The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The United States Department of Justice (DoJ) announced Wednesday its effort to "map and further disrupt" a botnet tied to North Korea that has infected numerous Microsoft Windows computers across the globe over the last decade. Dubbed Joanap , the botnet is believed to be part of " Hidden Cobra "—an Advanced Persistent Threat (APT) actors' group often known as Lazarus Group and Guardians of Peace and backed by the North Korean government. Hidden Cobra is the same hacking group that has been allegedly associated with the WannaCry ransomware menace in 2016, the SWIFT Banking attack in 2016, as well as Sony Motion Pictures hack in 2014. Dates back to 2009, Joanap is a remote access tool (RAT) that lands on a victim's system with the help an SMB worm called Brambul , which crawls from one computer to another by brute-forcing Windows Server Message Block (SMB) file-sharing services using a list of common passwords. Once there, Brambul downloads Jo...

If you are thinking that Facebook is sitting quietly after being forced to remove its Onavo VPN app from Apple's App Store, then you are mistaken. It turns out that Facebook is paying teenagers around $20 a month to use its VPN app that aggressively monitors their smartphone and web activity and then sends it back to Facebook. The social media giant was previously caught collecting some of this data through Onavo Protect , a Virtual Private Network (VPN) service that it acquired in 2013. However, the company was forced to pull the app from the App Store in August 2018 after Apple found that Facebook was using the VPN service to track its user activity and data across multiple apps, which clearly violates its App Store guidelines on data collection. Onavo Protect became a data collection tool for Facebook helping the company track smartphone users' activities across multiple different apps to learn insights about how Facebook users use third-party apps. Facebook...

Late last year when an unknown group of hackers stole secret access tokens for millions of Facebook accounts by taking advantage of a flaw in its website, the company disclosed the incident and informed its affected users. Similarly, when Twitter was hit by multiple vulnerabilities ( #1 , #2 , #3 ) in the last few months, the social media company disclosed those incidents and informed its affected users. And Guess What? Google is going to shut down its social media network Google+ in April this year after admitting two security flaws in its platform that exposed private data of hundreds of thousands of users to third-party developers. It turns out that Apple also possibly suffered a privacy breach late last year due to a bug in its platform that might have exposed some of your iCloud data to other users, but the company chose to keep the incident secret... maybe because it was not worth to disclose, or perhaps much more complicated. Last week, Turkish security researcher Me...

Have you ever lost your important files, like memories or official documents, accidentally or maliciously? Adding more... when you even do not have any backup for the same. Unfortunate, right? We've all been there. Just last week I formatted my computer and later found that I didn't have any backup for some recently saved important files. It was an absolute nightmare. We have frequently been asked, "All my files have been encrypted or deleted by malware, what should I do now? Is there any way I can recover them without paying a ransom?" Well, whether you lose your files due to a cyber-attack, ransomware, wiper malware, or even accidentally, fortunately, some data recovery software better your chances of recovering your deleted or lost files. There are many data recovery software available in the market that allows you to recover most of your accidentally deleted files as well as data from damaged or formatted hard drives. However, when we talk about an ea...

If you were a buyer of any online DDoS-for-hire service, you might be in trouble. After taking down and arresting the operators of the world's biggest DDoS-for-hire service last year, the authorities are now in hunt for customers who bought the service that helped cyber criminals launch millions of attacks against several banks, government institutions, and gaming industry. Europol has announced that British police are conducting a number of live operations worldwide to track down the users of the infamous Webstresser.org service that the authorities dismantled in April 2018. Launched in 2015, Webstresser let its customers rent the service for about £10 to launch Distributed Denial of Service (DDoS) attacks against their targets with little to no technical knowledge, which resulted in more than 4 million DDoS attacks. According to the Europol announcement published on Monday, the agency gained access to the accounts of over 151,000 registered Webstresser users last yea...