#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Search results for black hat | Breaking Cybersecurity News | The Hacker News

Why you should try to join some of the underground hacker forums that are out there

Why you should try to join some of the underground hacker forums that are out there

Dec 05, 2012
Even if you are considered to be a white hat hacker, you are always still walking a fine line between being a bad guy and a good guy in many people eyes. There are a lot of people out there who believe that there should be no hacking at all being done and everyone who does it should be considered a criminal. Of course that is a very small myopic view of how being a white hat hacker really works but there is always going to be an element of that kind of thought out there. There are just a lot of people out there who believe that if you ban hacking outright that it will never be done. And that is simply just not true and is a pure fantasy. But if you really want to be a good and effective white hat hacker, then there are some elements about the other side that you should really get to know. If you want to be able to beat your enemies then you should be able to figure out how they operate. It is not enough for you to be able to take a look at their attacks and try to study their patterns
Morocco’s militant hackers Out now !

Morocco's militant hackers Out now !

Oct 31, 2010
They are militant hackers who have attacked sites in Egypt, Morocco, Spain, Israel... Their screen messages have been likened to messages on banners hoisted by demonstrators in protest or support of political, social or even religious ideologies. The group is very active in Morocco, from where they have often hacked into sensitive security systems. Sitting behind their computer screens, they meticulously encode and decode IT security systems in search of the slightest miscalculation in order to launch an attack. Widely known as hackers in Morocco, they have gone haywire and are relentless in their efforts to penetrate into both local and foreign sites. Egypt, Kuwait and Israel have all fallen victim to their devices. But these are not some casual credit card thieves. They fall into a new category of activists known as "hacktivists". And while the oil that keeps the wheels of this underground movement rolling is the Internet, it is their ideological beliefs t
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Security researchers will disclose vulnerabilities in Embedded, ARM, x86 & NFC

Security researchers will disclose vulnerabilities in Embedded, ARM, x86 & NFC

Jul 24, 2012
Security researchers are expected to disclose new vulnerabilities in near field communication (NFC), mobile baseband firmware, HTML5 and Web application firewalls next week at the Black Hat USA 2012 security conference. The Black Hat session aim to expose sometimes shocking vulnerabilities in widely used products. They also typically show countermeasures to plug the holes. Two independent security consultants will give a class called " Advanced ARM exploitation ," part of a broader five-day private class the duo developed. In a sold-out session, they will detail hardware hacks of multiple ARM platforms running Linux, some described on a separate blog posting. The purpose of the talk is to reach a broader audience and share the more interesting bits of the research that went into developing the Practical ARM Exploitation and presenters Stephen Ridley and Stephen Lawler demonstrate how to defeat XN, ASLR, stack cookies, etc. using nuances of the ARM architecture on Linux. I
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
8 Popular Courses to Learn Ethical Hacking – 2018 Bundle

8 Popular Courses to Learn Ethical Hacking – 2018 Bundle

Oct 19, 2018
Update (Oct 2018) — Over 30,000 students from all around the world have joined this training program so far. Due to the growing number of threats in the computer world, ethical hackers have become the most important player for not only governments but also private companies and IT firms in order to safeguard their systems and networks from hackers trying to infiltrate them. By 2020, employment in all information technology occupations is expected to increase by 22 percent, where demand for ethical hackers and IT security engineers will be the strongest. So, it's high time that you should start preparing yourself in the field of ethical hacking. Although there are many popular and best online courses available in the market, you can't learn everything from a single book or a course. Good news, we bring an amazing deal of this month for our readers, known as The Ultimate White Hat Hacker 2018 Bundle online hacking bundle, where you can get hacking courses for as litt
zAnti Pentester’s Worldcup tournament open for Hackers

zAnti Pentester's Worldcup tournament open for Hackers

Jun 24, 2012
zAnti Pentester's Worldcup tournament open for Hackers Today is a great day to be a security enthusiastic since Zimperium kicked off the first ever penetration testing tournament. — Welcome to the Pentester's Worldcup ! Zimperium , a mobile security software start-up was founded by Itzhak " Zuk " Avraham, a world-renowned white-hat hacker, in 2011. The Pentester's World Cup is part of Zimperium's efforts to increase awareness about mobile security, and simultaneously enhance the security of its range of award-winning products. You may recall Anti, The first comprehensive Penetration Testing software offered on Smartphones, Zimperium created a killer mobile app that is so simple to use, any technical person is able to perform pentest on his network to get status of which devices that are attached to the network are vulnerable, what ports are opened and additional information that is a must have for anyone who cares about the safety on his network. Last year at DEFCON, Avraham, also
ICANN Hires Def Con Founder Jeff Moss as Security Chief !

