The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Recently Yahoo disclosed a three-year-old massive data breach in its company that exposed personal details associated with more than 1 Billion user accounts , which is said to be the largest data breach of any company ever. The new development in Yahoo!'s 2013 data breach is that the hacker sold its over Billion-user database on the Dark Web last August for $300,000, according to Andrew Komarov, Chief Intelligence Officer (CIO) at security firm InfoArmor. Komarov told the New York Times that three different buyers, including two "prominent spammers" and the third, is believed to be involved in espionage tactics paid $300,000 to gain control of the entire database. The hacker group that breached Yahoo and sold the database is believed to based in Eastern Europe, but the company still does not know if this information is accurate or not. Beside full names, passwords, date of births and phone numbers of 1 Million Yahoo users, the database also includes backup em...

No software is immune to being Hacked! Not even Linux. A security researcher has discovered a critical vulnerability in Ubuntu Linux operating system that would allow an attacker to remotely compromise a target computer using a malicious file. The vulnerability affects all default Ubuntu Linux installations versions 12.10 (Quantal) and later. Researcher Donncha O'Cearbhaill discovered the security bug which actually resides in the Apport crash reporting tool on Ubuntu. A successful exploit of this CrashDB code injection issue could allow an attacker to remotely execute arbitrary code on victim's machine. All an attacker needs is to trick the Ubuntu user into opening a maliciously booby-trapped crash file. This would inject malicious code in Ubuntu OS's crash file handler, which when parsed, executes arbitrary Python code. "The code first checks if the CrashDB field starts with { indicating the start of a Python dictionary," O'Cearbhaill explain...

Macintosh computers are often considered to be safer than those running Windows operating system, but a recently discovered attack technique proves it all wrong. All an attacker needs is a $300 device to seize full control of your Mac or MacBook. Swedish hacker and penetration tester Ulf Frisk has developed a new device that can steal the password from virtually any Mac laptop while it is sleeping or even locked in just 30 seconds, allowing hackers to unlock any Mac computer and even decrypt the files on its hard drive. So, next time when you leave your Apple's laptop unattended, be sure to shut it down completely rather than just putting the system in sleep mode or locked. Here's How an Attacker can steal your Mac FileVault2 Password The researcher devised this technique by exploiting two designing flaws he discovered last July in Apple's FileVault2 full-disk encryption software. The first issue is that the Mac system does not protect itself against Direc...

One of the FBI's most wanted hackers who was behind the largest theft of financial data has finally been arrested at the JFK airport in New York. Joshua Samuel Aaron is accused of being part of a hacking group that attacked several major financial institutions, including JPMorgan Chase , and according to the officials, which was "the largest theft of user data from a U.S. financial institution in history." Aaron was believed to have been living as a fugitive in Moscow, Russia after being charged with hacking crimes in 2015, which exposed the personal information of more than 100 Million people. On June 2015, a federal arrest warrant was issued for Aaron by the United States District Court, and the FBI and US secret service agents arrested him upon his arrival at the JFK airport in NY, announced the US Department of Justice. "Aaron allegedly worked to hack into the networks of dozens of American companies, ultimately leading to the largest theft of person...

Remember The Shadow Brokers? The hacker group that's believed to be behind the high-profile cyber theft of NSA hacking tools and exploits that sparked a larger debate on the Internet concerning abilities of US intelligence agencies and their own security The group put the stolen cyber weapons on auction but received not much response and gone quiet for some time. However, The Shadow Brokers has now appeared to have put up the NSA's hacking tools and exploits for direct sale on an underground website. A newly uncovered site reportedly contains a file signed with the cryptographic key of The Shadow Brokers, suggesting the hacker group has now moved to sell NSA hacking tools directly to buyers one by one, Motherboard reports . On Wednesday, someone going by pseudonym Boceffus Cleetus published a post on Medium, saying that the Shadow Brokers hackers are now selling "NSA tools individually." "The site also lets visitors download a selection of scree...