The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

After the wide chain of scandals over US global snooping that seriously damaged the trust on the top U.S. Tech companies, Google and Yahoo! came forward and took initiative to provide more secure, encrypted and NSA-proofed service in an effort to gain their reputation again among its users. Now, Microsoft has also announced several improvements to the encryption used in its online cloud services in order to protect them from cyber criminals, bad actors and prying eyes. The company effort detailed in a blog entry by Matt Thomlinson, Microsoft's Vice President of Trustworthy Computing Security. MICROSOFT'S COMMITMENT Last December, Microsoft promised to protect its users data from government snooping by expanding encryption across its services, reinforcing legal protections for its customers' data and enhancing the transparency of its software code, making it easier for the customers to reassure themselves that its products contain no backdoors. Yesterday's announc...

Gone are the days when cyber criminals focuses only on PCs to spread malwares and target people, whether it's ordinary or a high profile person. Nowadays, organizations in the energy sector have become an interesting target for cyber minds. Few days ago, security researchers uncovered a Stuxnet-like malware, " Havex ", which was also programmed to infect industrial control system software of SCADA systems , with the capability to possibly disable hydroelectric dams, overload nuclear power plants, and even shut down a country's power grid with a single keystroke. RUSSIAN HACKERS HIT 1000 ENERGY FIRMS Recently, a Russian group of hackers known as ' Energetic Bear ' has compromised over 1,000 European and North American energy firms with a sophisticated cyber weapon, similar to Stuxnet, that gave hackers access to power plant control systems, said a security firm. The group of hackers also known as ' Dragonfly ', an eastern European collective that has been active since...

ProtonMail ,  an End-to-End Encrypted email service developed by MIT, Harvard and CERN researchers, who already received over $275,000 from a crowdfunding campaigns to their PayPal account, and was so much excited to launch its beta version, but just before that PayPal freezes their account without any warning. " At this time, it is not possible for ProtonMail to receive or send funds through PayPal, " ProtonMail co-founder Andy Yen announced this morning. " No attempt was made by PayPal to contact us before freezing our account, and no notice was given. " ProtonMail is a new super-secure email service that encrypts the data on the browser before it communicates with the server, this means only encrypted data is stored in the email service servers. GO HOME PAYPAL, YOU ARE DRUNK ProtonMail service is based in Switzerland, so it won't have to comply with American courts' demands to provide users data. But a representative from the American payment service, PayPal ...

In an effort to crackdown on cyber crimes, Microsoft has taken a legal action against a malware network what it thought is responsible for more than 7.4 million infections of Windows PCs across the globe. Millions of legitimate servers that rely on Dynamic Domain Name Service (DDNS) from No-IP.com, owned by Vitalwerks Internet Solutions were blacked out on Monday after Microsoft seized their 23 domain names that were being used by malware developed in the Middle East and Africa. No-IP FOR MALWARE OPERATORS The Dynamic Domain Name Service (DDNS) from No-IP.com works by mapping users' dynamic IP addresses to a customized No-IP sub-domain like yourhost.no-ip.org or yourhost.no-ip.biz. This mechanism allows users to connect to a system with dynamic IP address using a static No-IP sub-domain. No doubt its a useful service, but Nevada-based No-IP Dynamic DNS (DDNS) service subdomains have been abused by creators of malware for infecting millions of computers with ma...

Death is always painful, but its pains compounded considerably if its cause is suicide. When a suicide occurs, we aren't just left with the loss of a person, but we're also left with a legacy of anger, second-guessing, and fearful anxiety. Like in the case of the great Internet Activist Aaron Swartz. Aaron Hillel Swartz , an eclectic persona, was a self-taught programmer, Internet activist, co-founder of the popular social news website Reddit, founder of the organization Demand Progress and an activist who helped create the RSS feed format. In Fact, this isn't enough to define The Internet's Own Boy Aaron Swartz , who crafted the Internet we know today. Aaron Swartz committed suicide last year (when he was just a 26-year-old) after being threatened with the possibility of at least 35-year prison sentence and $4 million in fines by the Court for downloading millions of academic journal articles illegally over the digital library Jstor from MIT, with no bad intention ot...

A Remote code execution (RCE) vulnerability has been discovered in the comment and discussion service, Disqus plugin for the most popular Blogging Platform Wordpress . While there are more than 70 million websites on the Internet currently running WordPress, about 1.3 million of them use the ' Disqus Comment System ' Plugin, making it one of the popular plugins of Wordpress for web comments and discussions. The security team at the security firm Sucuri discovered a critical Remote Code Execution (RCE) flaw while analyzing some custom JSON parser of the Disqus plugin and found that the variable parsing function could allow anyone to execute commands on the server using insecurely coded PHP eval() function. WHO ARE VULNERABLE The Remote Code Execution ( RCE ) Vulnerability could be triggered by a remote attacker, only if it is using following application versions on the server/website. PHP version 5.1.6 or earlier WordPress 3.1.4 or earlier Wordpress Plugin ...