Search results for cyber | Breaking Cybersecurity News | The Hacker News

US ,Israel or Russia , Who is Behind Stuxnet ? Initially After Symantec did a little reverse engineering on the now infamous Stuxnet worm, many started pointing the finger at the US and Israel, especially since it was concluded that the piece of malware was designed to target a specific version of the Siemens SCADA programmable logic controls (PLC) operating in certain nuclear facilities from Iran. Ralph Langner told a conference in California that the malicious software was designed to cripple systems that could help build an Iranian bomb.Mr Langner was one of the first researchers to show how Stuxnet could take control of industrial equipment. Dr. Panayotis A. Yannakogeorgos is a cyber defense analyst with the U.S. Air Force Research Institute. He told the Diplomat that the one weak point in the theory that the US and Israel hit the Iranian nuclear problem with Stuxnet is that both sides denied it when they would not have had to. Yannakogeorgos said that the Russians could have eq

The Cyber Police of Ukraine, in collaboration with law enforcement officials from Czechia, has arrested several members of a cybercriminal gang that set up phishing sites to target European users. Two of the apprehended affiliates are believed to be organizers, with 10 others detained in other territories across the European Union. The suspects are alleged to have created more than 100 phishing portals aimed at users in France, Spain, Poland, Czechia, Portugal, and other nations in the region. These websites masqueraded as online portals offering heavily discounted products below market prices to lure unsuspecting users into placing fake "orders." In reality, the financial information entered on those websites to complete the payments were used to siphon money from the victims' accounts. "For the fraudulent scheme, the participants also created two call centers, in Vinnytsia and in Lviv, and involved operators in their work," the Cyber Police  said . &quo

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Super Saturday :  The Hacker News Featured Articles, If you miss Something ! Let's Re-collect all the Featured Recent Interesting Articles of THN, in this post. Hope you Guys will like every news By us. Please share the Links on your Facebook/ Re-tweet on Twitter and everywhere to spread the Cyber Awareness :) The Anonymous : Need of  21st century ! 26 Underground Hacking Exploit Kits available for Download ! [THN] The Hacker News Exclusive Report on Sony 3rd Attack Issue ! Finally Source code of ZeuS Botnet Version: 2.0.8.9 available for Download ! Crimepack 3.1.3 Exploit kit Leaked, available for Download ! You got owned, Exposure about privacy on facebook ! Script that gives hackers access to user accounts floods Facebook Hacker getting WordPress Database Dump with Google Query ! Pakistan Cyber Army got hacked by Indian Cyber Army (Indishell) Facebook Security Update, Protection from Untrustworthy Websites With Web Of Trust (WOT) New Facebook worm propagating :

Gift cards have once again caused quite a headache for retailers, as cyber criminals are using a botnet to break into and steal cash from money-loaded gift cards provided by major retailers around the globe. Dubbed GiftGhostBot , the new botnet specialized in gift card fraud is an advanced persistent bot (APB) that has been spotted in the wild by cyber security firm Distil Networks. GiftGhostBot has been seen attacking almost 1,000 websites worldwide and defrauding legitimate consumers of the money loaded on gift cards since Distil detected the attack late last month. According to the security firm, any website – from luxury retailers, supermarkets to coffee distributors – that allow their customers to buy products with gift cards could be targeted by the botnet. Operators of the GiftGhostBot botnet launch brute-force attacks against retailer's website to check potential gift card account numbers at a rate of about 1.7 Million numbers per hour, and request the balance f

When Ben Franklin famously wrote, " An ounce of prevention is worth a pound of cure ," I'm pretty sure he wasn't warning his readers about the perils of cyber crime. But in today's world of phishing, shoulder-surfing and computer spyware, his advice hits home. It's a sad reality that some people will rip you off if you give them an opportunity. Just as you take safety precautions when handling cash, so should you be vigilant when using credit or debit payment cards for purchases, whether the transaction is in person on online. Here are tips for protecting your account information and avoiding payment card scams: Prevent online intrusions. Use updated anti-virus and anti-spyware software, only download information from trusted sites and don't click pop-up windows or suspicious links in emails. These can all be tricks to install spyware, which can record your keystrokes to obtain account or other confidential information. Use secure websites. When purchasing items online,

