The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Bitcoin Talk , the popular Bitcoin discussion forum, has been hacked and as it stands the site is currently unreachable. Bitcointalk has been down for nearly 6 hours. The forums have been allegedly hacked and Defaced by " The Hole Seekers " and selling 150,000 emails and hashed passwords stolen from Bitcointalk.org for 25 Bitcoins , where the passwords are hashed with sha256crypt. Hacker embedded the "1812 Overture" song in the background with a dazzling animated picture show. According to Bitcointalk admin Theymos, it's possible that the hackers gained access to the database. He says the website will not be restored until he figures out precisely what vulnerability the hackers leveraged. He's offering 50 Bitcoin to the first individual who can pinpoint the security hole. See the video below for the Hack-in-Action: " Hello friend, Bitcoin has been seized by the FBI for being illegal. Thanks, bye " reads one the message in the video. To be safe, it is reco

Hackers broke into Adobe Systems' internal network on Thursday, stealing personal information on 2.9 million customers and the source code for several of Adobe's most popular products. This an absolutely massive blow to Adobe, especially their reputation. Adobe, which makes Photoshop and other programs, revealed that cyber attackers had access user information, including account IDs and encrypted passwords as well as credit and debit card numbers. The company did not specify which users of its various software programs were hit. But Products compromised in this attack include Adobe Acrobat, ColdFusion , and ColdFusion Builder. " We believe these attacks may be related. We are working diligently internally, as well as with external partners and law enforcement, to address the incident. " the company said in a customer security alert . Adobe's Arkin says the company is not aware of zero-day exploits or other specific threats to its customers due to the

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

The world of mobile search is about to get a bit more anonymous. Thanks to the fears over government surveillance and corporate tracking, Anonymous Search Engine DuckDuckGo continues to break its own search records. DuckDuckGo Search & Stories - Android app deliver the same functionality as traditional services such as Google but with the added promise that your IP address and identity will not be recorded.  In June, Anonymous search engine  DuckDuckGo  had launched its app for  iOS  and Android and during recent update, DuckDuckGo's application for Android also integrated the Tor support. " Privacy is perhaps more important on mobile than on the web, and we haven't had many private alternatives ," DuckDuckGo founder Gabriel Weinberg said. To enable Tor with DuckDuckGo android app, user need to Check " Enable Tor " from setting. It will prompt the user to install about application to anonymize the Mobile data communication. As a search

Offering cash rewards for vulnerability reports has become something of a norm when it comes to big tech companies these days.  Yahoo has changed its bug bounty policies following a deluge of negative feedback in the wake of the news that ethical hackers were rewarded with $12.50 in gift vouchers for security flaw discoveries. The company unveiled a new program to reward reporters who shed light on bugs and vulnerabilities classified as new, unique and/or high risk issues. Starting October 31, 2013, individuals and firms who report bugs will be rewarded with anything between $150-$15,000. " The amount will be determined by a clear system based on a set of defined elements that capture the severity of the issue ," Director of security, Ramses Martinez, announced . Yahoo denied that its new program was a response to the criticism, saying it was already working on a new bug bounty system before the furore. Martinez begins by labelling himself as the &q

Nation-state driven cyber attacks are routinely conducted on a global scale to defend national sovereignty and project national power. We are living in the cyber era, human conflict is involving also the fifth domain of warfare , the cyberspace . As never before disputes take place with blows of bits, militias of every government are developing cyber capabilities dedicating great effort for the establishment of cyber units . Network security company, FireEye, has released a report titled " World War C: Understanding Nation-State Motives Behind Today's Advanced Cyber Attacks " which describes the effort spent by governments in cyber warfare context, the document analyzes in detail the different approaches adopted by various countries in conducting nation-state driven cyber attacks . Security experts highlight the intensification of state-sponsored attacks for both cyber espionage and sabotage purpose, campaigns such as Moonlight Maze and Titan Rain or the destruc

During the summer, The Secure email provider 'Lavabit' and preferred service for PRISM leaker  Edward Snowden  decided to shut down after 10 years to avoid being complicit in crimes against the American people. The U.S. Government obtained a secret court order demanding private SSL key from Lavabit, which would have allowed the FBI to wiretap the service's users, according to Wired . Ladar Levison, 32, has spent ten years building encrypted email service Lavabit , attracting over 410,000 users. When NSA whistleblower Edward Snowden was revealed to be one of those users in July, Ladar received the court orders to comply, intended to trace the Internet IP address of a particular Lavabit user, but he refused to do so. The offenses under investigation are listed as violations of the Espionage Act and Founder was ordered to record and provide the connection information on one of its users every time that user logged in to check his e-mail. The Government complai

The FBI had seized a website called ' Silk Road ', that was considered one of the most popular Underground places on the Internet for buying drugs and other illicit goods and services. They arrested the site's alleged founder,  Ross William Ulbricht, known as " Dread Pirate Roberts ," in San Francisco, who reportedly had  26,000 Bitcoins worth $3.6 million. The FBI used information from Comcast in the investigation and collaborated with US Customs and Border Patrol, the Internal Revenue Service, the Drug Enforcement Administration, and the Department of Homeland Security. Ross Ulbricht Ross William Ulbricht, a 29-year-old graduate of the University of Pennsylvania School of Materials Science and Engineering  charged with one count each of narcotics trafficking conspiracy, computer hacking conspiracy and money laundering conspiracy, according to the filing. ' Silk Road '  website, which had operated since early 2011, also offered tut

IT Security is the name of the game and no matter how big or small the size of your organization, you will always invest enough on securing certain aspects of your IT network. In many organizations, it starts with monitoring your network for vulnerabilities that may enter the network to access potentially sensitive information in the form of security attacks . For example, you may have firewalls as your first line of defense, followed by vulnerability management, intrusion detection and prevention systems, managing your network configurations and so on.  These are crucial because: Your routers can be easily breached without proper configuration and restrictions.  If a firewall isn't configured correctly, a hacker can easily spot a port that is accidentally left open and can gain access to the network.  Rogue access points, botnet malware and social engineering can make your wireless a porthole into your LAN. Why Logs? The very purpose of IT security is to be

Today more and more companies are looking for external security researchers to help identify vulnerabilities and weaknesses in their applications through Bug Bounty Programs. While companies like Facebook and Google are paying out hundreds of dollars to researchers for reporting security vulnerabilities, But according to Yahoo! Your email's security worth only $12.50 ! Yahoo is not having very good run in the reputation department when it comes to user security. Researchers at High-Tech Bridge found a few bugs, and were not exactly impressed with Yahoo's reward. They pointed out cross-site scripting (XSS) flaws affecting two Yahoo domains and in return they received $12.50 bounties for each vulnerability they found. This amount was given as a discount code that can only be used in the Yahoo Company Store, which sells Yahoo's corporate T-shirts, cups, pens and other accessories. This isn't exactly a great reward for spending time reporting security vulnerabilities