The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Let's be honest, a network attack of any scale is inevitable in today's IT world. Do you have the ability to quickly identify the details of the attack? If your network goes down, your network monitoring tool can tell you what happened, but knowing details about who was vulnerable or why the attack happened is even more valuable. An often overlooked feature of log management software is the ability to conduct forensic analysis of events. Instead of searching for a needle in a haystack, forensic analysis tools can make drilling down to identify details a quick and easy task. SolarWinds Log & Event Manager has cutting-edge IT search for fast and easy forensic analysis. Here are six ways that the forensic analysis feature of Log & Event Manager can help you piece together what really happened. 1) Incident response Say goodbye to complex queries. Conducting forensic analysis, in general, is a quicker and simpler way to do incident response. The faster you...

Why Tor Cloud Project Shuts Down? Yes, you heard that right. The Tor project has announced that it's closing down its Tor Cloud service that allowed users to donate bandwidth for browsing the web anonymously. The Tor Project is a non-profit organization behind the Tor anonymizing network that allows any online user to browse the Internet without the fear of being tracked. And one of its lesser known projects was the Amazon-powered Tor Cloud service. Tor Cloud Project provided a user-friendly way for users to create a "bridge" node on Amazone's Elastic Compute Cloud (EC2) for the Tor network, essentially donating bandwidth to the Tor network in order to help users access an uncensored Internet faster and securely. Launched back in 2011, Tor Cloud Project was a pretty good idea then… ...Why Tor is closing Tor Cloud Service? What could be the reason for the shutdown of Tor Cloud Project? Tor developers were unable to get enough help to maintain the so...

Microsoft just announced in its Ignite 2015 conference in Chicago that Windows 10 is set to be " the last version of Windows. " "Right now [we are] releasing Windows 10, and because Windows 10 is the last version of Windows, [we are] all still working on Windows 10," said Microsoft's developer evangelist Jerry Nixon while speaking at the conference this week. What exactly does it mean? Will Microsoft not launch Windows 11 next? Is Windows 10 actually the end of Microsoft's Windows operating system? These are some questions that were ongoing in the mind of the audience when Nixon gave this statement during his speech. The reaction from Microsoft was really alarming though you do not have to panic, as Windows OS is not dying. Windows 10 — Brand Name of Microsoft's OS For the moment, Microsoft will stick with Windows 10 and focus on smaller and faster updates to its Windows 10 platform, instead of launching new stand-alone ve...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

The world of hacking has become more organized and reliable over recent years and so the techniques of hackers. Nowadays, attackers use highly sophisticated tactics and often go to extraordinary lengths in order to mount an attack. And there is something new to the list: A team of developers has created not one, but two pieces of malware that run on an infected computer's graphics processor unit (GPU) instead of its central processor unit (CPU), in order to enhance their stealthiness and computational efficiency. The two pieces of malware: Jellyfish Rootkit for Linux operating system Demon Keylogger The source code of both the Jellyfish Rootkit and the Demon keylogger, which are described as proof-of-concepts malware, have been published on Github. Until now, security researchers have discovered nasty malware running on the CPU and exploiting the GPU capabilities in an attempt to mine cryptocurrencies such as Bitcoins. However, these two malware co...

More than 95 percent of enterprise SAP installations exposed to high-severity vulnerabilities that could allow attackers to hijack a company's business data and processes, new research claims entirely. According to a new assessment released by SAP (short for Systems, Applications & Products) solutions provider Onapsis , the majority of cyber attacks against SAP applications in the enterprise are: Pivots - Pivoting from a low to high integrity systems in order to execute remote function modules. Database Warehousing - Exploiting flaws in the SAP RFC Gateway to execute admin privilege commands in order to obtain or modify information in SAP databases. Portal Attacks - Creating J2EE backdoor accounts by exploiting vulnerabilities to gain access to SAP portals and other internal systems. More than 250,000 SAP business customers worldwide, including 98 percent of the 100 most valued brands, are vulnerable for an average of 18 months period from when vulnerabilit...