ICANN Hires Def Con Founder Jeff Moss as Security Chief !

Apr 30, 2011
ICANN Hires Def Con Founder Jeff Moss as Security Chief ! Jeff Moss, the hacker better known as " The Dark Tangent ," has been named Vice President and Chief Security Officer of ICANN, the non-profit corporation that manages the Internet's names and numbering infrastructure. He is the founder of DEF CON, the world's largest conference for hackers, as well as the Black Hat security conference. A phone phreaker in his youth, Moss has recently worked as a white hat hacker, working to secure networks from attack. "He has the in-depth insider's knowledge that can only come from fighting in the trenches of the on-going war against cyber threats," said ICANN president Rod Beckstrom in a statement. Moss is well known for having created the game "Spot the Fed" in which a hacker who thinks he's identified an undercover federal agent in the crowd at DEF CON can point him out, make his case, and if the crowd agrees, take home a coveted "I Spotted The Fed at DEF CON" t-shirt. D
Hackers Stole $32 Million in Ethereum; 3rd Heist in 20 Days

Hackers Stole $32 Million in Ethereum; 3rd Heist in 20 Days

Jul 20, 2017
An unknown hacker has just stolen nearly $32 million worth of Ethereum – one of the most popular and increasingly valuable cryptocurrencies – from Ethereum wallet accounts linked to at least three companies that seem to have been hacked. This is the third Ethereum cryptocurrency heist that came out two days after an alleged hacker stole $7.4 million worth of Ether from trading platform CoinDash, and two weeks after an unknown attacker hacked into South Korean cryptocurrency exchange Bithumb and stole more than $1 Million in Ether and Bitcoins from user accounts. On Wednesday, Smart contract coding company Parity issued a security alert , warning of a critical vulnerability in Parity's Ethereum Wallet software, which is described as "the fastest and most secure way of interacting with the Ethereum network." Exploiting the vulnerability allowed attackers to compromise at least three accounts and steal nearly 153,000 units of Ether worth just almost US$32 million
SNDBOX: AI-Powered Online Automated Malware Analysis Platform

SNDBOX: AI-Powered Online Automated Malware Analysis Platform

Dec 05, 2018
Looking for an automated malware analysis software? Something like a 1-click solution that doesn't require any installation or configuration…a platform that can scale up your research time… technology that can provide data-driven explanations… well, your search is over! Israeli cybersecurity and malware researchers today at Black Hat conference launch a revolutionary machine learning and artificial intelligence-powered malware researcher platform that aims to help users identify unknown malware samples before they strike. Dubbed SNDBOX , the free online automated malware analysis system allows anyone to upload a file and access its static, dynamic and network analysis in an easy-to-understand graphical interface. The loss due to malware attacks is reported to be more than $10 billion every year, and it's increasing. Despite the significant improvement of cyber security mechanisms, malware is still a powerful and effective tool used by hackers to compromise systems because of
Facebook distributing White Hat Debit Card to Bug Bounty Winners

Facebook distributing White Hat Debit Card to Bug Bounty Winners

Jan 01, 2012
Facebook distributing White Hat Debit Card to Bug Bounty Winners Polish IT security portal Niebezpiecznik.pl, which recently published an image of a bug bounty card given to Szymon Gruszecki, a Polish security researcher and penetration tester. Neal Poole, a junior at Brown University, has reported close to a dozen flaws to Facebook, and also recently received a White Hat card. Poole has earned cash reporting flaws to Google and Mozilla. Charlie Miller, Announced - Best White Hat Hacker of Year at  The Hacker News Awards  2011 and a Researcher & former hacker who has become an information security consultant now working with the Department of Defense (DOD) and helping out with cyber security, better known for finding holes in iOS 5 and Safari than Facebook, also has received a White Hat card. " Facebook whitehat card not as prestigious as the SVC card, but very cool ;) Fun way to implement no more free bugs ," he tweeted. Security researchers are getting a customized
International Association of Chiefs of Police Investigators Owned by Anonymous Hackers

International Association of Chiefs of Police Investigators Owned by Anonymous Hackers

