The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

It seems that German Video Game company 'Crytek' has been the latest victim of hacking attacks on its website and few forums, and caused Crytek's family of websites to go offline. According to the company, " Our Crytek.com, Mycryengine.com, Crydev.net and MyCrysis.com sites were all subject to a security breach that may have resulted in some users' login data being compromised ,". Strangely, Crysis.com has not been taken down and is still running as normal. " We recently became aware of suspicious activity relating to some of Crytek's websites and acted quickly to take those websites offline for security reasons. We thank you for your patience, and expect to have these sites fully operational soon ." " Although it is uncertain whether the incident led to the copying and decryption of email addresses and passwords ", it continued, " it is possible that users with accounts on these websites have had personal data copi

TOR is the dark side of the Internet, the so-called dark web, which provides a safe haven to privacy advocates but is also where drugs, assassins for hire and other weird and illegal activities can allegedly be traded. A claimed zero-day vulnerability in Firefox 17 was used by the FBI to identify some users of the privacy-protecting Tor anonymity network. The FBI did not compromise the TOR network itself and The complex multi-layers of encryption still stand. Instead the FBI compromised the TOR browser only using a zero-day JavaScript exploit and used this to implant a cookie which fingerprinted users through a specific external server. Eric Eoin Marques , 28 year-old man in Ireland believed to be behind Freedom Hosting , the biggest service provider for sites on the encrypted Tor network , is awaiting extradition on p*rno charges. It is understood the FBI had spent a year trying to locate Mr Marques. Marques was arrested on a Maryland warrant that includes charges

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Yammer , is the Enterprise Social Network service that was launched in 2008 and sold to Microsoft in 2012. Yammer is a secure, private social network for your company. Yammer is used for private communication within organizations or between organizational members and pre-designated groups, making it an example of enterprise social software. Ateeq Khan,  Pakistani researcher from The Vulnerability Laboratory Research  team has discovered multiple critical Vulnerabilities in the Microsoft Yammer Social Network. An  OAuth bypass session token web vulnerability is detected in the official Microsoft Yammer Social Network online-service application. OAuth is an emerging authorization standard that is being adopted by a growing number of sites such as Twitter, Facebook, Google, Yahoo!, Netflix, Flickr, and several other Resource Providers and social networking sites. According to the advisory , The vulnerability allows remote attackers to bypass the token protecti

It's not the new facts that the FBI has used hacking methods in the past to spy on suspected criminals, including keyloggers and remotely turning on the microphones in mobile phones, in order to spy on suspected criminals. Computer viruses and spyware are an unavoidable part of life. You can protect against them, but they'll always be out there lurking. The Wall Street Journal posted the story that FBI agents hacking people's Android devices and personal computers (PCs) using malware , so that they can turn the MIC on and listen in on conversations. The FBI hires people who have been hacking skill, and they purchase tools that are capable of doing these things, and develop some hacking tools internally or purchases others from the private sector. It's also important to note that the US government is now the world's largest buyer of malware . The FBI has also developed custom " port reader " software to intercept Internet metadata in real

A new hacking technique dubbed BREACH can extract login tokens, session ID numbers and other sensitive information from SSL/TLS encrypted web traffic in just 30 seconds. The technique was demonstrated at the Black Hat security conference in Las Vegas ( Presentation PDF  & Paper ) by Gluck along with researchers Neal Harris and Angelo Prado, which allows hackers to decodes encrypted data that online banks and e-commerce sites from an HTTPS channel. Neal, Yoel and Angelo ( From left to right) at BlackHat BREACH ( Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext ) is very targeted and don't decrypt the entire channel. BREACH manipulates data compression to pry out doses of information from HTTPS protected data, including email addresses, security tokens, and other plain text strings. Angelo Prado told The Hacker News , " We are using a compression oracle is leveraging the building blocks from CRIME , on a different compression c