Facebook lets you control your every single information posted on the social media site by giving many options to make them private from others, even from your friends. But… There are some personal information on Facebook that you just cannot completely hide — Your friends list are among those, even if there is an option to hide it. The issue resides in the Facebook's mutual-friends feature concept, which has been in controversies in the past, raising privacy concerns. But now, a new Free Chrome extension called " Facebook Friends Mapper " (developed by Alon Kollmann ) can expose a lot more than just mutual friends of the two Facebook users in " just one click ," creating high security and Privacy risks for Facebook users. Generally, Facebook also allows you to set the visibility of your list of Facebook friends to "Only Me" if you want to keep your friends list hidden from other Facebook users as well as your own friends. Howe...

US Court rules NSA Phone surveillance Program is illegal United States' National Security Agency (NSA) Spying program that systematically collects data about Millions of Americans' phone calls in bulk is illegal – Yes illegal. The NSA Phone surveillance program, first disclosed by the former NSA employee and whistleblower of global surveillance Edward Snowden , ruled illegal by a New York federal appeals court on Thursday, ordering lawmakers to either completely end or replace the program. Mass Collection of Metadata: Under this program, the U.S. agency has collected information about phone numbers called and how many times it has been called. However, no content of conversations has been recorded. The program also allegedly spied on European firms and among the individuals targeted was German Chancellor Angela Merkel . However, the Second U.S. Circuit Court of Appeals in New York issued a 97-page in-depth court ruling , in which all the three judges said...

While majority of smartphone users are waiting for Android 5.0 Lollipop update for their devices, Google is soon going to launch the next version of Android at its official Google I/O 2015 developer event May 28 in San Francisco. Android M — The name of the latest version of Android mobile operating system was spotted at the Google I/O 2015 schedule under the " Android for Work Update " Session, which says… " Android M is bringing the power of Android to all kinds of workplaces. " According to the company, this will open up " huge new markets for hundreds of Millions of devices to workers at small businesses, logistics, deskless workers, and warehousing jobs. " However, Google appears to have since removed any mention of Android M from Google's I/O website, most probably the company wants to keep it as a surprise for Android users. Considering the full Android releases with starting letters in alphabetical order, — Android M — s...

Millions of WordPress websites are at risks of being completely hijacked by the hackers due to a critical cross-site scripting (XSS) vulnerability present in the default installation of the widely used content management system. The cross-site scripting (XSS) vulnerability, uncovered by the security researcher reported by Robert Abela of Security firm  Netsparker . Wordpress vulnerability resides in Genericons webfont package that is part of default WordPress Twenty Fifteen Theme. Here comes the threat: The XSS vulnerability has been identified as a " DOM-based ," which means the flaw resides in the document object model (DOM) that is responsible for text, images, headers, and links representation in a web browser. The easy-to-exploit DOM-based Cross-Site Scripting (XSS) vulnerability occurred due to an insecure file included with Genericons that allowed the Document Object Model Environment in the victim's browser to be modified. What's DOM-Bas...

Security researchers have discovered a new strain of malware that makes use of extraordinary measures to evade detection and analysis, making the computer it infects unusable. Dubbed Rombertik , which is "unique" among other self-destructing malware samples due to its unique evasion techniques. As soon as any analysis tool is detected, Rombertik attempts to delete the device's Master Boot Record (MBR) and home directories, making the machine constantly restart. Rombertik is a complex piece of spyware designed to "indiscriminately" collect everything a user does online in order to obtain victim's login credentials and other confidential information. Infects users via Phishing campaign: Rombertik typically gets installed on vulnerable machines when users click on malicious attachments included in phishing emails, Cisco security researchers Ben Baker and Alex Chiu said in a blog post  Monday. Once loaded into the system, Rombertik first runs...

Google Chrome browser's new Anti-Phishing Password Alert extension is in controversies right after its launch last Wednesday, but now the search engine giant has effectively pulled off Password Alert from its store. Password Alert was not bypassed once, twice, but every time Google introduced a new updated version of the extension. Google developed this Password Alert Chrome extension in an effort to alert Internet users whenever they accidentally enter their Google password on a carefully crafted phishing website that aimed at hijacking users' account. Here's the worst part: However, the first version of Password Alert was bypassed in less than 24 hours of its launch.  Security expert Paul Moore from UK-based Urity Group quickly circumvented the Anti-Phishing technology by pure JavaScript code of seven lines. Since then Google released Password Alert version 1.4, version 1.5 and version 1.6, but… ...all of them were bypassed, keeping users unaw...

