The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Turkey is again in the news for banning online services, and this time, it's a bunch of sites and services offered by big technology giants. Turkey government has reportedly blocked access to cloud storage services including Microsoft OneDrive, Dropbox, and Google Drive, as well as the code hosting service GitHub, reports censorship monitoring group Turkey Blocks. The services were blocked on Saturday following the leak of some private emails allegedly belonging to Minister of Energy and Natural Resources Berat Albayrak — also the son-in-law of President Recep Tayyip Erdogan. Github, Dropbox, and Google Drive are issuing SSL errors, which indicates interception of traffic at the national or ISP level. Microsoft OneDrive was also subsequently blocked off throughout Turkey. The leaks come from a 20-year-old hacktivist group known as RedHack, which leaked 17GB of files containing some 57,623 stolen emails dating from April 2000 to September this year. A court in Turkish ...

Today Yahoo! is all over the Internet, but in a way the company would never have expected. It all started days ago when Reuters cited some anonymous sources and reported that Yahoo built a secret software to scan the emails of hundreds of millions of its users at the request of a U.S. intelligence service. At this point, we were not much clear about the intelligence agency: the National Security Agency or the FBI? The news outlet then reported that the company installed the software at the behest of Foreign Intelligence Surveillance Act (FISA) court order. Following the report, the New York Times reported that Yahoo used its system developed to scan for child p*rnography and spam to search for emails containing an undisclosed digital "signature" of a certain method of communication employed by a state-sponsored terrorist organization. Although Yahoo denied the reports, saying they are "misleading," a series of anonymous sources, therefore, unaccounta...

A Romanian man has been arrested and charged with conspiracy relating to his involvement in a prolific ATM malware campaign. Emanual Leahu, 30, was arrested in the western city of Bacău, Romania by the London Regional Fraud Team (LRFT) London police run by the City of London Police on Tuesday 20 September, extradited to the United Kingdom last week. Leahu is believed to be a member of a European ATM hacking gang that stole more than £1.5 Million ($2 Million) from cash machines across the UK in 2014 using ATM malware to bypass security controls. The gang physically broke into ATMs to directly load malware onto the machines, allowing it to withdraw "large amounts of cash." The malware was good enough to erase itself to hide its tracks, making it difficult to identify the culprit. Three out of Five Gang Members Arrested Luckily, due to the gang's carelessness, one of its members was recorded by a hidden ATM surveillance camera, which allowed the police to id...

AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can't easily see. These "invisible" non-human identities (NHIs) now outnumber human accounts in most cloud environments, and they have become one of the ripest targets for attackers. Astrix's Field CTO Jonathan Sander put it bluntly in a recent Hacker News webinar : "One dangerous habit we've had for a long time is trusting application logic to act as the guardrails. That doesn't work when your AI agent is powered by LLMs that don't stop and think when they're about to do something wrong. They just do it." Why AI Agents Redefine Identity Risk Autonomy changes everything: An AI agent can chain multiple API calls and modify data without a human in the loop. If the underlying credential is exposed or overprivileged, each addit...

It seems like it is not all over for Yahoo yet. Another day, another bad news for Yahoo! Verizon, which has agreed to purchase  Yahoo for $4.8 Billion , is now asking for a $1 Billion discount, according to recent reports. The request comes after Verizon Communications learned about the recent disclosures about hacking  and spying in past few weeks. Just two weeks ago, Yahoo revealed that at least a half Billion Yahoo accounts were stolen in 2014 hack, marking it as the biggest data breach in history. And if this wasn't enough, the company faced allegations earlier this week that it built a secret tool to scan all of its users' emails last year at the behest of a United States intelligence agency. Due to these incidents, AOL CEO Tim Armstrong, who runs the Verizon subsidiary, is "pretty upset" about Yahoo's lack of disclosure, and is even seeking to pull out of the deal completely or cut the price, the New York Post claimed, citing multiple sources. ...

Apple Mac Computers are considered to be much safer than Windows at keeping viruses and malware out of its environment, but that's simply not true anymore. It's not because Mac OS X is getting worse every day, but because hackers are getting smart and sophisticated these days. The bad news for Mac users is that malware targeting webcams and microphones has now come up for Mac laptops as well. Patrick Wardle, an ex-NSA staffer who heads up research at security intelligence firm Synack, discovered a way for Mac malware to tap into your live feeds from Mac's built-in webcam and microphone to locally record you even without detection. Wardle is the same researcher who has discovered a number of security weaknesses in Apple products, including ways to bypass the Gatekeeper protections in OS X. Wardle also released a free tool called RansomWhere? earlier this year that has generic detection capabilities for Mac OS X ransomware variants. Wardle is scheduled to present h...