The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

On-demand cloud computing is a valuable tool for companies needing temporary computing capacity without long-term investment in fixed capital. However, this same convenience makes cloud computing useful to hackers. Many hacking activities involve cracking passwords , keys, or other forms of brute force attacks. These processes are computationally intensive but highly parallelizable. Hackers have two main sources for on-demand computing: botnets made of consumer PCs and infrastructure-as-a-service (IaaS) from service providers. Both can deliver computing power on demand for brute force attacks. Botnets are unreliable and heterogeneous, taking longer to "provision." However, they are free to use and can scale to enormous sizes, with some botnets comprising hundreds of thousands of PCs. On the other hand, commercial cloud computing offers faster provisioning, predictable performance, and can be billed to a stolen credit card . The balance of power between security controls ...

Computer security firms and military personnel have issued warnings about certain Facebook features that could compromise both personal and national security. On Thursday, Sophos, a computer security developer, warned that Facebook's new online messaging service could increase users' vulnerability to identity theft. John Leyden of The Register reported that the service, which combines site updates, instant messaging chat, and SMS messages in one place, is an attractive target for cybercriminals. According to Leyden, spammers can easily target accounts, or they can be compromised to create Web 2.0 botnets. "Users need to realize that these new features increase the attack surface on the Facebook platform, making personal accounts more attractive to cybercriminals," said Graham Cluley, Sophos' senior technology consultant, to AFP. "Facebook accounts will now be linked with more people in users' social circles, creating new opportunities for identity fraud...

Criminals are posing as IT support staff, calling unsuspecting U.K. internet users to push rogue antivirus software. GetSafeOnline.org reports this as part of their Internet safety week campaign. These scam operations often involve up to 400 people using sales techniques and social engineering to deceive victims. The goal is to obtain credit card information through the sale of rogue antivirus software or gain remote access to the victim's system for future use. Typically, the scam begins with an unexpected call. The caller, pretending to be an IT helpdesk technician, builds rapport with the victim, presenting themselves as trustworthy by using personal information available online. The victim is then questioned about computer problems like slow email or internet browsing. Once the victim admits to an issue, the caller exaggerates the problem and offers a solution for a small fee. The caller might say, “For a small fee, we can install something to fix your system and clean it c...

Facebook has confirmed that the recent issue with posts was on their end. A representative told SecurityWeek via email, "We began removing the posts immediately upon discovering them and shortly after they were made. They were caused by a temporary bug on Facebook that allowed certain posts requested by an application to be rendered when they shouldn't have. Upon discovering the bug, we immediately began work to fix it. It's now been resolved, and these posts can no longer be made. We're not aware of any cases in which the bug was used maliciously." A representative from Sendible stated that they had discussed the issue with Facebook over the phone. Facebook acknowledged the problem but could not reproduce it on their end. "They've agreed to patch the issue by the end of the day. In the meantime, we've agreed to remove the feature on Sendible that allows fans of Facebook pages to automate posts." Several Facebook Pages, including those of large...

Barracuda Networks announced on Tuesday that it will pay over $3,100 to anyone who can hack into its security products. This bug bounty program is the first of its kind from a pure-play security vendor. “This initiative reflects our commitment to our customers and the security community at large,” said Paul Judge, Chief Research Officer at Barracuda. The security firm has included its Spam & Virus Firewall, Web Filter, Web Application Firewall, and NG Firewall in the bug bounty program. Patch or Public Disclosure Last week, Google launched a bug bounty program to pay for vulnerabilities, joining many other vendors willing to pay security researchers for information about vulnerabilities. These efforts aim to fix flaws as soon as possible to prevent exploitation as zero-day attacks. Barracuda's bug bounty program will pay up to $3,133.70 for "particularly severe bugs," a nod to the slang "leet" number 31337, meaning "elite" in the security commu...