The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

With just two days before the presidential election, WikiLeaks late Sunday night published a new trove of emails apparently hacked from the Democratic National Committee (DNC). The most recent dump of more than 8,000 emails came after the whistleblowing site, on a daily basis over last four weeks, has already leaked over 50,000 emails stolen from the key figure in the DNC – Hillary Clinton's campaign chairman John Podesta. However, this time, not everything went as planned by WikiLeaks. WikiLeaks early Monday morning announced on Twitter that shortly after the release of hacked DNC emails the organization was the target of a major Distributed Denial of Service (DDoS) attack. What's more?  Soon after WikiLeaks reported the DDoS attack on its email publication servers, Twitter also went down, and the outage lasts for at least 30 minutes. According to a status monitor, the Twitter outage began at around 6.45am GMT and continued for nearly half an hour, though report...

Almost 20,000 Tesco Bank customers have had their money stolen from their accounts after the banking arm of UK's biggest retailer fall victim to a hacking attack this weekend. As a result of the hack, Tesco Bank has frozen online transactions in an attempt to protect its customers from, what it described as, the " online criminal activity. " However, customers can still use their debit and credit cards for cash withdrawals and card-based payments. Tesco Bank has not disclosed any details of the cyber attack or how accounts had been compromised, but Benny Higgins, chief executive of Tesco, confirmed that the hack affected 40,000 of its 136,000 accounts, half of which had already been used to withdraw money fraudulently over the weekend. The bank would not disclose the total amount stolen from the accounts, but confirmed that the amount stolen was a " big number but not a huge number. " If you have been affected by this incident, don't worry! Higgins has apo...

China has long been known for its strict censorship policies, which has already made it difficult for foreign companies to do business in the world's most populous country of more than 1.35 Billion people. Now, the Chinese government has approved a broad new controversial cybersecurity regulations that would further strengthen the country's censorship regime, making it more difficult for technology companies to operate in the country. Made public on Monday, the legislation, passed by China's rubber-stamp parliament and set to go into effect in June 2017, aims at combating growing threats like hacking and terrorism, but actually comes with data localization, real-name requirements, and surveillance. The Cybersecurity Law requires instant messaging services and other internet operators to force users to register with their real names and personal information, which restricts anonymity of a user online. The proposed law also includes requirements for ' Data Locali...

Indian embassy websites in seven different countries have been hacked, and attackers have leaked personal data, including full name, residential address, email address, passport number and phone number, of Indian citizens living abroad. This incident is extremely worrying because it involves diplomatic personnel working in the embassies that have always been a favorite target of state-sponsored hackers launching cyber espionage campaigns. Security pen-testers who go by the name Kapustkiy and Kasimierz have claimed responsibility for the hack and told The Hacker News that the reason behind the hack was to force administrators to consider the cyber security of their websites seriously. In Pastebin link shared on their Twitter account , the hackers claimed to have hijacked Indian Embassy websites in Switzerland, Italy, Romania, Mali, South Africa, Libya, and Malawi and leaked personal details of hundreds of Indians, including students studying abroad. The pair exploited a si...

On Thursday, we compiled a story based on research published by a British security expert reporting that some cyber criminals are apparently using Mirai Botnet to conduct DDoS attacks against the telecommunication companies in Liberia, a small African country. In his blog post , Kevin Beaumont claimed that a Liberian transit provider confirmed him about the DDoS attack of more than 500 Gbps targeting one undersea cable servicing Internet connectivity for the entire country. Later, some media outlets also confirmed that the DDoS attack caused Internet outage in some parts of the country, citing 'slow Internet' and 'total outage' experienced by some local sources and citizens. "The DDoS is killing our business. We have a challenge with the DDoS. We are hoping someone can stop it. It's killing our revenue. Our business has frequently been targeted" an employee with one Liberian mobile service provider told PC World . Network firm Level 3 confirmed Zack Whittaker ...

Security researchers have discovered a way to target a huge number of Android and iOS apps that could allow them to remotely sign into any victim's mobile app account without any knowledge of the victim. A group of three researchers – Ronghai Yang, Wing Cheong Lau, and Tianyu Liu – from the Chinese University of Hong Kong has found [ PPT ] that most of the popular mobile apps that support single sign-on (SSO) service have insecurely implemented OAuth 2.0. OAuth 2.0 is an open standard for authorization that allows users to sign in for other third-party services by verifying existing identity of their Google, Facebook, or Chinese firm Sina accounts. This process enables users to sign-in to any service without providing additional usernames or passwords. How are app developers required to implement OAuth? (Right Way) When a user logs into a third party app via OAuth, the app checks with the ID provider, let's say, Facebook, that it has correct authentication details. I...