The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Following the last week's massive hack attack on Sony Pictures' network by a group calling themselves "#GOP," or Guardians of Peace , high-quality versions of several of the studio's newest films have hit piracy websites. It seems like matters for Sony Pictures is getting worse with time. Sony Pictures Entertainment has reportedly begun investigating links to North Korea of the possible cyberattack occurred last week that made the studio's internal email systems offline, which was still offline at the time of writing. Now its five movie screeners – Annie , Fury , Still Alice , Mr. Turner and To Write Love on Her Arms – have made their way onto torrent file-sharing websites, though it has not been confirmed that the leak of all the films came from the same breach. "Still Alice" starring Julianne Moore, Alec Baldwin – US release date: Jan 16, 2015 "Mr Turner" starring Timothy Spall. – US release date: Dec 19, 2014 "Ann

The popular ride-sharing service Uber has been hit by various controversies lately, but now the things gone even worse for the company when a security researcher made a worrying discovery this week and claims, " Uber's app is literally malware. " The ride-hailing company is in disputes of handling privacy of its customers data. A Phoenix-based security researcher Joe Giron found that a surprising amount of users' data is being collected by the company's mobile application for Android. Researcher, who runs a cyber security firm in Arizona , just reverse-engineered the code of Uber's Android application and come to the conclusion that it is a malware. He discovered that the app " calls home " and sends data back to the company. But this excessive amount of access to users' data is not the sort of app data a taxi company should have access to in the first place. It really seems strange and unnecessary to collect. " Christ man! Why the hell woul

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Syrian Electronic Army (SEA) , a pro-hacker group supposed to be aligned with Syrian President Bashar al-Assad has again gain media attention by compromising a number of popular news websites and displayed a Thanksgiving popups informing people that they've been hacked. The Forbes, The Independent, The Chicago Tribune , The Daily Telegraph , The London Evening Standard, broadcaster CNBC, PC World and the US National Hockey League were among those popular websites affected by the group. This time they apparently targeted a third-party widget that is used by all those compromised websites. It is being reported that the hacker group found a way into registrar GoDaddy to compromise DNS records for the Gigya , a customer identity management platform used by all the sites. Although all site visitors were not affected by the attack, but some visitors using a line of Javascript were redirected to SEA web pages with the message " You've been hacked by the Syrian Elec

It's better for smokers to quit smoking. Are you using electronic cigarettes (E-cigarettes) instead normal ones?? Still, you should quit your smoking habit, because it not only damages your health, but could pose a danger risk to the health of your computer. E-cigarettes have become the latest vector for hackers to distribute malicious software. E-cigarettes manufactured in China are reportedly being used to spread malware via a USB port to computers when users plug in for charging it up. The report broke when an executive at a "large corporation" had been infected with malware from an undetermined source after he quit smoking and switched to e-cigarettes made in China, detailed a recent post to social news forum Reddit . Further investigating the matter, he found that the chargers of the e-cigarettes - bought from the online auction site eBay for $5 - are hard-coded with the malware that infected his workstation despite having latest virus and anti m

Like Facebook and Google, Twitter will soon be collecting your smartphone data in order to provide a " more personal Twitter experience " by serving targeted advertisements. The popular microblogging service Twitter said Wednesday that it will start collecting information about the other applications its users have installed onto their smartphones or tablet in a bid to better target ads and content, which some users may consider as another threat to their online privacy. In the Security and Privacy section of its support site, Twitter says that it will be " collecting and occasionally updating the list of apps installed on your mobile device so we can deliver tailored content that you might be interested in ." The company has updated its app with this new feature for iOS platform on Wednesday, and Android will integrate this new feature in the next week. The app update is opt-out , which means Twitter will start collecting information from users aut

Holiday Shopping season is really an excited time for both shoppers and retailers, but unfortunately it's a good time for cyber criminals and scammers as well. With Black Friday (28th November 2014) and Cyber Monday (1st December 2014) coming up, you need to be more careful while shopping. These are the two very busy shopping days where shoppers spend millions online. Every eye will be on retailers to ensure that consumers' online shopping experiences are straightforward and, most importantly, secure. So, at the major part, retailers need to pay attention to extra security measures in order to prevent themselves from massive data breaches, like Target data breach that occurred last year during the Black Friday sales in which over 40 million Credit & Debit cards were stolen . Not just Target alone, multiple retailers including Neiman Marcu s , Michaels Store were also targeted during last Christmas holiday, involving the heist of possibly 110 million Cr

Adobe has rolled-out an urgent out-of-band update for a critical remote code-execution vulnerability in its popular Flash Player that is currently being exploited by hackers. The critical vulnerability ( CVE 2014-8439 ) in Flash Player for Windows, Mac and Linux was originally mitigated more than a month ago in October 14, 2014 patch release, but a French researcher Kafeine found its exploits in the Angler and Nuclear malware kits after Adobe released a patch, according to security vendor F-Secure. " The vulnerability is being exploited in blind mass attack. No doubt about it : the team behind Angler is really good at what it does ," Kafeine said in a blog post . The vulnerability allows an attacker to execute arbitrary code due to a weakness in the way a dereferenced pointer to memory is handled. An attacker could serve a specially crafted Flash file to trigger the vulnerability, which would lead to the execution of attacker's code in order to take control

We access our Google account from so many devices that we our self forget on how many devices our account is still connected and perhaps we don't use that device anymore. To make this problem easy for you, Google has come up with its new security dashboard which will help you keep better control over the devices that can access your account. The Internet giant on Monday launched a new " Devices and Activity dashboard " with additional insight over the devices which will allow Google Apps users to identify every single active device that has been used to access their account in the last 28 days as well as those currently signed in. Users will now be able to monitor a comprehensive set of details including the last time their account was accessed, location from where their account was accessed, as well as the web browser that was used to open their account. Eran Feigenbaum , security director at the Google for Work team, said admins could quickly change pass

It's a bad day for Sony yesterday!! Sony appears to be hacked once again by hackers, but this time not its PlayStation , instead its Sony Pictures Entertainment – the company's motion picture, television production and distribution unit. According to multiple reports, the corporate computers of Sony Picture employees in New York and around the world were infiltrated by a hacker, displaying a weird skeleton, a series of URL addresses, and a threatening message that reads: "Hacked By #GOP Warning: We've already warned you, and this is just a beginning. We continue till our request be met. We've obtained all your internal data, including your secrets and top secrets. If you don't obey us, we'll release data shown below to the world. Determine what will you do till November the 24th, 11:00 PM (GMT)." News broke after a user, who claimed to be a former Sony staff, posted allegations of the security breach with the defacement image on Reddit . Hack

Security researchers have discovered thousands of backdoored plugins and themes for the popular content management systems (CMS) that could be used by attackers to compromise web servers on a large scale. The Netherlands-based security firm Fox-IT has published a whitepaper revealing a new Backdoor named "CryptoPHP . " Security researchers have uncovered malicious plugins and themes for WordPress, Joomla and Drupal . However, there is a slight relief for Drupal users, as only themes are found to be infected from CryptoPHP backdoor. In order to victimize site administrators, miscreants makes use of a simple social engineering trick. They often lured site admins to download pirated versions of commercial CMS plugins and themes for free. Once downloaded, the malicious theme or plugin included backdoor installed on the admins' server. "By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is