The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Skype has been targeted by cyber criminals again this week. Users are receiving a new Spam Email with subject " You received a new message from the Skype voice mail service. ", that actually leads to Zeus Malware . Zeus is a Trojan horse that attempts to steal confidential information from the compromised computer. It specifically targets system information, online credentials, and banking details, but can be customized through the toolkit to gather any sort of information. The email is sent from the spoofed address " Skype Communications " and seems to be genuine, it has similar body content and the official Skype logo that usually comes with a legitimate Skype voice mail alerts. " This is an automated email, please don't reply. Voice Message Notification. You received a new message from the Skype voice mail service. " the email reads. The fraudsters have also tried to make the emails look genuine by adding real links back to the Skype website. According to MX Lab , ...

Researchers at FireEye have discovered a new privilege escalation vulnerability  in Windows XP and Windows Server 2003. CVE-2013-5065, Local privilege escalation vulnerability is used in-the-wild in conjunction with an Adobe Reader exploit ( CVE-2013-3346 ) that appears to target a patched vulnerability. Microsoft has issued an advisory and warned that discovered bug in Windows XP's  NDPROXY.SYS driver could allow hackers to run code in the system's kernel from a standard user account. The exploit could allow a standard user account to execute code in the kernel, which may allow an attacker to gain privileges that would enable him to do various activities, including deleting or viewing data, installing programs, or creating accounts with administrative privileges. "Our investigation of this vulnerability has verified that it does not affect customers who are using operating systems newer than Windows XP and Windows Server 2003 ," Microsoft advised. Last Apri...

Ruby on Rails contains a flaw in its design that may allow attackers to more easily access applications. Websites that rely on Ruby on Rails's default cookie storage mechanism   CookieStore  are at risk. The vulnerability was actually reported two months ago, but still thousands of website are running a vulnerable version of Ruby on Rails that allows a malicious attacker to gain unauthorized access again and again without password, if someone manages to steal users' cookies via via cross site scripting or session sidejacking or with physical access.  More than 10,000 websites are vulnerable to Ruby on Rails's cookie storage mechanism flaw, but this vulnerability requires your user's session cookies to be compromised in the first place. Security researcher G.S. McNamara provided the details of the vulnerability in a blog post , he analyzed nearly 90,000 sites running specialized scripts and discovered 1,897 sites based on old versions of Ruby on Rails ( versi...

AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can't easily see. These "invisible" non-human identities (NHIs) now outnumber human accounts in most cloud environments, and they have become one of the ripest targets for attackers. Astrix's Field CTO Jonathan Sander put it bluntly in a recent Hacker News webinar : "One dangerous habit we've had for a long time is trusting application logic to act as the guardrails. That doesn't work when your AI agent is powered by LLMs that don't stop and think when they're about to do something wrong. They just do it." Why AI Agents Redefine Identity Risk Autonomy changes everything: An AI agent can chain multiple API calls and modify data without a human in the loop. If the underlying credential is exposed or overprivileged, each addit...

The breaking news is that, another Bitcoin exchange  company gets hacked i.e. BIPS ( bips.me ), one of the largest European Danish Bitcoin payment processors. On Friday evening, a bunch of cyber criminals just broke into BIPs - Bitcoin payment processor servers and wiped out around 1,295 Bitcoin from people's wallets, currently worth $1 Million. More than 22,000 consumer wallets have been compromised and BIPS will be contacting the affected users. Initially on 15th November, Hackers launched Distributed Denial of Service (DDoS) attack on BIPS, originate from Russia and neighboring countries and then hackers attacked again on 17th November. This time somehow they got access to several online Bitcoin wallets, which allowed them to steal the 1,295 BTC. " As a consequence Bips will temporarily close down the wallet initiative to focus on real-time merchant processing business which does not include storing of Bitcoins. " company says. " All existing users will be aske...

Two most important moments in the history of Bitcoin are : Its creation by Satoshi Nakamoto , and the burst of The Silk Road's Founder  Ross William Ulbricht . The silk Road's black market was a Bitcoin economy. According to a report published by two Israeli computer scientists,  Ross William Ulbricht , aka Dread Pirate Roberts , may be financially linked to Satoshi Nakamoto. Even if the Bitcoin buyers and sellers remained anonymous, but the transactions themselves are public, So the scientists were able to trace the interactions. The Scientists, Ron and Shamir were exploring the connection between the operator of Silk Road who was recently arrested by the FBI for running the Internet blackmarket Silk Road and the entity that invented the bitcoin. The bitcoin network was established in 2008 and it has been popularly believed that the first accounts in the early days of the bitcoin were of Satoshi Nakamoto , accumulated some 77,600 BTC as a result of 'mini...