The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

WikiLeaks' release of secret government communications should serve as a warning to the nation's biggest companies: You're next. Computer experts have warned for years about the threat posed by disgruntled insiders and poorly crafted security policies that give too much access to confidential data. WikiLeaks' release of U.S. diplomatic documents shows that the group can—and likely will—use the same methods to reveal the secrets of powerful corporations. As WikiLeaks claims it has incriminating documents from a major U.S. bank, possibly Bank of America, there's new urgency to address information security inside corporations. This situation also highlights the limitations of security measures when confronted with a determined insider. At risk are companies' innermost secrets—emails, documents, databases, and internal websites thought to be locked from the outside world. Companies create records of every decision they make, whether it's rolling out new produ...

In a major embarrassment, the website of India's premier investigating agency, the Central Bureau of Investigation (CBI), was hacked tonight by a group identifying themselves as the "Pakistani Cyber Army." The CBI homepage displayed a message from the Pakistani Cyber Army, warning the Indian Cyber Army not to attack their websites. The hackers have exposed a significant vulnerability in India's cybersecurity by infiltrating one of the most secure websites. The CBI is linked to the command center of the world police organization, Interpol, 24/7. The hackers' message also criticized the National Informatics Centre (NIC), responsible for managing computer servers across India, and their filtering controls. Intelligence agencies have repeatedly warned the government that proper cybersecurity measures are lacking in government offices, and that no security audits are being conducted. The Pakistani Cyber Army further threatened to conduct "mass defacement"...

You can get a ZeuS infection through a drive-by download from a malicious website or a hacked legitimate site. Clicking a link in an innocent-looking email can also open your system to attack. This past week, there was a surge of fake LinkedIn connection requests linked to ZeuS. While savvy users avoid clicking links from strangers, even links from friends can be dangerous, as a virus might have infected their system. But being cautious isn't enough. You might think a Trojan or virus attack affects only your computer, but this is far from the truth. The threat known as ZeuS or ZBot is a tool used by an international cybercrime ring with a single goal: to steal your money. While several criminals were charged recently, many remain free, and the malicious code continues to spread. To protect against all potential infection sources, you must install a security suite on any internet-connected computer. Because cybercriminals frequently release new ZeuS variants, you need a suite with...

When you see a post on a Facebook friend's wall that seems out of character, don't be too quick to click. Posts labeled "Pictures of girls in bikinis" or "All boys can stare at it but girls cannot" might be clickjacking attacks. These attacks typically don't carry malicious payloads, but they can certainly annoy any friends who fall for them. Here's how to avoid that scenario. Usually, the post itself uses a short, provocative phrase to spark your curiosity. If you fall for the attack currently making the rounds, you'll see a warning that the content might be inappropriate and a request to confirm that you're 18 or older. Once you click the button to confirm your age, you'll encounter another embedded dialog box. This one claims a need to verify that you're human, supposedly to avoid spam bots that are "putting an extra load on our servers." The box requests that you click numbered buttons in a specific order. Clicking th...

According to a report from Sky News, the Stuxnet worm has already been traded on the black market. The report does not specify whether this refers to the source code or binary samples. British security specialists now fear that terrorists could use the worm to attack critical infrastructure. The report quotes an IT security consultant to the UK government as saying, "You could shut down power stations, you could shut down the transport network across the United Kingdom." There is hard evidence that Stuxnet is in the hands of highly motivated, well-trained, and well-financed criminals. Sky News' source declined to provide more precise information. Audun Lødemel, VP of Marketing and Business Development at German IT service provider Norman, believes that "It was just a matter of time before the Stuxnet code was made available for anyone, with even the most basic knowledge of coding, to alter and potentially wreak havoc on the UK infrastructure. This is serious stuff,...