The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The latest document release by Edward Snowden revealed the industrial-scale cyber-espionage operation of China to learn the secrets of Australia's next front-line fighter aircraft – the US-built F-35 Joint Strike Fighter (JSF) . Chinese spies stole " many terabytes of data " about the design of Australia's Lockheed Martin F-35 Lightning II JSF, according to top secret documents disclosed by former US National Security Agency intelligence contractor Edward Snowden to German magazine Der Spiegel . Chinese spies allegedly stole as much as 50 terabytes of data, including the details of the fighter's radar systems, engine schematics, "aft deck heating contour maps," designs to cool exhaust gases and the method the jet uses to track targets. So far, the F-35 Lightning II JSF is the most expensive defence project in the US history. The fighter aircraft, manufactured by US-based Lockheed Martin, was developed at a cost of around $400 billion (£230 billion). Beijin

A critical vulnerability discovered in Verizon 's FiOS mobile application allowed an attacker to access the email account of any Verizon customer with relative ease, leaving almost five million user accounts of Verizon's FiOS application at risk. The FiOS API flaw was discovered by XDA senior software developer Randy Westergren on January 14, 2015, when he found that it was possible to not only read the contents of other users' inboxes, but also send message on their behalf. The issue was discovered while analyzing traffic generated by the Android version of My FiOS , which is used for account management, email and scheduling video recordings. Westergren took time to put together a proof-of-concept showing serious cause for concern, and then reported it to Verizon. The telecom giant acknowledged the researcher of the notification the same day and issued a fix on Friday, just two days after the vulnerability was disclosed. That's precisely how it shou

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

A UK man linked to the notorious hacking group, Lizard Squad , that claimed responsibility for knocking Sony's PlayStation Network and Microsoft's Xbox Live offline on Christmas Day has been arrested by the United Kingdom police. Lizard Squad launched simultaneous Distributed Denial-of-Service ( DDoS ) attacks against the largest online gaming networks, Xbox Live and PlayStation Network, on Dec. 25, 2014. Then offered to sell its own Lizard-branded DDoS-for-hire tool called Lizard Stresser . SECOND ARREST As part of an investigation, the UK Regional Organised Crime Unit, in collaboration with the Federal Bureau of Investigation (FBI), have arrested an 18 year old teenager in Southport, near Liverpool, UK on Friday morning, and seized his electronic and digital devices as well. So far, this is the second arrest made in connection to the attack after Thames Valley Police arrested a 22-year old , named Vinnie Omari , also believed to have been an alleged member of Liz

Microsoft has heavily criticized Google and its 90-days security disclosure policy after the firm publicly revealed two zero-day vulnerabilities in Microsoft's Windows 8.1 operating system one after one just days before Microsoft planned to issue a patch to kill the bugs. But, seemingly Google don't give a damn thought. Once again, Google has publicly disclosed a new serious vulnerability in Windows 7 and Windows 8.1 before Microsoft has been able to produce a patch, leaving users of both the operating systems exposed to hackers until next month, when the company plans to deliver a fix. DISCLOSURE OF UNPATCHED BUGS, GOOD OR BAD? Google's tight 90-days disclosure policy seems to be a good move for all software vendors to patch their products before they get exploited by the hackers and cybercriminals. But at the same time, disclosing all critical bugs along with its technical details in the widely used operating system like Windows 7 and 8 doesn't appears to be a righ

On January 13, 2015, Microsoft's mainstream support for Windows 7 Service Pack (SP) 1 ended, which means the end of free Windows 7's " mainstream support " period, with the operating system now entering "extended support." Many people are still running the aging Windows XP as well as Windows 7. Microsoft already ended its support for Windows XP officially about a year ago on April 8, 2014, and now the company found Windows 7 an old and cranky OS. END OF MAINSTREAM SUPPORT FOR WINDOWS 7 BUT NO WORRIES UNTIL 2020 However, it doesn't mean that the tech giant is going to automatically stop or break your operating system, but it does mean that the company will no longer offer free help and support in case you have any problem with your Windows 7 software. No new features will be added either. Windows 7 is still supported by the company and will continue to receive security updates for at least another five years, i.e. until Jan. 14, 2020. By

We have seen a series of Ransomware tended to be simple with dogged determinations to extort money from victims. But with the exponential rise in the samples of Ransomware last year, we saw more subtle in design, including " Cryptolocker " that was taken down along with the " Gameover ZeuS " botnet last June. As a result, another improved ransomware packages have sprung up to replace it — CryptoWall . Ransomware is an emerging threat in the evolution of cybercriminals techniques to part you from your money. Typically, the malicious software either lock victim's computer system or encrypt the documents and files on it, in order to extort money from the victims. Since last year, criminals have generated an estimated US$1 million profits. Now, the infamous Cryptowall ransomware is back with the newest and improved version of the file-encrypting ransomware program, which has been spotted compromising victims by researchers early this week, security research

