The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Romanian law enforcement authorities have arrested eight cyber criminals suspected of being part of an international criminal gang that pilfered cash from ATMs ( automatic teller machines ) using malware. The operation said to be one of the first operations of this type in Europe, was conducted in Romania and Moldova by Romanian National Police and the Directorate for Investigating Organised Crimes and Terrorism ( DIICOT ), with assistance from Europol, Eurojust and other European law enforcement authorities. Europol did not provide names of any of the eight criminals arrested but said that the gang allegedly used a piece of malware, dubbed Tyupkin , to conduct what are known as Jackpotting attacks and made millions by infecting ATMs across Europe and beyond. With the help of Tyupkin malware, the suspects were able to empty cash from infected ATMs by issuing commands through the ATM's pin pad. " The criminal group was involved in large scale ATM Jackpotting...

After several controversial data mining and privacy invasion features within Microsoft's newest operating system, Microsoft continued convincing its users that Windows 10 is not spying on anyone and that the company is not collecting more data than it needs. In addition, Microsoft also updated its privacy policy in order to clear how and when Windows 10 utilizes users' data. But wait, before you convinced yourself by this statement, just have a look on the milestones (listed below) that Microsoft recently announced, revealing that Windows 10 is now actively running on 200 Million devices . Also Read:   Microsoft WARNING — 'Use Windows 7 at Your Own Risk' Microsoft Tracks Your Every Move Here's the list of milestones that Microsoft just achieved: People spent over 11 Billion hours on Windows 10 in December 2015. More than 44.5 Billion minutes were spent in Microsoft Edge across Windows 10 devices in December alone. Windows 10 users aske...

If you dream of making it big in the IT security community, the CISSP certification is a necessary milestone. Having this certification to your credit portrays a sense of commitment to the security profession and shows potential employers that you have a strong knowledge base to excel in this domain. So if you're considering a certification, read on – we've answered a few questions that you might have. What is CISSP? Certified Information Systems Security Professional (CISSP) is a globally recognized certification in the field of information security, which is governed by the International Information Systems Security Certification Consortium, commonly known as (ISC) ². CISSP has become a standard of achievement that is acknowledged worldwide. The exam is highly challenging, and requires a broad level of knowledge. Moreover, achieving it requires help, irrespective of your experience level. How do I choose the right CISSP Training Course? This is...

Ransomware is now a common practice for money-motivated cyber criminals. It's basically a type of software written in any system-based programming language that has the ability to hijack victim's computer, encrypts files and then ask for a ransom amount to get them back. One such ransomware dubbed Linux.Encoder targets Linux-powered websites and servers by encrypting MySQL, Apache, and home/root folders associated with the target site and asks for 1 Bitcoin ( $453.99 ) to decrypt those crucial files. But, the good news is it is very easy to get rid of it. The Malware author released the third version of the Linux.Encoder ransomware, which security researchers from Bitdefender have managed to crack, yet again, after breaking previous two versions. However, before the team managed to release the Linux.Encoder decryption tool, the third iteration of Linux.Encoder ransomware, which was first discovered by antivirus maker Dr.Web, has infected a nearly 600 servers w...

Who else didn't see this coming? It was so obvious as I stressed earlier that the  Let's Encrypt free HTTPS certificates would not just help legitimate website operators to encrypt its users' traffic, but also help criminals to bother innocent users with malware through secure sites. Let's Encrypt allows anyone to obtain free SSL/TLS ( Secure Socket Layer/Transport Layer Security ) certificates for their web servers that encrypt all the Internet traffic passed between a server and users. Let's Encrypt is recognized by all major browsers, including Google's Chrome, Mozilla's Firefox and Microsoft's Internet Explorer. The organization started offering Free HTTPS certs to everyone from last month, and it is very easy for anyone to set up an HTTPS website in a few simple steps ( How to Install Free SSL Cert ). However, the most bothersome part is that Let's Encrypt free SSL certs are not only used by website owners to secure its...

Someone is threatening Windows 7 users with a misleading warning. Guess who? Microsoft itself… Microsoft has just issued a clear warning saying Windows 7 users should remain on the aging operating system " at your own risk, at your own peril. " But why particularly Windows 7 Users? Since Windows 7 runs on 55 percent of all the computers on the planet, Microsoft is worried that its goal to reach 1 Billion Windows 10 installations by 2017 could be harder. During a recent interview with the Windows Weekly , Microsoft chief marketing officer Chris Capossela warned about the risks of using Windows 7 and urged users that it's time to switch to the new Windows 10 operating system instead. Capossela also stressed that Windows 7 is apparently less secure than Windows 10, so it is "so incredibly important to try to end the fragmentation of the Windows install base" as well as to get them to a "safer place." Here the so-called saf...