USBkill — A new program that once activated, will instantly disable the laptop or computer if there is any activity on USB port. Hey Wait, don't compare USBkill with the USB Killer stick that destroy sensitive components of a computer when plugged-in. "USBKill" is a new weapon that could be a boon for whistleblowers, journalists, activists, and even cyber criminals who want to keep their information away from police and cyber thieves. It is like, if you are caught, kill yourself. In the same fashion as terrorists do. Here I am not talking about to kill yourself, but to kill the data from your laptop if the law enforcement has caught your laptop. USBkill does exactly this by turning a thumb drive into a kill switch that if unplugged, forces systems to shut down. Hephaestos ( @h3phaestos ), the author of USBkill, reports that the tool will help prevent users from becoming the next Ross Ulbricht , founder of the infamous underground drug marketplace ...

After facing much criticism for violation of Net Neutrality, Facebook has opened up its new Internet.org platform to developers for creating their apps and services in India and other countries. Facebook's Internet.org aims at offering free Internet access to " the next 5 billion " impoverished people around the world who currently don't have it. This current move now would potentially allow any website to be accessed for free via the Internet.org service, but only in the case, if the website ditches the encrypted communications (HTTPS), JavaScript, and other important things. Internet for All: Facebook offers free mobile Internet access to people in India , Zambia , Colombia, Tanzania, Kenya, Ghana, Philippines and Indonesia . However, in order to access the free Internet, users must have special Android apps, Internet.org's website, the Opera Mini web browser or Facebook's Android app. Until now, the Internet.org scheme had been...

The Weakest Link In the Information Security Chain is still – Humans. And this news has ability to prove this fact Right. One of London's busiest railway stations has unwittingly exposed their system credentials during a BBC documentary. The sensitive credentials printed and attached to the top of a station controller's monitor were aired on Wednesday night on BBC. What could be even worse? If you think that the credentials might have been shown off in the documentary for a while or some seconds, then you are still unaware of the limit of their stupidity. The login credentials were visible for about 44 minute in the BBC documentary " Nick and Margaret: The Trouble with Our Trains " on Wednesday night, which featured Nick Hewer and Margaret Mountford – the two business experts, both famous for their supporting role on The Apprentice. The documentary was available on the YouTube , but have now been removed due to security concerns. While ...

Thousands of computers and web servers running Linux and FreeBSD operating systems have been infected over past five years with sophisticated malware that turn the machines into spambots. The new Linux malware, discovered by the security researchers from the antivirus provider Eset, has been dubbed " Mumblehard " because it is Muttering spam from your servers , says Eset 23-page long report (PDF) titled "Unboxing Linux/Mumblehard." Researchers have logged more than 8,500 unique IP addresses during the seven months period of research that were hit by Mumblehard Linux malware and found over 3,000 machines joined them in the past three weeks. Mumblehard features two basic components: Backdoor  Spamming daemon  Both written in the Perl programming language and "feature the same custom packer written in assembly language." The backdoor allows hackers to infiltrate into the system and control the command and control servers, and t...

So far, we just have heard about Quantum computing that could make even complex calculations trivial, but there are no practical Quantum computers exist. However, the dream of Quantum computers could become a reality in coming future. Cambridge Quantum Computing Limited (CQCL) has build a new Fastest Operating System aimed at running the futuristic superfast quantum computers . The new operating system, dubbed  t|kit> , has been featured by CQCL's very own proprietary custom designed high-speed super mechanism, allowing the company to accurately impersonate the working of a quantum processor. " CQCL is at the forefront of developing an operating system that will allow users to harness the joint power of classical super computers alongside quantum computers, " the company said in a press release. " The development of t|ket> is a major milestone ." Quantum Computers — Soon be Reali ty Researchers have been working on significant activities to develop qu...