The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Last week we noticed a rise in cyber attacks particularly - website Defacement attacks on many governments and organizations of different countries by the hackers around the world. Targeted countries include Singapore, Mexico, Philippines, Australia, Egypt, United States, Syria and many more. Out of all these targets, most controversial were Philippines and Australia, hacked by Activist group Anonymous. Last Sunday, Anonymous hackers from Indonesia defaced hundreds of websites belonging to the Australian Government , saying the action was in response to reports of spying by Australia. The websites, defaced with a message reading " Stop Spying on Indonesia ". We have shared the list of all targeted website on a pastebin note . In a separate incident, Anonymous hackers defaced more than 38 Philippine Government websites, and called on the public to support an anti-corruption protest " Million Mask March " at the Batasang Pambansa on November 5. " The government,

There's an extraordinary malware making rock-n-roll over the Internet and if you are one of the unlucky folks to cross its path, then it could make your computer unusable and you have to pay a few hundred Dollars to retrieve your important data back. We have warned our readers in many  previous articles about a nasty piece of Ransomware malware called ' CryptoLocker ', which is targeting computers running the Microsoft Windows operating system. The CryptoLocker  Ransomware encrypts the files on a victim's computer and issues an ultimatum - Pay up or lose your data . Users who are getting infected with CryptoLocker can see a message informing them that their computer is locked up and their files encrypted. It then asks them to make a ransom payment, which typically ranges between $100 and $700 or 2 Bitcoins , to get their files back. Just yesterday I noticed on a forum that the criminals behind the CryptoLocker malware has recently launched a dedicated  Cry

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

Today Malware is a very real threat, and if you're not careful about what you download and install, you could end up with a serious problem. But now Google will be trying their very best to block malware from installing itself on your computer on your behalf. Google has developed a security feature for Chrome that lets the browser detect and stop malware downloads. The feature has been added to Chrome Canary, the latest version of the browser which is available to download in beta form now. All you'll see is a notification like the one below, which you can then dismiss: " These malicious programs disguise themselves so you won't know they're there and they may change your homepage or inject ads into the sites you browse. Worse, they block your ability to change your settings back and make themselves hard to uninstall, keeping you trapped in an undesired state. " wrote Linus Upson, a Google vice president, in a blog post . Google is implementing

Earlier this year, in the month of July it was first discovered that 99% of Android devices are vulnerable to a flaw called " Android Master Key vulnerability " that allow hackers to modify any legitimate and digitally signed application in order to transform it into a Trojan program that can be used to steal data or take control of the device.  The vulnerability was also responsibly disclosed to Google back in February by Bluebox and but the company did not fix the issue even with Android 4.3 Jelly Bean. Later, Google has also modified its Play Store's app entry process so that apps that have been modified using such exploit are blocked and can no longer be distributed via Play. Then after a few days, in the last week of July this year,  Android Security Squad , the China -based group also uncovered a second Android master key vulnerability similar to the first one. Security researcher  Jay Freeman has  discovered  yet another Master Key vulnerability in A

Finnish commercial broadcaster MTV3 reports that the Finnish Ministry of Foreign Affair networks has been targeted in a four-year-long cyber espionage operation. Finland's foreign minister said, " I can confirm there has been a severe and large hacking in the ministry's data network ," A large scale spying attack   targeted the communications between Finland and the European Union using  a malware , similar to, and more sophisticated than Red October . The breach was uncovered during the early part of this year. MTV3 also mentioned that the breach was not discovered by the Finns themselves, but from a foreign tip-off reported to CERT.FI. Further the Finnish authorities kept the information under wraps for continuing the forensics. There are indications that information with the lowest level security classification has been compromised, he said. In January, 2013, we had reported about Red October Cyber-espionage operation that targeted th

We have discussed many times in our stories the network of Intelligent devices , their capabilities and the possibilities that cyber criminals could exploit them for illegal activities. Hidden chips are used by cyber criminals and state-sponsored hackers to infiltrate company networks and organizations for various purposes, to send out spam or for cyber espionage . The fact has happened in Russia, the State-owned channel Rossiya 24 has showed the images of an electric iron included in a batch of Chinese imports where the operators find a chip used for spying the environment surround. China is planting Microchips practically in every electrical device, as recently it has been discovered that the  electric iron  and kettles were modified with this technique to launch spam attacks. The Microchips were equipped with a little microphone and according to the correspondent the component were mostly being used to serve malware and the chips in fact are able to connect any co

The World's First Dedicated Hacking and Cyber Security News platform - ' The Hacker News ' is celebrating its 3rd Anniversary today. When we began our journey 5 years back as a Small Local Community of few Hackers and Researchers, we had the dream of providing the Hacking Community with World's first Hacking News Platform. We wanted to gift them their own trusted news platform. A Unique Platform which is run by Hackers and was dedicated to hackers, a platform which is free from Censorship, Conventions, Governments and Borders. In the last 5 years of our Dedicated service to Hacking and Security community we have grown into a huge family of more than One Million Google+ Followers, 200 thousand Facebook Fans, and 100 thousand Twitter Followers with Two Million Readers Monthly and the family keeps growing with new members everyday. In our journey of THN, we have seen the cyber world growing from Defacement to most Sophisticated cyber crimes of the Decade i.e Stu

Yesterday I learned about  ' Dark Mail Alliance ', where  Lavabit , reportedly an email provider for NSA leaker Edward Snowden and Silent Circle comes together to create a surveillance-proof email technology. Ladar Levison at Lavabit and Silent Circle CEO Mike Janke, Founders of two e-mail services that recently shut down amid government efforts to nab encryption keys, as well as the larger revelations regarding the NSA's surveillance efforts. The newly developed technology has been designed to look just like ordinary email, with an interface that includes all the usual folders i.e. inbox, sent mail, and drafts. But where it differs is that it applies peer-to-peer encryption not only to the body of the digital missive, but also to its metadata (To:, From: and Subject fields) that third parties are most likely to collect. The encryption, based on a Silent Circle instant messaging protocol called SCIMP and the secret keys generated to encrypt the communic

