The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The Metropolitan Police have issued an urgent warning about a new ransom malware that is in circulation. Ransomware (also referred to in some cases as cryptoviruses, cryptotrojans or cryptoworms) comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. " The "malware" infects personal computers after users have accessed certain websites. *(It should be noted that there are several similar designs currently in circulation) " Ransomware typically propagates like a typical computer worm, entering a system through, for example, a downloaded file or a vulnerability in a network service. The program will then run a payload which will begin to encrypt personal files on the hard drive. More sophisticated ransomware may hybrid-encrypt the victim's plaintext with a random symmetric key and a fixed public key. The malware author is th

In JULY Kaspersky Lab and Seculert revealed the presence of a new cyber-espionage weapon known targeting users in the Middle East. Despite the recent uncovering of the 'Madhi' malware that has infected several hundred computers in the Middle East, researchers say the virus is continuing to spread. The malware, known as 'Mahdi' or 'Madi', was originally discovered by Seculert. In addition to stealing data from infected Windows computers, it is also capable of monitoring email and instant messages, recording audio, capturing keystrokes and taking screenshots of victims' computers. Working together, researchers at Seculert and Kaspersky sinkholed the malware's command and control servers and monitored the campaign. What they found was a targeted attack that impacted more than 800 victims in Iran, Israel and other countries from around the globe. Israeli security company Seculert said it had identified about 150 new victims over the past six weeks as deve

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

How Hacker culture has contributed to the rise of the United States economy and one possible reason why it is now in decline…   by  Paul F. Renda,  Author at  The Hacker News Magazine This article is about how hacker culture has benefited the economy of the United States. It represents the creative, ingenious and innovative ideas that characterize the U.S. Also, how this sub-culture was created by the first US hacker Benjamin Franklin... Countries of the world marveled at The United States and its innovation, creativity, devices, ideas, gadgets and large middle-class. This innovation comes from the culture of a specific group. We have a hacker type culture, and when I say hacker type culture, it's not just a culture of hacking computers and electronic components, but a culture of hacking (reverse engineering) whatever innovative idea or high technology of the time. The high technology of Franklin's era could be farm implements, stoves (Franklin), light bulbs, steam engines, telephon

Another Cyber attack on Sony this year, Hacking group called " NullCrew " hack into one of the biggest site of Sony mobile website (www.sonymobile.com) and leak complete database on Internet. Nullcrew releasing their hack dumps from their official twitter account @OfficialNull. The dump of database released on Pastebin with a small note from Hackers as given below: Sony, we are dearly dissapointed in your security. This is just one of eight sony servers that we have control of. Maybe, just maybe considering IP addresses are available. Maybe, just maybe it's the fact that not even your customers can trust you. Or maybe, just maybe the fact that you can not do anything correct technologically Stats of Dump: 441 Members Username with Email Addresses  24 User names with Hashed password from Think_Users table  3 Admin user data from admin_user table Not just Sony, Nullcrew recently hack into Cambodia Army website and dump database. " Recently the co-founder of Pirate

Adobe has released an update for Photoshop CS6 that closes a critical heap-based buffer overflow vulnerability ( CVE-2012-4170 ) in its popular graphics editing program. Both the Mac and Windows versions of Photoshop CS6 (aka Photoshop 13.0) contain a critical vulnerability that could allow an attacker to take control of affected systems. Furthermore, company officials say Adobe is unaware of any attacks against this vulnerability.That said, the Photoshop 13.0.1 update contains 75 other bug fixes, including 31 for problems known to cause crashes, 18 pertaining to 3D features, and 15 for drawing and graphics features. Adobe said that users and administrators can download and install the patch by lunching the "update" tool within the Photoshop help menu.The company credited a pair of Secunia researchers in discovering and reporting the flaw directly. According to a Secunia advisory , the problem is caused by a boundary error in the "Standard MultiPlugin.8BF" modul

