The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The two students accused of Sony Pictures hack participated in Cyber Defense Competition team exercises at the University of Advanced Technology in Arizona. US authorities have reportedly arrested a second suspected member of hacking group LulzSec on charges of taking part in an extensive computer breach of Sony Pictures Entertainment. Raynaldo Rivera, 20, of Tempe, Arizona, surrendered to the FBI in Phoenix six days after a federal grand jury in Los Angeles returned an indictment charging him with conspiracy and unauthorised impairment of a protected computer. In September 2011 charged Cody Kretsinger, then 23, with being Recursion. This week, meanwhile, the FBI announced the arrest of Raynaldo Rivera, 20, after he was recently indicted by a federal grand jury on charges of conspiracy and the unauthorized impairment of a protected computer. Two men who've been arrested on charges that they hacked into the website of Sony Pictures Entertainment and posted stolen data studied to

Kaspersky Lab publishes research resulting from the digital forensic analysis of the hard disk images obtained from the machines attacked by the Wiper - a destructive malware program attacking computer systems related to oil facilities in Western Asia. Security researchers from Kaspersky Lab have uncovered information suggesting a possible link between the mysterious malware that attacked Iranian oil ministry computers in April and the Stuxnet and Duqu cyber espionage threats. The malware wipes data from hard drives, placing high priority on those with a .pnf extension, which are the type of files Stuxnet and Duqu used, and has other behavioral similarities, according to Schouwenberg. It also deletes all traces of itself. As a result, researchers have not been able to get a sample, but they've reviewed mirror images left on hard drives. Kaspersky's researchers were not able to find the mysterious malware, which was given the name Wiper, because very little data from the aff

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Months after Hewlett-Packard originally announced the open-source version of WebOS , the beta version of the platform is on its way out the door. Friday's release includes two environments for developers.  The first is the desktop build, which is boasted to provide "the ideal development environment" for designing the webOS user experience with more features and integrating other open source technologies on the Ubuntu desktop. The second is the OpenEmbedded build for porting webOS to new devices. Equipped with an ARM emulator for running db8 and node.js services, HP cited that it included OpenEmbedded because of its "widespread community adoption" and cross-compiling support for embedded platforms. The news is getting announced in a blog post : " It has taken a lot of hard work, long hours and weekend sacrifices by our engineering team to deliver on our promise and we have accomplished this goal ," the developers write on the site devoid of any HP branding. T

Oracle released an emergency patch on Thursday for previously unknown Java vulnerabilities that cybercriminals had targeted with popular exploit kits within hours after the bugs' existence became public, security researchers found yet another vulnerability that can be exploited to run arbitrary code on systems that have the runtime installed. Security researchers from Poland-based security firm Security Explorations claim to have discovered a vulnerability in the Java 7 security update released Thursday that can be exploited to escape the Java sandbox and execute arbitrary code on the underlying system. While so far the vulnerability has only been found being used against Windows, other platforms such as the Mac OS could potentially be targeted through the same exploit. Security Explorations sent a report about the vulnerability to Oracle on Friday together with a proof-of-concept exploit, Adam Gowdiak, the security company's founder and CEO said Friday via email. The compa

The Air Force Life Cycle Management Center posted a broad agency announcement recently, calling on contractors to submit concept papers detailing technological demonstrations of 'cyberspace warfare operations' capabilities.  Air Force is seeking to obtain the abilities to 'destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries' ability to use the cyberspace domain for his advantage' and capabilities that would allow them to intercept, identify, and locate sources of vulnerability for threat recognition, targeting, and planning, both immediately and for future operations. According to the document the issuing Program Office "is an organisation focused on the development and sustainment of Cyberspace Warfare Attack capabilites that directly support Cyberspace Warfare capabilities of the Air Force." Technologies that can map data and voice networks, provide access to the adversary's information, networks, systems or devices, manip