The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

That's a lot of Login credentials fetch by a single hacker. The FBI believes a single hacker who goes by the moniker Mr.Grey has stolen login credentials for over 1.2 Billion online accounts – apparently the biggest heist of log-in credentials the FBI has investigated thus far. Yeah, that's not Fifty, but 1.2 Billion Shades of Grey . The information came from the court documents the federal agents submitted to support its search warrant request in 2014, Reuters reported . The cyber security firm ' Hold Security ' initially reported the theft of the credentials last year. It found out that Russian hacking group CyberVor has stolen 1.2 Billion login details and an additional 500 Million email accounts. Botnet Breach These data were said to have been harvested from over 420,000 websites via botnets looking for SQL injection flaws ; the same technique recently used to hack TalkTalk . Botnets are usually employed to attack an individual targ...

Russian hackers have discovered a novel technique to rip off Millions of dollars from banks and ATMs. Criminals in Russia used a technique, called " Reverse ATM Attack ," and stole 252 Million Rubles ( US$3.8 Million ) from at least five different banks, according to the information obtained by Russian digital intelligence firm Group-IB . What is Reverse ATM Attack? According to the intelligence firm, an attacker would deposit sums of 5,000, 10,000 and 30,000 Rubles into legitimate bank accounts using ATMs, and immediately withdraw the same amounts right away with a printed receipt of the payment transaction. The details included in the receipt, containing a payment reference number and the amount withdrawn, would then be transferred to a partner hacker, who had remote access to the infected POS terminals, usually located outside of Russia. Also Read: German Bank ATMs vulnerable to Hackers The partner hacker would then use these details to perform a reversal ...

Imagine you have lost your credit card and applied for a fresh credit card from your bank. What if some criminal is using your new credit card before you have even received it? Yes, it's possible at least with this $10 device. Hardware hacker Samy Kamkar has built a $10 device that can predict and store hundreds of American Express credit card numbers, allowing anyone to use them for wireless payment transactions, even at non-wireless terminals. The device, dubbed MagSpoof , guesses the next credit card numbers and new expiration dates based on a cancelled credit card's number and when the replacement card was requested respectively. This process does not require the three or four-digit CVV numbers that are printed on the back side of the credit cards. Also Read:  How Hackers Can Hack Your Chip-and-PIN Credit Cards The tiny gadget would be a dream of any card fraudster who can pilfer cash from the stolen credit cards even after they have been blocked ...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

Remember Junaid Hussain ? Junaid Hussain – a hacker turned ISIS cyber mastermind who was killed in a US drone strike in August this year. But something has emerged what we don't know about the death of Hussain. The infamous hacker who in the past hacked the Anonymous pseudo-official Twitter accounts, now claims he served as an FBI informant to help the US government track down Junaid Hussain. The hacker, goes by the online alias Shm00p ( @5hm00p ), is a member of the hacking collective Rustle League and believes he is "99.9% sure" that the information given by him to the FBI agents led to the extrajudicial killing of Hussain. "What the fuck have I done," Shm00p tweeted early Sunday morning. Over 15 hours later after his first tweet, Shm00p made a series of tweets at the FBI Twitter account. "I lost a lot of good friendship and my fucking honor," Shm00p tweeted at the FBI. You can see an archived copy of his now deleted t...

Similar to the Superfish malware that surrounded Lenovo laptops in February, another big computer manufacturer Dell spotted selling PCs and laptops pre-installed with a rogue SSL certificate that could allow attackers: To impersonate as any HTTPS-protected website and spy on when banking or shopping online. The rogue certificate, dubbed eDellRoot , was first discovered over the weekend by a software programmer named Joe Nord . The certificate is so creepy that it automatically re-installs itself even when removed from the Windows operating system. Also Read:  Lenovo Caught Using Rootkit to Secretly Install Unremovable Software Superfish 2.0: Unkillable Zombie The self-signed transport layer security (TLS) credential came pre-installed as a root certificate on Dell PCs and laptops that are signed with the same private cryptographic key, which is stored locally. That means an attacker with moderate technical skills can extract the key and abuse it to sig...

In the wake of horrific terror attacks in Paris, the online Hacktivist group Anonymous last week declared " total war " against the Islamic State militant group (ISIS) that claimed responsibility for the attacks. While French, Russian, and US military are bombing ISIS from the sky, Anonymous members from all over the world are carrying out their very own cyber attack campaign, dubbed #OpParis , against the terrorist organization. Anonymous has claimed to have taken down 20,000 ISIS-affiliated Twitter accounts in order to take revenge from ISIS for the deadly Paris attacks on November 13. Anonymous Took Down 20,000 ISIS-affiliated Twitter Accounts In a YouTube video posted on Wednesday, the group said: "More than 20,000 Twitter accounts belonging to ISIS were taken down by Anonymous." The group has provided a list of all the Twitter accounts that have been taken down. On Tuesday, the hacktivist group claimed to have successfully taken ...

