The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

If you are today trying to visit the php.net website, an official website of the PHP scripting language, you will likely see the above shown result, instead of the original website. Chrome and Firefox is currently flagging the site as " suspicious " and contains malware that can harm your computer. According to Google's Webmaster Tools, the script at https://static.php.net/www.php.net/userprefs.js  was included as suspicious, and Google's Safe Browsing diagnostics  for php.net do suggest that malware has been present on the site in the last 90 days: " Of the 1513 pages we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent. " " Malicious software includes 4 trojan(s). Malicious software is hosted on 4 domain(s), including cobbcountybankruptcylawyer.com/, stephaniemari.com/, northgadui.com/ . 3 domain(s) appear to be functioning as intermediaries for ...

Cybercrime , identity theft, and frauds are on the rise; and in most cases, the data breaches are associated with credit cards and cardholder data. The impact of data breach not only affects your organization, but also your customers. A common observation cites that organizations that are PCI compliant are 50% less likely to suffer a data breach . It is alarming to notice that most organizations have difficulty complying with the requirements necessary for processing cardholder data . PCI makes the process smooth Based on the feedback from the industry, PCI Security Council has introduced some changes in the compliance regulations and has come up with version 3.0 for PCI compliance whose final version is scheduled for release on November 7, 2013. And, it is expected to be effective from January 2014. So, how will the upgraded version of PCI Compliance impact your organization? Awareness :  Most security breaches happen due to lack of awareness in the following are...

Yet another American Internet privacy service has bitten the dust, prompted by fears about broad government surveillance demands. CryptoSeal, a Virtual private network (VPN) based in California has decided to shutter its privacy-conscious service rather than hand over its encryption keys to the U.S. Government. VPNs are secure tunnels to the Internet that allow users to mask their location, defeat regional restrictions, stay safe over public Wi-Fi connections, and maintain at least a modicum of privacy online. CryptoSeal is the latest company to voluntarily shut down its service after the U.S. Government's legal action against Lavabit, an email service used by former NSA contractor Edward Snowden. " With immediate effect as of this notice, CryptoSeal Privacy, our consumer VPN service, is terminated, " a notice reads on the company's website. " All cryptographic keys used in the operation of the service have been zerofilled...all records created incidental ...

Hackers and malware are everywhere, waiting for you around every corner of the Internet. The International Atomic Energy Agency (IAEA) , which holds highly sensitive information and plays a key role in global efforts to prevent the spread of nuclear weapons, said on Tuesday that some of its computers were infected by malicious software, during the past several months. Malware can typically be used by cyber-attackers to gain remote access to systems, or to steal data, however spokesman Serge Gas said . " No data from the IAEA network has been affected ." The computers were located in common areas of the agency's Vienna headquarters, known as the Vienna International Centre (VIC). A third-party technician or visitor with the USB-drive infected with crimeware can be used to infect the system. " The (IAEA) secretariat does not believe that the USB devices themselves were infected or that they could spread the malware further " he said. Last November, the IAEA rev...

In 2013 we have seen a dramatic increase in the number of hack attacks attempted against banks, credit unions and utility companies using various techniques including  DDoS attack , SQL injection, DNS Hijacking and Zero-Day Flaws. SQL Injection is one of the most common security vulnerabilities on the web and is successful only when the web application is not sufficiently secured. Recently a hacking Group named ' TeamBerserk ' claimed on Twitter that, they have stolen $100,000 by leveraging user names and passwords taken from a California ISP Sebastian (Sebastiancorp.com)to access victims' bank accounts. A video proof was uploaded on the Internet, shows that how hackers used a SQL injection attack against the California ISP Sebastian to access their customers' database includes  e-mail addresses, user names and clear text passwords and then using the same data to steal money from those customers. Let's see what SQL Injection is and how ser...

A Security researcher discovered a critical privacy vulnerability on Verizon Wireless's Web-based customer portal that allows anyone to download user's SMS History and Numbers of other users he communicated with. Back in August, researcher ' Cody Collier ' found that a simple URL exploit could allow any subscriber to extract data using ' Download to SpreadSheet' function. To exploit, an attacker only needs to modify the subscriber's phone number in the URL and this would give an attacker access to the SMS history to the targeted account. https://wbillpay.verizonwireless.com/vzw/accountholder/unbilledusage/UnbilledMessaging.action?d-455677-e=2&1548506v4671=1&mtn= 999999999 Where variable ' mtn ' within the URL defines the mobile number and an attacker just need to modify this. " Message details consist of: Date, Time, To, From, and Direction an SMS or MMS took place. With no user interaction, all that was required was a subscriber's phone nu...