On one end, where governments of countries like U.K is criticizing end-to-end encryption and considering to ban the encrypted communication apps like Snapchat, CryptoCat, WhatsApp and Apple's iMessage. On the other hand, the Internet community has come up with a new and rather more secure encrypted communication app. Dubbed Peerio , an " encrypted productivity suite " designed to offer much more usable alternative to PGP email and file encryption, so that every individual user and business can encrypt everything from Instant Messages to online file storage. Peerio, released on Wednesday, is designed by 24-year-old Nadim Kobeissi – the creator of the end-to-end encrypted group messaging app Cryptocat and the encrypted file-sharing app MiniLock . " With Peerio everything you share or communicate with your team is secured with state-of-the-art encryption , and it's as easy as using Gmail. You don't need to learn to use it, " Kobeissi told Wired. &quo

Your Instagram is not as Private as You Think. Millions of private Instagram photos may have been exposed publicly on the web until the company patched a privacy hole this weekend. Instagram team was unaware of a security vulnerability from long time which allowed anyone with access to an image's URL to view the photo, even those shared by users whose accounts are set to "private." In other words, If a private user shares an Instagram post with another service, such as Twitter or Facebook as part of the upload process, that shared photo will remain viewable to the public despite its privacy settings. The flaw was first reported by  David Yanofsky  at Quartz and Instagram acknowledged the issue last week before patching the flaw. In a statement to Quartz, an Instagram representative said: ' If you choose to share a specific piece of content from your account publicly, that link remains public but the account itself is still private, ' The Instagram vulnera

In today's world your network is subject to a multitude of vulnerabilities and potential intrusions and it seems like we see or hear of a new attack weekly. A data breach is arguably the most costly and damaging of these attacks and while loss of data is painful the residual impact of the breach is even more costly. The loss or leakage of sensitive data can result in serious damage to an organization, including: Loss of intellectual property Loss of copyrighted information Compliance violations Damage to corporate reputation/brand Loss of customer loyalty Loss of future business opportunities Lawsuits and ongoing litigation Financial and criminal penalties To help you protect sensitive data and reduce the risk of data loss, we recommend using a Security Information and Event Management ( SIEM ) technology such as SolarWinds® Log & Event Manager . If you're not familiar with Log & Event Manager (LEM), it's a comprehensive SIEM product, packaged in an ea

Owning a smartphone running Android 4.3 Jelly Bean or an earlier versions of Android operating system ?? Then you are at a great risk, and may be this will never end. Yes, you heard right. If you are also one of millions of users still running Android 4.3 Jelly Bean or earlier versions of the operating system, you will not get any security updates for WebView as Google has decided to end support for older versions of Android WebView – a default web browser on Android devices. WebView is the core component used to render web pages on an Android device, but it was replaced on Android 4.4 KitKat with a more recent Chromium-based version of WebView that is also used in the Chrome web browser. Just a day after Google publicized a bug in Windows 8.1 before Microsoft could do anything about it, Tod Beardsley, a security analyst from Rapid7 who oversees the Metasploit project, discovered a serious bug in the WebView component of Android 4.3 and earlier that possibly left m

Google has once again released the details of a new privilege escalation bug in Microsoft's Windows 8.1 operating system before Microsoft planned to patch the bug, triggering a new quarrel between the two tech giants. This is second time in less than a month when the Google's security research team known as Project Zero released details of the vulnerability in Microsoft's operating system, following its 90-day public disclosure deadline policy. Google Project Zero team routinely finds vulnerabilities in different products from different companies. The vulnerabilities then get reported to the affected software vendors and if they do not patch the flaws in 90 days, Google automatically makes the vulnerability along with its details public. DISCLOSURE OF TWO SECURITY HOLES IN LESS THAN A MONTH Two weeks back, Google Project Zero team disclosed details of an elevation of privilege (EoP) vulnerability  affecting Windows 8.1 that may have allowed hackers to modify cont

Security researchers have disclosed local zero day DLL hijacking vulnerabilities in several applications developed by Corel Software that could allow an attacker to execute arbitrary commands on victims' computer, potentially affecting more than 100 million users. The security holes were publicly disclosed by Marcos Accossatto from a vulnerability research firm Core Security after the vendor didn't respond to his private disclosure about the flaws. Corel develops wide range of products including graphics, photo, video and other media editing programs. According to the researcher, when a media file associated with one of the vulnerable Corel products is opened, the product also loads a specifically named DLL (Dynamic Link Library) file into memory if it's located in the same directory as the opened media file. These DLL files contain executable code which could allow an attacker to install malware on victims' computers by inserting malicious DLLs into the