The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

TalkTalk , one of the biggest UK-based phone and Internet service provider with more than 4 Million customers, has been hacked again, the company announced late Thursday. TalkTalk is informing its 4 million customers that it has fallen victim to a "significant and sustained cyber attack" and it is possible that sensitive data including bank details have been stolen. In February, TalkTalk suffered a major data breach in which its customer details were stolen and misused by scammers to access additional information as well as steal considerable amount of money. What data might have been Exposed? According to the company, potentially all of its 4 Million customers could be affected by the data breach. However, TalkTalk hasn't specified exactly what kind of data was stolen from its servers, but says that the systems accessed by hackers contained information including: Credit card details and/or bank details Full names Postal addresses Dates ...

Joomla – one of the most popular open source Content Management System (CMS) software packages, has reportedly patched three critical vulnerabilities in its software. The flaws, exist in the Joomla version 3.2 to 3.4.4, include SQL injection vulnerabilities that could allow hackers to take admin privileges on most customer websites. The patch was an upgrade to Joomla version 3.4.5  and only contained security fixes. The vulnerability, discovered by Trustwave SpiderLabs researcher Asaf Orpani and Netanel Rubin of PerimeterX, could be exploited to attack a website with SQL injections. SQL injection ( SQLi ) is an injection attack wherein a bad actor can inject/insert malicious SQL commands/query (malicious payloads) through the input data from the client to the application. The vulnerability is one of the oldest, most powerful and most dangerous flaw that could affect any website or web application that uses an SQL-based database. The recent SQLi in J...

The connected devices, better known as the Internet of Things , have been attracting the significant interest of, not only users but also cyber criminals that are turning them into weapons for cyber war. Due to the insecure implementation of Internet-connected embedded devices, they are routinely being hacked and used in cyber attacks. We have seen Smart TVs and Refrigerator sending out millions of malicious spam emails ; we have also seen printers and set-top-boxes mining Bitcoins . And Now… Cyber crooks have targeted innocent looking CCTV cameras – common Internet-of-Things (IoT) device – to launch Distributed Denial-of-Service (DDoS) attacks . Also Read: 100,000 Refrigerators and other home appliances hacked to perform cyber attack. Yes, Surveillance cameras in shopping malls are being targeted to form a large botnet that can blow large websites off the Internet by launching crippling Distributed Denial-of-service (DDoS) attacks. THE CAUSE The cro...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

Breaking.... WikiLeaks, The Anti-secrecy and transparency organization, claims to have obtained the contents of CIA Director John Brennan 's personal AOL email account. Also, Julian Assange, founder of WikiLeaks , has promised to publish them soon on their website. Earlier this week, Brennan's personal email account was hacked by an anonymous self-described high school student, who swiped sensitive top-secret data from it. The teenager also posted a partial Spreadsheet filled with the supposed names, email addresses, phone numbers and Social Security numbers (SSNs) of 2,611 former and current government intelligence officials. Also Read:   High school Student Hacked Into CIA Director's Personal Email Account Anonymous Teenage Hacker is motivated by opposition to American foreign policy, particularly in respect to the Israel-Palestine conflict, according to an interview. The Central Intelligence Agency did not confirm whether the hack happened...

US Federal Official: Unlock that iPhone for me? Apple: Sorry, Nobody can do this! Neither we, nor you. Yes, in a similar manner, Apple told a U.S. federal judge that it is " IMPOSSIBLE " to access data stored on a locked iPhone running iOS 8 or later iOS operating system. In short, Apple has reminded everyone that the tech giant can not, and will not, break its users' encryption if the government official asks it to. Apple revealed this in a court filing late Monday in response to the U.S. federal magistrate judge, who is being requested by the Justice Department to force the company to help authorities extract data from a seized iPhone. However, Apple says that it has the " technical ability " to help federal enforcement unlock older iOS devices – and almost 10 percent of iOS devices are running older versions of the operating system. In the brief filed Monday, Apple said : "In most cases now and in the future, the government's requested order would...