A Russian Zeus attacker Sentenced from Million Dollar Fraud  A Russian Hacker, who was part of an elaborate Cyber attack that used Zeus Banking Trojan  in U.S. visas to move cash stolen from U.S. businesses out of the country was sentenced on March 23 to two years in U.S. federal prison. Nikokay Garifulin received a two-year prison term for his involvement in a global bank fraud scheme that used hundreds of phony bank accounts to steal over $3 million from dozens of U.S.accounts that were compromised by malware attacks. According to court documents and statements, Garifulin was part of a cyber bank fraud scheme, backed by Eastern European hackers to steal money from the bank accounts of small and mid-sized businesses throughout the U.S. The cyber attacks included Zeus Trojan, would embed itself in victims' computers and record keystrokes as they logged into their online bank accounts. The hackers responsible for the malware then used the account information to take over the victi

On the same day yesterday, when the US-based telecom giant T-Mobile admitted a data breach , the UK-based telecommunication provider Virgin Media announced that it has also suffered a data leak incident exposing the personal information of roughly 900,000 customers. What happened? Unlike the T-Mobile data breach that involved a sophisticated cyber attack, Virgin Media said the incident was neither a cyber attack nor the company's database was hacked. Rather the personal details of around 900,000 Virgin Media UK-based customers were exposed after one of its marketing databases was left unsecured on the Internet and accessible to anyone without requiring any authentication. "The precise situation is that information stored on one of our databases has been accessed without permission. The incident did not occur due to a hack, but as a result of the database being incorrectly configured," the company said in a note published on its website on Thursday night. Acc

Pak Cyber Army Site Hacked by TriCk ( TeaMp0isoN ) TeaMp0isoN  Hack Pakistan cyber army website ie.  https://pakcyberarmy.net Its a ' Name Server Hijack ' Hack, After that PCA site is down ! Zone-H mirror : https://zone-h.org/mirror/id/12973192 News Source : TeamPoison

Cyber war against Israel have taken very dangerous turn The Cyber war between Egypt and Israel have taken very dangerous turn by setting normal internet users as target for botnet attacks. Since week ago some Egyptian hackers attacked so many Israeli's gov communities and organizations on the internet. Israeli prime minister Netanyahus for example . But yet it wasn't very scary attacks level , as it was far from the normal computer users. In Sudden escalation for the attack level , an Egyptian group launched computer worm which infected about 50000 personal computer in Israel and united states. Despite of my virtual machine security level , it was also infected by the same worm. I (Reuben Rayner) didn't notice that am infected till the attackers launched an exe file which viewed message in the full screen mode. Quits of the attackers message  they started with the word "Anti-Zionism"  " If u can see this message this mean that u either from israel orf

Growing cyber threats, tightening regulatory demands and strict cyber insurance requirements are driving small to medium-sized enterprises demand for strategic cybersecurity and compliance guidance and management. Since most companies this size don't have in-house CISO expertise – the demand for virtual CISO (vCISO) services is also growing. Yet current vCISO services models still rely on manual, humanCISO expertise. This makes these services costly and tough to scale – leaving MSPs, MSSPs and consulting firms unable to add vCISO service to their portfolio or scale their existing vCISO services to meet the growing demand. This is the challenge  Cynomi's Automated vCISO platform  is trying to solve. The company's AI-powered vCISO platform automatically generates everything vCISO service providers need to provide their clients, fully customized for each and every client: risk and compliance assessments, gap analysis, tailored security policies, strategic remediation plans w

