The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The Christmas spirit has finally arrived. It's Christmas Day, a time for family and friends. We have had another wonderful year here at ' The Hacker News ', so we not only want to wish you a Happy Holidays and Merry Christmas, but also thank you for reading our articles, commenting, sending tips and joining us for spreading Cyber awareness. We really appreciate your support and engagement with THN and with same goal i.e. To provide the most up-to-date information on a wide variety of topics that relate to hackers and security experts worldwide, we will return back with new ideas, gifts and stories from 1st January, 2014. Merry Christmas and a Blessed and Happy New Year to you and yours.

According to media reports in September, documents released by whistleblower Edward Snowden have confirmed the existence of backdoor in some technologies RSA . Last Friday, The Reuters News Agency accused the Security firm RSA for taking a $10 million ' bribe ' from the National Security Agency ( NSA ) in order promote a flawed encryption by including it in its BSAFE product to facilitate NSA spying . Today In a blog post , RSA has categorically denied accusation about any secret partnership with the National Security Agency to insert backdoor. " Recent press coverage has asserted that RSA entered into a "secret contract" with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation. " " We have never entered into any contract or engaged in any project with the intention of weakening RSA's products " the company said. The company gave the following reasons for choosing and promoting

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

As the year draws to a close, we have seen the number of emerging threats like advance phishing attacks from the Syrian Electronic Army , financial malware and exploit kits, Cryptolocker ransomware infections, massive  Bitcoin theft, extensive privacy breach from NSA and many more. The financial malware's were the most popular threat this year. Money is always a perfect motivation for attackers and cyber criminals who are continually targeting financial institutions. On Tuesday, Antivirus firm Symantec has released a Threat report, called " The State of Financial Trojans: 2013 ", which revealed that over 1,400 financial institutions have been targeted and compromised millions of computers around the globe and the most targeted banks are in the US with 71.5% of all analyzed Trojans. Financial institutions have been fighting against malware for the last ten years to protect their customers and online transactions from threat. Over the time the attackers adapted to these counter

If you love iPhone you are surely going to love this news. iOS 7 was released in 3 months before and today finally the  evad3rs team has released   an untethered jailbreak  for iPhone , iPad, and iPod devices running  iOS 7.0 through iOS 7.0.4. The evasi0n installer is compatible with Windows, Mac OS X and Linux so no matter what operating system you're on, you should be able to jailbreak your device. Jailbreaking is the procedure of modifying the iOS of your iPhone to remove the limitations imposed by Apple. This allows a user to access and install a lot of new applications, software and other similar content which otherwise are not made available to iPhone users through the Apple Store. The process is very simple, and within five minutes you can jailbreak your device. According to the instructions, iTunes must be installed if you're running Windows and the only prerequisite is that the device should be running iOS 7.0.4. Team advice user to backup device data before using evas

Data breaches and security incidents are a constant in the headlines these days. Hackers and cyber criminals   are motivated by status or money and finding new innovative and more creative attacks to achieve this. One of them are, Digital Bank robbery  - where the thieves didn't need masks and guns to pull off the job, all they need are - Hacking Skills, a computer and the Internet. Another way is  Cyber extortion  - threat of attack against an enterprise or a bank, coupled with a demand for money to avert or stop the attack. According to Haaretz news, A Hacker - who is the operator of a biggest botnet malware network in the Israel, has threatens 3 major Israeli banks, i.e. Israel Discount Bank, Bank Yahav and the First International Bank of Israel. " Bank received an e-mail message threatening that unless they handed over a certain sum in Bitcoins by the end of next week, a list of customers' details would be given to hostile elements. " Banks database, network an

If you own a world-renowned Security Product or a Service, National Security Agency (NSA) is ready to pay you 10 Million or more bribe for keeping intentional backdoor for them. According to an exclusive report published by Reuters , there is a secret deal between the NSA and respected encryption company RSA to implement a flawed security standard as the default protocol in its products. Earlier Edward Snowden leaks had revealed that the NSA created a flawed random number generation system (Dual_EC_DRBG), Dual Elliptic Curve , which RSA used in its Bsafe security tool and now Snowden has revealed that RSA received $10 million from NSA for keeping Encryption Weak. So, anyone who knows the right numbers used in Random number generator program, can decipher the resulting cryptotext easily. Recommending bad cryptographic standard is one thing, but accepting 10 million to deliberately implement is something very shameful for a respected Security company. The new revelation is impor

