The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The cybersecurity of a company is heavily reliant upon the skills and knowledge of the people who install, manage, and operate its security products. This means that recruiting and nurturing the best security team possible should be a CISO's top priority. Cynet's Ultimate Cybersecurity Job Posting Templates ( download here ) provide a list of the main responsibilities and skills for typical security positions, built upon research and providing IT and security managers with pre-set template job descriptions so that there is no need to create them from scratch. Because of the fact that there are many different cybersecurity job titles, with much overlap between job descriptions and responsibilities, the creation of the inclusion criteria for these positions required significant review and consideration. Six positions are included in the following job templates, including all integral aspects of the responsibility cycle in product deployment, integration, and operation, p...

A 22-year-old man who claimed to have access to more than 300 million iCloud accounts 00 million iCloud accounts —and threatened to wipe them unless Apple paid a ransom—has pleaded guilty in London to attempting to blackmail the company. In March 2017, the attacker from North London said he was a spokesperson for a hacking group calling itself the "Turkish Crime Family" and claimed to possess data from 319 million iCloud accounts. According to a statement from the U.K. National Crime Agency (NCA), he gave Apple a deadline of April 7, 2017, demanding $75,000 in cryptocurrency or $100,000 worth of iTunes gift cards in exchange for deleting the alleged database. The agency described him as a "fame-hungry cyber-criminal." He threatened that if Apple failed to comply, he would remotely wipe victims' Apple devices, factory-reset iCloud accounts, and publish the stolen data online. Later that month, the NCA's National Cyber Crime Unit arrested him at his home after Apple contacted law en...

Three members of an international organized cybercrime group that was behind a multi-million dollar theft primarily against U.S. businesses and financial institutions have been sentenced to prison, the U.S. Justice Department announced. The criminals used the GozNym banking Trojan to break into more than 4,000 victim computers globally, primarily in the United States and Europe, between 2015 and 2016, and fraudulently steal nearly $100 million from their banking accounts. In May this year, Europol dismantled the cybercrime network behind GozNym, with the United States issuing charges against a total of ten members of the group, 5 of which were arrested at that time, while five others, including the developer of GozNym, remain at the run. In a federal court in Pittsburgh on Friday, Krasimir Nikolov , one of the group's members, was sentenced to a period of time served after having served over 39 months in prison for his role as an "account takeover specialist" i...

As promised by Apple in August this year, the company today finally opened its bug bounty program to all security researchers, offering monetary rewards to anyone for reporting vulnerabilities in the iOS, macOS, watchOS, tvOS, iPadOS, and iCloud to the company. Since its launch three years ago, Apple's bug bounty program was open only for selected security researchers based on invitation and was only rewarded for reporting vulnerabilities in the iOS mobile operating system. However, speaking at a hacking conference in August this year, Ivan Krstić, head of Apple Security Engineering and Architecture at Apple, announced the company's upcoming extended bug bounty program which included three main highlights: an enormous increase in the maximum reward from $200,000 to $1.5 million, accepting bug reports for all of its operating systems and latest hardware, opening the program for all researchers. Now starting from today, all security researchers and hackers are ...

Have you stopped at any Wawa convenience store and used your payment card to buy gas or snacks in the last nine months? If yes, your credit and debit card details may have been stolen by cybercriminals. Wawa, the Philadelphia-based gas and convenience store chain, disclosed a data breach incident that may have exposed payment card information of thousands of customers who used their cards at about any of its 850 stores since March 2019. What happened? According to a press release published on the company's website, on 4th March, attackers managed to install malware on its point-of-sale servers used to process customers' payments. By the time it was discovered by the Wawa information security team on 10th December, the malware had already infected in-store payment processing systems at "potentially all Wawa locations." That means attackers were potentially stealing Wawa customers' payment card information until the malware was entirely removed by its ...