The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Just control your laughter, while reading this article. I insist. Talking to international media at the St Petersburg Economic Forum on Thursday, Russian President Vladimir Putin made a number of statement surrounding alleged Russia's involvement in hacking. If you are not aware, Russia has been the focus of the U.S. investigations for its purported role in interfering with the 2016 US presidential election, which saw several major hacks, including Democratic National Committee and Hillary Clinton campaign emails. The US authorities and intelligence community concluded in January that Mr. Putin had personally directed cyber attacks against Democrats and the dissemination of false information in order to influence US election and help Mr. Trump win the election. Putin: Russia Has Never Been Involved in Hacking Today Mr. Putin denied all the allegations of Russian engagement in the U.S. election hacking, saying that the Russian state had never been involved in hacking. I...

Security researchers have discovered a massive malware campaign that has already infected more than 250 million computers across the world, including Windows and Mac OS. Dubbed Fireball , the malware is an adware package that takes complete control of victim's web browsers and turns them into zombies, potentially allowing attackers to spy on victim's web traffic and potentially steal their data. Check Point researchers, who discovered this massive malware campaign, linked the operation to Rafotech, a Chinese company which claims to offer digital marketing and game apps to 300 million customers. While the company is currently using Fireball for generating revenue by injecting advertisements onto the browsers, the malware can be quickly turned into a massive destroyer to cause a significant cyber security incident worldwide. Fireball comes bundled with other free software programs that you download off of the Internet. Once installed, the malware installs browser plug...

A high-severity vulnerability has been reported in Linux that could be exploited by a low privilege attacker to gain full root access on an affected system. The vulnerability, identified as CVE-2017-1000367, was discovered by researchers at Qualys Security in Sudo's "get_process_ttyname()" function for Linux that could allow a user with Sudo privileges to run commands as root or elevate privileges to root. Sudo, stands for "superuser do!," is a program for Linux and UNIX operating systems that lets standard users run specific commands as a superuser (aka root user), such as adding users or performing system updates. The flaw actually resides in the way Sudo parsed "tty" information from the process status file in the proc filesystem. On Linux machines, sudo parses the /proc/[pid]/stat file in order to determine the device number of the process's tty from field 7 (tty_nr), Qualys Security explains in its advisory . Although the fields in t...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

Sensitive files linked to the United States intelligence agency were reportedly left on a public Amazon server by one of the nation's top intelligence contractor without a password, according to a new report. UpGuard cyber risk analyst Chris Vickery discovered  a cache of 60,000 documents from a US military project for the National Geospatial-Intelligence Agency (NGA) left unsecured on Amazon cloud storage server for anyone to access. The documents included passwords to a US government system containing sensitive information, and the security credentials of a senior employee of Booz Allen Hamilton, one of the country's top defense contractors. Although there wasn't any top secret file in the cache Vickery discovered, the documents included credentials to log into code repositories that could contain classified files and other credentials. Master Credentials to a Highly-Protected Pentagon System were Exposed Roughly 28GB of exposed documents included the privat...

The alleged Russian hacker, who was arrested by the Czech police in Prague last October on suspicion of massive 2012 data breach at LinkedIn, can be extradited to either the United States or Russia, a Czech court ruled on Tuesday. Yevgeniy Aleksandrovich Nikulin , a 29-years-old Russian national, is accused of allegedly hacking not just LinkedIn , but also the online cloud storage platform Dropbox , and now-defunct social-networking company Formspring. However, he has repeatedly denied all accusations. Nikulin was arrested in Prague on October 5 by the Czech police after Interpol issued an international arrest warrant against him. Nikulin appeared at a court hearing held inside a high-security prison in Prague on Tuesday and emaciated after eight months in solitary confinement. The court ruling, pending appeals, left the final decision in the hands of Czech Justice Minister Robert Pelikan, who can approve extradition to one of the countries and block the other. The United ...