The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Cyber criminals have explored one more way to exploit Heartbleed OpenSSL bug against organisations to hijack multiple active web sessions conducted over a virtual private network connection. The consulting and incident response Mandiant investigated targeted attack against an unnamed organization and said the hackers have exploited the " Heartbleed " security vulnerability in OpenSSL running in the client's SSL VPN concentrator to remotely access active sessions of an organization's internal network. The incident is the result of attacks leveraging the OpenSSL Heartbleed vulnerabilities, which resides in the OpenSSL's heartbeat functionality, if enabled would return 64KB of random memory in plaintext to any client or server requesting for a connection. The vulnerability infected almost two-third of internet web servers, including the popular websites. Recently, there has been an arrest of a Canadian teen of stealing usernames, credentials, session IDs and other da

A new piece of malicious malware infection targeting jailbroken Apple iOS devices in an attempt to steal users' credentials, has been discovered by Reddit users. The Reddit Jailbreak community discovered the malicious infection dubbed as ' Unflod Baby Panda ', on some jailbroken Apple iOS devices on Thursday while a user noticed an unusual activity that the file was causing apps such as Snapchat and Google Hangouts to crash constantly on his jailbroken iPhone. CHINA WANTS YOUR APPLE ID & PASSWORDS Soon after the jailbroken developer uncovered the mysteries ' Unfold.dylib ' file and found that the infection targets jailbroken iOS handsets to captures Apple IDs and passwords from Internet sessions that use Secure Socket Layer (SSL) to encrypt communications and is believed to be spreading through the Chinese iOS software sites, according to the researchers at German security firm SektionEins . The researchers found that the captured login information is been sent

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

The growing threat of cyber-attacks and network hacking has reached the satellite-space sector, posing a growing challenge to the satellite operators. Because the satellite system are the critical components for the Nation to a modern military, they have become an attractive target of cyber attacks . A security firm uncovered a number of critical vulnerabilities, including hardcoded credentials, undocumented and insecure protocols, and backdoors in the widely used satellite communications (SATCOM) terminals, which are often used by the military , government and industrial sectors. By exploiting these vulnerabilities an attacker could intercept, manipulate, block communications, and in some circumstances, could remotely take control of the physical devices used in the mission-critical satellite communication (SATCOM). Once the attacker gained the access of the physical devices used to communicate with satellites orbiting in space, he can completely disrupt military ope

Half of the Internet fall victim to the biggest threat, Heartbleed bug and even the most popular online anonymity network Tor is also not spared from this bug. Tor is one of the best and freely available privacy software, runs on the network of donated servers that lets people communicate anonymously online through a series of nodes that is designed to provide anonymity for users and bypass Internet censorship. When you use the Tor software, your IP address remains hidden and it appears that your connection is coming from the IP address of a Tor exit relay or nodes, which can be anywhere in the world. An Exit relay is the final relay that Tor encrypted traffic passes through before it reaches its destination. But some of these Tor exit nodes are running on the servers with the affected version of OpenSSL installed which are vulnerable to the critical Heartbleed Flaw. This means an attacker can grab the hidden information from the Tor network which is actually restricte

Have you ever been somewhere and urgently you need a file stored in your home computer ? This is very common situation that most of us deal with, but now rather returning home and get it, Google has offered a better solution for this problem. Google – one of the most innovative tech companies on the planet, famous for providing new technologies to make every job easy for its users, has released Google's Chrome Remote Desktop service today for your Android Smartphones to remotely control your PC anytime, from anywhere. Google's Chrome Remote Desktop app for Android provides an easier and secure interaction of your computer with your Android Smartphones. So, using this app you can control your desktop system or PC remotely from anywhere using your Android Smartphone, provided your Mac, Windows or Linux system has Chrome Remote Desktop app installed and running. Google first introduced this service in 2011, which allowed users of Chrome OS or Chrome browser to remotel

A teenager has been arrested by the Canadian police in relation to the infamous malicious breach on the country's taxpayer system using one of the most critical internet flaws, Heartbleed . Heartbleed bug , that made headlines over past two weeks and every websites around the world flooded with its articles. Every informational website, Media and Security researchers are talking about Heartbleed, probably the biggest Internet vulnerability in recent history. According to the Royal Canadian Mounted Police (RCMP), a 19-year-old ' Stephen Arthuro Solis-Reyes ' of London, Ontario, is charged with the unauthorized access of the computer and criminal mischief in relation to the data breach of taxpayer's private information from the Canada Revenue Agency (CRA) website. " The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible ," Assistant Commissioner Gilles Michaud said in