The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

NSS Labs issued the report titled " The Known Unknowns " to explain the dynamics behind the market of zero-day exploits. Last week I discussed about the necessity to define a model for " cyber conflict " to qualify the principal issues related to the use of cyber tools and cyber weapons in an Information Warfare context, today I decided to give more info to the readers on cyber arsenals of governments. Governments consider the use of cyber weapons as a coadiuvant to conventional weapons, these malicious application could be used for sabotage or for cyber espionage, they could be used to hit a specifically designed software (e.g. SCADA within a critical infrastructure ) or they could be used for large scale operations infecting thousand of machines exploiting zero-day in common application ( e.g. Java platform, Adobe software ). The zero-day flaw are the most important component for the design of an efficient cyber weapon, governments have recently created dedic...

Google has recently removed a Rogue Android gaming app called " Balloon Pop 2 " from its official Play store that was actually stealing user's private Whatsapp app conversations. Every day numerous friends ask me if it is possible to steal WhatsApp chat messages and how, of course a malware represents an excellent solution to the request. In the past I already posted an article on the implementation of encryption mechanisms for WhatsApp application explaining that improper design could allow attackers to snoop on the conversation. Spreading the malware through an official channel the attacker could improve the efficiency of the attack, and it is exactly what is happening, an Android game has been published on the official Google Play store to stealthy steal users' WhatsApp conversation databases and to resell the collection of messages on an internet website. The games titled " Balloon Pop 2 " has been fortunately identified and removed from the official Google Play...

In October, we had reported that the creator of the infamous Blackhole  exploit kit was  arrested in Russia  and now the Russian Ministry of Internal Affairs has also confirmed that ' Paunch ', the mastermind behind infamous  BlackHole  exploit kit, along with Gang of 12 other criminals were arrested on October 4, 2013 in Russia. Russian security firm Group-IB has disclosed that it has assisted the police in the investigation of Paunch, who was residing in the city of Togliatti . 27-years old ' Paunch ' is the author of the notorious BlackHole and Cool exploit kits that are today popular among cybercriminals and costs $500 to $700 a month in for buyers. Cool and Blackhole exploit kits are the ready-made hacking tools for easily serving malware from compromised sites, in result to install malware on users' computers using exploits of zero-day vulnerabilities in latest web browsers. The general damage caused by the criminal gang is estimated aroun...

Microsoft today announced that its Digital Crimes Unit ( a center of excellence for advancing the global fight against cybercrime ) has successfully disrupted the ZeroAccess botnet, one of the world's largest and most rampant botnet .The Botnet is " disrupted ," not "fully destroyed" , Microsoft itself admits that " do not expect to fully eliminate the ZeroAccess botnet due to the complexity of the threat. " This is the Microsoft's 8th botnet takedown operation in the past three years. With the help of U.S. Federal Bureau of Investigation  ( FBI ) and Europol's European Cybercrime Centre (EC3), Microsoft led to the seizure of servers that had been distributing malware which has infected nearly 2 million computers all over the world, and with that, ZeroAccess botnet's masters are earning more than $2.7 million every month. ZeroAccess was first identified in 2011 by Symanetc, being used for click fraud, the malware can also be used to illicitly mine the ...

It is always important to secure our system against outside threats i.e. Hackers, but it also required to protect against insider threats. The potential of damage from an Insider threat can be estimated from the example of Edward Snowden who had worked at the NSA , and had authorized access to thousands of NSA's Secret Documents, networks and systems. ' According to a recent Verizon report, insider threats account for around 14% of data breaches in 2013." Mostly, securing data involves just encryption in the cloud and keeping encryption keys out of the hands of rogue employees, but it is not enough where rogue employees should have access to encryption keys as part of their work. To prevent such risk of rogue employees misusing sensitive data, CloudFlare has released an open source encryption software " Red October ," with " two-man rule " style file encryption and decryption. " Two-man rule ", a control mechanism designed to achieve a hi...