#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

10th Anniversary of the World’s first Mobile Malware 'Cabir'

10th Anniversary of the World's first Mobile Malware 'Cabir'

Jan 27, 2014
The year 2014 starts with the formation of new mobile malware like ' Android . HeHe ', with the ability to steal text messages, intercept phone calls, and other malware such as ' XXXX . apk ' uses WiFi networks or hotspots to steal information, infected more than 24,000 Devices. But it should not be forgotten by us that 2014 marks the 10th Anniversary of the World's First mobile malware . FortiGuard Labs has published a whitepaper  that briefly explains the major mobile threats from 'Cabir' to 'FakeDefend' over the last decade. The world's first mobile malware was ' Cabir ', detected in 2004 when mobiles were not so popular among all of us. It was developed by the group of hackers known as 29A , designed to infect the Nokia Series 60 , the most popular Smartphone platform with tens of millions users worldwide at that time. The name " Caribe " appears on the screen of the infected phones and the worm spreads itself by seeking other devices such as
Israeli Defense computer hacked in Spear Phishing Attack

Israeli Defense computer hacked in Spear Phishing Attack

Jan 27, 2014
Hackers broke into an Israeli defense ministry computer via an email attachment tainted with malicious software. Reuters reported Israeli Defense is the latest illustrious victim of the Spear Phishing Attack , and hackers penetrated into an Israeli defense ministry computer using a malicious email as a vector. Aviv Raff , Chief Technology officer at Seculert , confirmed that an Email with a malicious attachment that looked like it had been sent by the country's Shin Bet Secret Security Service. The attackers have penetrated into the network of Israeli Defense accessing to 15 computers, one of them managed by the Israel's Civil Administration that monitors Palestinians in Israeli-occupied territory. The Civil Administration is a unit of Israel's Defense Ministry that control the passage of goods between Israel and the West Bank and Gaza Strip. It is clear that the information contained in the infected system represents a precious target for someone that intend to examin
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Possible Data Breach at Arts and Crafts Retailer 'Michaels Store'

Possible Data Breach at Arts and Crafts Retailer 'Michaels Store'

Jan 27, 2014
Western landscapes are facing a hell lot of data breaches started with Target , Neiman Marcus and now country's largest crafts chain ' Michael's Art and Crafts ' may be is the latest retailer hit by a security breach. In a statement, Irving, Texas-based company acknowledged a possible data security breach that may have affected its customers' payment card information at its 1250 stores across the United States and Canada. They also announced that it is working closely with federal law enforcement and is conducting an investigation with the help of third-party data security experts to establish the facts. " Michaels said in its statement that it had "recently learned of possible fraudulent activity on some US payment cards that had been used at Michaels, suggesting that the company may have experienced a data security attack " company said . CEO Chuck Rubin said that the company has not confirmed a breach, but wanted to alert customers:
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Bangladeshi Hackers defaced BCCI website after Board approves ICC takeover proposal

Bangladeshi Hackers defaced BCCI website after Board approves ICC takeover proposal

Jan 27, 2014
Apart from various Government websites falling victim to Hacking attacks, the latest to be targeted by hackers belongs to the world's richest cricket Board, the Board of Control for Cricket in India (BCCI). Late night on 26th January ( 65th Republic Day of India ), the official website of Indian cricket's Governing body, BCCI.TV has been defaced by Bangladeshi hacker who goes by the name Ashik Iqbal Chy . The ' About Us ' page on the website has the message " Don'T MesS UP WitH TiGeRs! " along with the image of the Bangladesh national cricket team running with the Bangladeshi Flag. The ' Attack ' on BCCI's website is most likely in response to the latest draft proposal, which aims to shift the control of global cricket from the hands of International Cricket Council (ICC) into the hands of top three cricket boards BCCI, Cricket Australia (CA), England and Wales Cricket Board (ECB) ; therefore the fate of cricket in smaller countries like Bangladesh, New Zeala
Google announces $2.7 million Reward for hacking Chrome OS at Pwnium Contest

Google announces $2.7 million Reward for hacking Chrome OS at Pwnium Contest

Jan 27, 2014
Pwnium is the annual Hacking competition where Google invites coders from around the world to find security holes in Google Chrome. Google has announced its 4th Pwnium Hacking Contest hosted at the Canadian Security conference in March, offering more than $2.7 million in potential rewards for hacking Chrome OS-running ARM and Intel Chromebook. This year the security researchers have a choice in between an ARM-based Chromebook, the HP Chromebook 11 (WiFi) and the Acer C720 Chromebook (2GB WiFi) based on Intel's Haswell microarchitecture . The attack must be demonstrated against one of these devices running " then-current " stable version of Chrome OS. " Security is a core tenet of Chromium, which is why we hold regular competitions to learn from security researchers. Contests like Pwnium help us make Chromium even more secure ," Jorge Lucángeli Obes, Google Security Engineer said. Amongst the payouts are $110,000 for the browser or s
Yahoo fixes Critical Remote Command Execution vulnerability

Yahoo fixes Critical Remote Command Execution vulnerability

Jan 26, 2014
Cyber Security Expert and Penetration tester, Ebrahim Hegazy has found a serious vulnerability in Yahoo's website that allows an attacker to remotely execute any commands on the server i.e. Remote Command Execution vulnerability. According to Ebrahim blog post , the vulnerability resides in a Chinese subdomin of Yahoo website i.e. https://tw.user.mall.yahoo.com/rating/list?sid= $Vulnerability Any remote user can manipulate the input to the sid parameter in the above URL, that passes the parameter value to an eval() PHP function on the server end. If an attacker is able to inject a PHP code into this web application, it forces the server to execute it, but this method only limited by what PHP is capable of. In a POC Video he has successfully demonstrated few Payloads: Example-1: https://tw.user.mall.yahoo.com/rating/list?sid= ${@print(system("dir"))} Example-2: https://tw.user.mall.yahoo.com/rating/list?sid= ${@print(system("ps"))} Last week, He
Cybersecurity Resources