The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Why would someone bother to hack a so-called "ultra-secure encrypted database that is being protected behind 13 feet high and 5 feet thick walls," when one can simply fetch a copy of the same data from other sources. French security researcher Baptiste Robert, who goes by the pseudonym "Elliot Alderson" on Twitter, with the help of an Indian researcher, who wants to remain anonymous, discovered that the official website of popular state-owned LPG gas company Indane is leaking personal details of its millions of customers, including their Aadhaar numbers. This is not the first time when an unprotected third-party database has leaked Aadhaar details of Indian citizens, which is a unique number assigned to each citizen as part of India's biometric identity programme maintained by the government's Unique Identification Authority of India (UIDAI). Earlier this week an anonymous Indian researcher initially discovered a loophole in the Indane's online...

Wohooo! Great news for hackers and penetration testers. Offensive Security has just released Kali Linux 2019.1, the first 2019 version of its Swiss army knife for cybersecurity professionals. The latest version of Kali Linux operating system includes kernel up to version 4.19.13 and patches for numerous bugs, along with many updated software, like Metasploit, theHarvester, DBeaver, and more. Kali Linux 2019.1 comes with the latest version of Metasploit (version 5.0) penetration testing tool, which "includes database and automation APIs, new evasion capabilities, and usability improvements throughout," making it more efficient platform for penetration testers. Metasploit version 5.0 is the software's first major release since version 4.0 which came out in 2011. Talking about ARM images, Kali Linux 2019.1 has now once again added support for Banana Pi and Banana Pro that are on kernel version 4.19. "Veyron has been moved to a 4.19 kernel, and the Raspbe...

It's not at all surprising that downloading movies and software from the torrent network could infect your computer with malware, but it's more heartbreaking when a popular, trusted file uploader goes rogue. Popular software cracks/keygens uploader "CracksNow," who had trusted status from many torrent sites, has now been banned from several torrent sites after he was repeatedly found distributing the malware bundled with his uploads. In recent months, according to TorrentFreak , many downloaders complained that the files they downloaded, shared by CracksNow on torrents, found containing GandCrab ransomware and other malware that can do severe damage to computers. Discovered earlier last year, GandCrab is a widespread ransomware threat, like every other ransomware in the market, that encrypts all files on an infected system and blackmails victims to pay a ransom in digital currency to unlock them. GandCrab ransomware was being distributed late last month via a...

It's 2019, and just clicking on a specially crafted URL would have allowed an attacker to hack your Facebook account without any further interaction. A security researcher discovered a critical cross-site request forgery (CSRF) vulnerability in the most popular social media platform that could have been allowed attackers to hijack Facebook accounts by simply tricking the targeted users into clicking on a link. The researcher, who goes by the online alias "Samm0uda," discovered the vulnerability after he spotted a flawed endpoint (facebook.com/comet/dialog_DONOTUSE/) that could have been exploited to bypass CSRF protections and takeover victim's account. "This is possible because of a vulnerable endpoint which takes another given Facebook endpoint selected by the attacker along with the parameters and makes a POST request to that endpoint after adding the fb_dtsg parameter," the researcher says on his blog . "Also this endpoint is located under t...

All these numbers…. "More than 5 billion records from 6,500 data breaches were exposed in 2018" — a report from Risk Based Security says. "More than 59,000 data breaches have been reported across the European since the GDPR came into force in 2018" — a report from DLA Piper says. …came from data breaches that were reported to the public, but in reality, more than half of all data breaches actually go unreported. Just last week, we disclosed the existence of some massive unreported data breaches in two rounds, which a hacker has now started monetizing by selling stolen user databases publicly. Now, a new set of databases containing millions of hacked accounts from several websites has been made available for sale on the dark web marketplace by the same hacker who goes by online alias Gnosticplayers. Gnosticplayers last week made two rounds of stolen accounts up for sale on the popular dark web marketplace called Dream Market , posting details of near...

How do you check if a website asking for your credentials is fake or legit to log in? By checking if the URL is correct? By checking if the website address is not a homograph? By checking if the site is using HTTPS? Or using software or browser extensions that detect phishing domains? Well, if you, like most Internet users, are also relying on above basic security practices to spot if that " Facebook.com " or " Google.com " you have been served with is fake or not, you may still fall victim to a newly discovered creative phishing attack and end up in giving away your passwords to hackers. Antoine Vincent Jebara , co-founder and CEO of password managing software Myki , told The Hacker News that his team recently spotted a new phishing attack campaign "that even the most vigilant users could fall for." Vincent found that cybercriminals are distributing links to blogs and services that prompt visitors to first " login using Facebook acco...

A hacker who was selling details of nearly 620 million online accounts stolen from 16 popular websites has now put up a second batch of 127 million records originating from 8 other sites for sale on the dark web. Last week, The Hacker News received an email from a Pakistani hacker who claims to have hacked dozens of popular websites (listed below) and selling their stolen databases online. During an interview with The Hacker News, the hacker also claimed that many targeted companies have probably no idea that they have been compromised and that their customers' data have already been sold to multiple cyber criminal groups and individuals. Package 1: Databases From 16 Compromised Websites On Sale In the first round, the hacker who goes by online alias "gnosticplayers" was selling details of 617 million accounts belonging to the following 16 compromised websites for less than $20,000 in Bitcoin on dark web marketplace Dream Market : Dubsmash — 162 million acco...