Security expert Ebrahim Hegazy , Cyber Security Analyst Consultant at Q-CERT, has found a serious vulnerability in Twitter that allows an attacker to upload files of any extension including PHP. When an application does not validate or improperly validates file types before uploading files to the system, called Unrestricted File upload vulnerability . Such flaws allow an attacker to upload and execute arbitrary code on the target system which could result in execution of arbitrary HTML and script code or system compromise. According to Ebrahim, when a developer creates a new application for Twitter  i.e. dev.twitter.com - they have an option to upload an image for that application. While uploading the image, the Twitter server will check for the uploaded files to accept certain image extensions only, like PNG, JPG and other extensions won't get uploaded. But in a Video Proof of Concept he demonstrated  that, a vulnerability allowed him to bypass this security validation

Son of a Baptist Minister, 28-year-old British man named Lauri Love has been charged with hacking into the computer systems of the US army, NASA and other federal agencies. He was arrested Friday at his home in Stradishall, England by the National Crime Agency and according to the indictment alleges Love and his unnamed co-conspirators hacked into thousands of computer systems between October 2012 and October 2013. The indictment does not accuse Love of selling information or doing anything else with it for financial gain. His father Alexander Love, 60, a Baptist minister, works as a chaplain at HMP Highpoint North. His mother Sirkka-Liisa Love, 59, also works at the jail as a teacher. He is charged with one count of accessing a U.S. Department or agency computer without authorization and one count of conspiracy. The government said the purpose was to disrupt the operations and infrastructure of the federal government.  They stole data on more than 5,000 individuals, as well as info

Security researchers Adi Sharabani and Yair Amit  have disclosed details about a widespread vulnerability in iOS apps , that could allow hackers to force the apps to send and receive data from the hackers' own servers rather than the legitimate ones they were coded to connect to. Speaking about the issue at RSA Conference Europe 2013 in Amsterdam, researchers have provided details  on this  vulnerability , which stems from a commonly used approach to URL caching. Demonstration shows that insecure public networks can also provide stealth access to our iOS apps to potential attackers using HTTP request hijacking methods. The researchers put together a short video demonstrating, in which they use what is called a 301 directive to redirect the traffic flow from an app to an app maker's server to the attacker's server. There are two limitations also, that the attacker needs to be physically near the victim for the initial poisoning to perform this attack and t

There are more than 100 Million users who are using Facebook mobile app. Facebook has fixed multiple critical vulnerabilities in its Android based applications that allows hackers to steal access tokens and hijack accounts. Egyptian security researcher Mohamed Ramadan, Security researcher with Attack Secure, has who disclosed  a couple of vulnerabilities in the Facebook Main app and Facebook messenger app and Facebook page's manager application for Android. User's access token is the key to accessing a Facebook account and according to him, an attacker only needs to send a message that contains an attachment of any type, i.e. Videos, documents, and pictures. Once the victim will click on that file to download, immediately victim's access_token will be stored in the Android's log messages called -  logcat ,  that enables other apps to grab user's access token and hijack the account. Video Demonstration: The second flaw which is reported by Ramadan

When you're online, you expose your vulnerability to malicious virus that have been growing in virulence and ferocity over the last few years.  Among home PC users, you may think that you protected from malicious software by Installing an effective, trusted antivirus solution, but most if the Antivirus solutions still it merely finds and removes any known threats. But what if someday you turn on your system and you will find a pop up window with a warning that says " Your system is Locked and Important drives are encrypted and there is no way out unless you will not Pay fine ". This is what Ransomware malware does to your system. Ransomware is the most serious emerging threat in the virtual world of computing devices. Ransomware is a kind of malware which is designed to Block access to the computing system or can lock your system until an amount of money is paid through Internet banking. Ransomware is usually installed when you open a malicious atta

The pro-Assad group Syrian Electronic Army claims it has hacked the President Barack Obama's website , Twitter-Facebook accounts and access email accounts linked to Organizing For Action, the non-profit offshoot of Obama For America, Obama's 2012 campaign operation. Last night,  Syrian Electronic Army (SEA)  hacked into Obama's donation website donate.barackobama.com , which was temporarily redirected to the website of the hacking group ( sea . sy / indexs / ) with a short message: " Hacked by SEA ". The hackers were able to take over only a secondary donations page. It was an older page - still on the site, but was no longer being used. They have also posted fake tweets and updates from Obama's Facebook Page and Twitter accounts, " All  the  links that Barack Obama account tweeted it and post it on Facebook was redirected to a video showing the truth about Syria " Hacker told Mashable in an interview. The attackers also compromised the URL shorten

With all the popular social networking websites there on the web, managing them from several different internet browser tabs or windows can get frustrated very quickly. Besides our own Facebook Page, Twitter account, and Google+ profile, I also manage several others and, YES, I feel the " time management " pain! To make social media management and monitoring easier for users, some very innovative desktop applications and mobile apps were developed to help organize multiple platforms and information sharing across selected networks. Using online tools like TweetDeck, Seesmic, Hootsuite , Feedly, Twuffer and Buffer App for scheduling and posting directly from a web page has become an absolute necessity especially where Twitter is concerned. Additionally these apps gives you the ability to post on one or all of your connected accounts together i.e Multiple Facebook, Twitter or Google+ profiles. These applications don't require your passwords for social me