victims' valuable personal data, such as email IDs, login credentials and banking information as well as can deliver malware to the targeted mobile device. San Francisco-based mobile security firm Zimperium detailed the threat in a Thursday blog post , revealing that the DoubleDirect technique is being used by attackers in the wild in attacks against the users of web giants including Google, Facebook, Hotmail, Live.com and Twitter, across 31 countries, including the U.S., the U.K. and Canada. DoubleDirect makes use of ICMP (Internet Control Message P...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

Unless we are a human supercomputer, remembering password is not an easy task and that too, if you have a different password for every different site. But luckily to make the whole process easy, there is a growing market for password managers which provides an extra layer of protection. Wait! Wait! Seriously?? Security researchers have discovered a new variant of data-stealing Citadel Trojan program used by cybercriminals to slurp up users' master passwords for a number of password management applications and other authentication programs, which will let you think twice before using one. Citadel Trojan malware program has typically been used to steal online banking credentials and other financial information by masquerading itself as legitimate banking sites when victims open it in their local browser, which is also known as a man-in-the-browser attack . The malware has previously targeted users' credentials stored in the password management applications included...

Human rights experts and Privacy International have launched a free tool allowing users to scan their computers for surveillance spyware, typically used by governments and other organizations to spy on human rights activists and journalists around the world. This free-of-charge anti-surveillance tool, called Detekt , is an open source software app released in partnership with Human rights charity Amnesty International, Germany's Digitale Gesellschaft, the Electronic Frontier Foundation ( EFF ) and Privacy International, in order to combat government surveillance. NEED AN EYE FOR AN EYE The global surveillance carried out by the US National Security Agency (NSA) and other government agencies recently disclosed by the former NSA contractor Edward Snowden shed light on just how far our own government can go to keep track of citizens, whether innocent or otherwise. Therefore, such tool will help them see if their devices have been infected by any spyware. Detekt was dev...

Thanks to recent events involving certain celebrities' stolen pictures, "brute-force attack" is now one of the hot buzz words making its rounds. As an IT professional - do you know what a brute force attack is, how to spot one when it happens, and how to prevent it? A brute-force attack is, simply, an attack on a username, password, etc. that systematically checks all possible combinations until the correct one is found. Scripts are usually used in these attacks to automate the process of arriving at the correct username/password combination. This is why time is of the essence when it comes to detecting and stopping a brute force attack – the more time the attacker has, the more passwords can be tried. Brute force attacks are one of the few hacks detectable by their volume, rather than their type. In your web (or proprietary app) logs, you'll usually see a crazy amount of failed login attempts, usually originating from the same IP address. You might even see the same accoun...

Google on Tuesday launched a Security testing tool "Firing Range" , which aimed at improving the efficiency of automated Web application security scanners by evaluating them with a wide range of cross-site scripting (XSS) and a few other web vulnerabilities seen in the wild. Firing Range basically provides a synthetic testing environment mostly for cross-site scripting (XSS) vulnerabilities that are seen most frequently in web apps. According to Google security engineer Claudio Criscione, 70 percent of the bugs in Google's Vulnerability Reward Program are cross-site scripting flaws . In addition to XSS vulnerabilities , the new web app scanner also scans for other types of vulnerabilities including reverse clickjacking , Flash injection , mixed content, and cross-origin resource sharing vulnerabilities. Firing Range was developed by Google with the help of security researchers at Politecnico di Milano in an effort to build a test ground for automated scanners...

A security weakness in Android mobile operating system versions below 5.0 that puts potentially every Android device at risk for privilege escalation attacks, has been patched in  Android 5.0 Lollipop  – the latest version of the mobile operating system. The security vulnerability ( CVE-2014-7911 ), discovered by a security researcher named Jann Horn , could allow any potential attacker to bypass the Address Space Layout Randomization (ASLR) defense and execute arbitrary code of their choice on a target device under certain circumstances. ASLR is a technique involved in protection from buffer overflow attacks. The flaw resides in java.io.ObjectInputStream , which fails to check whether an Object that is being deserialized is actually a serializable object. The vulnerability was reported by the researcher to Google security team earlier this year. According to the security researcher, android apps can communicate with system_service, which runs under admin p...

As days are passing, encryptio n is becoming a need for every user sitting online. Many tech giants including Google, Apple and Yahoo! are adopting encryption to serve its users security and privacy at its best, but according to Electronic Frontier Foundation (EFF) , the high-tech Web security should not be limited to the wealthiest technology firms. The non-profit foundation EFF has partnered with big and reputed companies including Mozilla, Cisco, and Akamai to offer free HTTPS/SSL certificates for those running servers on the internet at the beginning of 2015, in order to encourage people to encrypt users' connections to their websites. Until now, switching web server over to HTTPS from HTTP is something of a hassle and expense for website operators and notoriously hard to install and maintain it. But, after the launch of this new free certificate authority (CA), called Let's Encrypt , it will be even more easy for people to run encrypted, secure HTTPS websites. ...

Good news for all Privacy Lovers!! Finally the wildly popular messaging app WhatsApp has made end-to-end encryption a default feature, stepping a way forward for the online privacy of its users around the world. WhatsApp , most popular messaging app with 600 Million users as of October 2014, has partnered with Open Whisper Systems to boost its privacy and security by implementing strong end-to-end encryption on all text messages. The strong end-to-end encryption here means that even Mark Zuckerberg himself can't pry into your conversations, even if asked by law enforcement officials. The app maker describe this move as the " largest deployment of end-to-end encryption ever ." The Open Whisper System is a non-profit software organisation started by security researcher Moxie Marlinspike, who is behind the development of TextSecure app used for encryption. Over the past three years, his team has been in the process of developing a 'modern, open source...

Microsoft today released an " out-of-band " security updates to fix a critical vulnerability in all supported versions of its Windows Server software that cyber criminals are exploiting to compromise whole networks of computers. The Emergency patch release comes just one week after Microsoft provided its monthly security patch updates. The November 2014 Patch Tuesday updates included 16 security patches, five of which were rated by Redmond as "critical." The security update (MS14-068) addresses a vulnerability in the Windows component called Microsoft Windows Kerberos KBC , authentication system used by default in the operating system. The flaw allows an attacker to elevate domain user account privileges and access rights to that of a domain administrator account. As a result, if users unknowingly or accidentally run a malicious software on their system, it could therefore be used to compromise the entire network, which could be more dangerous for those who ...

Tor has always been a tough target for law enforcement for years and FBI has spent millions of dollars to de-anonymize the identity of Tor users, but a latest research suggests that more than 81% of Tor clients can be "de-anonymised" by exploiting the traffic analysis software 'Netflow' technology that Cisco has built into its router protocols. NetFlow is a network protocol designed to collect and monitor network traffic. It exchanged data in network flows, which can correspond to TCP connections or other IP packets sharing common characteristics, such UDP packets sharing source and destination IP addresses, port numbers, and other information. The research was conducted for six years by professor Sambuddho Chakravarty , a former researcher at Columbia University's Network Security Lab and now researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology in Delhi. Chakravarty used a technique, in order to determine the Tor...