The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Since the Internet is filled with hackers and cyber criminals keen on hacking networks for valuable information, ethical hackers are in huge demand and being hired by almost every industry to help them keep their networks protected. These ethical hackers, penetration testers, and information security analysts not only gain reputation in the IT industry but are also one of the most well-paid employees in the IT workforce today. But if you lack behind in this field, you required a good computer hacking course to sharpen up your knowledge. This week's THN Deals brings Become an Ethical Hacker Bonus Bundle that let you get started regardless of your tech background. This bundle will walk you through the very basic skills you need to start your journey towards becoming a professional ethical hacker. This package of 9-lifetime courses that includes total 340 in-depth lectures usually cost $681, but you can exclusively get this 9-in-1 online training course for just $49 (after 92...

Last weekend when outdoor emergency sirens in Dallas cried loudly for over 90 minutes, many researchers concluded that some hackers hijacked the alarm system by exploiting an issue in a vulnerable computer network. But it turns out that the hackers did not breach Dallas' emergency services computer systems to trigger the city's outdoor sirens for tornado warnings and other emergencies, rather they did it entirely on radio. According to a statement issued on Monday, Dallas City Manager T.C. Broadnax clarified the cause of the last Friday's chaos, saying the "hack" used a radio signal that spoofed the system used to control the siren network centrally. "I don't want someone to understand how it was done so that they could try to do it again," Broadnax said without going much into details. "It was not a system software issue; it was a radio issue." First installed in 2007, the Dallas outdoor emergency warning system powers 156 sire...

Recently we reported about a critical code execution vulnerability in Microsoft Word that was being exploited in the wild by cyber criminal groups to distribute malware like Dridex banking trojans and Latentbot. Now, it turns out that the same previously undisclosed vulnerability in Word (CVE-2017-0199) was also actively being exploited by the government-sponsored hackers to spy on Russian targets since at least this January. The news comes after security firm FireEye, that independently discovered this flaw last month, published a blog post , revealing that FinSpy spyware was installed as early as January using the same vulnerability in Word that was patched on Tuesday by Microsoft. For those unaware, the vulnerability (CVE-2017-0199) is a code execution flaw in Word that could allow an attacker to take over a fully patched and up to date computer when the victim opens a Word document containing a booby-trapped OLE2link object, which downloads a malicious HTML app fro...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

Can you imagine your world without the Internet? I know it's hard to imagine your life without the Internet, and the same was the case of two Ohio prisoners who built personal computers from parts from e-waste, hid them in the ceiling, and connected those PCs to the Internet via the prison's network. The incident occurred in 2015 but has now been made public by the State of Ohio's Office of the Inspector General, which published a 50-page report [ PDF ] on Tuesday, following almost a year-long investigation. According to the report, a prison work program has backfired two inmates of Marion Correctional Institution in Ohio, Florida, who smuggled computer parts from an e-waste recycling workshop and built two clandestine computers out of them. The unsupervised inmates later hid the computers behind a plywood board in the ceiling of a training room, and then connected those working PCs to the Ohio Department of Rehabilitation and Correction (ODRC) network to access ...

Besides a previously undisclosed code-execution flaw in Microsoft Word, the tech giant patches two more zero-day vulnerabilities that attackers had been exploiting in the wild for months, as part of this month's Patch Tuesday . In total, Microsoft patches 45 unique vulnerabilities in its nine products, including three previously undisclosed vulnerabilities under active attack. The first vulnerability ( CVE-2017-0199 ) under attack is a remote-code execution flaw that could allow an attacker to remotely take over a fully patched and up to date computer when the victim opens a Word document containing a booby-trapped OLE2link object. The attack can bypass most exploit mitigations developed by Microsoft, and according to Ryan Hanson of security firm Optiv, in some cases, exploits can execute malicious code even when Protected View is enabled. As The Hacker News reported Monday, this code-execution flaw in Microsoft Word was being exploited by hackers to spread a version ...