The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

After an eight-year-long absence from the most populated country in the world, Google search is going to dramatically make a comeback in China. Google is reportedly planning to launch a censored version of its search engine in China that is going to blacklist certain websites and search terms to comply with Chinese government's attempts to censor the Internet, a whistleblower revealed. According to leaked documents obtained by The Intercept, CEO Sundar Pichai met with a Chinese government official in December 2017 to re-enter the world's largest market for internet users. Project Dragonfly — Censored Google Search Engine Since spring last year Google engineers have been secretly working on a project, dubbed " Dragonfly ," which currently includes two Android mobile apps named—Maotai and Longfei—one of which will get launched by the end of this year after Chinese officials approve it. The censored version of Google search engine in the form of a mobile app report...

Amnesty International, one of the most prominent non-profit human rights organizations in the world, claims one of its staff members has been targeted by a sophisticated surveillance tool made by Israel's NSO Group. The NSO Group is an Israeli firm that's mostly known for selling high-tech spyware and surveillance malware capable of remotely cracking into Apple's iPhones and Google's Android devices to intelligence apparatuses, militaries, and law enforcement around the world. The company's most powerful spyware called Pegasus for iPhone , Android , and other mobile devices has previously been used to target human rights activists and journalists, from Mexico to the United Arab Emirates. Pegasus has been designed to hack mobile phones remotely, allowing an attacker to access an incredible amount of data on a target victim, including text messages, emails, WhatsApp messages , user's location, microphone, and camera —all without the victim's knowl...

Ransomware has become a multimillion-dollar black market business for cybercriminals, and SamSam being a great example. New research revealed that the SamSam ransomware had extorted nearly $6 million from its victims since December 2015, when the cyber gang behind the ransomware started distributing the malware in the wild. Researchers at Sophos have tracked Bitcoin addresses owned by the attackers mentioned on ransom notes of each SamSam version and found the attackers have received more than $5.9 million from just 233 victims, and their profits are still on the rise, netting around $300,000 per month. "In total, we have now identified 157 unique addresses which have received ransom payments as well as 89 addresses which have been used on ransom notes and sample files but, to date, have not received payments," the new report by Sophos reads. SamSam Ransomware Attacks > What makes SamSam stand out from other forms of ransomware is that SamSam is not distributed ...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

Dixons Carphone's 2017 data breach was worse than initially anticipated. In an announcement on Monday, Dixons Carphone, one of the largest consumer electronics and telecommunication retailers in Europe, admitted that the breach affected around 10 million customers, up from an initial estimate of 1.2 million people the company acknowledged back in June. The company, which has been investigating the hack since it was discovered in June this year, said the investigation is nearly over and now there is evidence that some of the data may have been taken from its systems. The Carphone Warehouse and Currys PC World owner said the hackers may have accessed personal information of its affected customers including their names, addresses and email addresses last year. The hackers also got access to 5.9 million payments cards used at Currys PC World and Dixons Travel, but nearly all of those cards were protected by the chip-and-pin system . However, Dixons Carphone assured its cust...

An activist has just leaked thousands of private messages of an organization that's been known to publishing others' secrets. More than 11,000 direct messages from a Twitter group used by WikiLeaks and around 10 close supporters have been posted online by journalist and activist Emma Best, exposing private chats between 2015 and 2017. The leaked chats have been referenced by American media outlets earlier this year, but for the very first time, all 11,000 messages have been published online, allowing anyone to scroll through and read messages themselves. "The chat is presented nearly in its entirety, with less than a dozen redactions made to protect the privacy and personal information of innocent, third parties. The redactions don't include any information that's relevant to WikiLeaks or their activities," Best said. The leaked DMs of the private Twitter chat group, dubbed " Wikileaks +10 " by Best, show WikiLeak's strong Republican favoritism, ...