The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Chinese smartphone manufacturers have been criticized many times for suspected backdoors in its products, the popular Chinese smartphone brands, Xiaomi and Star N9500 smartphones are the top examples. Now, the China's third-largest mobile and world's sixth-largest phone manufacturer 'Coolpad' , has joined the list. Millions of Android smartphones sold by Chinese smartphone maker Coolpad Group Ltd. may contain an extensive "backdoor" from its manufacturer that is being able to track users, push unwanted pop-up advertisements and install unauthorized apps onto users' phones without their knowledge, alleged a U.S. security firm. OVER 10 MILLION USERS AT RISK Researchers from Silicon Valley online security firm Palo Alto Networks discovered the backdoor, dubbed " CoolReaper ," pre-installed on two dozens of Coolpad Android handset models, including high-end devices, sold exclusively in China and Taiwan. The backdoor can let attacke

An online "hacktivist" group that calls itself Anonymous has claimed responsibility for hacking into email accounts of Swedish government in response to the seizure of world renowned The Pirate Bay website and server by Swedish police last week. Apart from Sweden government officials, the Anonymous hacktivist group also claimed to have hacked into the government email accounts of Israel, India, Brazil, Argentina, and Mexico, and revealed their email addresses with passwords in plain-text. The Anonymous group also left a message at the end of the leak: " Warning: Merry Christmas & a Happy New Year to all!! Bye :* " The hack was announced by Anonymous group on their official Twitter account. The tweet also shared a link of Pastebin where leaked data has been dumped with the list of the emails. The tweet reads: " BREAKING: Emails from Swedish government were hacked in retaliation for the seizure of servers of The Pirate Bay https://pastebin.c

Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit edge-case vulnerabilities. Instead, they often use commonly available tools and exploit multiple vulnerability points. By simulating a real-world network attack, security teams can test their detection systems, ensure they have multiple choke points in place, and demonstrate the value of networking security to leadership. In this article, we demonstrate a real-life attack that could easily occur in many systems. The attack simulation was developed based on the MITRE ATT&CK framework, Atomic Red Team,  Cato Networks ' experience in the field, and public threat intel. In the end, we explain why a holistic secur

Credit card frauds are very common these days – today a data breach occurs in retailer's shop, online shopping site or banking site and at the next moment millions of cards appears in the underground black market – how simple is that for cyber criminals nowadays. But imagine if there is no possible way to hack credit cards and ID cards. Seems like next to impossible, but quantum cryptography ensures that stealing people's personal data will soon be very difficult for hackers and cyber thieves due to an extra layer of verification. SECURE FRAUD-PROOF CREDIT CARDS The research at the University of Twente in Enschede, Netherlands has suggested that " fraud-proof " credit cards are possible to develop using Quantum Physics that will protect users' financial and personal information from hackers. Security researchers describe this extra layer of verification as Quantum-Secure Authentication (QSA) of a " classical multiple-scattering key ." With the

The massive hacking attack against Sony Pictures Entertainment has yet exposed about 200 gigabytes of confidential data belonging to the company from upcoming movie scripts to sensitive employees data, celebrities phone numbers and their travel aliases, and also the high-quality versions of five newest films , marking it as the most severe hack in the History. Now, the so-called "Guardians of Peace" (GoP) group who promised to release a big "Christmas gift" for Sony Pictures posted an eighth batch of documents to the Internet on Tuesday of what everyone in Hollywood has been waiting for — Thousands of personal emails stolen from Sony Pictures co-Chairman and CEO Michael Lynton . The personal emails released just one day after Michael Lynton convened a town-hall meeting for Sony employees in the wake of the company's widespread data breach and proclaimed, "Our business has a strong foundation… This won't take us down." Along with Linto

The year is about to end, but serious threats like  Shellshock is " far from over ". Cyber criminals are actively exploiting this critical GNU Bash vulnerability to target those network attached storage devices that are still not patched and ready for exploitation. Security researchers have unearthed a malicious worm that is designed to plant backdoors on network-attached storage (NAS) systems made by Taiwan-based QNAP and gain full access to the contents of those devices. The worm is spread among QNAP devices, which run an embedded Linux operating system, by the exploitation of the GNU Bash vulnerability known as ShellShock or Bash, according to security researchers at the Sans Institute. QNAP vendor released a patch in early October to address the flaw in its Turbo NAS product, but because the patches are not automatic or easy to apply for many users, so a statistically significant portion of systems remain vulnerable and exposed to the Bash bug . Sh

Google is ready to give New Year gift to the Internet users, who are concerned about their privacy and security. The Chromium Project's security team has marked all HTTP web pages as insecure and is planning to explicitly and actively inform users that HTTP connections provide no data security protections. There are also projects like Let's Encrypt , launched by the non-profit foundation EFF (Electronic Frontier Foundation) in collaboration with big and reputed companies including Mozilla, Cisco, and Akamai to offer free HTTPS/SSL certificates for those running servers on the Internet at the beginning of 2015. This is not the first time when Google is taking initiative to encourage website owners to switch to HTTPS by default. Few months ago, the web Internet giant also made changes in its search engine algorithm in an effort to give a slight ranking boost to the websites that use encrypted HTTPS connections. "We, the Chrome Security Team, propose that

Security pros everywhere rely on SolarWinds Log & Event Manager for powerful, affordable, and efficient Security Information and Event Management (SIEM). Our All-In-One SIEM combines log management, event correlation, visualization, reporting, File Integrity Monitoring , USB defense, SQL database monitoring, and active response in a virtual appliance that's easy to deploy, manage, and use. We've designed our SIEM specifically for smaller security departments—providing the feature set you need without the complexity and cost. Gain the power of SIEM without spending a fortune or hiring an army Increase security visibility with 24x7 automated monitoring and real-time analysis Obtain broader compliance support, stronger security intelligence, and a faster time-to-respond duration with embedded file integrity monitoring and active response Tackle compliance, security, and insider threats with expert-developed, per-packaged templates and automated log management Perform rapid r

" Hacking " is not just popular among cyber security experts and criminals, but also is a great interest for movies industries as well. Hollywood movies such as 1995 released Hackers and 2001 released Swordfish are examples of it, and now Chris Hemsworth 's new flick Blackhat . Blackhat – An upcoming cyber thriller, directed and co-written by Michael Mann ( who also directed Tom Cruise' Collateral ), in which actor Chris Hemsworth trades brawn for brains to save the world. The latest trailer for Blackhat has arrived online, and you can watch it below. Hemsworth's character in the upcoming cyber thriller is a former Blackhat hacker, named Nicholas Hathaway , who is serving a 15-year sentence for cyber crimes. He was recruited straight from prison by a mixed team of American and Chinese law enforcement officials to stop high-level cybercrime network from Chicago to Los Angeles to Hong Kong to Jakarta and save the world from global hackers. Hathaway a

The users of WordPress , a free and open source blogging tool as well as content management system (CMS), are being informed of a widespread malware attack campaign that has already compromised more than 100,000 websites worldwide and still counting. The news broke throughout the WordPress community earlier Sunday morning when Google blacklisted over 11,000 domains due to the latest malware campaign , that has been brought by SoakSoak.ru , thus being dubbed the ' SoakSoak Malware ' epidemic. While there are more than 70 million websites on the Internet currently running WordPress, so this malware campaign could be a great threat to those running their websites on WordPress. Once infected, you may experience irregular website behavior including unexpected redirects to SoakSoak.ru web pages. You may also end up downloading malicious files onto your computer systems automatically without any knowledge. The search engine giant has already been on top of this infection a