The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Do you use your Real Identity online and think about being private? If yes, then you are insane. Ashley Madison , the popular online dating website with tagline " Life is short. Have an affair ", recently got hacked , reportedly exposing a sample of its users' account information and other personal data online. The hacker group, called itself ' The Impact Team ', is also threatening to release the real names and all associated data of its 37 Million cheating customers. There are also rumors that the team could sell the stolen data for lots of money, instead of revealing it all for free. This isn't first time when the customers of online hooking site are scared of being exposed, two months ago the sex life of almost 4 Million users of Adult Friend Finder was made available on underground market for sale for 70 Bitcoins ($16,800). Lesson we Learned from These Hacks The Ashley Madison hack raises serious questions about what these compa

" Life is short. Have an affair, " but always remember " Cheaters never prosper. " AshleyMadison.com , an American most prominent dating website, that helps married people cheat on their spouses has been hacked, potentially putting very private details of Millions of its users at risk of being exposed. The Stolen personal data may include information from users' real names, addresses and their personal photographs to credit card details and sexually explicit chat logs. With a Huge Database of over 37 Million users, AshleyMadison.com , owned by Avid Life Media (ALM) company , is a very popular dating website that helps married people have extramarital affairs. Cougar Life and Established Men, two other dating sites also owned by Avid Life Media, have also had their data compromised. The Hacker group responsible for the hacks called itself " The Impact Team, " a company spokesperson confirmed. The group apparently raises an obje

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

In the wake of a critical Remote Code Execution vulnerability in all supported versions of its operating system platform, Microsoft has just issued an emergency fix. Yes, it's time to patch your Windows operating system against an alarming security hole that could allow remote attackers to run malicious code on your computer, thereby taking " complete control of the affected system. " The critical flaw ( CVE-2015-2426 ), which affects all the supported versions of Windows operating system, resides in the way Windows Adobe Type Manager Library handles specially crafted Microsoft's OpenType fonts. Once exploited, the vulnerability could allow hackers to execute remotely malicious code on victims' computer if they open a specially crafted document or visit an untrusted web page that contains embedded OpenType fonts. " An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights ," Microsoft s

Employees are the weakest link when it comes to enterprise security, and unfortunately hackers realized this years ago. All an attacker needs to use some social engineering tactics against employees of companies and organizations they want to target. A massive 91% of successful data breaches at companies started with a social engineering and spear-phishing attack. A phishing attack usually involves an e-mail that manipulates a victim to click on a malicious link that could then expose the victim's computer to a malicious payload. So what is the missing link to manage the problem of employees being Social engineered? The answer is very simple – Educate your Employees and reinforce good security procedures at the same time. Phish your Employees! Yes, you heard me right… by this I mean that you should run a mock phishing campaign in your organization and find out which employees would easily fall victim to the phishing emails. Then step everyone through Internet

The leaked internal emails from the Italian surveillance software company Hacking Team have revealed that the spyware company developed a robotic aircraft designed to attack computers and smartphone devices through Wi-Fi networks. Over a year ago, some security researchers developed a drone called ' Snoopy ' that was capable to intercept data from users' Smartphones through spoofed wireless networks. Now, the email conversations posted on WikiLeaks website reveal that both Boeing and Hacking Team want unmanned aerial vehicles (UAVS) called Drones to carry out attacks that inject spyware into target computers or mobile phones via WiFi. After attending the International Defense Exposition and Conference (IDEX) in Abu Dhabi in February 2015, the U.S. drone company Boeing subsidiary Insitu become interested in using surveillance drones to deliver Hacking Team's Remote Control System Galileo for even more surveillance. Among the emails, co-founder Ma