It is a common problem: Home Wireless Router's reach is terrible that the WiFi network even does not extend past the front door of the room. My house also has all kinds of Wi-Fi dead zones, but can we fix it? The answer is: YES . The problem will improve with a future, longer range version of Wi-Fi that uses low power consumption than current wireless technology and specifically targets at the internet of things (IoTs). Global certification network the WiFi Alliance has finally approved a new wireless technology standard called 802.11ah, nicknamed " HaLow ." HaLow: Long Range WiFi Wi-Fi HaLow has twice the range of conventional Wi-Fi and has the ability to penetrate walls that usually create blackspots in our homes. The Wi-Fi Alliance unveiled this latest WiFi technology at the Consumer Electronics Show (CES) in Las Vegas. Although currently used 802.11 Wi-Fi standards commonly operate in frequency bandwidths between 2.4GHz and 5GHz, the n...

A well-known company popular for buying and selling zero-day vulnerabilities is now offering up to $100,000 for providing a working zero-day exploit for bypassing the Flash Player's Heap Isolation mitigation . Few months back, Adobe deployed Heap Isolation in Flash version 18.0.0209 with an aim at making the Use-After-Free (UAF) vulnerabilities more difficult for cybercriminals to exploit. Zerodium is a startup by the infamous French-based company Vupen that Buys and Sells zero-day exploits and vulnerabilities. Zerodium, which describes itself as " the premium zero-day acquisition platform ," recently paid $1 Million bounty to a hacker for submitting a remote browser-based iOS 9.1/9.2b Jailbreak (untethered) Exploit. What is "Isolated Heap" Mitigation Technique? The use-after-free vulnerability is a type of memory corruption flaw that can be exploited by Hackers to execute arbitrary code or even allows full remote code execution capab...

SCADA system has always been an interesting target for cyber crooks, given the success of Stuxnet malware that was developed by the US and Israeli together to sabotage the Iranian nuclear facilities a few years ago, and " Havex " that previously targeted organizations in the energy sector. Now once again, hackers have used highly destructive malware and infected, at least, three regional power authorities in Ukraine, causing blackouts across the Ivano-Frankivsk region of Ukraine on 23rd December. The energy ministry confirmed it was investigating claims a cyber attack disrupted local energy provider Prykarpattyaoblenergo, causing the power outage that left half of the homes in Ivano-Frankivsk without electricity just before Christmas. According to a Ukrainian news service TSN, the outage was the result of nasty malware that disconnected electrical substations. Related Read: Dragonfly Russian Hackers Target 1000 Western Energy Firms . First Malware to...

Windows 10 here, Windows 10 there, and it is everywhere. This is exactly what Microsoft dreamed of, and it seems like the company is actively working to reach its One Billion goal by the end of 2017 or mid-2018. Proudly announcing its first huge success, Microsoft reported that its newest Windows 10 operating system is now officially installed on more than 200 Million devices worldwide since its launch five months ago. Windows 10 is the latest as well as the greatest operating system from Microsoft that took less than six months to hit 200 Million milestone. The growth is really impressive, and Microsoft's Corporate Vice President of Windows and Devices Yusuf Mehdi outlined other milestones for Windows 10 in a blog post on Monday. Here's the list: Windows 10's adoption is growing 140% faster than Windows 7 and over 400% faster than Windows 8. More than 40% of the new Windows 10 devices were activated since Black Friday. Over 11 Billion hours have b...

Here's New Year's first Ransomware: Ransom32 . A new Ransomware-as-a-service, dubbed Ransom32 , has been spotted that for the first time uses a ransomware written in JavaScript to infect Mac, Windows as well as Linux machines. Ransom32 allows its operators to deploy the malware very quickly and easily. It has a dashboard that enables operators to designate their Bitcoin addresses to which the ransom can be sent. The dashboard also shows stats about how much Bitcoins they have made. In short, this new ransomware-as-a-service is so simple, and efficient at the same time, that anyone can download and distribute his/her own copy of the ransomware executable as long as he/she have a Bitcoin address. The copy of Ransom32 was first analysed by Emsisoft, which found that the new ransomware family, which embedded in a self-extracting WinRAR archive, is using the NW.js platform for infiltrating the victims' computers, and then holding their files by encrypting the...

A British-educated businessman who later joined Islamic State (ISIS) militant group in Syria has been killed in a US drone strike. Siful Haque Sujan , a Bangladesh-born man, was killed on 10 December 2015 by a US drone strike near Raqqa, Syria. Sujan has been described as one of the ISIS's top computer hackers who also coordinated anti-surveillance technology and weapons development by a senior United States Army official. A statement issued by Army Col. Steve Warren , a spokesman from Combined Joint Task Force Operation Inherent Resolve, via CENTCOM (United States Central Command) reads : "Sujan was an external operations planner and a United Kingdom-educated computer systems engineer. Sujan supported ISIS hacking efforts, anti-surveillance technology and weapons development. Now that he is dead, ISIL has lost a key link between networks." The 31-year-old man not just suspected of running a global money-laundering ring for ISIS from his former base i...