The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

In October, we had reported that the creator of the infamous Blackhole  exploit kit was  arrested in Russia  and now the Russian Ministry of Internal Affairs has also confirmed that ' Paunch ', the mastermind behind infamous  BlackHole  exploit kit, along with Gang of 12 other criminals were arrested on October 4, 2013 in Russia. Russian security firm Group-IB has disclosed that it has assisted the police in the investigation of Paunch, who was residing in the city of Togliatti . 27-years old ' Paunch ' is the author of the notorious BlackHole and Cool exploit kits that are today popular among cybercriminals and costs $500 to $700 a month in for buyers. Cool and Blackhole exploit kits are the ready-made hacking tools for easily serving malware from compromised sites, in result to install malware on users' computers using exploits of zero-day vulnerabilities in latest web browsers. The general damage caused by the criminal gang is estimated around US $2.1

Microsoft today announced that its Digital Crimes Unit ( a center of excellence for advancing the global fight against cybercrime ) has successfully disrupted the ZeroAccess botnet, one of the world's largest and most rampant botnet .The Botnet is " disrupted ," not "fully destroyed" , Microsoft itself admits that " do not expect to fully eliminate the ZeroAccess botnet due to the complexity of the threat. " This is the Microsoft's 8th botnet takedown operation in the past three years. With the help of U.S. Federal Bureau of Investigation  ( FBI ) and Europol's European Cybercrime Centre (EC3), Microsoft led to the seizure of servers that had been distributing malware which has infected nearly 2 million computers all over the world, and with that, ZeroAccess botnet's masters are earning more than $2.7 million every month. ZeroAccess was first identified in 2011 by Symanetc, being used for click fraud, the malware can also be used to illicitly mine the v

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

It is always important to secure our system against outside threats i.e. Hackers, but it also required to protect against insider threats. The potential of damage from an Insider threat can be estimated from the example of Edward Snowden who had worked at the NSA , and had authorized access to thousands of NSA's Secret Documents, networks and systems. ' According to a recent Verizon report, insider threats account for around 14% of data breaches in 2013." Mostly, securing data involves just encryption in the cloud and keeping encryption keys out of the hands of rogue employees, but it is not enough where rogue employees should have access to encryption keys as part of their work. To prevent such risk of rogue employees misusing sensitive data, CloudFlare has released an open source encryption software " Red October ," with " two-man rule " style file encryption and decryption. " Two-man rule ", a control mechanism designed to achieve a hi

JPMorgan Chase , one of the world's biggest Banks has recently announced that it was the victim of a cyber attack and warned round 465,000 of its holders of prepaid cash cards on the possible exposure of their personal information. In the Security Breach that took place on the bank's website www.ucard.chase.com  in July, around 465,000 accounts are compromised i.e. 2% of the overall 25 million UCard users. JPMorgan confirmed that there is no risk for holders of debit cards, credit cards or prepaid Liquid cards. They informed the law enforcement in September, and till now no information on how attackers have conducted the attack has been disclosed. The JPMorgan spokesman Michael Fusco declared that the investigation allowed the identification of victim accounts and the data stolen, the bank already notifying the cardholders of the incident. JPMorgan representative also remarked that hackers haven't stolen money from any user's account, due this reason the company is not i

Just like other Web Browsers, The Google Chrome also offers a password manager feature that can save your logins and basic information for automatic form-filling. The Google Chrome browser stores all your passwords in the plain text format and is available for access by opening the following URL in your Chrome browser – " chrome : //settings/passwords ". Unlike Firefox , till now Google Chrome was not offering any Master Protection. Finally Google has implemented a Master Password protection on Chrome password manager in Windows and Mac. Now you have to enter your Windows account password to reveal the saved passwords. The protection will be lifted for a minute, after entering the password, and after that user need to re-login. Previously, Google was criticized many times for such bad password storage Practice because there is no master password, no security, not even a prompt that " these passwords are visible " and this allows anyone with access to a user's c