The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Iranian hackers may have spent years in running a creative and most dedicated cyber espionage campaign to steal government credentials with the help of Social Media including Facebook, Twitter, LinkedIn, Google+, YouTube and Blogger. A Dallas-based computer-security firm, iSIGHT Partners, has exposed today a three-year old cyber espionage campaign which they believe to have originated in Iran, targeting a number of military and political leaders in the United States, Israel and other countries by creating false social networking accounts and a fake news website. The security firm dubbed the cyber espionage operation as ' Newscaster ', under which the iranian hackers are using more than a dozen social-media accounts of fake personas on social media sites such as Facebook, Twitter, and LinkedIn and targeted at least 2,000 people. Since 2011, the Iranian hackers group has targeted current and former senior U.S. military officials, including a four-star U.S. Navy ad...

After Whatsapp, The Chinese WeChat is the second most popular messaging application and currently being targeted by cybercriminals to spread a new Banking Trojan in order to steal the financial information from its users. WeChat is a famous mobile instant messaging app developed by Chinese company Tencent, with more than 355 million users across the world. The app offers people to chit-chat with their friends and relatives, and also allows users to make payments for goods and services on WeChat. The Payment feature of the app requires users' bank account details to their messenger account and this is what tempting cybercriminals to develop new and more sophisticated banking Trojans and malwares. The security researchers at Kaspersky Lab have uncovered such banking Trojan, dubbed as Banker.AndroidOS.Basti.a, which looks exactly like the legitimate WeChat application for Android devices. While installation, it also requires the same permissions such as to access the Int...

TrueCrypt , the popular and reputed open source file and disk encryption Software for Windows, OSX and Linux, has abruptly closed down Wednesday recommending its users to use Microsoft's Bitlocker. TrueCrypt is a free, open-source and cross-platform encryption program, thereby one of the world's most-used encryption tool, trusted by tens of millions of users and recommended by NSA whistleblower Edward Snowden . TRUECRYPT IS NOT SECURE On Wednesday afternoon, the users of TrueCrypt encryption tool redirected to the project's official SourceForge-hosted page that displays a mysterious security warning message that the popular encryption tool has been discontinued and that users should switch to an alternative. The official website for the TrueCrypt software warns the user that the open source encryption software is no longer secure and informs that the development of the software has been terminated. At the top of TrueCrypt page on SourceForge display...

I am considering that you all must have read my last article on OpenSSL Heartbleed , a critical bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allows attackers to read portions of the affected server's memory, potentially revealing users data, that the server did not intend to reveal. The Heartbleed vulnerability made headlines around the world and my last article explains everything about probably the biggest Internet vulnerability in recent history, but still some readers are not aware of its nature, otherwise they would not have been a victim of the spam campaigns. Spammers are very smart on gaining from every opportunity they get, so this time they are taking advantage of the infamous Heartbleed bug and frighten the users into installing Anti-Heartbleed Software onto their systems, which is obviously a malware. The researchers at Symantec have unearthed a spam campaign targeting people by sending spam emails that warns them their ...

There is a good news for all Security researchers, Penetration testers and Hackers. The developers of one of the most advance open source operating system for penetration testing, ' KALI Linux ' have announced yesterday the release of its latest version of Kali Linux 1.0.7 with some interesting features. Kali Linux is an open source Debian-based distribution for penetration testing and forensics that is maintained and funded by Offensive Security, a provider of world-class information security training and penetration testing services. In the beginning of this year, Offensive Security released Kali Linux 1.0.6 with Kernel version 3.12, and also added the Self Destruct feature that allows Kali users to encrypt the full hard disk to make the data inaccessible in an emergency case by entering a secret password at boot time. This latest Kali Linux 1.0.7 version added some more features to the last version, along with many new penetration testing and hacking too...