The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Our partner Springboard, which provides online courses to help you advance your cybersecurity career with personalized mentorship from industry experts, recently researched current cybersecurity salaries and future earning potential in order to trace a path to how much money you can make. Here's what they found were the most important factors for making sure you earn as much as possible: 1) Choosing the right type of cybersecurity role and building your skill set The cybersecurity role you're in clearly makes a difference: the average salary for penetration testers is $55,000 according to U.S. data from Glassdoor. But cybersecurity engineers should expect to earn about $140,000—and engineers have a more natural path to becoming architects, who can earn even more. Cybersecurity analysts are somewhere in between, averaging about $80,000 a year. Of course, becoming a cybersecurity engineer requires more skills and experience than becoming a penetration tester, but you...

Windows 10 users don't have to wait much longer for the support of latest WPA3 Wi-Fi security standard , a new blog post from Microsoft apparently revealed. The third version of Wi-Fi Protected Access, in-short WPA3, is the next generation of the wireless security protocol that has been designed to make it harder for attackers to hack WiFi password . WPA3 was officially launched earlier this year, but the new WiFi security standard won't arrive overnight. Most device manufacturers could take months to get their new routers and networking devices certified by the Wi-Fi Alliance to support WPA3. Meanwhile, technology providers have already started working on software and firmware updates to support the new WPA3 standard, including Microsoft. WPA3-Personal (SAE) Support in Windows 10 Though Microsoft hasn't yet officially announced WPA3 support for its Windows 10 operating system, new APIs introduced in the newly released Windows 10 SDK Preview build 18272 , as ma...

A 23-year-old hacker from Utah pleaded guilty this week to launching a series of denial-of-service (DoS) attacks against multiple online services, websites, and online gaming companies between 2013 and 2014. According to a Justice Department (DoJ) press release, Austin Thompson , a.k.a. "DerpTroll," took down servers of several major gaming platforms including Electronic Arts' Origin service, the Sony PlayStation network , and Valve Software's Steam, between December 2013 and January 2014, by flooding them with enough internet traffic. Thompson then typically used the Twitter account the @DerpTrolling handle to announce his attacks, subsequently posting screenshots or other photos of the server being unavailable after launching DDoS attacks. The attacks usually took down game servers and related computers of the victim companies for at least a few hours at a time, causing at least $95,000 in damages to the gaming companies around the world. "Denial-of...

Cybersecurity researchers at Check Point today revealed details of a potential dangerous vulnerability in DJI Drone web app that could have allowed attackers access user accounts and synced sensitive information within it, including flight records, location, live video camera feed, and photos taken during a flight. Thought the vulnerability was discovered and responsibly reported by the security firm Check Point to the DJI security team in March this year, the popular China-based drone manufacturing company fixed the issue after almost six months in September. The account takeover attack takes advantage of a total of three vulnerabilities in the DJI infrastructure, including a Secure Cookie bug in the DJI identification process, a cross-site scripting (XSS) flaw in its Forum and a SSL Pinning issue in its mobile app. The first vulnerability, i.e. not having the "secure" and "httponly" cookie flag enabled, allowed attackers to steal login cookies of a user b...

You might have read somewhere online today that Google is granting Android app developers powers to forcefully install app updates…but it is not true. Instead, the tech giant is providing a new feature that will help users to have up-to-date Android apps all the time and yes, it's optional. Along with the launch of a number of new tools and features at its Android Dev Summit 2018 , Google has also launched the a new API, called "In-app Updates," which aims to help developers ensure that users are running the latest and greatest version of their app. "We've heard that you'd like more controls to ensure that users are running the latest and greatest version of your app. To address this, we're launching an In-app Updates API," Google said . How Does Android's New In-app Updates API Work? It should be noted that the Android's new In-app Updates API doesn't force or lock out users from the app if they chose not to update it. In...