The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The famous cyber hacker group Anonymous has vowed an ' Electronic Holocaust ' against Israel in response to what the group calls 'crimes in the Palestinian territories'. In a spooky video " message to Israel " posted on YouTube March 4, Anonymous declared yet another cyber attack on April 7, which is one week before Holocaust Remembrance day. Totally in news delivering style, the video clip shows a man wearing an Anonymous mask and threatening to take down Israeli servers and websites related to critical infrastructure next week, promising to 'erase you from cyberspace'. " We will erase [Israel] from cyberspace in our electronic Holocaust ," says the video. " As we did many times, we will take down your servers, government websites, Israeli military sites, and Israeli institutions. " The cyber activist group declared Palestinians youths as a 'symbol of freedom', and urged them to "never give up. [Anonymous] are with...

Two former Federal investigators who helped to shut down the infamous black-market website ' Silk Road ' accused of fraud and stealing more than a Million dollars in Bitcoins during their investigation. Silk Road, an infamous online drug market that hosted more than $200 Million in transactions, was seized by the FBI in 2013, but during that period two of FBI agents took advantage of their position. CHARGES AGAINST FEDS The US Department of Justice indictment charges 46-year-old former Drug Enforcement Agency (DEA) special agent Carl Force , and 32-year-old former Secret Service agent Shaun Bridges , with the following charges: Theft of government property Wire fraud Money laundering Conflict of interest MILLION DOLLAR EXTORTION Both Force and Bridges were part of Baltimore's Silk Road Task Force to investigate illegal activity in the black marketplace. The creator of Silk Road, Ross Ulbricht, was arrested and found guilty of running the Tor-h...

Once again, Syrian Electronic Army (SEA) has gain media attention by compromising a number of popular web hosting brands of one of the leading web-hosting companies Endurance International Group INC that manages over 60 different hosting brands. SEA, a pro-hacker group supposed to be aligned with Syrian President Bashar al-Assad, is famous for hacking high-profile websites and targeting leading organisation with its advanced phishing attacks. This time the group hacked Endurance Group wings, including Bluehost, Justhost, Hostgator, Hostmonster and FastDomain, which are some of the world's leading web hosting companies. The official Twitter account linked to SEA group claimed responsibility for the hack. The group has posted the screenshots of the hacked panels of all the respective web hosting companies. REASON BEHIND HACK According to SEA group, Endurance Group's BlueHost, JustHost, HostGator and HostMonster were hosting terrorists web sites on their se...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

$US1 may be a very little amount, but it is enough to buy you a stolen Uber account and free car rides around the city. Two separate vendors on AlphaBay , a relatively new Dark Web marketplace launched in late 2014, are selling active Uber accounts with usernames and passwords for $1 each, Motherboard reports . Once purchased, these active Uber accounts let you order up rides using the payment information provided on the file. Additionally, other sensitive information that comes with the purchase includes partial credit card data (the last four digits and expiration date), trip history, email addresses, phone numbers, and location information of users' home and work addresses. Over on AlphaBay market, a vendor identified as " Courvoisier " is claiming to sell hacked Uber accounts for $1 each. Under the product listing for ' x1 UBER ACCOUNT - WORLDWIDE TAXI!, ' anyone can buy a Uber account anonymously. Another vendor, identified as ThinkingFo...

Do you realize how often your smartphone is sharing your location data with various companies? It is more than 5000 times in just two weeks. That is little Shocking but True! A recent study by the security researchers from Carnegie Mellon reveals that a number of smartphone applications collect your location-related data — a lot more than you think. The security researcher released a warning against the alarming approach: " Your location [data] has been shared 5,398 times with Facebook, GO Launcher EX, Groupon and seven other [applications] in the last 14 days. " During their study, researchers monitored 23 Android smartphone users for three weeks. First Week - Participants were asked to use their smartphone apps as they would normally do. Second Week - An app called App Ops was installed to monitor and manage the data those apps were using. Third Week - The team of researchers started sending a daily " privacy nudge " alert that would ping particip...

Thomas Jiřikovský , an alleged Owner of one of the most popular Darknet website ' Sheep Marketplace , ' has been arrested after laundering around $40 Million, making it one of the biggest exit scams in Darknet history. After the arrest of Silk Road owner 'Ross Ulbricht' in 2013 -- Sheep Marketplace became the next famous anonymous underground marketplace among Black Market customers for selling illicit products, especially drugs. But only after few weeks, Sheep Marketplace was suddenly disappeared and was taken offline by its owner, who had been suspected of stealing $40 million worth of Bitcoins at the time when Bitcoin market value was at the peak. Shortly after this Bitcoin Scam, a Darknet commentator ' Gwern Branwen ' doxed the owner, and the suspect was identified -- Thomas Jiřikovský as the owner of the black market website. Unfortunately, Jiřikovský forgot to hide his identity and residential address from the Internet, which was exposed by his Facebook ...

