The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Security researchers at ESET have discovered a new malware campaign targeting consulates, ministries and embassies worldwide to spy on governments and diplomats. Active since 2016, the malware campaign is leveraging a new backdoor, dubbed Gazer , and is believed to be carried out by Turla advanced persistent threat (APT) hacking group that's been previously linked to Russian intelligence. Gazer, written in C++, the backdoor delivers via spear phishing emails and hijacks targeted computers in two steps—first, the malware drops Skipper backdoor, which has previously been linked to Turla and then installs Gazer components. In previous cyber espionage campaigns, the Turla hacking group used Carbon and Kazuar backdoors as its second-stage malware, which also has many similarities with Gazer, according to research [ PDF ] published by ESET. Gazer receives encrypted commands from a remote command-and-control server and evades detection by using compromised, legitimate website...

The highest followers account on Instagram owned by Selena Gomez has recently been hacked with unknown hackers posting a bunch of nude photographs of her ex-boyfriend Justin Bieber on her account. The latest hack is not part of the ongoing Fappening events affecting a majority of celebrities by targeting their iCloud accounts, rather in the case of Selena, some hacker managed to breach her Instagram account and posted Bieber's photos. Bieber's three full-frontal shots of naked photos were visible to Selena's 125 million Instagram followers for a short duration of time, after which her account was swiftly taken down Monday night. A post from Selena's official Instagram account went up Monday showing 3 pics of Bieber with a caption that read: "LOOK AT THIS N***A LIL SHRIMPY." Selena's team has since re-secured her Instagram account, which was back online minutes after it was taken down, with the photos of Bieber deleted. The Bieber nude images...

A massive database of 630 million email addresses used by a spambot to send large amounts of spam to has been published online in what appears to be one of the biggest data dumps of its kind. A French security researcher, who uses online handle Benkow , has spotted the database on an "open and accessible" server containing a vast amount of email addresses, along with millions of SMTP credentials from around the world. The database is hosted on the spambot server in Netherlands and is stored without any access controls, making the data publicly available for anyone to access without requiring any password. According to a blog post published by Benkow, the spambot server, dubbed "Onliner Spambot," has been used to send out spams and spread a banking trojan called Ursnif to users since at least 2016. Ursnif Banking Trojan is capable of stealing banking information from target computers including credit card data, and other personal information like login ...

If you're an engineer and use LabVIEW software to design machines or industrial equipments, you should be very suspicious while opening any VI (virtual instrument) file. LabVIEW, developed by American company National Instruments, is a visual programming language and powerful system-design tool that is being used worldwide in hundreds of fields and provides engineers with a simple environment to build measurement or control systems Security researchers from Cisco's Talos Security Intelligence have discovered a critical vulnerability in LabVIEW software that could allow attackers to execute malicious code on a target computer, giving them full control of the system. Identified as CVE-2017-2779 , the code execution vulnerability could be triggered by opening a specially crafted VI file, a proprietary file format used by LabVIEW. The vulnerability originates because of memory corruption issue in the RSRC segment parsing functionality of LabVIEW. Modulating the values ...

If you reside in China, your Internet life within the borders will soon be even more challenging. Last Friday, China's top Internet regulator announced a new set of rules that would force citizens to post comments using their real-world identities on Internet forums and other web platforms. Yes, you heard that right. Anonymity is about to die in the country. The Cyberspace Administration of China (CAC) will start officially enforcing the new rules starting from October 1, 2017, requiring websites operators and service providers of online forums to request and verify real names and other personal information from users when they register and must immediately report illegal content to the authorities. According to the CAC, the following content would be considered unlawful and forbidden from being published online: Opposing the basic principles as defined in the Constitution Endangering national security Damaging nation's honor and interests Inciting national ha...

Do you believe that just because you have downloaded an app from the official app store, you're safe from malware? Think twice before believing it. A team of security researchers from several security firms have uncovered a new, widespread botnet that consists of tens of thousands of hacked Android smartphones. Dubbed WireX, detected as "Android Clicker," the botnet network primarily includes infected Android devices running one of the hundreds of malicious apps installed from Google Play Store and is designed to conduct massive application layer DDoS attacks. Researchers from different Internet technology and security companies—which includes Akamai, CloudFlare , Flashpoint, Google, Oracle Dyn, RiskIQ, Team Cymru—spotted a series of cyber attacks earlier this month, and they collaborated to combat it. Although Android malware campaigns are quite common these days and this newly discovered campaign is also not that much sophisticated, I am quite impressed wit...

Since most of us rely upon the Internet for day-to-day activities today, hacking and spying have become a prime concern, and so have online security and privacy. The Internet has become a digital universe with websites collecting your sensitive information and selling them to advertisers, hackers looking for ways to steal your data from the ill-equipped networks, websites, and PCs, and government conducting mass surveillance—every model has shifted to data collection. So, what's the solution and how can you protect your privacy, defend against government surveillance and prevent malware attacks? Virtual Private Network —Yes, one of the most efficient solutions to maximize your privacy is to use a secure VPN service. VPN serves as an encrypted tunnel between your computer and destinations you visit on the internet to secure your Internet traffic and protects you from bad guys getting into your network to steal your sensitive data. When choosing a VPN, Private Internet A...