The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The Publicized Hacks, Cyber attacks and Data breaches continue to increase, and the majority of attacks are from outsiders. Recently, Some unknown Russian hackers have reportedly stolen Personal details of nearly 54 million Turkish citizens, about 70% of the whole Turkish population. According to a report published by ' Hurriyet News ', Researchers from  KONDA  Security firm revealed that the hackers have stolen data from a political party's  vulnerable  system that include Name, ID numbers and address of 54 million voters across the Nation. Researchers claimed that the hacked system (being used for Database and website Management) did not have any antivirus product installed and voter information was also uploaded online on a vulnerable website. This was really a bad idea, and they mentioned that " in two hours hackers downloaded all the information. " In another statement, they mentioned that some government institutions share citizen's personal data online with o

During a CBS Interview show " 60 Minutes ", The National Security Agency (NSA) officials claimed that China has developed a BIOS based malware that can remotely destroy any computer. Obviously NSA is struggling to repair its image and in an effort to justify their extensive Surveillance programs, The NSA Director General Keith Alexander and Information Assurance Director Debora Plunkett made a number of claims. During that interview NSA officials said that they had foiled a malware attack that could have taken down the U.S. economy. " One of our analysts actually saw that the nation state had the intention to develop and to deliver, to actually use this capability to destroy computers ," Plunkett said. They have mentioned that this malware was distributed via social engineering and targeted emails, although the NSA director mentioned that their researchers worked with computer manufacturers and able to close the respective vulnerability . " This is t

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Today I desire to propose an interview with Andrey Komarov , CEO of IntelCrawler and Dan Clements , President of IntelCrawler. IntelCrawler  is a multi-tier intelligence aggregator, which gathers information and cyber prints from a starting big data pool of over 3, 000, 000, 000 IPv4 and over 200, 000, 000 domain names, which are scanned for analytics and dissemination to drill down to a desired result. I have prepared for them a series of answers and questions to analyze significant evolutions in the cyber-threat landscape: Q. Which are the most concerning cyber threats for private businesses and government organizations? A. Avoiding talking about usual and standard things, of course, the most dangerous and annoying is the emergence of fundamentally new vulnerabilities in critical applications and systems. " Zero day " vulnerabilities market is developing every day and taking the shape of a part of the future cyber warfare market , as it is still in the process of formati

A German Security researcher has demonstrated a critical  vulnerability on Ebay website, world's biggest eStore. According to David Vieira-Kurz  discovered Remote code execution flaw " due to a type-cast issue in combination with complex curly syntax ", that allows an attacker to execute arbitrary code on the EBay's web server. In a demo video, he exploited this RCE flaw on EBay website, and managed to display output of phpinfo()  PHP function on the web page, just by modifying the URL and injecting code in that. According to an explanation on his blog , he noticed a legitimate URL on EBay: https://sea.ebay.com/search/?q=david&catidd=1  . . and modified the URL to pass any array values including a payload: https://sea.ebay.com/search/?q[0]=david&q[1]=sec{${ phpinfo() }}&catidd=1 Video Demonstration: But it is not clear at this moment that where the flaw resides on Ebay server, because how a static GET parameter can be converted to accept like an array

Ransomware , a t hreat to internet users that continues to grow in popularity with cyber criminals due to its success and monetary potential. This is nothing new and to be expected. I have noticed many discussions on underground hacking forums about " How to create Ransomware like Cryptolocker malware " or " Malware - hacking tool-kit with ransomware features ". Security intelligence provider,  IntelCrawler has discovered  a new ransomware variant called Locker that demands $150 (£92) to restore files that it has encrypted. Like Cryptolocker , this new ransomware is also nasty because infected users are in danger of losing their personal files forever. Locker mainly spreads by drive-by downloads from compromised websites, disguised itself as MP3 files and use system software vulnerabilities to infect the end user. Once it has infected a system, malware first checks the infected machine has an internet connection or not. Then it deletes any original files from t