The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

After successful in launching reflection and amplification Distributed Denial-of-Service (DDoS) attacks by abusing various protocols such as DNS, NTP and SMTP, hackers are now abusing Simple Service Discovery Protocol (SSDP) – part of the UPnP protocol standard – to target home and office devices, researchers warned. SSDP is a network protocol based on the Internet Protocol Suite that comes enabled on millions of networked devices, such as computers, printers, Internet gateways, Router / Wi-Fi access points, mobile devices, webcams, smart TVs and gaming consoles, to discover each other and automatically establish working configurations that enable data sharing, media streaming, media playback control and other services. FLAW IN UPnP USED IN AMPLIFICATION DDoS ATTACK Prolexic Security Engineering & Response Team (PLXsert) at Akamai Technologies have issued a warning that the devices use in residential or small office environments are being co-opted into reflection ...

Smart devices are growing at an exponential pace with the increase in connecting devices embedded in cars, retail systems, refrigerators, televisions and countless other things people use in their everyday life, but security and privacy are the key issues for such applications, which still face some enormous number of challenges. Millions of Network-connected electricity meters or Smart meters used in Spain are susceptible to cyberattack by hackers due to lack of basic and essential security controls that could put Millions of homes at risk, according to studies carried out by a pair of security researcher. HACKERS TO CAUSE BLACKOUT AND BILL FRAUD The security vulnerabilities found in the electricity meters could allow an intruder to carry out billing fraud or even shut down electric power to homes and cause blackouts. Poorly protected credentials inside the devices could let attackers take control over the gadgets, warn the researchers. The utility that deployed the...

Facebook is moving a step ahead from others and making its social media service as an information sharing platform in serious situations as well. The social networking giant has announced a new tool, which lets users notify their family and friends that they are safe during or after natural disasters. The tool, named " Safety Check, " will soon be available globally to over 1.32 billion Facebook users on Android, iOS, feature phones and the desktops. The tool is designed to be activated after a natural disaster and by using either the city you lived in or your last location - if you have checked in on “ Nearby Friends ”, it let’s you alert your friends and family that you are safe, while also tracking the status of others. “ In times of disaster or crisis, people turn to Facebook to check on loved ones and get updates, ” wrote the company in a blog post about the feature. “ It is in these moments that communication is most critical both for people in the affected ...

As part of monthly patch update, Microsoft released eight security bulletins on Tuesday that address dozens of vulnerabilities including a zero-day flaw reportedly being exploited by Russian hackers to target NATO computers and a pair of zero-day Windows vulnerabilities that attackers have been exploiting to penetrate major corporations' networks. Just a day before yesterday, our team reported you about a Zero-day vulnerability discovered by the cyber intelligence firm iSight Partners affecting all supported versions of Microsoft Windows and is being exploited in a five-year old cyber-espionage campaign against the Ukrainian government and U.S organisations. Researchers at FireEye found two zero-day flaws, used in separate, unrelated attacks involving exploitation of Windows kernel, just a day after iSight partners disclosed zero-day in Windows. The pair of zero-day vulnerabilities could allow an attacker to access a victim's entire system. According to the res...

Another Heartbleed-like vulnerability has been discovered in the decade old but still widely used Secure Sockets Layer ( SSL ) 3.0 cryptographic protocol that could allow an attacker to decrypt contents of encrypted connections to websites. Google's Security Team revealed on Tuesday that the most widely used web encryption standard SSL 3.0 has a major security vulnerability that could be exploited to steal sensitive data. The flaw affects any product that follows the Secure layer version 3, including Chrome, Firefox, and Internet Explorer. Researchers dubbed the attack as " POODLE ," stands for Padding Oracle On Downgraded Legacy Encryption , which allows an attacker to perform a man-in-the-middle attack in order to decrypt HTTP cookies. The POODLE attack can force a connection to “fallback” to SSL 3.0, where it is then possible to steal cookies, which are meant to store personal data, website preferences or even passwords. Three Google security engineers - Bodo Möll...

Internet users have faced a number of major privacy breaches in last two months. Major in the list are The Fappening , The Snappening and now the latest privacy breach in Dropbox security has gained everybody’s attention across the world. Dropbox , the popular online locker service, appears to have been hacked by an unnamed hacker group. It is still unclear how the account details of so many users were accessed and, indeed, if they are actually legitimate or not. However, the group claims to have accessed details from nearly 7 million individual accounts and are threatening to release users’ photos, videos and other files. HACKERS CLAIMED TO RELEASE 7 MILLION USERS’ PERSONAL DATA A thread surfaced on Reddit today that include links to files containing hundreds of usernames and passwords for Dropbox accounts in plain text. Also a series of posts with hundreds of alleged usernames and passwords for Dropbox accounts have been made to Pastebin, an anonymous information-sha...

Once again a Russian cyber espionage group has gained media attention by exploiting a Zero-day vulnerability in Microsoft’s Windows operating system to spy on the North Atlantic Treaty Organization ( NATO ), Ukrainian and Polish government agencies, and a variety of sensitive European industries over the last year. ZERO-DAY VULNERABILITY IN MICROSOFT WINDOWS Researchers at cyber intelligence firm iSight Partners have discovered a zero-day vulnerability that impacts desktop and server versions of Windows, from Vista and Server 2008 to current versions. They also uncovered a latest cyber-spying campaign - suspected to be based in Russia - that uses this Zero-day vulnerability ( CVE-2014-4114 ) to target government leaders and institutions for nearly five years. The recently detected Russian hacking group is dubbed as " Sandworm Team " by iSIGHT Partners because it found references to the Frank Herbert's " Dune " science fiction series in the malici...