The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The U.S. Department of Justice announces criminal charges against a North Korean government spy in connection with the 2017 global WannaCry ransomware attack and the 2014 Sony Pictures Entertainment hack . According to multiple government officials cited by the NY Times who are familiar with the indictment, the charges would be brought against Park Jin Hyok , who works for North Korean military intelligence agency Reconnaissance General Bureau (RGB). The November 2014 Sony Pictures Entertainment hack was done in retaliation for the studio's production of a comedic film, " The Interview ," a comedy about two journalists who are recruited by the CIA to assassinate North Korean leader Kim Jong Un. In June 2014, the Pyongyang government also denounced the film as "undisguised sponsoring of terrorism, as well as an Act of War" in a letter to U.N. Secretary-General Ban Ki-moon. The Sony Pictures hack was devastating to the company and exposed over 200...

If you dream of making it big in the IT security community, the CISSP certification is a necessary milestone. Certified Information Systems Security Professional ( CISSP ) is a globally recognised certification in the field of information security, which has become a gold standard of achievement that is acknowledged worldwide. CISSP certification deals with a range of information security topics including security engineering and software development security and helps you understand the various areas of security you should be aware of. The CISSP exam is highly challenging and requires a broad level of knowledge. However, achieving the CISSP certification requires help, irrespective of your experience level. Choose the right CISSP Training Course There are a wide number of courses and training programs in the market, but make sure you sign up for one that equips you with the best practices in the industry and helps you to ace the exam in your first attempt. To help you ...

British police have arrested a 19-year-old teen who is an alleged member of Apophis Squad cybercriminal group responsible for making hoax bomb threats to thousands of schools and airlines; and DDoSing ProtonMail and Tutanota secure email services. George Duke-Cohan was arrested in his bedroom at his family home in Watford by British National Crime Agency (NCA) on 31st August and pledged guilty to three counts of making bomb threats to schools and airlines in Luton Magistrates' Court on Monday. Duke-Cohan spammed out more than 24,000 emails to schools across the UK and in the US as well, claiming that pipe bombs had been planted on the premises, which would blow up the building if $5,000 extortion money was not made within 3 hours. He Got Arrested Third-Time For Making Hoax Bomb Threats This is not the first time Duke-Cohan has been arrested for spreading fake bomb threats. He first created panic in March this year when he emailed thousands of schools in the UK warnin...

Cisco today released thirty security patch advisory to address a total of 32 security vulnerabilities in its products, three of which are rated critical, including the recently disclosed Apache Struts remote code execution vulnerability that is being exploited in the wild. Out of the rest 29 vulnerabilities, fourteen are rated high and 15 medium in severity, addressing security flaws in Cisco Routers, Cisco Webex, Cisco Umbrella, Cisco SD-WAN Solution, Cisco Cloud Services Platform, Cisco Data Center Network, and more products. The three critical security vulnerabilities patched by Cisco address issues in Apache Struts, Cisco Umbrella API, and Cisco RV110W, RV130W and RV215W router's management interface. Apache Struts Remote Code Execution Vulnerability (CVE-2018-11776) The vulnerability, reported late last month by Semmle security researcher Man Yue Mo, resides in the core of Apache Struts and originates due to insufficient validation of user-provided untrusted inputs in...

Warning! If you are using Chrome browser extension from the MEGA file storage service, uninstall it right now. The official Chrome extension for the MEGA.nz cloud storage service had been compromised and replaced with a malicious version that can steal users' credentials for popular websites like Amazon, Microsoft, Github, and Google, as well as private keys for users' cryptocurrency wallets. On 4 September at 14:30 UTC, an unknown attacker managed to hack into MEGA's Google Chrome web store account and upload a malicious version 3.39.4 of an extension to the web store, according to a blog post published by the company. Malicious MEGA Chrome Extension Steals Passwords Upon installation or auto-update, the malicious extension asked for elevated permissions to access personal information, allowing it to steal credentials from sites like Amazon, Github, and Google, along with online wallets such as MyEtherWallet and MyMonero, and Idex.market cryptocurrency trading...