Gottfrid Svartholm Warg , one of the founders of the file sharing website The Pirate Bay has been arrested in Cambodia after an international warrant was issued following a conviction in Sweden for copyright violations. The Swedish foreign ministry has confirmed only that a Swedish man "in his thirties" has been arrested in Phnom Penh. In May 2006, police seized The Pirate Bay's servers from the ISP PRQ's headquarters in Stockholm. Since then, the file-sharing site appeared in the headlines, especially after the high-profile trial in 2008 in which the principals were sentenced to prison terms and hefty damages. The ruling was appealed, but in February 2012, the Supreme Court not to discuss the case further. Svartholm Warg's lawyer Ola Salomonsson confirms that it is TPB-founder who now sits arrested, but says he does not know for what reason.Sweden has no formal extradition treaty with Cambodia, but that does not mean Svartholm Warg is safe. According to lawyer

The two students accused of Sony Pictures hack participated in Cyber Defense Competition team exercises at the University of Advanced Technology in Arizona. US authorities have reportedly arrested a second suspected member of hacking group LulzSec on charges of taking part in an extensive computer breach of Sony Pictures Entertainment. Raynaldo Rivera, 20, of Tempe, Arizona, surrendered to the FBI in Phoenix six days after a federal grand jury in Los Angeles returned an indictment charging him with conspiracy and unauthorised impairment of a protected computer. In September 2011 charged Cody Kretsinger, then 23, with being Recursion. This week, meanwhile, the FBI announced the arrest of Raynaldo Rivera, 20, after he was recently indicted by a federal grand jury on charges of conspiracy and the unauthorized impairment of a protected computer. Two men who've been arrested on charges that they hacked into the website of Sony Pictures Entertainment and posted stolen data studied to

Kaspersky Lab publishes research resulting from the digital forensic analysis of the hard disk images obtained from the machines attacked by the Wiper - a destructive malware program attacking computer systems related to oil facilities in Western Asia. Security researchers from Kaspersky Lab have uncovered information suggesting a possible link between the mysterious malware that attacked Iranian oil ministry computers in April and the Stuxnet and Duqu cyber espionage threats. The malware wipes data from hard drives, placing high priority on those with a .pnf extension, which are the type of files Stuxnet and Duqu used, and has other behavioral similarities, according to Schouwenberg. It also deletes all traces of itself. As a result, researchers have not been able to get a sample, but they've reviewed mirror images left on hard drives. Kaspersky's researchers were not able to find the mysterious malware, which was given the name Wiper, because very little data from the aff

Months after Hewlett-Packard originally announced the open-source version of WebOS , the beta version of the platform is on its way out the door. Friday's release includes two environments for developers.  The first is the desktop build, which is boasted to provide "the ideal development environment" for designing the webOS user experience with more features and integrating other open source technologies on the Ubuntu desktop. The second is the OpenEmbedded build for porting webOS to new devices. Equipped with an ARM emulator for running db8 and node.js services, HP cited that it included OpenEmbedded because of its "widespread community adoption" and cross-compiling support for embedded platforms. The news is getting announced in a blog post : " It has taken a lot of hard work, long hours and weekend sacrifices by our engineering team to deliver on our promise and we have accomplished this goal ," the developers write on the site devoid of any HP branding. T

Oracle released an emergency patch on Thursday for previously unknown Java vulnerabilities that cybercriminals had targeted with popular exploit kits within hours after the bugs' existence became public, security researchers found yet another vulnerability that can be exploited to run arbitrary code on systems that have the runtime installed. Security researchers from Poland-based security firm Security Explorations claim to have discovered a vulnerability in the Java 7 security update released Thursday that can be exploited to escape the Java sandbox and execute arbitrary code on the underlying system. While so far the vulnerability has only been found being used against Windows, other platforms such as the Mac OS could potentially be targeted through the same exploit. Security Explorations sent a report about the vulnerability to Oracle on Friday together with a proof-of-concept exploit, Adam Gowdiak, the security company's founder and CEO said Friday via email. The compa