The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The non-profit Tor Project has accused the FBI of paying the security researchers of Carnegie Mellon University (CMU) at least $1 Million to disclose the technique they had discovered that could help them… …Unmask Tor users as well as Reveal their IP addresses as part of a criminal investigation. As evidence, the Tor Project points to the cyber attack that it discovered last year in July. The team discovered more than hundred new Tor relays that modified Tor protocol headers to track people who were looking for Hidden Services – web servers hosted on Tor that offers more privacy. The Evidence The unknown attackers used a combination of nodes and exit relays, along with some vulnerabilities in the Tor network protocol that let them uncovered users' real IP addresses. The attack reportedly began in February 2014 and ran until July 2014, when the Tor Project discovered the vulnerability. Within few days, the team updated its software and rolled out new ve...

The US government has charged hackers over the largest ever hacking case in financial history. The US Court of the Southern District of New York has charged three men accused of hacking into many financial institutions, including JPMorgan Chase that, according to the officials, was "the largest theft of user data from a U.S. financial institution in history." JPMorgan Chase is one of the world's biggest banks that controls total assets worth more than $2.59 Trillion . The Hackers targeted at least nine financial institutions between 2012 and mid-2015, including JPMorgan Chase, brokerages and a major business news publication, and stolen information of " over 100 Million customers ," Bloomberg reported Tuesday. The three men, including Gery Shalon , Ziv Orenstein , and Joshua Samuel Aaron were charged with 23 counts, including hacking, identity theft, securities fraud, and money laundering, among others. A separate indictment was also ...

Vulnerabilities are common these days and when we talk about mobile security, this year has been somewhat of a trouble for Android users. Almost every week we come across a new hack affecting Android devices. One of the serious vulnerabilities is the  Stagefright Security Bug , where all it needed to install malicious code on the Android devices was a simple text message. Although Google patched these security holes in its latest Android update, manufacturers can take a long time to release their own updates, and it's even possible that older devices may not get the updates at all. So, even after the release of patches for these critical vulnerabilities, it is difficult to say which Android devices are at risk of what bugs. There is a one-click solution to this problem. One Android app can help educate you and help you know whether your devices is at risk. One-Click Solution to Check Your Device for All Critical Bugs Android Vulnerability Test Suite ( VT...

Since past few years, Ransomware has emerged as one of the catastrophic malware programs that lets hacker encrypts all the contents of a victim's hard drive or/and server and demands ransom (typically to be paid in Bitcoin ) in exchange for a key to decrypt it. Until now cyber criminals were targeting computers, smartphones and tablets, but now it appears they are creating ransomware that makes the same impact but for Web Sites – specifically holding files, pages and images of the target website for Ransom. Dubbed Linux.Encoder.1 by Russian antivirus firm Dr.Web , the new strain of ransomware targets Linux-powered websites and servers by encrypting MySQL, Apache, and home/root folders associated with the target site and asking for 1 Bitcoin ( ~ $300 ) to decrypt the files. The ransomware threat is delivered to the target website through known vulnerabilities in website plugins or third-party software. Must Read: FBI Suggests Ransomware Victims — 'Just Pay th...

ISIS hackers have hacked tens of thousands of Twitter accounts, including the accounts of the members of CIA and the FBI, in revenge for the US drone strike that killed a British ISIS extremist in August. The Cyber Caliphate , a hackers group set up by British ISIS member Junaid Hussain , urged its supporters and followers to hack Twitter accounts in order to take revenge of Husain's death. Over 54,000 Twitter Accounts Hacked! As a result, the hackers were able to hack more than 54,000 Twitter accounts. Most of the victims targeted by Jihadis appear to be based in Saudi Arabia though some of the them are British. One of the victims based in Saudi Arabia, whose Twitter account was compromised by the ISIS extremists, said, "I am horrified at how they got hold of my details." The extremists not only hacked thousands of Twitter accounts, but they also posted hacked personal information, including phone numbers and passwords, of the heads of: The...

The Group of teenage hackers, which previously hacked into the personal email of the CIA director John Brennan and published a large trove of sensitive data, has now had its hands on even more important and presumably secure target. Hackers Accessed Law Enforcement Private Portal The hacking group, Crackas With Attitude ( CWA ), claims it has gained access to a Law Enforcement Portal through which one can access: Arrest records Tools for sharing information about terrorist events and active shooters The system in question is reportedly known as the Joint Automated Booking System ( JABS ), which is only available to the Federal Bureau of Investigation (FBI) and law enforcement. Hackers Gained Access to FBI's Real-Time Chat System Moreover, the hacking group also says it has gained access to another tool that is something like a real-time chat system for the FBI to communicate with other law enforcement agents around the US. Two days ago, CWA published...

Simply put, threat intelligence is knowledge that helps you identify security threats and make informed decisions. Threat intelligence can help you solve the following problems: How do I keep up to date on the overwhelming amount of information on security threats…including bad actors, methods, vulnerabilities, targets, etc.? How do I get more proactive about future security threats? How do I inform my leaders about the dangers and repercussions of specific security threats? Threat Intelligence: What is it? Threat intelligence has received a lot of attention lately. While there are many different definitions, here are a few that get quoted often: Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard. – Gartner   The set of data collected, assessed and app...

The same group of teenage hackers that hacked the AOL email account of the CIA director John Brennan two weeks ago has now hacked into AOL email accounts of the FBI Deputy Director, Mark Giuliano and his wife. Yesterday, Cracka , a member of the teenage hacktivist group known as ' Crackas With Attitude ' (CWA) posted a new trove of information belong to thousands of government employees online; however they claim to have accessed far more than that. The hackers claimed to have obtained the personal information by hacking into AOL email accounts of the Giuliano and his wife. More Than 3,500 Government Employees Doxxed The published information includes more than 3,500 names, email addresses and contact numbers of law enforcement and military personnel. Though the FBI officials couldn't immediately verify the claims, Infowars has confirmed the authenticity of several people listed, which includes everyone from local police officers to FBI and mili...

The Geneva-based encrypted email service ProtonMail was forced to pay a  Ransom of almost $6,000 to stop sustained Denial-of-service (DDoS) attacks that have knocked its service offline since Tuesday. ProtonMail – a full, end-to-end encrypted email service that launched last year – has been dealing with, what it called, the extremely powerful DDoS attack, and is still unavailable at the time of writing. ProtonMail Paid $6,000 to Stop DDoS In an official statement posted on a WordPress blog Thursday, officials of ProtonMail said the powerful DDoS attack by an unknown group of hackers forced them to pay 15 Bitcoins (about $5,850) in exchange for them halting the assault. However, even after paying the ransom amount, the crippling DDoS attacks continued to the ProtonMail service. DDoS Attack Continues Even After Paying Ransom ProtonMail officials said, "We hoped that by paying [ransom], we could spare other companies impacted by the [DDoS] attack again...