The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Nationwide Insurance was breached last week and Sensitive information of about 1 Million people is at risk. The FBI is investigating a breach, including policy and non-policy holders. Nationwide mailed notices to all affected individuals last Friday. Insurance Commissioner Ralph Hudgens issued the following statement Monday concerning the unauthorized access of Nationwide Insurance's website. Spokeswoman Elizabeth Giannetti confirmed a statement by the California Department of Insurance earlier in the day which said "names, social security numbers, and other identifying information" of one million policyholders and non-policy holders were exposed. No credit card details were revealed. About 30,000 people in Georgia were affected, as well as more than 12,000 in South Carolina. Are you affected ? call  The Nationwide at number 800-760-1125.  Affected members and applicants free credit monitoring and identity theft protection services from Equifax for at least one year

Hacker @kingcope discovered critical vulnerability in Tectia SSH Server. Exploit working on SSH-2.0-6.1.9.95 SSH Tectia Server (Latest available version from www.tectia.com) that allow attacker to bypass Authentication remotely. Description :  An attacker in the possession of a valid username of an SSH Tectia installation running on UNIX (verified on AIX/Linux) can login without a password. The bug is in the "SSH USERAUTH CHANGE REQUEST" routines which are there to allow a user to change their password. A bug in the code allows an attacker to login without a password by forcing a password change request prior to authentication. Download Exploit Code : Click Here A default installation on Linux (version 6.1.9.95 of Tectia) is vulnerable to the attack. Eric Romang posted a Demo video on Youtube, hope you will like it :) Command Source : https://goo.gl/BHqWd

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

Security researchers have discovered what appears to be an experimental Linux rootkit designed to infect its highly select victims during a classic drive-by website attack. The malware allows hackers to inject code directly in any infected web page. The new malware, discovered on November 13 of this year, was written especially for servers that run Debian Squeeze and NGINX, on 64 bits. About Rootkit :  Rootkit.Linux.Snakso.a is designed to infect the Linux kernel version 2.6.32-5-amd64 and adds an iframe to all served web pages by the infected Linux server via the nginx proxy.  Based on research, the rootkit may have been created by a Russia-based attacker. The recently discovered malware is very dangerous because it does not infect a specific website. It infects the entire server and this can endanger all websites hosted on that server. Drive-by-downloads expose web surfers to malicious code that attempt to exploit unpatched software vulnerabilities in the web visitor&#

While Exploring Zone-H , today we found that Turkish Ajan Hacker Group hacked into few Acer Indian domains and Deface the sites.  Hacker also dump the complete data of 20,000 users and upload the file on a file sharing website . 6 sub domains are reported to be hacked 24 hours before and having deface page their at the time of writing. Deface Page shows that, Hacker performed the hack to show their protest against bombing by Israel on Gaza. Hacked Sites https://acn.acer.co.in/index.html https://adn.acer.co.in/index.html https://aln.acer.co.in/index.html https://asn.acer.co.in/index.html https://humanet.acer.co.in/index.html https://select.acer.co.in/index.html Mirrors of Hacks: https://www.zone-h.org/mirror/id/18681361 https://www.zone-h.org/mirror/id/18681333 https://www.zone-h.org/mirror/id/18681316 https://www.zone-h.org/mirror/id/18681313 https://www.zone-h.org/mirror/id/18681314 https://www.zone-h.org/mirror/id/18681315

The Syrian government is almost certainly responsible for a blackout Thursday that shut down virtually all Internet service in the country. However, The Syrian government blamed the outage in internet service and mobile coverage in some areas on the armed groups' sabotage acts against cellular broadcast centers. Hacker with name Teamr00t has hacked and defaced Syrian government and showed their support for the people of Syria against President Bashaar Al-Assad's latest actions in shutting down the internet. Deface message President Bashaar Al-Assad You have taken a step too far in shutting down the internet so the outside world cannot see the horrific crimes you are committing upon your own people and this will not be tolerated by the world watching! The Syrian people have the right to freedom of speech, the right to live a normal happy life and the right to have access to the internet to connect with the rest of the world. By shutting down the internet you have denied your