The most popular and widely used encryption scheme has been found to be weaker with the disclosure of a new attack that could allow attackers to steal credit card numbers, passwords and other sensitive data from transmissions protected by SSL ( secure sockets layer ) and TLS ( transport layer security ) protocols. The attack leverages a 13-year-old weakness in the less secure Rivest Cipher 4 (RC4) encryption algorithm , which is the most commonly used stream cipher for protecting 30 percent of TLS traffic on the Internet today. BAR-MITZVAH ATTACK The attack, dubbed " Bar-Mitzvah ", can be carried out even without conducting man-in-the-middle attack (MITM) between the client and the server, as in the case of most of the previous SSL hacks. Itsik Mantin, a researcher from security firm Imperva, presented his findings in a research titled, " Attacking SSL when using RC4 " at the Black Hat Asia security conference Thursday in Singapore. Bar Mitzv...

Github – a popular coding website used by programmers to collaborate on software development – was hit by a large-scale distributed denial of service (DDoS) attack for more than 24 hours late Thursday night. It seems like when users from outside countries visit different websites on the Internet that serve advertisements and tracking code from Chinese Internet giant Baidu , the assailants on Chinese border quietly inject malicious JavaScript code into the pages of those websites. The code instructs browsers of visitors to those websites to rapidly connect to GitHub.com every two seconds in a way that visitors couldn't smell, creating "an extremely large amount of traffic," according to a researcher who goes by the name A nthr@x . "A certain device at the border of China's inner network and the Internet has hijacked the HTTP connections went into China, replaced some JavaScript files from Baidu with malicious ones," A nthr@x wrote at Insight La...

Google want to save its users' bandwidth at home. The company has released a " Data Saver extension for Chrome , " bringing its data compression feature for its desktop users for the first time. While tethering to a mobile Hotspot for Internet connection for your laptop, this new Data Saver extension for Chrome helps you reduce bandwidth usage by compressing the pages you visit over the Internet. If you are unaware of it, the data compression proxy service by Google is designed to save users' bandwidth, load pages faster, and increase security (by checking for malicious web pages) on your smartphones and tablets. REDUCE AS MUCH AS 50% OF DATA USAGE  Until now, the data compression service has been meant to benefit only mobile users, but the latest Data Saver Chrome Extension aims at helping desktop users by reducing their data usage by as much as 50 percent. " Reduces data usage [bandwidth] by using Google servers to optimize pages you visit,...

There is no end to users problem when it comes to security. Everything is easily hackable — from home wireless routers to the large web servers that leak users' personal data into the world in one shot. If you love to travel and move hotels to hotels, then you might be dependent on free Wi-Fi network to access the Internet. However, next time you need to be extra cautious before connecting to Hotel's Wi-Fi network, as it may expose you to hackers. Security researchers have unearthed a critical flaw in routers that many hotel chains depend on for distributing Wi-Fi networks. The security vulnerability could allow a hacker to infect guests with malware, steal or monitor personal data sent over the network, and even gain access to the hotel's keycard systems and reservation. HACKING GUEST WIFI ROUTER Several models of InnGate routers manufactured by ANTlabs, a Singapore firm, have a security weakness in the authentication mechanism of the firmware. The se...

Yesterday at its annual F8 Developer Conference in San Francisco, Facebook officially turned its Messenger app into a Platform. Facebook's Messenger Platform allows third-party app developers to integrate their apps with Facebook messenger app. However, other popular messaging apps are already offering similar features, like Chinese WeChat, but Facebook release is much bigger than any other platform. At F8 Developer Conference, Facebook released SDK v4.0 for iOS and Android along with Graph API v2.3 that enable app developers to add new messenger platform features to their custom apps quickly. Facebook users can install these compatible third-party apps from the messenger app, which offers users to send animated GIFs, images, videos, and more content within the Facebook Messenger app easily. BOON FOR BOTH FACEBOOK AND THIRD PARTY DEVELOPERS Facebook Messenger Platform will offer third party app developers to reach out Facebook's 600 Millions of users. So, the move will be a ...

Security researcher has discovered some new features in the most dangerous Vawtrak , aka Neverquest , malware that allow it to send and receive data through encrypted favicons distributed over the secured Tor network . The researcher, Jakub Kroustek from AVG anti-virus firm, has provided an in-depth analysis ( PDF ) on the new and complex set of features of the malware which is considered to be one of the most dangerous threats in existence. Vawtrak is a sophisticated piece of malware in terms of supported features. It is capable of stealing financial information and executing transactions from the compromised computer remotely without leaving traces. The features include videos and screenshots capturing and launching man-in-the-middle attacks. HOW VAWTRAK SPREADS ? AVG anti-virus firm is warning users that it has discovered an ongoing campaign delivering Vawtrak to gain access to bank accounts visited by the victim and using the infamous Pony module in order to ste...