The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

An infamous Russian-linked cyber-espionage group has been found re-using the same leaked NSA hacking tool that was deployed in the WannaCry and NotPetya outbreaks—this time to target Wi-Fi networks to spy on hotel guests in several European countries. Security researchers at FireEye have uncovered an ongoing campaign that remotely steals credentials from high-value guests using Wi-Fi networks at European hotels and attributed it to the Fancy Bear hacking group. Fancy Bear —also known as APT28, Sofacy, Sednit, and Pawn Storm—has been operating since at least 2007 and also been accused of hacking the Democratic National Committee (DNC) and Clinton Campaign in an attempt to influence the U.S. presidential election. The newly-discovered campaign is also exploiting the Windows SMB exploit (CVE-2017-0143), called EternalBlue , which was one of many exploits allegedly used by the NSA for surveillance and leaked by the Shadow Brokers in April. EternalBlue is a security vulnerabi...

If you think you are downloading apps from Google Play Store and you are secure, then watch out! Someone has managed to flood third-party app stores and Google Play Store with more than a thousand malicious apps, which can monitor almost anything a user does on their mobile device from silently recording calls to make outbound calls without the user's interaction. Dubbed SonicSpy , the spyware has been spreading aggressively across Android app stores since at least February and is being distributed by pretending itself to be a messaging app—and it actually offers a messaging service. SonicSpy Can Perform a Whole Lots of Malicious Tasks At the same time, the SonicSpy spyware apps perform various malicious tasks, including silently recording calls and audio from the microphone, hijacking the device's camera and snap photos, making outbound calls without the user's permission, and sending text messages to numbers chosen by the attacker. Besides this, the SonicSpy sp...

Ukrainian authorities have arrested a 51-year-old man accused of distributing the infamous Petya ransomware (Petya.A, also known as NotPetya) — the same computer virus that massively hit numerous businesses, organisations and banks in Ukraine as well as different parts of Europe around 45 days ago. However, the story is not as simple as it seems, which portrayed this man as a criminal. I recommend you to read complete article to understand the case better and then have an opinion accordingly. Sergey Neverov (Сергей Неверов), father of two sons and the resident of the southern city of Nikopol, is a video blogger and computer enthusiast who was arrested by the Ukrainian police on Monday, August 7 from his home. What Neverov Did? According to a press release published on Thursday by the Ukrainian cyber police department, Neverov uploaded a video, showing how to infect a computer with Petya.A ransomware—and also shared a download link for NotPetya malware to his soc...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

After disclosing CIA's strategies to hijack and manipulate webcams and microphones to corrupt or delete recordings, WikiLeaks has now published another Vault 7 leak , revealing CIA's ability to spy on video streams remotely in real-time. Dubbed ' CouchPotato ,' document leaked from the CIA details how the CIA agents use a remote tool to stealthy collect RTSP/H.264 video streams. Real Time Streaming Protocol, or RTSP, is a network control protocol designed for use in entertainment and communication systems for controlling streaming media servers. CouchPotato gives CIA hackers ability to "collect either the stream as a video file (AVI) or capture still images (JPG) of frames from the stream that are of significant change from a previously captured frame," a leaked CIA manual reads. The tool utilises FFmpeg for video and image encoding and decoding and Real Time Streaming Protocol connectivity. The CouchPotato tool works stealthily without leaving...

In what appears to be the world's first quantum satellite transmission, China has successfully sent an "unbreakable" code over a long distance from an orbiting satellite to the Earth, achieving a milestone in the next generation encryption based on "quantum cryptography." In August last year, China launched the world's first quantum communication satellite into the Earth's orbit aboard a Long March-2D rocket to test the fundamental laws of quantum mechanics at space. Dubbed Quantum Science Satellite , nicknamed Micius or Mozi (Chinese: 墨子), the satellite was designed to establish a 'Hack-Proof' communications system in this age of global surveillance by transmitting unbreakable encryption keys from space to the ground. Now, it has been reported that using this satellite, the Chinese scientists at the Quantum Experiments at Space Scale (QUESS) project were able to send secret "quantum key distribution" (QKD) data by beaming photons ...