Search results for cyber | Breaking Cybersecurity News | The Hacker News

A U.K. national responsible for his role as the administrator of the now-defunct  iSpoof  online phone number spoofing service has been sentenced to 13 years and 4 months in prison. Tejay Fletcher, 35, of Western Gateway, London, was awarded the sentence on May 18, 2023. He  pleaded guilty  last month to a number of cyber offenses, including facilitating fraud and possessing and transferring criminal property. iSpoof , which was available as a paid service, allowed fraudsters to mask their phone numbers and masquerade as representatives from banks, tax offices, and other official bodies to defraud victims. The help desk scam purported to warn targets of suspicious activity on their accounts and tricked them into disclosing sensitive financial information or transferring money to accounts under the threat actor's control. According to the U.K. Metropolitan Police, the criminals assumed false identities as representatives of various banks such as Barclays, Santander, HSBC, Lloy

A previously undocumented threat actor dubbed  Sandman  has been attributed to a set of cyber attacks targeting telecommunication providers in the Middle East, Western Europe, and the South Asian subcontinent. Notably, the intrusions leverage a just-in-time (JIT) compiler for the Lua programming language known as LuaJIT as a vehicle to deploy a novel implant called LuaDream . "The activities we observed are characterized by strategic lateral movement to specific targeted workstations and minimal engagement, suggesting a deliberate approach aimed at achieving the set objectives while minimizing the risk of detection," SentinelOne security researcher Aleksandar Milenkoski  said  in an analysis published in collaboration with QGroup. "The implementation of LuaDream indicates a well-executed, maintained, and actively developed project of a considerable scale." Neither the campaign nor its tactics have been correlated with any known threat actor or group, although a

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Operation Card Shop : FBI Arrested 24 Credit Card Cyber Criminals The FBI has arrested 24 cybercriminals part of an international law enforcement operation aiming to arrest and prosecute the users of a sting operation called "Carder Profit". The suspects, collared after a two-year investigation dubbed "Operation Card Shop," allegedly stole credit card and banking data and exchanged it with each other online. " We put a major dent in cybercrime ," she said. " This is an unprecedented operation. "In the sting, which they called Operation Card Shop, undercover investigators created an online bazaar to catch buyers and sellers of credit card data and other private financial information. They also aimed at people who clone and produce the physical credit cards that are then used to buy merchandise. Some CarderProfit users apparently learned of the involvement of the feds months ago. A Twitter user with the name @JoshTheGod wrote that "has informants and most likly to be belie

With breaches making the headlines on an almost weekly basis, the cybersecurity challenges we face are becoming visible not only to large enterprises, who have built security capabilities over the years, but also to small to medium businesses and the broader public. While this is creating greater awareness among smaller businesses of the need to improve their security posture, SMBs are often left facing a gap in the market, unable to find security tooling that is both easy for them to use and which they can afford. When we consider the needs of SMBs, we need to focus both on the development of threat intelligence, which is necessary to understand and identify the threats being faced, as well  as the tools used to provide protection . NTTSH has built a pedigree of over 20 years' experience in the research and curation of threat intelligence as well as the development of capabilities and products which leverage its threat intelligence to protect customers. After many years of focus on

Last December, a cyber attack on Ukrainian Electric power grid caused the power outage in the northern part of Kiev — the country's capital — and surrounding areas, causing a blackout for tens of thousands of citizens for an hour and fifteen minutes around midnight. Now, security researchers have discovered the culprit behind those cyber attacks on the Ukrainian industrial control systems. Slovakia-based security software maker ESET and US critical infrastructure security firm Dragos Inc. say they have discovered a new dangerous piece of malware in the wild that targets critical industrial control systems and is capable of causing blackouts. Dubbed " Industroyer " or " CrashOverRide ," the grid-sabotaging malware was likely to be used in the December 2016 cyber attack against Ukrainian electric utility Ukrenergo , which the security firms say represents a dangerous advancement in critical infrastructure hacking. According to the researchers, CrashO

