The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Security researchers at Kaspersky Lab have unearthed new capabilities in the BlackEnergy Crimeware weapon that has now ability to hacking  routers , Linux systems and Windows, targeting industry through Cisco network devices. The antivirus vendor's Global Research & Analysis Team released a report Monday detailing some of the new " relatively unknown " custom plug-in capabilities that the cyber espionage group has developed for BlackEnergy to attack Cisco networking devices and target ARM and MIPS platforms. The malware was upgraded with custom plugins including Ciscoapi.tcl which targets The Borg's kit, and According to researchers, the upgraded version contained various wrappers over Cisco EXEC-commands and " a punchy message for Kaspersky , " which reads, " F*uck U, Kaspersky!!! U never get a fresh B1ack En3rgy. So, thanks C1sco 1td for built-in backd00rs & 0-days. " BlackEnergy malware program was originally created and used by cy

Security researchers from Newcastle University in the UK have found a way to steal larger amounts of money from people's pockets using just a mobile phone, due to a security glitch Visa's contactless payment cards. Contactless payment cards use a cryptoprocessor and RFID technology to perform secure transactions without a need to insert the card in a reader, even an NFC-equipped mobile device may also be used as a payment card. But there is a specified limits country-wise. Contactless payment cards are meant to have a limit of £20 per purchase in UK, using which shoppers can buy things by simply tapping their card on a scanner, without having to type in a PIN. But exploiting a flaw in its protocol could allow cyber criminals to manipulate the cards to transfer up to $999,999.99 in foreign currency into a scammer's account. Researchers on Wednesday at the 21st ACM Conference on Computer and Communications Security, detailed the attack which rely on a "rogue POS te

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

Fredrik Neij – known online as " TiAMO ", third and the last founder of the popular file sharing website The Pirate Bay   has been arrested driving across the border of Laos and Thailand. The 36-year-old fugitive  Fredrik Neij  was convicted by a Swedish court in 2009 of aiding copyright infringement and now he has been arrested under an Interpol warrant after four years on the run. The Pirate Bay allows users to share files, including copyrighted content such as movies and music, through peer-to-peer technology. He fled the country after being released on bail and had been living in Laos with his wife and children since 2012. Neij was arrested on Monday while trying to cross a border checkpoint in Nong Khai province, about 385 miles northeast of Bangkok, with his wife, Police said. " Mr. Neij will be transferred to the immigration headquarters in Bangkok on Wednesday where the Swedish embassy is expected to pick him up and bring him back to Sweden &qu

A Swedish Security researcher has discovered a critical vulnerability in Apple's OS X Yosemite that gives hackers the ability to escalate administrative privileges on a compromised machine, and allows them to gain the highest level of access on a machine, known as root access. The vulnerability, dubbed as " Rootpipe ", was uncovered by Swedish white-hat hacker Emil Kvarnhammar , who is holding on the full details about the privilege escalation bug until January 2015, as Apple needs some time to prepare a security patch. " Details on the #rootpipe exploit will be presented, but not now. Let's just give Apple some time to roll out a patch to affected users, " Emil Kvarnhammar, IT specialist and hacker security company Truesec, tweeted from his twitter account. By exploiting the vulnerability in the Mac OS X Yosemite , an attacker could bypass the usual safeguard mechanisms which are supposed to stop anyone who tries to root the operating system through a tempora

Do you use  TextSecure Private Messenger  for your private conversations? If yes, then Are you sure you are actually using a Secure messaging app? TextSecure , an Android app developed by Open WhisperSystems , is completely open-source and claims to support end-to-end encryption of text messages. The app is free and designed by keeping privacy in mind. However, while conducting the first audit of the software, security researchers from Ruhr University Bochum found that the most popular mobile messaging app is open to an Unknown Key-Share attack . After Edward Snowden revealed state surveillance programs conducted by the National Security Agency, and meanwhile when Facebook acquired WhatsApp , TextSecure came into limelight and became one of the best alternatives for users who want a secure communication. " Since Facebook bought WhatsApp , instant messaging apps with security guarantees became more and more popular ," the team wrote in the paper titled,

One of the most popular content management systems, Drupal , is warning its users to consider their websites as compromised unless their sites were updated immediately with a security patch released on 15 October 2014. Drupal is an open source software package which provides a Content management system (CMS) for websites including MTV, Popular Science, Sony Music, Harvard and MIT. Drupal is used to power roughly 1 billion websites on Internet, which puts Drupal in third place behind the juggernaut Wordpress and then Joomla. Drupal's security team has released a " public service announcement " on Wednesday for its users to warn them of the SQL injection attack revealed two weeks ago, compromising almost 12 million of the widely used Drupal 7 websites. Users are asked to immediately update their websites to Drupal 7.32 within seven hours of the announcement of the vulnerability. " Automated attacks began compromising Drupal 7 websites that were not patched

Dear THN Readers, ' The Hacker News ' is celebrating its 4th Anniversary today and we would like to thank every single Hacker, Researcher, Journalist, Enthusiast who has contributed to our phenomenal growth. When we began our journey 4 years back as a Small Local Community of few Hackers and Security Researchers, we had a dream of providing the Hacking Community with World's not first but best Hacking and IT Security News Platform. We wanted to gift hacking community members and security researchers their own trusted and an unique News platform, which is run by Hackers and dedicated to Hackers, a platform which is free from Censorship, Conventions, Governments and Borders. Now, we have been Internationally recognized as a leading news source dedicated to promoting awareness for cyber security experts and hackers. We are happy to announce that this project is now Supported and endorsed by thousands of Security Experts, administrators and members of vario

In order to secure sensitive information such as Finance, many companies and government agencies generally use totally secure computer systems by making sure it aren't connected to any network at all. But the most secure systems aren't safe anymore. Security researchers at the Cyber Security Labs at Ben Gurion University in Israel have found a way to snoop on a personal computer even with no network connection. STEALING DATA USING RADIO SIGNALS Researchers have developed a proof-of-concept malware that can infiltrate a closed network to lift data from a machine that has been kept completely isolated from the internet or any Wi-Fi connection by using little more than a mobile phone's FM radio signals. Researcher Mordechai Guri , along with Professor Yuval Elovici of Ben Gurion University, presented the research on Thursday in the 9th IEEE International Conference on Malicious and Unwanted Software ( MALCON 2014 ) held at Denver. This new technology is kno

If you are fan of the largest social networking site Facebook, but also want to remain anonymous while using your Facebook account, then there is really a Good news for you. Facebook on Friday began offering a way for security and Privacy conscious users to connect to its social networking service using the anonymizing service running on the Tor networ k, by launching a .onion address. This is really a historic move of the social network. Tor Browser is an open source project, launched in 2002, designed to increase the anonymity of your activities on the Internet by not sharing your identifying information such as your IP address and physical location with websites and your service providers. Browsing and data exchange over a network is made through encrypted connections between computers. The social network just created a special URL – https://facebookcorewwwi.onion – that will allow users running Tor-enabled browsers to connect Facebook's Core WWW Infrastructure. Hidden service