The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Military Units that rely on very small aperture terminals (VSATs) for satellite communications in remote areas are vulnerable to cyber attack . Researchers from cyber intelligence company IntelCrawler recently identified nearly 3 million VSATs, many of them in the United States, and found that about 10,000 of them could be easily accessed because of configuration weaknesses. " We have scanned the whole IPv4 address space since 2010 and update the results in our Big Data intelligence database, including details about the satellite operator's network ranges, such as INMARSAT, Asia Broadcast Satellite, VSAT internet iDirect, Satellite HUB Pool, and can see some vulnerabilities, " Researchers have warned that terminals having data transmission rate 4kbps to 16 Mbps used in narrow and broadband data transmission are vulnerable to cyber attack. VSATs are most commonly used to transmit narrowband data such as credit card, polling or RFID data or broadband data for VoIP or ...

The most critical and worst target of a State-sponsored cyber-attack s could be Hospitals, Dams, Dykes and Nuclear power stations and this may cause military conflicts between countries. According to Japan Today , The Monju nuclear power plant in Tsuruga, Japan was accidentally targeted by a malware on 2nd January, when a worker updated the system to the latest version of the video playback program. Monju Nuclear Plant  is a sodium-cooled fast reactor, was launched in April 1994. It has not been operational for most of the past 20 years, after an accident in which a sodium leak caused a major fire. Employees over there are only left with a regular job of company's paperwork and maintenance. So the malware could have stolen only some sensitive documents, emails, training records and employees' data sheets. The Malware command-and-control server suspected to be from South Korea. The malware itself is not much sophisticated like Stuxnet  o...

The Senate Judiciary Committee Chairman ' Patrick Leahy ' reintroduced a revamped version of the " Personal Data Privacy and Security Act " for tough criminal penalties for hackers, that he originally authored in 2005. During last Christmas Holidays, a massive data breach had occurred at the shopping giant  Target,  involving hack of 40 million credit & debit cards, used to pay for purchases at its 1500 stores nationwide in the U.S. Reason: "Target Data Breach? Seriously"?  In a statement, as published below, the Senator wrote: "The recent data breach at Target involving the debit and credit card data of as many as 40 million customers during the Christmas holidays is a reminder that developing a comprehensive national strategy to protect data privacy and cybersecurity remains one of the most challenging and important issues facing our Nation" It seems that the  TARGET Breach  was scheduled, as the best opportunity to ramp u...

After the release of NSA Secret spying over Internet communications, I am expecting from all tech companies to make surveillance significantly harder. Yahoo has HTTPS encryption support since late 2012, but users had to opt in to use the feature. Documents revealed by the Edward Snowden shows that the NSA secretly accessed data from several tech giants, including Yahoo, by intercepting unencrypted Internet traffic in a program called Muscular. As promised back in October 2013,  Yahoo  has finally enabled the HTTPS connections by default for their users, that will now automatically encrypts the connections between users and its email service. Jeff Bonforte , senior vice-president of communication products at Yahoo announced  in a blog post: It is 100% encrypted by default and protected with 2,048 bit certificates. This encryption extends to your emails, attachments, contacts, as well as Calendar and Messenger in Mail. HTTPS by default is really a good news fo...

X.Org Foundation develops the X-Window System, the standard window system for open source operating systems and devices. Most of the graphical user interfaces for Unix and Linux systems rely on it. At the 30th Chaos Communication Congress (CCC) in Germany, Ilja van Sprundel , a security researcher gave the presentation titled  " X11 Server security with being 'worse than it looks.'". He found more than 120 bugs in a few months. In the presentation, he has presented a 23 year old Stack overflow vulnerability in X11 System that could lead to privilege escalation to root and affects all versions of the X Server back to X11R5. Later today, X.Org Foundation released a security Advisory , states " A BDF font file containing a longer than expected string could overflow the buffer on the stack. Testing in X servers built with Stack Protector resulted in an immediate crash when reading a user-provided specially crafted font. " The flaw resides in a file at " libXfo...

When you visit a website, it stores some information on your system through a web browser for later use i.e. Login information, so you do not have to re-login to your website every time you visit the same website on the same browser. Cookies are usually stored as plain text or in the database by the browser and if a computer is accessed by multiple people, one person might scan another's cookie folder and look for things like passwords or long-life session IDs. If an attacker has the physical access to your system, can steal all your cookies easily to hijack accounts. There are many tools available on the Internet that can make it quicker and easier for an attacker to export all your cookies from the browser. The Google Chrome web browser also saves cookies to a SQLite database file in the user's data folder. One can import that file to SQL Editor software to read all cookies in plain text format. Google's open source project Chromium browser now have a new feat...