The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Yes, NETGEAR Routers have once again become a victim of DNS Monitoring, potentially affecting 11,000 Devices. This week, we reported about a Vigilante Hacker , who protected users by installing malware on their Wi-Fi routers, forcing them to use a secure password. Now within few days, a security researcher has discovered a serious vulnerability in Netgear routers that has been publicly exploited by hackers. The critical flaw could allow hackers to bypass authentication mechanism and change the Domain Name System (DNS) settings of victims' routers to the malicious IP address. [ Exploit Code ] A security researcher, named Joe Giron, gave the details of his experience to BBC, saying that he noticed some anonymous activities in his machine and on investigating he learned that: The admin settings on his personal router have been modified on 28 September. Specifically, Domain Name System (DNS) settings on his router were changed to a suspicious IP address. ...

For the very first time in history, China has arrested hackers within its borders at the request of the United States government. The helping hands of China made me remind of recent Hollywood movie, The Martian , in which China's CNSA helped the United States' NASA to rescue astronaut Mark Watney who was mistakenly presumed dead and left behind on the planet Mars. Although China did not rescue anyone, rather it did arrest, but the point is – China helped the United States. Just two weeks before Chinese President Xi Jinping visited the U.S., the Chinese government took unprecedented step by complying with a United States request and arresting a handful of hackers within its borders, anonymous U.S. officials told the Washington Post. The arrested hackers were suspected of stealing commercial secrets from U.S. firms and then selling or passing on those secrets to Chinese state-run companies. The hackers were part of a wanted list drawn up by the U.S....

After the revelations that Whistleblower Edward Snowden made about the United States National Security Agency (NSA), the U.S. citizens are in need of more transparent digital security. The Citizens of the United States have appealed to the Obama Administration through a campaign for rejecting any policy, mandate or law that stands against their security in the cyberspace and adopt strong encryption for them. The Washington Post reported that the Obama Administration has agreed partially on the encrypted communications issue. "The administration has decided not to seek a legislative remedy now, but it makes sense to continue the conversations with industry," James B. Comey , FBI Director, said at a Senate hearing Thursday of the Homeland Security and Governmental Affairs Committee. This decision is considered as the Status Quo. It is like a win-win situation to decrease the tension because of the Petition and regard the law enforcement agencies as well a...

Sanmay Ved – the man who actually managed to buy Google.com got a huge reward from Google, but he donated all money to charity. Last week, an ex-Google employee and now-Amazon employee managed to buy the world's most-visited domain Google.com via Google's own Domains service for only $12 . However, Ved owned Google.com for one whole minute before the Mountain View company realized it was a mistake and cancelled the transaction. After acknowledging the mistake, Google rewarded Ved with some unknown amount of cash, but when Ved generously suggested donating his prize money to charity instead, Google just doubled the reward. Google Rewarded Ved with More than $10,000 Ved believed that his real reward was just being the person who bought Google.com for a whole minute. "I do not care about the money," Ved told in an interview with Business Insider. "It was never about the money. I also want to set an example that [there are] people who [wi...

Most of the times, we have reported about WordPress vulnerabilities involving vulnerable plugins, but this time security researchers have discovered Brute Force Amplification attacks on the most popular CMS (content management system) platform. Researchers from security firm Sucuri have found a way to perform Brute Force amplification attacks against WordPress' built-in XML-RPC feature to crack down administrator credentials. XML-RPC is one of the simplest protocols for securely exchanging data between computers across the Internet. It uses the system.multicall method that allows an application to execute multiple commands within one HTTP request. A number of CMS including WordPress and Drupal support XML-RPC. But… The same method has been abused to amplify their Brute Force attacks many times over by attempting hundreds of passwords within just one HTTP request, without been detected. Amplified Brute-Force Attacks This means instead of trying tho...