The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A controversial piece of security and maintenance software for Mac OS X computers, known as MacKeeper, has been found to be vulnerable to a critical remote code execution vulnerability. MacKeeper antivirus software for Mac OS X is designed to improve Mac performance and security, but it is infamous for its noisy "clean up your Mac" pop-under ads that stress the need for a system cleanup. If you try to close the ad, the software will prompt you to " Leave Page/Stay on This Page " dialogues. The vulnerability details were disclosed on Friday after the patch release, which allows an attacker to execute remotely malicious commands with root privileges on Mac OS X systems when a victim visits specially crafted Web pages. MacKeeper Versions Earlier to 3.4.1 are Affected The remote code execution flaw, affecting the versions earlier to 3.4.1, caused due to the way MacKeeper malware removal software handles its custom URLs, security researchers at Secure...

Let's be honest, a network attack of any scale is inevitable in today's IT world. Do you have the ability to quickly identify the details of the attack? If your network goes down, your network monitoring tool can tell you what happened, but knowing details about who was vulnerable or why the attack happened is even more valuable. An often overlooked feature of log management software is the ability to conduct forensic analysis of events. Instead of searching for a needle in a haystack, forensic analysis tools can make drilling down to identify details a quick and easy task. SolarWinds Log & Event Manager has cutting-edge IT search for fast and easy forensic analysis. Here are six ways that the forensic analysis feature of Log & Event Manager can help you piece together what really happened. 1) Incident response Say goodbye to complex queries. Conducting forensic analysis, in general, is a quicker and simpler way to do incident response. The faster you...

Why Tor Cloud Project Shuts Down? Yes, you heard that right. The Tor project has announced that it's closing down its Tor Cloud service that allowed users to donate bandwidth for browsing the web anonymously. The Tor Project is a non-profit organization behind the Tor anonymizing network that allows any online user to browse the Internet without the fear of being tracked. And one of its lesser known projects was the Amazon-powered Tor Cloud service. Tor Cloud Project provided a user-friendly way for users to create a "bridge" node on Amazone's Elastic Compute Cloud (EC2) for the Tor network, essentially donating bandwidth to the Tor network in order to help users access an uncensored Internet faster and securely. Launched back in 2011, Tor Cloud Project was a pretty good idea then… ...Why Tor is closing Tor Cloud Service? What could be the reason for the shutdown of Tor Cloud Project? Tor developers were unable to get enough help to maintain the so...

Microsoft just announced in its Ignite 2015 conference in Chicago that Windows 10 is set to be " the last version of Windows. " "Right now [we are] releasing Windows 10, and because Windows 10 is the last version of Windows, [we are] all still working on Windows 10," said Microsoft's developer evangelist Jerry Nixon while speaking at the conference this week. What exactly does it mean? Will Microsoft not launch Windows 11 next? Is Windows 10 actually the end of Microsoft's Windows operating system? These are some questions that were ongoing in the mind of the audience when Nixon gave this statement during his speech. The reaction from Microsoft was really alarming though you do not have to panic, as Windows OS is not dying. Windows 10 — Brand Name of Microsoft's OS For the moment, Microsoft will stick with Windows 10 and focus on smaller and faster updates to its Windows 10 platform, instead of launching new stand-alone ve...

The world of hacking has become more organized and reliable over recent years and so the techniques of hackers. Nowadays, attackers use highly sophisticated tactics and often go to extraordinary lengths in order to mount an attack. And there is something new to the list: A team of developers has created not one, but two pieces of malware that run on an infected computer's graphics processor unit (GPU) instead of its central processor unit (CPU), in order to enhance their stealthiness and computational efficiency. The two pieces of malware: Jellyfish Rootkit for Linux operating system Demon Keylogger The source code of both the Jellyfish Rootkit and the Demon keylogger, which are described as proof-of-concepts malware, have been published on Github. Until now, security researchers have discovered nasty malware running on the CPU and exploiting the GPU capabilities in an attempt to mine cryptocurrencies such as Bitcoins. However, these two malware co...

More than 95 percent of enterprise SAP installations exposed to high-severity vulnerabilities that could allow attackers to hijack a company's business data and processes, new research claims entirely. According to a new assessment released by SAP (short for Systems, Applications & Products) solutions provider Onapsis , the majority of cyber attacks against SAP applications in the enterprise are: Pivots - Pivoting from a low to high integrity systems in order to execute remote function modules. Database Warehousing - Exploiting flaws in the SAP RFC Gateway to execute admin privilege commands in order to obtain or modify information in SAP databases. Portal Attacks - Creating J2EE backdoor accounts by exploiting vulnerabilities to gain access to SAP portals and other internal systems. More than 250,000 SAP business customers worldwide, including 98 percent of the 100 most valued brands, are vulnerable for an average of 18 months period from when vulnerabilit...