The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A new and terribly awful breed of Point-of-Sale (POS) malware has been spotted in the wild by the security researchers at Cisco's Talos Security Intelligence & Research Group that the team says is more sophisticated and nasty than previously seen Point of Sale malware. The Point-of-Sale malware, dubbed " PoSeidon ", is designed in a way that it has the capabilities of both the infamous Zeus banking Trojan and BlackPOS malware which robbed Millions from US giant retailers, Target in 2013 and Home Depot in 2014. PoSeidon malware scrapes memory from Point of Sale terminals to search for card number sequences of principal card issuers like Visa, MasterCard, AMEX and Discover, and goes on using the Luhn algorithm to verify that credit or debit card numbers are valid. The malware then siphon the captured credit card data off to Russian (.ru) domains for harvesting and likely resale, the researchers say. "PoSeidon is another in the growing number

The Annual Pwn2Own Hacking Competition  2015 held in Vancouver is over and participants from all over the world nabbed $557,500 in bug bounties for 21 critical bugs in top four web browsers as well as Windows OS, Adobe Reader and Adobe Flash. During the second and final day of this year's hacking contest, the latest version of all the four major browsers including Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Apple Safari, were compromised by the two security researchers. Sponsored by HP's Zero Day Initiative program, the Pwn2Own Hacking Competition ran two days at a security conference in Vancouver, Canada. The final highlights for Pwn2Own 2015 are quite impressive: 5 bugs in the Windows operating system 4 bugs in Internet Explorer 11 3 bugs in Mozilla Firefox 3 bugs in Adobe Reader 3 bugs in Adobe Flash 2 bugs in Apple Safari 1 bug in Google Chrome $557,500 USD bounty paid out to researchers The star of the show was South Korean secur

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

Another popular WordPress plugin by Yoast has been found to be vulnerable to a critical flaw that could be exploited by hackers to hijack the affected website. The critical vulnerability actually resides in the highly popular Google Analytics by Yoast plugin, which allows WordPress admins to monitor website traffic by connecting the plugin to their Google Analytics account. The Google Analytics by Yoast WordPress plugin has been downloaded nearly 7 Million times with more than 1 million active installs, which makes the issue rather more serious. A week back, we reported that all the versions of ' WordPress SEO by Yoast ' was vulnerable to Blind SQL Injection web application vulnerability that allowed an attacker to execute arbitrary payload on the victim WordPress site in order to take control of it. However, the Google Analytics by Yoast plugin is vulnerable to persistent cross-site scripting (XSS) vulnerability that allows hackers to execute malicious PHP code on the server, whic

If you're currently on a Mac computer and using a Chrome browser then a weird little Apple's OS X quirk, just a special thirteen-characters string could cause your tab in Chrome to crash instantly. A string of 13 characters (appear to be in Assyrian ), shown below in an image, is all needed to crash any tab in Chrome for OS X, however, this text has no impact on Windows, Android, or iOS operating systems. This Chrome crash vulnerability has already been reported by an open-source project Chromium project, which means that Google is likely aware of this troublesome issue. What steps will reproduce the problem? Any page with [ that special character ] will crash the chrome tab on a Mac. Just create any dummy page with the unicode characters, and the Mac Chrome tab will crash hard. What is the expected result? Expect it not to crash What happens instead? It crashes Warning : Do not click on this link , which actually points to the bug report on the Chromiu

Drupal , one of the widely used open source content management system is recommending its users to update their software to the latest versions 6.35 and 7.35 after the company discovered two moderately critical vulnerabilities that may allow an attacker to hack Drupal websites. According to a security advisory published yesterday, a flaw found in the Drupal core could allow a potential hacker under certain circumstances to bypass security restrictions by forging the password reset URLs. ACCESS BYPASS / PASSWORD RESET URLs VULNERABILITY Successful exploitation of this Access Bypass vulnerability could leverage the hacker to gain unauthorized access to user accounts without knowing their password. This vulnerability is considered as moderately critical in which an attacker can remotely trick a registered user of Drupal based website, such as an administrator, into launching a maliciously crafted URL in an attempt to take control of the target server. AFFECTED DRUPA

China finally admits it has special cyber warfare units — and a lot of them. From years China has been suspected by U.S. and many other countries for carrying out several high-profile cyber attacks, but every time the country strongly denied the claims. However, for the first time the country has admitted that it does have cyber warfare divisions – several of them, in fact. In the latest updated edition of a PLA publication called The Science of Military Strategy , China finally broke its silence and openly talked about its digital spying and network attack capabilities and clearly stated that it has specialized units devoted to wage war on computer networks. An expert on Chinese military strategy at the Center for Intelligence Research and Analysis, Joe McReynolds told TDB that this is the first time when China has explicit acknowledged that it has secretive cyber-warfare units, on both the military as well as civilian-government sides. CHINESE CYBER WARFARE UNI

Despite anti-skimmer ATM Lobby access control system available in the market, we have seen a number of incidents in recent years where criminals used card skimmers at ATM doors. Few years back, cyber criminals started using card skimmers on the door of the ATM vestibule , where customers have to slide their credit or debit cards to gain access to the ATM. The typical ATM Skimming devices are used by fraudsters capture both magnetic stripe data contained on the back of a debit or credit card as well as the PIN number that is entered by the customer when using the ATM. In recent case discussed by Brian, cyber criminal installed the card skimming device on the ATM Lobby Card Access Control and a pinhole hidden camera pointed at the ATM's keyboard. Basically, it's an ATM skimmer that requires no modification to the ATM. The card skimmer hidden on the ATM door records the debit and credit card information , and the pinhole camera records the PIN number the