The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Simply put, threat intelligence is knowledge that helps you identify security threats and make informed decisions. Threat intelligence can help you solve the following problems: How do I keep up to date on the overwhelming amount of information on security threats…including bad actors, methods, vulnerabilities, targets, etc.? How do I get more proactive about future security threats? How do I inform my leaders about the dangers and repercussions of specific security threats? Threat Intelligence: What is it? Threat intelligence has received a lot of attention lately. While there are many different definitions, here are a few that get quoted often: Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard. – Gartner   The set of data collected, assessed and app...

The same group of teenage hackers that hacked the AOL email account of the CIA director John Brennan two weeks ago has now hacked into AOL email accounts of the FBI Deputy Director, Mark Giuliano and his wife. Yesterday, Cracka , a member of the teenage hacktivist group known as ' Crackas With Attitude ' (CWA) posted a new trove of information belong to thousands of government employees online; however they claim to have accessed far more than that. The hackers claimed to have obtained the personal information by hacking into AOL email accounts of the Giuliano and his wife. More Than 3,500 Government Employees Doxxed The published information includes more than 3,500 names, email addresses and contact numbers of law enforcement and military personnel. Though the FBI officials couldn't immediately verify the claims, Infowars has confirmed the authenticity of several people listed, which includes everyone from local police officers to FBI and mili...

The Geneva-based encrypted email service ProtonMail was forced to pay a  Ransom of almost $6,000 to stop sustained Denial-of-service (DDoS) attacks that have knocked its service offline since Tuesday. ProtonMail – a full, end-to-end encrypted email service that launched last year – has been dealing with, what it called, the extremely powerful DDoS attack, and is still unavailable at the time of writing. ProtonMail Paid $6,000 to Stop DDoS In an official statement posted on a WordPress blog Thursday, officials of ProtonMail said the powerful DDoS attack by an unknown group of hackers forced them to pay 15 Bitcoins (about $5,850) in exchange for them halting the assault. However, even after paying the ransom amount, the crippling DDoS attacks continued to the ProtonMail service. DDoS Attack Continues Even After Paying Ransom ProtonMail officials said, "We hoped that by paying [ransom], we could spare other companies impacted by the [DDoS] attack again...

The online hacktivist group Anonymous has followed through on its promise to disclose the identities of hundreds of Ku Klux Klan members. On Monday, Anonymous vowed to release the full info dump of about  1,000 alleged Ku Klux Klan members with a chosen date of 5th of this November. As promised, Anonymous posted a link to a Pastebin account with the names, aliases, Google Plus profiles, Facebook accounts and other identifying information of roughly 1,000 individuals the group believes are members of the Ku Klux Klan. The hackers behind the leak tweeted a link to a Pastebin on a Twitter account, Operation KKK ( @Operation_KKK ) believed to be controlled by them. Ku Klux Klan (KKK) is classified as a White Supremacist Racist group by the Anti-Defamation League and the Southern Poverty Law Center, allegedly having total 5,000 to 8,000 members. "We hope Operation KKK will, in part, spark a bit of constructive dialogue about race, racism, racial terror and fr...

Police have arrested a fourth person, a 16-year-old boy , from London in connection with the high-profile hack of British telecoms giant TalkTalk. The investigating officers from the Metropolitan Police Cyber Crime Unit (MPCCU) arrested the teenager at his home in Norwich on suspicion of Computer Misuse Act offences. TalkTalk was subjected to a ' significant and sustained ' hacking attack on its official website two weeks back, which put the Bank Details and Personally Identifiable Information (PII) of its 4 Million customers at risk. The telco confirmed last week that at most 1.2 Million names, email addresses and phone numbers and around 21,000 unique bank account numbers and sort codes were compromised in the attack. However, TalkTalk said that the stolen credit card details were incomplete, so the payment cards could not be used for any false financial transactions. But, the company advised customers to remain vigilant against financial fraud. S...

Unless we are a human supercomputer, remembering a different password for every different site is not an easy task. But to solve this problem, there is a growing market of best password manager and lockers, which remembers your password for every single account and simultaneously provides an extra layer of protection by keeping them strong and encrypted. However, it seems to be true only until a hacker released a hacking tool that can silently decrypt and extract all usernames, passwords, as well as notes stored by the popular password manager KeePass . Dubbed KeeFarce , the hacking tool is developed by Kiwi hacker Denis Andzakovic and is available on GitHub  for free download. Hackers can execute KeeFarce on a computer when a user has logged into their KeePass vault, which makes them capable of decrypting the entire password archive and then dumping it to a file that attackers can steal remotely. How Does KeeFarce Work? KeeFarce obtains passwords by l...

The China's Google-like Search Engine Baidu is offering a software development kit (SDK) that contains functionality that can be abused to give backdoor-like access to a user's device, potentially exposing around 100 Million Android users to malicious hackers . The SDK in question is Moplus , which may not be directly available to the public but has already made its way into more than 14,000 Android apps, of which around 4,000 are actually created by Baidu. Overall, more than 100 Million Android users, who have downloaded these apps on their smartphones, are in danger. Security researchers from Trend Micro have discovered a vulnerability in the Moplus SDK, called Wormhole , that allows attackers to launch an unsecured and unauthenticated HTTP server connection on affected devices, which works silently in the background, without the user's knowledge. Also Read:   More than 26 Android Phone Models Shipped with Pre-Installed Spyware This unsecured serv...