The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

When it comes to Digital Forensics, Penetration and Security testing, we mostly relies on Kali Linux distribution (also known as Backtrack), which is designed for security professionals and packed with more than 300 security testing tools. But Today, Mailing List sub-domain of Kali Linux get hacked and defaced by Libyan hacking group known as ' The GreaT TeAm (TGT) '. A mailing list is simply a list of email addresses to which the same information is being sent. A discussion list is used to allow a group of people to discuss topics amongst themselves, with everyone able to send mail to the list and have it distributed to everyone in the group. Mailing lists have become a popular way for Internet users to keep up with topics they're interested in. At the time of writing, The Homepage of Kali Linux mailing list domain was displaying two lists, i.e. Kali with description "Hacked By The GreaT TeAm -TGT" Kali-Dev with description "Libyan Hackers" S

The massive data breaches in U.S largest retailers ' Target ', marked the largest card heists in the U.S. history in which financial credentials of more than 110 million customers were compromised, have forced the retailer to take step towards more secure transactions. The retailer company on Tuesday said it is implementing chip-and-PIN payment card systems for its stores and will be soon working with the MasterCard to replace all of its REDcard customer cards to chip-and-PIN secured cards. The transition to chip-and-Pin-enabled REDcards is set to begin in early 2015. " The new payment terminals will be in all 1,797 U.S. stores by this September, six months ahead of schedule. In addition, by early next year, Target will enable all REDcards with chip-and-PIN technology and begin accepting payments from all chip-enabled cards in its stores, " the company said. The chip-and-PIN system, also known as the EMV standard. Instead of using a magnetic stripe to store fina

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

The founder of 4chan , Christopher Poole , aka "moot" has confirmed few hours ago, in a blog post that the popular image-based bulletin board was hacked. The attacker gained access to the administrative functions and successfully hacked into one of 4chan's database by exploiting a website's software vulnerability last week. The motive behind the hack was to expose the posting habits of a specific user the attacker didn't like, moot wrote. It is believed that the software vulnerability allowed the attacker to hack into only the image-board moderation panels, and some tables in the 4chan back-end database . According to the blog post, the way hacker extracted the information from its database, 4chan knows the " detailed logs of what was accessed", which indicate that the "primarily moderator account names " and their "credentials" were targeted and compromised by the hacker. " Due to the way the intruder extracted information from the database, we have detailed logs of wh

If you are a user of the American On-Line (AOL) mail service then you are advised to change your password as soon as possible. AOL Inc. on Monday confirmed the company suffered a massive data breach that may have affected a "significant number" of email accounts. The company has issued a warning to users that their personal information including email addresses, postal addresses, address books, encrypted passwords and the encrypted answers to security question-answers, has been stolen by attackers, the New York-based company said Monday. " The ongoing investigation of this serious criminal activity is our top priority, " AOL said in a blog post . " We are working closely with federal authorities to pursue this investigation to its resolution. Our security team has put enhanced protective measures in place, and we urge our users to take proactive steps to help ensure the security of their accounts ." AOL said it began investigating the

An application should always encrypt users' sensitive data, either it is local or stored on company servers, but still many popular services failed to provide fully secured solutions to their users. Cristian Dinu (DrOptix) and Dragoş Gaftoneanu , Romanian programmers at Hackyard Security Group , a private community dedicated to IT security research approaches ' The Hacker News ' editorial and claimed that the Microsoft owned most popular free voice calling service Skype leaves its local database unencrypted, that puts users' sensitive information at risk. All Skype-to-Skype voice, video, file transfers and instant messages are encrypted. Though, Skype's local database is also supposed to be encrypted because it is sensitive enough, but  Dragoş  found that Skype leaves users' full name, birthday, phone numbers, country, city and even full chat conversations unencrypted on the systems' hard drive in a known location without any encryption or password.

Microsoft confirmed a new Zero Day critical vulnerability in its browser Internet Explorer . Flaw affects all versions of Internet Explorer, starting with IE version 6 and including IE version 11. In a Security Advisory ( 2963983 ) released yesterday, Microsoft acknowledges a zero-day Internet Explorer vulnerability ( CVE-2014-177 6) is being used in targeted attacks by APT groups, but the currently active attack campaigns are targeting IE9, IE10 and IE11. INTERNET EXPLORER 0-DAY VULNERABILITY (CVE-2014-1776) According to Advisory, Internet Explorer is vulnerable to Remote Code Execution, which resides ' in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. ' Microsoft said. Microsoft Investigation team is currently working with FireEye Security experts, and dubbed the ongoing targeted campaign as " Operation Clandestine Fox ". In a blogpost , FireEye explained that an attacker c

