The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

For over past two years, Iranian hackers have infiltrated computer networks of some of the world's top organizations including airlines, defense contractors, universities, military installations, hospitals, airports, telecommunications firms, government agencies, and energy and gas companies, security researchers said. An 87-page report published by the U.S. cyber security firm Cylance says Iranian state-sponsored hackers have hacked critical infrastructure of more than 50 organizations in 16 countries worldwide in a cyber-espionage campaign that could allow them to eventually cause physical damage. Among the targeted organizations, ten are reportedly based in the United States. The threat-detection firm dubbed the campaign as " Operation Cleaver ," which aimed at gathering data from various agencies. The group reportedly stole highly sensitive information and took control of networks in Canada, China, England, France, Germany, India, Israel, Kuwait, Mexic

Many a time we deal with those strange words and phrases that ask us to type them back in plaintext while signing up for an account. Yes, those increasingly annoying CAPTCHAs !!, which are both time-consuming and sometimes very difficult to read. If you really are tired of these distorted series of characters then there is a good news for you. For the convenience of people, Google has re-introduced a new CAPTCHA system with full makeover called reCAPTCHA , in order to make it easy for users who squint their eyes and make errors while typing. This new CAPTCHA-like system will allow people into websites with only a single click. CAPTCHA actually stands for " Completely Automated Public Turing test to tell Computers and Humans Apart " which is used by online services and websites only to verify that you're not a robot and restricts various automated programs to sign-up Email accounts, cracking passwords , spam sending, privacy violation etc. However, now we'l

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

The eBay owned popular digital payment and money transfer service, PayPal has been found to be vulnerable to a critical web application vulnerability that could allow an attacker to take control over users' PayPal account with just a click , affecting more than 156 millions PayPal users. An Egyptian security researcher, Yasser H. Ali has discovered  three critical vulnerabilities in PayPal website including CSRF , Auth token bypass and Resetting the security question, which could be used by cybercriminals in the targeted attacks. Cross-Site Request Forgery ( CSRF or XSRF) is a method of attacking a website in which an attacker need to convince the victim to click on a specially crafted HTML exploit page that will make a request to the vulnerable website on their behalf. Mr.Yasser demonstrated the vulnerability step-by-step in the Proof-of-Concept (PoC) video using a single exploit that combines all the three vulnerabilities. According to the demo, using Paypa

What a horrible start the holiday season in U.S. Over Thanksgiving weekend, Sony Pictures Entertainment suffered a massive data breach as "Guardians of Peace" hacked-into Sony Pictures' computer system that brought the studio's network to a screeching halt. Following the hack, hackers leaked five unreleased Sony movies to Torrent file-sharing website during Black Friday. It's still not clear whether both the incident back to back with Sony Pictures belongs to same group of hackers or not, but here's what you need to know about the breach: 1. FBI MALWARE WARNING AFTER SONY PICTURES HACK The U.S. Federal Bureau of Investigation (FBI) warned businesses that cyber criminals have used malicious software to launch destructive cyber-attacks in the United States, following the last week's massive data breach at Sony Pictures Entertainment, in which four unreleased films were stolen and pirate-shared. In a five-page confidential 'flash'

A Vulnerability has been discovered in the wildly popular messaging app WhatsApp , which allows anyone to remotely crash WhatsApp just by sending a specially crafted message, two security researchers reported ' The Hacker News '. Two India based independent security researchers, Indrajeet Bhuyan and Saurav Kar, both 17-year old teenagers demonstrated the WhatsApp Message Handler vulnerability to one of our security analyst. In a video demonstration, they showed that how a 2000 words (2kb in size) message in special character set can crash Whatsapp messenger app. Previous it was discovered that sending a huge message ( greater than 7mb in size) on Whatsapp could crash victim device and app immediately, but using this new exploit attacker only need to send a very small size (approx 2kb) message to the victim. The worried impact of the vulnerability is that the user who received the specially crafted message will have to delete his/her whole conversation and start a fresh

Following the last week's massive hack attack on Sony Pictures' network by a group calling themselves "#GOP," or Guardians of Peace , high-quality versions of several of the studio's newest films have hit piracy websites. It seems like matters for Sony Pictures is getting worse with time. Sony Pictures Entertainment has reportedly begun investigating links to North Korea of the possible cyberattack occurred last week that made the studio's internal email systems offline, which was still offline at the time of writing. Now its five movie screeners – Annie , Fury , Still Alice , Mr. Turner and To Write Love on Her Arms – have made their way onto torrent file-sharing websites, though it has not been confirmed that the leak of all the films came from the same breach. "Still Alice" starring Julianne Moore, Alec Baldwin – US release date: Jan 16, 2015 "Mr Turner" starring Timothy Spall. – US release date: Dec 19, 2014 "Ann