Security experts at Mandiant intelligence firm have discovered a new intrusion into the network of The Washington Post , it is the third time in the last three years. In time I'm writing it is still not clear the extension of the attack neither an estimation of the losses. Mandiant reported the incident to The Washington Post this week, confirming that exposed data include employees' credentials hash. " Hackers broke into The Washington Post's servers and gained access to employee user names and passwords, marking at least the third intrusion over the past three years, company officials said Wednesday. " a post of the news agency said. Early 2013 the New York Times has announced that during the previous months it was a victim of cyber espionage coordinated by Chinese hacker s, similar attacks was conducted against principal Americans news agencies. The hackers have tried to compromise the email account of journalists to steal sensitive information, they tried

World's largest Bitcoin poker website ' SealsWithClubs ' has been compromised and around 42,000 users' credentials are at risk. Seals With Club  has issued a  Mandatory Password Reset   warning to their users, according to a statement published on the website. The service admitted their database had been compromised and revealed that the data center used until November was breached, resulting 42,020 hashed password theft. " Passwords were salted and hashed per user, but to be safe every user MUST change their password when they next log in. Please do so at your earliest opportunity. If your Seals password was used for any other purpose you should reset those passwords too as a precaution. " and " Transfers may be disabled for a short period of time.". Seals With Clubs used SHA1 hash functions to encrypt the passwords, but SHA1 is outdated and easy to crack if not salted. ' StacyM ', a user then posted the hashed passwords on a web forum o

' RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis ', is an interesting paper recently published by Three Israeli Security Researchers at Tel Aviv University . They claimed that, they have successfully broken one of the most secure encryption algorithms, 4096-bit RSA , just by capturing Computer's CPU Sound while it runs decryption routines. Daniel Genkin, Adi Shamir (who co-invented RSA), and Eran Tromer , uses a side channel attack and through a process called " acoustic cryptanalysis ", they successfully extracted 4096-bit RSA key From GnuPG. " We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away, " The paper specifies some possible implementations of this attack. Some email-client softwares i.e. Enigmail can automatically decrypt incoming e-mail (for notification purposes) using GnuPG. An attacker can e-mail suitably-

If you own Apple's MacBook, you should cover up it's webcam, because there's a possibility someone could be watching you. Like most webcams, the MacBook also has a tiny green light lets you know that the webcam is active, but it's possible for malware to disable this important privacy feature on older Mac computers ( models released before 2008 ). Matthew Brocker and Stephen Checkoway , students from Johns Hopkins University created a proof-of-concept app called " iSeeYou " that confirmed that MacBook iSight webcams can spy on their users without the warning light being activated. A young man recently pleaded guilty in court to extortion after he performed a remote hack on Miss Teen USA's webcam to secretly collect nude photos. It was revealed through court papers that the FBI has the ability to do the same thing with a variety of current laptops including Apple products. To make it possible, they created a modified version of the iSight firmware and t

If you have shopped something during the Black Friday weekend from Target's U.S based Retailer stores, then please pay serious attention - Your Credit and Debit card account may have been at Risk. There are more than 1,500 Target stores throughout the U.S and 40 Million credit and debit card accounts of Target's customers may have been stolen during the height of the holiday shopping season, according to a statement  published by the company. Somehow thieves allegedly gained access to personal data in stores when customers swiped their cards at the register. That information is then typically sold to buyers who then make bogus debit or credit cards with it. So the customers who made purchases by swiping their cards at terminals in its U.S. Stores between November 27 and December 15 may have been exposed.  Krebs who broke the story reports that the breach does not impact shoppers who purchased items online. Target has not disclosed exactly how the data breach occurr

Cyber Criminal activity associated with the financial Trojan programs has increased rapidly during the past few months. However, the Tor -based architecture is the favorite one with online criminals, to hide their bots and the botnet's Command-and-Control real location from the security researchers. Security Researchers at anti-virus firm  Kaspersky Lab have discovered a new Tor-based  banking trojan , dubbed " ChewBacca " (" Trojan . Win32 . Fsysna . fej ")  , that steal banking credentials and hosted on a Tor . onion domain. This protects the location of a server as well as the identity of the owner in most cases. Still there are drawbacks preventing many criminals from hosting their servers within Tor. Due to the overlay and structure, Tor is slower and timeouts are possible. Massive botnet activity may influence the whole network, as seen with Mevade, and therefore let researchers spot them more easily. ChewBacca   malware is not first that adopt Tor for