The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The massive hacking attack against Sony Pictures Entertainment has reached a more scarier phase following another huge leak of sensitive, confidential documents revealing celebrity contact details and upcoming film scripts. The so-called Guardians of Peace (GoP) group taking responsibility for the massive hack attack against Sony Pictures Entertainment claimed to have released a new trove of more confidential data including private information of its employees, celebrity phone numbers and their travel aliases, film budgets, upcoming film scripts and many more. By the end of past two weeks before Sony Pictures Entertainment faced cyber attacks that shut down the company's computer system, the group revealed nearly 40 GB of data which contained confidential information of Sony employees such as salaries, addresses, and the US Social Security Numbers. Also, high-quality versions of five newest films distributed by Sony Pictures were also leaked online. On Monday, s...

The Pirate Bay — an infamous Torrent website predominantly used to share copyrighted material such as films, TV shows and music files, free of charge — went dark from the internet on Tuesday after Swedish Police raided the site's server room in Stockholm and seized several servers and other equipment. The piracy site knocked offline worldwide on Tuesday morning and remained unavailable for several hours, but the site appeared back online in the late hours with a new URL hosted under the top-level domain for Costa Rica. Paul Pintér , national coordinator for IP enforcement for the Swedish police, issued only a brief statement on Tuesday, saying that the operation was " a crackdown on a server room in Greater Stockholm" that was "in connection with violations of copyright law. " The raid was also confirmed by Fredrik Ingblad , a prosecutor who specializes in file-sharing cases on behalf of the Swedish government, although he would not share furthe...

Last week Microsoft released its Advance Notification for the month of December 2014 Patch Tuesday Updates, and finally today released a total of seven security bulletins, which will address several vulnerabilities in its products, out of which three are marked 'critical' and rest are 'important' in severity. Last month after a big pile of security patches , the company released an an unusual emergency patch to fix a critical vulnerability in Microsoft Windows Kerberos KBC, authentication system used by default in the operating system, that cybercriminals exploited to compromise whole networks of computers. The three critical bulletins affect Internet Explorer, Office and Windows. All the versions of Microsoft Internet Explorer (IE) are affected except Server Core, which does not include IE. The critical zero-day IE vulnerability (CVE-2014-8967) was discovered by security researcher Arthur Gerkis of Zero Day Initiative (ZDI) in June this year. By explo...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

POODLE , a critical SSL flaw discovered in October that was patched and fixed by webmasters around the world after Google alerted software and hardware vendors, has again made its way and this time the vulnerability affects implementations of the newer Transport Layer Security (TLS) protocol . Yes, the serious POODLE vulnerability that affected the most widely used web encryption standard Secure Sockets Layer (SSL) 3.0 has once again returned and is likely to affect some of the most popular web sites in the world — including those owned or operated by Bank of America, the US Department of Veteran's Affairs, and Accenture. POODLE (Padding Oracle On Downgraded Legacy Encryption) flaw, disclosed two months ago by Google security team, allowed attackers to perform Man-in-the-Middle (MitM) attack in order to intercept traffic between a user's browser and an HTTPS website to decrypt sensitive information, like the user's authentication cookies. Now, the dangerous flaw ...

Security researchers have discovered a highly nasty Linux trojan that has been used by cybercriminals in state sponsored attack in order to steal personal, confidential information from government institutions, military and pharmaceutical companies around the world. A previously unknown piece of a larger puzzle called " Turla ," one of the most complex Advanced Persistent Threats (APTs) uncovered by researchers at Kaspersky Lab in August, remained hidden on some systems for at least four years. The malware was notable for its use of a rootkit that made it extremely hard to detect. The German security company G Data believed that Turla campaign is linked to Russia and has in the past exploited a variety of Windows vulnerabilities, at least two of which were zero-days, to infect government institutions, embassies, military, education, research, and pharmaceutical companies in more than 45 countries. Recently, security researchers from Moscow-based Kaspersky Lab...

Security researchers have discovered a number of critical vulnerabilities in the Java environment of the Google App Engine (GAE) that enables attackers to bypass critical security sandbox defenses. Google App Engine is Google's PaaS (Platform as a Service) Cloud computing Platform for developing and hosting web applications in Google-managed data centers. GAE offers to run custom-built programs using a wide variety of popular languages and frameworks, out of which many are built on the Java environment. The vulnerabilities was reported by Security Explorations, the same security research company that carried out multiple researches related to Java in past. The discovery was announced on the Full Disclosure security mailing list by Adam Gowdiak , founder and CEO of Security Explorations. According to the security firm, the flaws can be exploited by attackers to achieve a complete Java VM security sandbox escape, as well as to execute an arbitrary code. The researchers ...