The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Cybercriminals are known to take advantage of everything that's popular among people in order to spread malware, and Google's official Play Store has always proved no less than an excellent place for hackers to get their job done. Yesterday some users spotted a fake version of the most popular WhatsApp messaging app for Android on the official Google Play Store that has already tricked more than one million users into downloading it. Dubbed Update WhatsApp Messenger , came from an app developer who pretended to be the actual WhatsApp service with the developer title "WhatsApp Inc."—the same title the actual WhatsApp messenger uses on Google Play. You might be wondering how the sneaky app developer was able to use the same title as the legitimate Facebook-owned maker of the messaging client—thanks to a Unicode character space. The app maker added a Unicode character space after the actual WhatsApp Inc. name, which in computer code reads WhatsApp+Inc%C2%A0 .

The Tor Project has made some significant changes to its infrastructure by improving the way the 'onion' network protects its users' privacy and security. Since the beginning, the largest free online anonymity network has been helping users browse the web anonymously, and its onion service provides a network within which encrypted websites can be run anonymously. However, the infrastructure design and encryption behind the service has become little outdated, eventually leaving it vulnerable to potential and resourceful attackers. Tor network has become such a potential target that even Zerodium, a company that acquires and resells zero-day exploits, is ready to pay $1 million for Tor zero-day exploits . Keeping these concerns in mind, the Tor Project has been working to upgrade its infrastructure over the past four years, and the good news is… A few weeks ago, the Tor Project announced the release of Tor 0.3.2.1-alpha that includes support for the next generati

The United States Department of Justice has reportedly gathered enough evidence to charge at least six Russian government officials for allegedly playing a role in hacking DNC systems and leaking information during the 2016 presidential race. Earlier this year, US intelligence agencies concluded that the Russian government was behind the hack and expose of the Democratic National Committee (DNC) emails in order to influence the 2016 presidential election in Donald Trump's favour. Now, citing people familiar with the investigation, the Wall Street Journal reported on Thursday that United States federal prosecutors could bring charges against the alleged unnamed Russian officials early next year. The US federal intelligence investigators also believe that "dozens" of other Russian officials may have also participated in the DNC hack, which was allegedly ordered by Russian President Vladimir Putin himself. However, both Putin and Russian government officials ha

Early in 2024, Wing Security released its State of SaaS Security report , offering surprising insights into emerging threats and best practices in the SaaS domain. Now, halfway through the year, several SaaS threat predictions from the report have already proven accurate. Fortunately, SaaS Security Posture Management (SSPM) solutions have prioritized mitigation capabilities to address many of these issues, ensuring security teams have the necessary tools to face these challenges head-on. In this article, we will revisit our predictions from earlier in the year, showcase real-world examples of these threats in action, and offer practical tips and best practices to help you prevent such incidents in the future. It's also worth noting the overall trend of an increasing frequency of breaches in today's dynamic SaaS landscape, leading organizations to demand timely threat alerts as a vital capability. Industry regulations with upcoming compliance deadlines are demanding similar time-sens

Remember the hacker who claimed to have breached FireEye late July this year? That alleged hacker has been arrested and taken into custody Thursday by international law enforcement, FireEye CEO Kevin Mandia informed the media. Late July, the hacker, whose name has not yet been disclosed, managed to hack the personal online accounts of a ‎Senior Threat Intelligence Analyst at Mandiant—a Virginia-based cybersecurity firm owned by the FireEye—and leaked nearly 32 megabytes of data belonging to Peretz. At that time, the hacker claimed that he had started #LeakTheAnalyst operation that aimed at doxing the security analysts who hunt hackers. The hacker also claimed to have had complete access to the company's internal networks since 2016. "Let's trash their reputation in the field," the hacker said. "It was fun to be inside a giant company named "Mandiant" we enjoyed watching how they try to protect their clients and how their dumb analysts are trying to reve

The Hacker News (THN), the widely-read cybersecurity news source for hackers and technologists, is celebrating its 7th Anniversary today. This is a huge milestone for THN and our team, but this day really belongs to you—our readers. Without you, we would not be here, and we appreciate you for reading, commenting, and sharing our content every day. 7-years ago today we started this website with an aim to provide a dedicated platform to deliver latest cybersecurity news and threat updates for everyone, including students, enthusiasts, technologists, security researchers and hackers as well. Times flies when you are having fun! "Over 6,700 Posts, 33,500 Comments And 293 Million Pageviews" We have always admitted that we do not cover everything, never did, never could, we just cover things that are important to our readers and impact a broader audience. So this is the actual difference between The Hacker News and a full-fledged media outlet. Since November 1, 20

Last month the popular torrent website The Pirate Bay caused some uproar by adding a Javascript-based cryptocurrency miner to its site with no opt-out option, utilizing visitors' CPU power to mine Monero coins in an attempt to gain an extra source of revenue. Now D-Link has been caught doing the same, although there's high chance that its website has been hacked. D-Link's official website for Middle East (www.dlinkmea.com) has been found secretly adding a JavaScript-based cryptocurrency miner, according to a blog post published by security firm Seekurity on Tuesday. Seekurity team was made aware of the issue after Facebook user Ahmed Samir reported that visiting on D-Link Middle East website caused his web browser utilizing a "super high CPU" power usage. As shown in the screenshot below, a separate domain was loaded using a hidden iFrame for each page view, which included the cryptocurrency mining script. Five days after Seekurity team reported th