The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Business networking site LinkedIn has announced it took a hit of up to $1 million due to one of the year's largest reported data breaches . LinkedIn spent between $500,000 and $1 million on forensic work after a large number of passwords were breached, LinkedIn CFO Steve Sordello said on the company's earnings call today. He said the 175-million-member company continued to strengthen its website's security and is expected to add $2 million to $3 million in costs in the current quarter toward those efforts. " Part of adding value to our members every day means ensuring that their experience on LinkedIn is safe and secure ," he said. " Since the breach, we have redoubled our efforts to ensure the safety of member account on LinkedIn by further improving password strengthening measures and enhancing the security of our infrastructure and data. The health of our network as measured by number of growth and engagement remains as strong as it was prior to the incident ." After

On Friday, Reuters blog platform was hacked with false posts and on Saturday, the @ReutersTech account on Twitter was taken over and renamed @TechMe. False tweets were sent before it was taken down. The first attack came Friday after Syrian hackers loyal to President Bashar al-Assad allegedly gained access to Reuters' blogging platform, which they used to post a fake interview with rebel Free Syrian Army (FSA) leader Riad al-Assad. The interview essentially said the general was withdrawing troops after a battle. Presumably, the same hackers are responsible for also compromising a Reuters Twitter account dedicated to technology news, which has about 17,500 followers. Reuters confirmed the breach today in a tweet on its main Twitter account: Earlier today @ReutersTech was hacked and changed to @ReutersME. The account has been suspended and is currently under investigation Several of the updates posted on the hacked Reuters account, which claimed that rebels in the city of Aleppo had

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Chinese telecoms equipment suppliers have previously been criticized for allegedly being security risks. Huawei is working with British spooks to prove that it has no backdoors in its products which would allow Chinese agents to snuffle Her Majesty's secrets. The U.S. and Australia have made clear their distrust of one of the world's biggest telecoms company. The Australian government, for instance, banned the company from participating in bids for its national broadband network due to potential spying threats. Huawei, which has grown to become one of today's dominant telecommunications equipment companies, is likewise constantly under threat because of what some might call China-bashing. Over the past ten years or so, Chinese telecoms firms such as Huawei and ZTE, another telecoms-equipment provider, have expanded from their vast home market to become global players. Huawei is becoming an increasingly powerful global player, capable of going head-to-head with the best in intens

Hong Kong police said Sunday they had arrested a 21-year-old man believed to be a member of the international hacker group Anonymous, after he reportedly said on social networking site Facebook that he would hack several government websites. " The Internet is not a virtual world of lawlessness ," a police spokesman said, adding that the man was required to report back to the police in October. He faces up to five years imprisonment if found guilty.The man is a member of the global hacker group Anonymous, the South China Morning Post said. The group is said to have 20 members in the semi-autonomous Chinese territory, which guarantees civil liberties not seen on the mainland, including freedom of speech. The police spokesman declined to confirm his link to Anonymous. The last posting on the "Anonymous HK" Facebook page on July 22 urged authorities to show "respect" to citizens.

Is your iCloud account secured by a good password? Please Don't rely on the cloud. Here's a terrifying tale of modern hacking. Mat Honan, a reporter at tech site Gizmodo, was playing with his daughter when his phone went dead. Thinking it was a software glitch, he rebooted, and went to log in to his iCloud. But his password wouldn't work. He was "irritated, but not alarmed", and connected his iPhone to his MacBook Air to restore from backup. On opening his laptop, an iCal message popped up telling him his Gmail account information was wrong. The screen went grey, and he was asked for a four-digit pin, which he didn't have. By now he knew something was up, but had no idea just how much damage the hacker had done. After presumably brute-forcing his way into iCloud, the hacker was able change the password of and gain access to Mat's Google account, remote wipe his Macbook Air, iPhone, and iPad, get into his Twitter and then use that to get access to the Gizmodo US