What is the OWASP Top 10, and – just as important – what is it not? In this review, we look at how you can make this critical risk report work for you and your organisation. What is OWASP? OWASP  is the Open Web Application Security Project, an international non-profit organization dedicated to improving web application security.  It operates on the core principle that all of its materials are freely available and easily accessible online, so that anyone anywhere can improve their own web app security. It offers a number of tools, videos, and forums to help you do this – but their best-known project is the OWASP Top 10. The top 10 risks The  OWASP Top 10  outlines the most critical risks to web application security. Put together by a team of security experts from all over the world, the list is designed to raise awareness of the current security landscape and offer developers and security professionals invaluable insights into the latest and most widespread security risks. It al

US ,Israel or Russia , Who is Behind Stuxnet ? Initially After Symantec did a little reverse engineering on the now infamous Stuxnet worm, many started pointing the finger at the US and Israel, especially since it was concluded that the piece of malware was designed to target a specific version of the Siemens SCADA programmable logic controls (PLC) operating in certain nuclear facilities from Iran. Ralph Langner told a conference in California that the malicious software was designed to cripple systems that could help build an Iranian bomb.Mr Langner was one of the first researchers to show how Stuxnet could take control of industrial equipment. Dr. Panayotis A. Yannakogeorgos is a cyber defense analyst with the U.S. Air Force Research Institute. He told the Diplomat that the one weak point in the theory that the US and Israel hit the Iranian nuclear problem with Stuxnet is that both sides denied it when they would not have had to. Yannakogeorgos said that the Russians could have eq

The Cyber Police of Ukraine, in collaboration with law enforcement officials from Czechia, has arrested several members of a cybercriminal gang that set up phishing sites to target European users. Two of the apprehended affiliates are believed to be organizers, with 10 others detained in other territories across the European Union. The suspects are alleged to have created more than 100 phishing portals aimed at users in France, Spain, Poland, Czechia, Portugal, and other nations in the region. These websites masqueraded as online portals offering heavily discounted products below market prices to lure unsuspecting users into placing fake "orders." In reality, the financial information entered on those websites to complete the payments were used to siphon money from the victims' accounts. "For the fraudulent scheme, the participants also created two call centers, in Vinnytsia and in Lviv, and involved operators in their work," the Cyber Police  said . &quo

Super Saturday :  The Hacker News Featured Articles, If you miss Something ! Let's Re-collect all the Featured Recent Interesting Articles of THN, in this post. Hope you Guys will like every news By us. Please share the Links on your Facebook/ Re-tweet on Twitter and everywhere to spread the Cyber Awareness :) The Anonymous : Need of  21st century ! 26 Underground Hacking Exploit Kits available for Download ! [THN] The Hacker News Exclusive Report on Sony 3rd Attack Issue ! Finally Source code of ZeuS Botnet Version: 2.0.8.9 available for Download ! Crimepack 3.1.3 Exploit kit Leaked, available for Download ! You got owned, Exposure about privacy on facebook ! Script that gives hackers access to user accounts floods Facebook Hacker getting WordPress Database Dump with Google Query ! Pakistan Cyber Army got hacked by Indian Cyber Army (Indishell) Facebook Security Update, Protection from Untrustworthy Websites With Web Of Trust (WOT) New Facebook worm propagating :

Gift cards have once again caused quite a headache for retailers, as cyber criminals are using a botnet to break into and steal cash from money-loaded gift cards provided by major retailers around the globe. Dubbed GiftGhostBot , the new botnet specialized in gift card fraud is an advanced persistent bot (APB) that has been spotted in the wild by cyber security firm Distil Networks. GiftGhostBot has been seen attacking almost 1,000 websites worldwide and defrauding legitimate consumers of the money loaded on gift cards since Distil detected the attack late last month. According to the security firm, any website – from luxury retailers, supermarkets to coffee distributors – that allow their customers to buy products with gift cards could be targeted by the botnet. Operators of the GiftGhostBot botnet launch brute-force attacks against retailer's website to check potential gift card account numbers at a rate of about 1.7 Million numbers per hour, and request the balance f