Own an Android Smartphone? Hackers can install any malicious third-party app on your smartphone remotely even if you have clearly tapped a reject button of the app. Security researchers have uncovered a trojanized adware family that has the capability to automatically install any app on an Android device by abusing the operating system's accessibility features. Michael Bentley , head of response at mobile security firm Lookout, warned in a blog post published Thursday that the team has found three adware families: Shedun (GhostPush) Kemoge (ShiftyBug) Shuanet Also Read:  Android Malware Can Spy On You Even When Your Mobile Is Off All the three adware families root-infect Android devices in order to prevent their removal and give attackers unrestricted access to the devices. But, it seems that the Shedun adware family has capabilities that go beyond the reach of other adware families. The Malware Doesn't Exploit Any Vulnerability It is...

Do Mac Computers Get Viruses? Yes, Of Course, they do!  According to stats, malware for MAC OS X has appeared five times more in 2015 alone than the previous five years combined. As malware for Macs is becoming more common, Google has decided to add support for Mac  OS X malware detection to its VirusTotal web-based service. VirusTotal — launched in 2004 and acquired by Google in 2012 — is a free and popular online service for security researchers and Hackers that lets you upload files to check them for viruses. VirusTotal scans uploaded files with more than 55 different Antivirus products and Online scan engines to provide a combined report on the results. VirusTotal also runs certain ' Windows PE files and Android apps ' files in the Sandbox , a controlled research environment used for malware analysis. According to the recent announcement, VirusTotal will also be able to execute suspicious Mac executable files inside its Sandbox environmen...

Yes, you heard it right. Mark Zuckerberg has left his job at Facebook. Don't believe me? I can prove it to you. —  Check this Facebook Post by yourself  — This is weird, Isn't it? But, don't be surprised or shocked, because what you just saw was only an illusion. This is actually a minor bug in the popular social media website that allows anyone to manipulate the life event of any user who has his work status posted on Facebook. The bug, uncovered by the independent hacker Sachin Thakuri , is not a technical flaw. So how was he able to do this? All Thakuri did is took the original URL of Mark Zuckerberg life event: https://www.facebook.com/zuck/timeline/story?ut=32&wstart=-2051193600&wend=2147483647&hash=971179541251&pagefilter=3 &ustart=1 &__mref=message_bubble ...and remove the ustart=1 parameter, which left him with: https://www.facebook.com/zuck/timeline/story?ut=32&wstart=-2051193600&wend=21474836...

The terrorist groups are encouraging its followers to use Telegram to make their propaganda invisible from law enforcement, but some security experts believe that Telegram may not be as secure as jihadi advocates may like to believe. Telegram is an end-to-end encrypted messaging service that has been adopted by a lot more people than ISIS — as of last year, the company claimed more than 50 Million Telegram users sending 1 Billion messages per day. Terrorists love Telegram because it not only provides an encrypted Secret Chat feature that lets its users broadcast messages to unlimited subscribers but also offers self-destructing message allowing users to set their messages to self-destruct itself after a certain period. Is Telegram Really Secure? In a blog post published Wednesday, the security researcher known as " the Grugq " pointed out several issues with Telegram that might obstruct terrorists from using it.  Here's the list of issues with...

The terrorist groups affiliated with the Islamic State have an extensive presence not only on social media accounts but also on the popular end-to-end encrypted messaging app Telegram through which they communicate with their followers and spread terror propaganda materials. Telegram has always been terrorist's favorite, but ISIS had been using the app since October, when Telegram introduced an end-to-end encrypted Secret Chat feature that lets users broadcast messages to an unlimited number of subscribers. Moreover, Telegram also provides self-destructing message feature that allows users to set their messages to self-destruct itself after a certain period of time. But, the Good News is: The nonprofit organization that runs Telegram has blocked around 78 ISIS-affiliated channels that the terrorists used to: Communicate with their members Spread propaganda Recruit foreign supporters Plan operations Radicalize young people "We were disturbed to learn that Telegram...

The online Hacktivist group Anonymous declared War against the Islamic State militant group (ISIS) that claimed responsibility for the horrific terrorist attacks that rocked Paris last week. In response to the Anonymous' warning of launching their "biggest operation ever" against the terrorist group, ISIS militants called Anonymous – "IDIOTS" . It seems like Anonymous has taken ISIS response very seriously and the group has started carrying out their attacks against the terror organisation. Anonymous First 'Cyber Attack' on ISIS Soon after its war declaration, Anonymous claimed to have taken down more than 5,500 pro-ISIS Twitter accounts in #OpParis (Operation Paris). In the past, hackers and organizations associated with Anonymous brought down websites allegedly connected with ISIS and claimed to have taken down thousands of ISIS accounts, disrupting their social media recruitment efforts. Also Read: Would Encryption Backdoor S...