The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

At DEFCON 20, Raphael Mudge the developer of Armitage released the most significant update to Armitage. Armitage is now fully scriptable and capable of hosting bots in acollaborative hacking engagement. Raphael Mudge is the founder of Strategic Cyber LLC, a Washington, DC based company that creates software for red teams. He created Armitage for Metasploit, the Sleep programming language, and the IRC client jIRCii. Previously, Raphael worked as a security researcher for the US Air Force, a penetration tester, and he even invented a grammar checker that was sold to Automattic.  Raphael talk about Cortana scripting language for Cobalt Strike and Armitage. Cortana allows you to write scripts that automate red team tasks and extend Armitage and Cobalt Strike with new features. This technology was funded byDARPA's Cyber Fast Track program and it's now open source . Armitage a red team collaboration tool built on the Metasploit Framework. Cobalt Strike is Armitage's commercial b

Business networking site LinkedIn has announced it took a hit of up to $1 million due to one of the year's largest reported data breaches . LinkedIn spent between $500,000 and $1 million on forensic work after a large number of passwords were breached, LinkedIn CFO Steve Sordello said on the company's earnings call today. He said the 175-million-member company continued to strengthen its website's security and is expected to add $2 million to $3 million in costs in the current quarter toward those efforts. " Part of adding value to our members every day means ensuring that their experience on LinkedIn is safe and secure ," he said. " Since the breach, we have redoubled our efforts to ensure the safety of member account on LinkedIn by further improving password strengthening measures and enhancing the security of our infrastructure and data. The health of our network as measured by number of growth and engagement remains as strong as it was prior to the incident ." After

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

On Friday, Reuters blog platform was hacked with false posts and on Saturday, the @ReutersTech account on Twitter was taken over and renamed @TechMe. False tweets were sent before it was taken down. The first attack came Friday after Syrian hackers loyal to President Bashar al-Assad allegedly gained access to Reuters' blogging platform, which they used to post a fake interview with rebel Free Syrian Army (FSA) leader Riad al-Assad. The interview essentially said the general was withdrawing troops after a battle. Presumably, the same hackers are responsible for also compromising a Reuters Twitter account dedicated to technology news, which has about 17,500 followers. Reuters confirmed the breach today in a tweet on its main Twitter account: Earlier today @ReutersTech was hacked and changed to @ReutersME. The account has been suspended and is currently under investigation Several of the updates posted on the hacked Reuters account, which claimed that rebels in the city of Aleppo had

Chinese telecoms equipment suppliers have previously been criticized for allegedly being security risks. Huawei is working with British spooks to prove that it has no backdoors in its products which would allow Chinese agents to snuffle Her Majesty's secrets. The U.S. and Australia have made clear their distrust of one of the world's biggest telecoms company. The Australian government, for instance, banned the company from participating in bids for its national broadband network due to potential spying threats. Huawei, which has grown to become one of today's dominant telecommunications equipment companies, is likewise constantly under threat because of what some might call China-bashing. Over the past ten years or so, Chinese telecoms firms such as Huawei and ZTE, another telecoms-equipment provider, have expanded from their vast home market to become global players. Huawei is becoming an increasingly powerful global player, capable of going head-to-head with the best in intens

Hong Kong police said Sunday they had arrested a 21-year-old man believed to be a member of the international hacker group Anonymous, after he reportedly said on social networking site Facebook that he would hack several government websites. " The Internet is not a virtual world of lawlessness ," a police spokesman said, adding that the man was required to report back to the police in October. He faces up to five years imprisonment if found guilty.The man is a member of the global hacker group Anonymous, the South China Morning Post said. The group is said to have 20 members in the semi-autonomous Chinese territory, which guarantees civil liberties not seen on the mainland, including freedom of speech. The police spokesman declined to confirm his link to Anonymous. The last posting on the "Anonymous HK" Facebook page on July 22 urged authorities to show "respect" to citizens.

Is your iCloud account secured by a good password? Please Don't rely on the cloud. Here's a terrifying tale of modern hacking. Mat Honan, a reporter at tech site Gizmodo, was playing with his daughter when his phone went dead. Thinking it was a software glitch, he rebooted, and went to log in to his iCloud. But his password wouldn't work. He was "irritated, but not alarmed", and connected his iPhone to his MacBook Air to restore from backup. On opening his laptop, an iCal message popped up telling him his Gmail account information was wrong. The screen went grey, and he was asked for a four-digit pin, which he didn't have. By now he knew something was up, but had no idea just how much damage the hacker had done. After presumably brute-forcing his way into iCloud, the hacker was able change the password of and gain access to Mat's Google account, remote wipe his Macbook Air, iPhone, and iPad, get into his Twitter and then use that to get access to the Gizmodo US