The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

In the mid of last year a Group of Russian Hackers were accused for allegedly infiltrating the computer networks of more than a dozen major American and international corporations and stole 160 million credit card and debit card numbers over the course of seven years, which were then resold to third parties buyers. WANTED IN U.S AND RUSSIA A Rotterdam court in Netherlands ruled that simultaneous requests from the U.S. and Russia for the extradition of the Russian hacker  Vladimir Drinkman  were admissible,  who is accused of being involved to lead the largest data theft case ever prosecuted in the U.S history, Bloomberg report . But it's not yet clear why Russia demands Drinkman 's extradition, "It's now up to the minister of justice to decide on the extradition, and to decide which country." court ruled. The investigators identified that the defendants have been infiltrating computer networks across the globe since at least 2007, including firms in New Jer

Cyber criminals have explored one more way to exploit Heartbleed OpenSSL bug against organisations to hijack multiple active web sessions conducted over a virtual private network connection. The consulting and incident response Mandiant investigated targeted attack against an unnamed organization and said the hackers have exploited the " Heartbleed " security vulnerability in OpenSSL running in the client's SSL VPN concentrator to remotely access active sessions of an organization's internal network. The incident is the result of attacks leveraging the OpenSSL Heartbleed vulnerabilities, which resides in the OpenSSL's heartbeat functionality, if enabled would return 64KB of random memory in plaintext to any client or server requesting for a connection. The vulnerability infected almost two-third of internet web servers, including the popular websites. Recently, there has been an arrest of a Canadian teen of stealing usernames, credentials, session IDs and other da

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a

A new piece of malicious malware infection targeting jailbroken Apple iOS devices in an attempt to steal users' credentials, has been discovered by Reddit users. The Reddit Jailbreak community discovered the malicious infection dubbed as ' Unflod Baby Panda ', on some jailbroken Apple iOS devices on Thursday while a user noticed an unusual activity that the file was causing apps such as Snapchat and Google Hangouts to crash constantly on his jailbroken iPhone. CHINA WANTS YOUR APPLE ID & PASSWORDS Soon after the jailbroken developer uncovered the mysteries ' Unfold.dylib ' file and found that the infection targets jailbroken iOS handsets to captures Apple IDs and passwords from Internet sessions that use Secure Socket Layer (SSL) to encrypt communications and is believed to be spreading through the Chinese iOS software sites, according to the researchers at German security firm SektionEins . The researchers found that the captured login information is been sent

The growing threat of cyber-attacks and network hacking has reached the satellite-space sector, posing a growing challenge to the satellite operators. Because the satellite system are the critical components for the Nation to a modern military, they have become an attractive target of cyber attacks . A security firm uncovered a number of critical vulnerabilities, including hardcoded credentials, undocumented and insecure protocols, and backdoors in the widely used satellite communications (SATCOM) terminals, which are often used by the military , government and industrial sectors. By exploiting these vulnerabilities an attacker could intercept, manipulate, block communications, and in some circumstances, could remotely take control of the physical devices used in the mission-critical satellite communication (SATCOM). Once the attacker gained the access of the physical devices used to communicate with satellites orbiting in space, he can completely disrupt military ope

Half of the Internet fall victim to the biggest threat, Heartbleed bug and even the most popular online anonymity network Tor is also not spared from this bug. Tor is one of the best and freely available privacy software, runs on the network of donated servers that lets people communicate anonymously online through a series of nodes that is designed to provide anonymity for users and bypass Internet censorship. When you use the Tor software, your IP address remains hidden and it appears that your connection is coming from the IP address of a Tor exit relay or nodes, which can be anywhere in the world. An Exit relay is the final relay that Tor encrypted traffic passes through before it reaches its destination. But some of these Tor exit nodes are running on the servers with the affected version of OpenSSL installed which are vulnerable to the critical Heartbleed Flaw. This means an attacker can grab the hidden information from the Tor network which is actually restricte