The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Internet Activist and collective hacker group "NullCrew" released a huge dump of 7,000 names-passwords database from US Government websites and 2000 names-passwords database from Military websites. Hacker claimed to hack into five websites, including Montana's Official State Website, United Nations, Louisiana Department of Environmental Quality, Texas Juvenile Justice Department, Force Health Protection & Readiness, domains are -  unescoetxea.org , www.mt.gov , www.la.gov, www.texas.gov and fhpr.osd.mil respectiverly. Few days back two Nullcrew members,  null and 0rbit_g1rl claimed to perform the hack into above sites using few vulnerabilities such as " Unproperly sanitized code, leading to disclosure of all files on a server and Boolean blind SQL injection " and they threatened to release the database soon. Today in a announcement via Twitter, hacker leaked the Database including 2000 and more Military, Air Force and Army officials us

A high degree of stealthiness over a prolonged duration of operation in order to do a successful cyber attack can be defined as Advanced Persistent Threat. The attack objectives therefore typically extend beyond immediate financial gain, and compromised systems continue to be of service even after key systems have been breached and initial goals reached. Today's successful targeted attacks use a combination of social engineering, malware, and backdoor activities. Nart Villeneuve and James Bennett (Senior Threat Researcher) from Trend Mirco provide an  ultimate guide for Detecting (APT) Advanced Persistent Threat activities with Network Traffic Analysis , that can be used to identify malware command-and control (C&C) communications related to these attacks, illustrating how even the most high-profile and successful attacks of the past few years could have been discovered. Paper cover Detecting Remote Access Trojans like The GhostNet, Nitro attack, RSA Breach, Taidoor campaign, Sy

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

Yesterday, we report about the security breach in US Government computers belongs to NASA  restricted area website and Hacker dump out the complete source code and files from server of the website. Today another hacker claim a quick XSS (Cross site scripting) Vulnerability in NASA's Jet Propulsion Laboratory website (https://onearth.jpl.nasa.gov/) via a pastebin note. Hacker is going by name " Antraxt Hacker " and said about vulnerability exposure that,"I just want to proof that NASA is and never will be secured as human kind thinks they are". The xss vulnerable link is disclosed in pastebin note. I feel this not a offensive hack by hacker, even NASA should take advantage of free of cost Penetration testing services from individual like , who even not looking for Bug Bounties.

Julian Assange publish a book based on his interview " Cypherpunks " on " The World Tomorrow ", his controversial talk show, with the people he believes know the solution to the problems of privacy and freedom. The book called ' Cypherpunks: Freedom and the Future of the Internet ,' was written by Assange with three co-authors: Jacob Appelbaum, Jeremie Zimmermann and Andy Muller-Maguhn. Description of this 192 pages book describes, " Cypherpunks are activists who advocate the widespread use of strong cryptography (writing in code) as a route to progressive change. Julian Assange, the editor-in-chief of and visionary behind WikiLeaks, has been a leading voice in the cypherpunk movement since its inception in the 1980s ." Assange said, " In March 2012 I gathered together three of today's leading cypherpunks to discuss the resistance ,  Two of them, besides myself, have been targeted by law enforcement agencies as a result of their work to safeguard priva

A number of Israel's government offices have fallen victim to a cyber attack over the past week, one apparently aimed at slipping a "Trojan horse" into the computer servers at these ministries. Israeli police immediately pulled the national computer network from the civilian Internet after this cyber threat . A Trojan horse has been sent as files attached to emails bearing the name of the IDF Chief of Staff Benny Gantz in the subject line. According to the reports from haaretz ,A senior government clerk stressed that the threat facing the police was being investigated by experts. It is also not clear that either breach involved a wide-scale cyber-attack, or a virus infecting only a few computers. Government employees were advised not to open their emails or Facebook messages if such strange activity was noticed. Dozens of identical emails were sent Wednesday to Israel embassies abroad and to Foreign Ministry employees in Israel. The intelligence tip did not indicate t

" Browser extensions extend the functionality of the web browser. These extensions improve the appearance, functionality, security or other parts of the browser. Extensions were also developed with malicious intent, in order to generate revenue or just spread the code between more and more browsers. The possibility of a malicious browser extension is almost infinite, but we have not seen very powerful malicious extensions yet. " Security researcher Zoltan Balazs has developed a remote-controlled piece of malware that functions as a browser extension. The researcher plans to release the malware's source code on GitHub during a presentation at the Hacker Halted security conference in Miami next Tuesday This Malwaretize Browser extensions is capable of modifying Web pages, downloading and executing files, hijacking accounts, bypassing two-factor authentication security features enforced by some websites, and much more. Balazs is also expected to demonstrate how the proof

The South Carolina Department of Revenue has announced that millions of Social Security numbers and debit/credit card numbers have been compromised. Hackers from outside the United States recently penetrated the website for South Carolina's Department of Revenue and reportedly made off with 3.6 million Social Security numbers and 16,000 unencrypted credit and debit card numbers. According to the statement, investigators discovered that a hacker attempted to access the system several times in August and September. The statement said it is believed the hacker successfully obtained data for the first time in mid-September. " We are taking immediate steps to protect the taxpayers of South Carolina, including providing one year of credit monitoring and identity protection to those affected ." Haley says Friday was the earliest they could announce the breach to allow law enforcement personnel to do their jobs and keep the chance of catching the hacker. Haley says the