The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Data security is a big task for businesses as well as a challenge for IT leaders, whether it be securing networks or devices. Past few months, we often came across various data breaches, the largest among all was Target data breach , which cost a business nearly $50,000 in lost productivity, replacement and data recovery.  Once a bad actor has stolen your hardware or compromised your network, the ability to lock down sensitive data is predominant. To help mitigate these threats in order to protect businesses against data breaches without even damaging performance, Intel has announced its latest enterprise-class solid state drives (SSDs) that are self-encrypting, packaged with some powerful security and management features. The New Intel SSD 2500 Pro Series of solid state drives offers significant performance with hardware-based 256-bit self-encryption to reduce the impact on the performance. Intel SSD 2500 Pro Series will be offered in both 2.5-inch SATA and M.2

Security researchers from Russian Internet giant Yandex have discovered a new piece of malware that is being used to target Linux and FreeBSD web servers in order to make them a part of the wide botnet, even without the need of any root privileges. Researchers dubbed the malware as Mayhem, a nasty malware modular that includes a number of payloads to cause malicious things and targets to infect only those machines which are not updated with security patches or less likely to run security software. So far, researchers have found over 1,400 Linux and FreeBSD servers around the world that have compromised by the malware , with potentially thousands more to come. Most of the compromised machines are located in the USA, Russia, Germany and Canada. Three security experts, Andrej Kovalev, Konstantin Ostrashkevich and Evgeny Sidorov , who work at Russia-based Internet portal Yandex, discovered the malware targeting *nix servers . They were able to trace transmissions from th

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

A French information security company VUPEN has recently disclosed that it held onto a serious Internet Explorer (IE) vulnerability for at least three years before revealing it at the Pwn2Own hacker competition held in March this year. The critical zero-day vulnerability affected versions 8, 9, 10 and 11 of Internet Explorer browser that allowed attackers to remotely bypass the IE Protected Mode sandbox. An attacker can exploit this issue to gain elevated privileges. VULNERABILITY DISCLOSURE TIMELINE According to a disclosure made by the security company last week, the vulnerability with ID  CVE-2014-2777  was discovered by the company on 12 February 2011, which was  patched by Microsoft  last month. 12 February 2011 - IE Zero-day discovered by Vupen. 13 March 2014 - Vupen reported to Microsoft. 11 June 2014 - Microsoft Released patch and publicly released the advisory . Sandbox is security mechanism used to run an application in a restricted environment. If an attacker is ab

The users of WordPress, a free and open source blogging tool as well as content management system (CMS), that have a popular unpatched wordPress plugin installed are being cautioned to upgrade their sites immediately. A serious vulnerability in the WordPress plugin, MailPoet , could essentially allows an attacker to inject any file including malware, defacements and spam, whatever they wanted on the server and that too without any authentication. MailPoet, formerly known as Wysija Newsletter , is a WordPress plugin with more than 1.7 million downloads that allows developers running WordPress to send newsletters and manage subscribers within the content management system. In a blog post, the security researcher and CEO of the security firm Sucuri , Daniel Cid, pointed out the vulnerability to be serious and said that within three weeks since the vulnerability unveiled, over 50,000 websites have been remotely exploited by the cybercriminals to install backdoors targeting the vulner

The critical zero-day security flaws, discovered in the privacy and security dedicated Linux-based Tails operating system by the researcher at Exodus Intelligence that could help attackers or law enforcements to de-anonymize anyone's identity, actually lie in the I2P software that's bundled with the Operating System. Exodus Intelligence has released some details and a video evidence that demonstrate an exploit against the found vulnerability unmasking an anonymous user of the Tails operating system. The researchers at Exodus claims they can use the vulnerability to upload malicious code to a system running Tails, execute the payload remotely, and de-anonymize the targeted users' public IP address as well. Tails is a security-focused Debian-based Linux distribution and a suite of applications that can be carried on a USB stick, an SD card or a DVD. It keeps users' communications private by running all connectivity through Tor , the network that routes traffic through

The critical zero-day security flaws has been discovered in the privacy and security dedicated Linux-based operating system " Tails " that could be used by an attacker to unmask your identity. Tails, which is been used and recommended by the global surveillance whistleblower Edward Snowden to remain Anonymous, has a suite of privacy applications and designed to keep users' communications private by running all connectivity through Tor , the network that routes traffic through various layers of servers and encrypts data. But unfortunately, the highly secured OS has several critical zero-day vulnerabilities that could help attackers or law enforcements to de-anonymize anyone and allows to perform remote code execution , according to a researcher at Exodus Intelligence who uncovered the flaws but didn't publish the details about it. The Texas-based security firm, Exodus Intelligence , tweeted on Monday that it had found several remote code execution vulnerabilities i