When Ben Franklin famously wrote, " An ounce of prevention is worth a pound of cure ," I'm pretty sure he wasn't warning his readers about the perils of cyber crime. But in today's world of phishing, shoulder-surfing and computer spyware, his advice hits home. It's a sad reality that some people will rip you off if you give them an opportunity. Just as you take safety precautions when handling cash, so should you be vigilant when using credit or debit payment cards for purchases, whether the transaction is in person on online. Here are tips for protecting your account information and avoiding payment card scams: Prevent online intrusions. Use updated anti-virus and anti-spyware software, only download information from trusted sites and don't click pop-up windows or suspicious links in emails. These can all be tricks to install spyware, which can record your keystrokes to obtain account or other confidential information. Use secure websites. When purchasing items online,

A Russian Zeus attacker Sentenced from Million Dollar Fraud  A Russian Hacker, who was part of an elaborate Cyber attack that used Zeus Banking Trojan  in U.S. visas to move cash stolen from U.S. businesses out of the country was sentenced on March 23 to two years in U.S. federal prison. Nikokay Garifulin received a two-year prison term for his involvement in a global bank fraud scheme that used hundreds of phony bank accounts to steal over $3 million from dozens of U.S.accounts that were compromised by malware attacks. According to court documents and statements, Garifulin was part of a cyber bank fraud scheme, backed by Eastern European hackers to steal money from the bank accounts of small and mid-sized businesses throughout the U.S. The cyber attacks included Zeus Trojan, would embed itself in victims' computers and record keystrokes as they logged into their online bank accounts. The hackers responsible for the malware then used the account information to take over the victi

On the same day yesterday, when the US-based telecom giant T-Mobile admitted a data breach , the UK-based telecommunication provider Virgin Media announced that it has also suffered a data leak incident exposing the personal information of roughly 900,000 customers. What happened? Unlike the T-Mobile data breach that involved a sophisticated cyber attack, Virgin Media said the incident was neither a cyber attack nor the company's database was hacked. Rather the personal details of around 900,000 Virgin Media UK-based customers were exposed after one of its marketing databases was left unsecured on the Internet and accessible to anyone without requiring any authentication. "The precise situation is that information stored on one of our databases has been accessed without permission. The incident did not occur due to a hack, but as a result of the database being incorrectly configured," the company said in a note published on its website on Thursday night. Acc

Pak Cyber Army Site Hacked by TriCk ( TeaMp0isoN ) TeaMp0isoN  Hack Pakistan cyber army website ie.  https://pakcyberarmy.net Its a ' Name Server Hijack ' Hack, After that PCA site is down ! Zone-H mirror : https://zone-h.org/mirror/id/12973192 News Source : TeamPoison

Cyber war against Israel have taken very dangerous turn The Cyber war between Egypt and Israel have taken very dangerous turn by setting normal internet users as target for botnet attacks. Since week ago some Egyptian hackers attacked so many Israeli's gov communities and organizations on the internet. Israeli prime minister Netanyahus for example . But yet it wasn't very scary attacks level , as it was far from the normal computer users. In Sudden escalation for the attack level , an Egyptian group launched computer worm which infected about 50000 personal computer in Israel and united states. Despite of my virtual machine security level , it was also infected by the same worm. I (Reuben Rayner) didn't notice that am infected till the attackers launched an exe file which viewed message in the full screen mode. Quits of the attackers message  they started with the word "Anti-Zionism"  " If u can see this message this mean that u either from israel orf

Growing cyber threats, tightening regulatory demands and strict cyber insurance requirements are driving small to medium-sized enterprises demand for strategic cybersecurity and compliance guidance and management. Since most companies this size don't have in-house CISO expertise – the demand for virtual CISO (vCISO) services is also growing. Yet current vCISO services models still rely on manual, humanCISO expertise. This makes these services costly and tough to scale – leaving MSPs, MSSPs and consulting firms unable to add vCISO service to their portfolio or scale their existing vCISO services to meet the growing demand. This is the challenge  Cynomi's Automated vCISO platform  is trying to solve. The company's AI-powered vCISO platform automatically generates everything vCISO service providers need to provide their clients, fully customized for each and every client: risk and compliance assessments, gap analysis, tailored security policies, strategic remediation plans w