The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Remember the largest hack on Sony Pictures Entertainment late last year? Well, nobody can forget it. But let me remind you once again: Sony Picture Entertainment hack was one of the most devastating hacks in the history that leaked several hundred gigabytes of sensitive data, including high-quality versions of five unreleased movies , celebrity phone numbers and their travel aliases, private information of its employees, upcoming film scripts, film budgets and many more. Now, these large troves of hacked Sony data have been republished by Wikileaks. THE SONY ARCHIVES WikiLeaks on Thursday released " The Sony Archives ," a fully searchable online database containing more than 30,000 documents and 173,132 emails that, it claims, were stolen from last year's Sony Pictures hack , proving a devastating and embarrassing security failure for the studio. It is like, Whistleblower Julian Assange has hit the nerve: The massive hack has already cost the e...

A security researcher has discovered a critical vulnerability in Google-owned YouTube that could allow anyone to make the comment posted by any celebrity or public figure on some YouTube video appear on his or her own YouTube video, impersonating that celeb. Just a few weeks ago we reported about a simple logical vulnerability in YouTube that could have been exploited by anyone to delete any video from YouTube in just one shot . Now: Again a small trick in the popular video sharing website could allow anyone to play with the comments posted by users on YouTube videos. Ahmed Aboul-Ela and  Ibrahim M. El-Sayed , two Egyptian security researcher, found a simple trick that allowed him to copy any comments from any video on the popular video sharing website to his video, even without any user-interaction. Not only this, but also: This vulnerability allows you to spoof, duplicate or copy the comments on discussion boards from any YouTube channel and make it ...

The bad news is that internal data breaches are on the rise. And one of the biggest culprits? USB devices. In the past few years, there has been many organizations tracking down the loss of sensitive/confidential information due to the usage of USB drives and other mass storage media. Cyber-security breaches and data theft are making more and more IT leaders paranoid about security than ever before. Why are USB devices dangerous? USB devices can hold a lot of information. For example, a 128 GB USB flash drive can store 60,000 photos, 20,000 songs, 100+ videos, and more. Just imagine how many protected corporate files could fit on one drive. Also, the storage capacity of USB devices is only going to increase. USB devices are super portable. Some USB storage devices are the size of a small coin. This makes them very difficult to visually detect when plugged into an open port. USB devices are cheap and easy to find. If you're in the market for a USB storage device, there...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

An Arkansas lawyer representing three police whistleblowers has claimed that the law enforcement officials at the Fort Smith Police Department (FSPD) tried to infect his computer with Trojan viruses in order to spy on their legal opponents. What's the issue? A lawyer Matthew Campbell of the Pinnacle Law Firm in North Little Rock is representing Don Paul Bales, Rick Entmeier, and Wendall Sampson, current and former officers of the Fort Smith Police Department in the lawsuit since January 2014. The three whistleblowers exposed some frauds within the corrupt department, and, therefore, the police have illegally investigated them. " Since July 2013, the plaintiffs have been the target of nearly two dozen various investigations , Campbell told the Northwest Arkansas Democrat Gazette. " [This range] from accusations that they misspent FSPD funds to allegations that they were impugning the FSPD on Facebook. " What happened? Campbell provided a blank ha...

The Market of E-commerce websites is at its peak, as today people love to shop online to save their time. However, E-commerce and financial sites stand first in the rundown of potential victims as they manage financial exchanges. The traditional way to target victims of e-commerce sites is to use targeted "phishing" attacks via social media and emails. But… …due to increased awareness among the people about the threat of phishing attacks, hackers have now discovered new way — by malvertising legitimate websites where people assume to be safe and secure. We know: Today, there are many ready-to-use e-commerce platforms available on the Internet that are very easy to install and manage and that too at no extra cost; ' Magento ' is one of the most popular out of them. The most popular, the most targeted: Yes! Security researchers at Sucuri have found a malicious code inside the Magento e-commerce website that was intended to send all the data...