Last October, the ' Silk Road ' story broke when its owner Ross William Ulbricht , a 29-year-old who allegedly created and managed the Silk Road underground website, was arrested by the Federal Bureau of Investigation (FBI). The police seized the website that was considered one of the most popular Underground places on the Internet for buying drugs and other illicit goods and services. Just some days after the Shutdown of Silk Road , Authorities in Britain, Sweden, and the United States arrested eight more vendors who dedicatedly used to sell illegal drugs on Silk Road. Yesterday, Cornelis Jan Slomp , a 22-year old Dutch man who allegedly used the Silk Road underground black market website to sell illegal drugs for bitcoins worth millions of dollars has agreed to plead guilty in Chicago federal court to federal drug conspiracy charge filed against him, according to a statement issued by U.S. Attorney Zachary T. Fardon in Chicago and Slomp's lawyer. FBI CASHING OUT  SEI

Reading a 'Note' created by anyone on the Facebook could trick you automatically to do malicious attacks against others unknowingly. A Security researcher Chaman Thapa, also known as chr13 claims that the flaw resides in 'Notes' section of the most popular social networking site - Facebook, that could allow anyone to launch the distributed denial-of-service (DDoS) attack of more than 800 Mbps Bandwidth on any website. A Distributed Denial-of-Service (DDoS) attack is one in which multiple compromised systems attacks a single target system or service to make it unavailable to its intended users. The flood of incoming requests essentially forces the target system or service to shut down, thereby denying service to the system to its legitimate users. While demonstrating the vulnerability on his blog , he explained that Facebook allows its users to include tags inside the post in order to draft a note with beautiful related images from any source. Faceb

Google always bound to face trouble over the wide and open nature of its app checking policies on Google Play Store, and despite so many security measures, the search engine giant mostly fails to recognize the Android malware that are lurking around its Google Play store in vast numbers. Recently, Google had offered users refund and additional credit of $5 for the bogus antivirus app ' Virus Sheild ' that potentially defrauded more than 10,000 Android users who have downloaded the app from the Google play store. The step taken by Google is really appreciated, as the refunding cost Google around $269,000. Now, it has been found that a number of malicious Android apps on the Google Play store secretly turn users' android devices into small rigs contributing to a large-scale crypto currency mining operation. CRYPTO MINER IN ANDROID APP Security researchers from an anti-malware firm Lookout have identified various malware apps at Google Play Store, which they dub

Although the number of malicious browser extensions has significantly increased in the past years, but recently a new extension of the Google Chrome is allegedly targeting Cryptocurrency users that is capable of stealing Bitcoins and other crypto coins silently. The malicious Chrome browser extension dubbed as ' Cryptsy Dogecoin (DOGE) Live Ticker ' which is available on Chrome Web store for free downloads and developed by " TheTrollBox " account. Reddit user noticed that the updated version of the extension has a malicious code, which is designed to hijack the crypto currency transactions. HOW CHROME EXTENSION STEALS CRYPTOCURRENCY It is very obvious that the kind of crypto related software extensions is downloaded only by the users who deal with the digital currency. So, once the user installed the malicious extension, the software within the extension starts monitoring users' web activity and looks for those users who go to Cryptocurrency exchange sites s

Until now, our privacy has been violated by many big Internet Services, including Google who uses our personal information for the advertising purposes and this is exactly how the companies handle the mass of personal data we provide them. But, recent report about another big giant Microsoft shows that it omits almost all other privacy aspects, as it targets ' Integrity ' of our data. To hold on our large data, having backups is always a good idea and many of us prefer cloud-based backup solutions such as Google Drive, Dropbox, Box, RapidShare, Amazon Cloud Drive to store and secure our personal data. But, unfortunately with Microsoft OneDrive storage service, it doesn't work. Microsoft fails to deliver integrity to its users as Microsoft's OneDrive for Business cloud-based storage service has been modifying users' files when they are uploading to Cloud storage, according to an Ireland based Storage technology researcher Seán Byrne, who posted about it in a Myce

Last week we reported a critical vulnerability in the world's most popular messaging application WhatsApp, that could expose users' GPS location data to hackers  and was discovered by the researchers at UNH Cyber Forensics Research & Education Group. Same Group of researchers reported new set of vulnerabilities in another most popular messaging application ' VIber '. They claimed that Viber's poor data security practices threaten privacy of its more than 150 million active users. Cross Platform messaging app Viber allows registered users to share text messages, images, doodles, GPS Location and videos with each other, along with its popular free voice calling feature which is available for Android, iOS, Windows Phone, Blackberry and Desktops as well. The researchers found that users' data stored on the Viber Amazon Servers including images and videos are stored in an unencrypted form that could be easily accessed without any authentication i.e.which giv