Nov 20, 2011
International Association of Chiefs of Police Investigators Owned by Anonymous Hackers The Antisec wing of Anonymous has come out with another document release in its ongoing assault on law enforcement. A Special Agent Supervisor of the CA Department of Justice is the latest victim of Anonymous who claims that their operations against the FBI succeeded once again after managing to hack two of his Gmail accounts. Anonymous hackers broke into two of Bacalagan's gmail accounts, his text message logs and his Google Voice voicemails, then dumped the whole thing on to a website and The Pirate Bay . Baclagan was a special agent supervisor at the Department of Justice specializing in cybercrime, and his emails contain thousands of correspondences from the private listserv of the International Association of Computer Investigative Specialists, spanning 2005 to 2011. So, any black hat hackers looking for tips on how to avoid being busted might want to scour the archive, which provides es
War Texting : Hackers Unlock Car Doors Via SMS

War Texting : Hackers Unlock Car Doors Via SMS

Jul 28, 2011
War Texting : Hackers Unlock Car Doors Via SMS Don Bailey and Mathew Solnik, Two hackers have found a way to unlock cars that use remote control and telemetry systems like BMW Assist, GM OnStar, Ford Sync, and Hyundai Blue Link. These systems communicate with the automaker's remote servers via standard standard mobile networks like GSM and CDMA — and with a clever bit of reverse engineering, the hackers were able to pose as these servers and communicate directly with a car's on-board computer via " war texting " — a riff on "war driving," the act of finding open wireless networks. Don Bailey and Mathew Solnik, both employees of iSEC Partners, will deliver their findings at next week's Black Hat USA conference in Las Vegas in a briefing entitled " War Texting: Identifying and Interacting with Devices on the Telephone Network. " The exact details of the attack won't be disclosed until the affected manufacturers have had a chance to fix their systems, and the hackers are not expected
CryptoPHP Backdoor Hijacks Servers with Malicious Plugins & Themes

CryptoPHP Backdoor Hijacks Servers with Malicious Plugins & Themes

Nov 24, 2014
Security researchers have discovered thousands of backdoored plugins and themes for the popular content management systems (CMS) that could be used by attackers to compromise web servers on a large scale. The Netherlands-based security firm Fox-IT has published a whitepaper revealing a new Backdoor named "CryptoPHP . " Security researchers have uncovered malicious plugins and themes for WordPress, Joomla and Drupal . However, there is a slight relief for Drupal users, as only themes are found to be infected from CryptoPHP backdoor. In order to victimize site administrators, miscreants makes use of a simple social engineering trick. They often lured site admins to download pirated versions of commercial CMS plugins and themes for free. Once downloaded, the malicious theme or plugin included backdoor installed on the admins' server. "By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is
Microsoft BlueHat Security contest - Mega Prize $250,000

Microsoft BlueHat Security contest - Mega Prize $250,000

Aug 04, 2011
Microsoft BlueHat Security contest - Mega Prize $250,000 Microsoft today launched a $250,000 contest for researchers who develop defensive security technologies that deal with entire classes of exploits. The total cash awards for Microsoft's " BlueHat Prize " contest easily dwarfs any bug bounty that's been given by rivals. The company announced the contest as this year's Black Hat security conference got under way today in Las Vegas. " We want to make it more costly and difficult for criminals to exploit vulnerabilities, " said Katie Moussouris, a senior security strategist lead at Microsoft, in a news conference today. " We want to inspire researchers to focus their expertise on defensive security technologies. "  " Overall, it seemed to us that to take an approach to block entire classes was the best way to engage with the research community and protect customers ," said Moussouris. WHAT IS THE CONTEST? The inaugural Microsof
Holiday deals can really be hiding hacker surprises

Holiday deals can really be hiding hacker surprises

Dec 17, 2012
It is that time of year which everybody loves. It is the holiday season and you will start to see a lot more people express good attitudes and wish everyone else a happy new year. As a matter of fact it may be hard to think that with all of this much goodwill in the air there is someone out there who is trying to take advantage of that. But the fact is no matter what time of year it is there are always going to be bad guys around every corner and they will try to stalk their prey at anytime. It does not matter what time of year it is, the bad guys like to work all year round and you always have to be on the lookout for them. As a matter of fact this time of year is a very good time when it comes to black hat hackers . This is because there are so many people online around this time and they are looking for a bunch of deals for their Christmas shopping. The retailers really go full throttle around this time of year and they want to be able to make as much money as they can. This t
Governments are not standing to the side anymore

