The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Remember Ramona Fricosu ? A Colorado woman was ordered to unlock her encrypted Toshiba laptop while the FBI was investigating alleged mortgage fraud in 2012, but she declined to decrypt the laptop saying that she did not remember the password. Later the United States Court ruled that Police can force defendants to decrypt their electronic devices, of course, as it does not violate the Fifth Amendment that prevents any citizen from having to incriminate themselves. Forgetting passwords for your electronic devices could be a smart move to avoid complying with a court order, but not every time, as US judges have different opinions on how to punish those who do not compel the order to unlock their phones. On a single day last week, one defendant got six months jail for allegedly refusing to reveal his iPhone passcode, while a second defendant walks through after he claimed he forgot his passcode. A Florida circuit court judge ruled last week that child abuse defendant Christopher ...

Until last year, cyber criminals were only targeting computers of individuals and organisations with ransomware and holding them for ransom, but then they started targeting unprotected online databases and servers around the globe for ransom as well. Earlier this year, we saw notorious incidents where tens of thousands of unprotected MongoDB and Elasticsearch databases were hacked and held for ransom in exchange of the data the hackers had stolen and deleted from the poorly configured systems. Now, cyber crooks have started targeting unprotected Hadoop Clusters and CouchDB servers as well, making the ransomware game nastier if your servers are not securely configured. Nearly 4,500 servers with the Hadoop Distributed File System (HDFS) — the primary distributed storage used by Hadoop applications — were found exposing more than 5,000 Terabytes (5.12 Petabytes) of data, according to an analysis conducted using Shodan search engine. This exposure is due to the same issue — H...

Last month  WannaCry ransomware  hit more than 300,000 PCs across the world within just 72 hours by using its self-spreading capabilities to infect vulnerable Windows PCs, particularly those using vulnerable versions of the OS, within the same network. But that doesn't mean WannaCry was a high-quality piece of ransomware. Security researchers have recently discovered some programming errors in the code of the WannaCrypt ransomware worm that might allow victims to restore their locked files without paying for any decryption key. After deeply analysing the WannaCry code, security company at Kaspersky Lab found that the ransomware was full of mistakes that could allow some of its victims to restore their files with publicly available free recovery tools or even with simple commands. Anton Ivanov, senior malware analyst at Kaspersky Lab, along with colleagues Fedor Sinitsyn and Orkhan Mamedov, detailed three critical errors made by WannaCry developers that could allow sy...

WikiLeaks has published a new batch of the ongoing Vault 7 leak , this time detailing an alleged CIA project that allowed the agency to turn Windows file servers into covert attack machines that can silently infect other computers of interest inside a targeted network. Codenamed Pandemic , the tool is a persistent implant for Microsoft Windows machines that share files with remote users on a local network. The documents leaked by the whistleblower organisation date from April 2014 to January 2015. According to WikiLeaks, Pandemic infect networks of Windows computers through the Server Message Block (SMB) file sharing protocol by replacing application code on-the-fly with a trojanized version of the software. "Pandemic is a tool which is run as kernel shellcode to install a file system filter driver," a leaked CIA manual reads. "The filter will 'replace' a target file with the given payload file when a remote user accesses the file via SMB (read-only, not w...

Do you use OneLogin password manager ? If yes, then immediately change all your account passwords right now. OneLogin, the cloud-based password management and identity management software company, has admitted that the company has suffered a data breach. The company announced on Thursday that it had "detected unauthorised access" in its United States data region. Although the company did not provide many details about the nature of the cyber attack, the statement released by the firm suggest that the data breach is extensive. What Happened? OneLogin, which aims at offering a service that "secures connections across all users, all devices, and every application," has not yet revealed potential weaknesses in its service that may have exposed its users' data in the first place. "Today We detected unauthorised access to OneLogin data in our US data region," OneLogin chief information security officer Alvaro Hoyos said in a brief blog post-Wednes...