Threat actors associated with North Korea are  continuing  to  target  the cybersecurity community using a zero-day bug in an unspecified software over the past several weeks to infiltrate their machines. The findings come from Google's Threat Analysis Group (TAG), which found the adversary setting up fake accounts on social media platforms like  X  (formerly Twitter) and  Mastodon  to forge relationships with potential targets and build trust. "In one case, they carried on a months-long conversation, attempting to collaborate with a security researcher on topics of mutual interest," security researchers Clement Lecigne and Maddie Stone  said . "After initial contact via X, they moved to an encrypted messaging app such as Signal, WhatsApp, or Wire." The social engineering exercise ultimately paved the way for a malicious file containing at least one zero-day in a popular software package. The vulnerability is currently in the process of being fixed. The payload, for its part, perf

Although the number of malicious browser extensions has significantly increased in the past years, but recently a new extension of the Google Chrome is allegedly targeting Cryptocurrency users that is capable of stealing Bitcoins and other crypto coins silently. The malicious Chrome browser extension dubbed as ' Cryptsy Dogecoin (DOGE) Live Ticker ' which is available on Chrome Web store for free downloads and developed by " TheTrollBox " account. Reddit user noticed that the updated version of the extension has a malicious code, which is designed to hijack the crypto currency transactions. HOW CHROME EXTENSION STEALS CRYPTOCURRENCY It is very obvious that the kind of crypto related software extensions is downloaded only by the users who deal with the digital currency. So, once the user installed the malicious extension, the software within the extension starts monitoring users' web activity and looks for those users who go to Cryptocurrency exchange sites s

The popular cyber security and antivirus company Kaspersky has unveiled its new hack-proof operating system: Kaspersky OS . The new operating system has been in development for last 14 years and has chosen to design from scratch rather than relying on Linux. Kaspersky OS makes its debut on a Kraftway Layer 3 Switch , CEO Eugene Kaspersky says in his blog post , without revealing many details about its new operating system. The Layer of 3-switch is the very first tool for running the Kaspersky OS, which is designed for networks with extreme requirements for data security and aimed at critical infrastructure and Internet of Things (IoT) devices. What's new in Kaspersky OS than others? Kaspersky OS is based on Microkernel Architecture: The new secure OS is based on microkernel architecture that enables users to customize their own operating system accordingly. So, depending on a user's specific requirements, Kaspersky OS can be designed by using different modifica

Visibility into an environment attack surface is the fundamental cornerstone to sound security decision making. However, the standard process of 3rd party threat assessment as practiced today is both time consuming and expensive. Cynet changes the rules of the game with a free threat assessment offering based on more than 72 hours of data collection and enabling organizations to benchmark their security posture against their industry vertical peers and take actions accordingly. Cynet Free Threat Assessment (available for organizations with 300 endpoints and above) spotlights critical, exposed attack surfaces and provides actionable knowledge of attacks that are currently alive and active in the environment: ➤ Indication of live attacks: active malware, connection to C&C, data exfiltration, access to phishing links, user credential theft attempts and others: ➤ Host and app attack surfaces: unpatched vulnerabilities rated per criticality: ➤ Benchmark comparing

In past months, we have reported about critical vulnerabilities in many wireless Routers including Netgear, Linksys,  TP-LINK, Cisco, ASUS, TENDA and more vendors, installed by millions of home users worldwide. Polish Computer Emergency Response Team (CERT Polska) recently noticed a large scale cyber attack ongoing campaign aimed at Polish e-banking users. Cyber criminals are using known router vulnerability which allow attackers to change the router's DNS configuration remotely so they can lure users to fake bank websites or can perform Man-in-the-Middle attack. ' After DNS servers settings are changed on a router, all queries from inside the network are forwarded to rogue servers. Obviously the platform of a client device is not an issue, as there is no need for the attackers to install any malicious software at all. ' CERT Polska researchers said. That DNS Hijacking trick is not new, neither most of the router vulnerabilities are, but still millions of r