#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Operation Cleaver — Iranian Hackers Targeting Critical Infrastructure Worldwide

Operation Cleaver — Iranian Hackers Targeting Critical Infrastructure Worldwide

Dec 05, 2014
For over past two years, Iranian hackers have infiltrated computer networks of some of the world's top organizations including airlines, defense contractors, universities, military installations, hospitals, airports, telecommunications firms, government agencies, and energy and gas companies, security researchers said. An 87-page report published by the U.S. cyber security firm Cylance says Iranian state-sponsored hackers have hacked critical infrastructure of more than 50 organizations in 16 countries worldwide in a cyber-espionage campaign that could allow them to eventually cause physical damage. Among the targeted organizations, ten are reportedly based in the United States. The threat-detection firm dubbed the campaign as " Operation Cleaver ," which aimed at gathering data from various agencies. The group reportedly stole highly sensitive information and took control of networks in Canada, China, England, France, Germany, India, Israel, Kuwait, Mexic
Google's reCAPTCHA can tell if You're a Spambot or Human with Just a Click

Google's reCAPTCHA can tell if You're a Spambot or Human with Just a Click

Dec 04, 2014
Many a time we deal with those strange words and phrases that ask us to type them back in plaintext while signing up for an account. Yes, those increasingly annoying CAPTCHAs !!, which are both time-consuming and sometimes very difficult to read. If you really are tired of these distorted series of characters then there is a good news for you. For the convenience of people, Google has re-introduced a new CAPTCHA system with full makeover called reCAPTCHA , in order to make it easy for users who squint their eyes and make errors while typing. This new CAPTCHA-like system will allow people into websites with only a single click. CAPTCHA actually stands for " Completely Automated Public Turing test to tell Computers and Humans Apart " which is used by online services and websites only to verify that you're not a robot and restricts various automated programs to sign-up Email accounts, cracking passwords , spam sending, privacy violation etc. However, now we'l
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Hacking PayPal Account with Just a Click

Hacking PayPal Account with Just a Click

Dec 03, 2014
The eBay owned popular digital payment and money transfer service, PayPal has been found to be vulnerable to a critical web application vulnerability that could allow an attacker to take control over users' PayPal account with just a click , affecting more than 156 millions PayPal users. An Egyptian security researcher, Yasser H. Ali has discovered  three critical vulnerabilities in PayPal website including CSRF , Auth token bypass and Resetting the security question, which could be used by cybercriminals in the targeted attacks. Cross-Site Request Forgery ( CSRF or XSRF) is a method of attacking a website in which an attacker need to convince the victim to click on a specially crafted HTML exploit page that will make a request to the vulnerable website on their behalf. Mr.Yasser demonstrated the vulnerability step-by-step in the Proof-of-Concept (PoC) video using a single exploit that combines all the three vulnerabilities. According to the demo, using Paypa
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Sony Pictures Hack — 5 Things You Need To Know

Sony Pictures Hack — 5 Things You Need To Know

Dec 02, 2014
What a horrible start the holiday season in U.S. Over Thanksgiving weekend, Sony Pictures Entertainment suffered a massive data breach as "Guardians of Peace" hacked-into Sony Pictures' computer system that brought the studio's network to a screeching halt. Following the hack, hackers leaked five unreleased Sony movies to Torrent file-sharing website during Black Friday. It's still not clear whether both the incident back to back with Sony Pictures belongs to same group of hackers or not, but here's what you need to know about the breach: 1. FBI MALWARE WARNING AFTER SONY PICTURES HACK The U.S. Federal Bureau of Investigation (FBI) warned businesses that cyber criminals have used malicious software to launch destructive cyber-attacks in the United States, following the last week's massive data breach at Sony Pictures Entertainment, in which four unreleased films were stolen and pirate-shared. In a five-page confidential 'flash'
Crash Your Friends' WhatsApp Remotely with Just a Message

Crash Your Friends' WhatsApp Remotely with Just a Message

Dec 01, 2014
A Vulnerability has been discovered in the wildly popular messaging app WhatsApp , which allows anyone to remotely crash WhatsApp just by sending a specially crafted message, two security researchers reported ' The Hacker News '. Two India based independent security researchers, Indrajeet Bhuyan and Saurav Kar, both 17-year old teenagers demonstrated the WhatsApp Message Handler vulnerability to one of our security analyst. In a video demonstration, they showed that how a 2000 words (2kb in size) message in special character set can crash Whatsapp messenger app. Previous it was discovered that sending a huge message ( greater than 7mb in size) on Whatsapp could crash victim device and app immediately, but using this new exploit attacker only need to send a very small size (approx 2kb) message to the victim. The worried impact of the vulnerability is that the user who received the specially crafted message will have to delete his/her whole conversation and start a fresh
Unreleased Sony Pictures Movies Leaked Online After Sony Hack Attack

Unreleased Sony Pictures Movies Leaked Online After Sony Hack Attack

Dec 01, 2014
Following the last week's massive hack attack on Sony Pictures' network by a group calling themselves "#GOP," or Guardians of Peace , high-quality versions of several of the studio's newest films have hit piracy websites. It seems like matters for Sony Pictures is getting worse with time. Sony Pictures Entertainment has reportedly begun investigating links to North Korea of the possible cyberattack occurred last week that made the studio's internal email systems offline, which was still offline at the time of writing. Now its five movie screeners – Annie , Fury , Still Alice , Mr. Turner and To Write Love on Her Arms – have made their way onto torrent file-sharing websites, though it has not been confirmed that the leak of all the films came from the same breach. "Still Alice" starring Julianne Moore, Alec Baldwin – US release date: Jan 16, 2015 "Mr Turner" starring Timothy Spall. – US release date: Dec 19, 2014 "Ann
Cybersecurity Resources