Governments are not standing to the side anymore

Dec 22, 2012
We have seen for the past couple years the cyber wasteland become something that is not dominated by young ambitious hackers anymore. The age of the Wild West is over and the big boys want a piece of the action. With so many infrastructures connected to the web these days it is only natural for more powerful and interested concerns to take their skills to the web. We are seeing the beginnings of true cyber war and it is something that is not going to be stop anytime soon. In the past, what we have seen mostly is governments stay behind the scenes and do defense when it comes to the cyber war. If the government did go on the offensive it would be in secret only discovered when some security firm would get lucky and find some code that would hint to government influence . But these days it is not like that anymore. Everyone knows that the governments of the world are going all out when it comes to cyber war. And the worst part about it is that when it comes to regular civilian
Be Aware Hacker - Honeypots now in India trap to lure hackers !

Be Aware Hacker - Honeypots now in India trap to lure hackers !

Jan 03, 2011
Decoys have been present in each and every culture, to capture the unknown as well as the known defaulters. The honey, which was used in turning the heads of bears that we used to find in jungles, well the same honey, but in a revisited version is being implemented and used here and has already proven worthy of its existence. This type of honey lures in a different kind of bears. The bears those are present in the cyber jungle. Yes, we are talking of the black hat hackers which are hell bent on intruding your file systems and scratching out info. Read Complete Tutorial and Guide on Honeypots : Honeypot / Honeynet - Tracking the Hackers ! (Video Tutorial for setup & Usage) : Indian Cyber Army So, we are now going to discuss this very new and amazing feature, which only a few of the countries in world stand to have, including ours. Explaining with examples is always easy. Recently, a very famous Turkish hacker was busted using these techniques of Honeypot. The hacker was
Peace deal between Indian Cyber Army and Pakistan Cyber Army !

Peace deal between Indian Cyber Army and Pakistan Cyber Army !

Dec 13, 2010
Peace deal between Indian Cyber Army and Pakistan Cyber Army C00lt04d  [ ICA ] has given a Statement :  Hello all... C00lt04d here i think everyone know what's happening out there we here were Defacing Pakistani sites.. and on that side Pakistanis were hacking ours... This has gone too far that both the governments are involved in this and they are taking down every black hat activity out here I think every1 have heard how that Adil got arrested by FIA for hacking into their own Government site we don't want this happen to every other hacker out here.... Lets keep the fight As Hackers vs anti-humanity ... and stop the fight between each other....at least for few days Also we know People like Amar Jeet singh are raging cyber war between Rival countries so i suggest all the Hackers Indian And Pakistani to lets move to these guys First and also move our attacks to Third World countries So that the things will settle down here also take
Hacker reported vulnerability in Kaspersky website; Demonstrated malware spreading technique

Hacker reported vulnerability in Kaspersky website; Demonstrated malware spreading technique

Aug 23, 2013
The cyber Security Analyst  ' Ebrahim Hegazy ' (@Zigoo0) Consultant at Q-CERT has found an " Unvalidated Redirection Vulnerability " in the website of the giant security solutions vendor "Kaspersky". Ebrahim, who found a SQL Injection in " Avira " website last month, this time he found a Unvalidated Redirection Vulnerability that could be exploited for various purposes such as: Cloned websites ( Phishing pages) It could also be used by Black Hats for Malware spreading In the specific case what is very striking is that the link usable for the attacks is originated by a security firm like Kaspersky with serious consequences. Would you trust a link from your security vendor? Absolutely Yes! But imagine your security vendor is asking you to download a malware! To explain how dangerous the situation is when your security vendor is vulnerable, Ebrahim Hegazy sent me a video explaining the malware spreading scenario to simulate
5 Reasons Why Programmers Should Think like Hackers

5 Reasons Why Programmers Should Think like Hackers

Dec 16, 2019
Programming has five main steps: the identification and definition of the problem, the planning of the solution for the problem, coding of the program, testing, and documentation. It's a meticulous process that cannot be completed without going through all the essential points. In all of these, security must be taken into account. As you come up with a solution to the problem and write the code for it, you need to make sure security is kept intact. Cyber attacks are becoming more and more prevalent, and the trend is unlikely to change in the foreseeable future. As individuals, businesses, organizations, and governments become more reliant on technology, cybercrime is expected to only grow. Most of what people do in contemporary society involves the internet, computers, and apps/software. It's only logical for programmers to be mindful of the security aspect of making applications or software. It's not enough for programmers to produce something that works. After
Cybersecurity Resources