The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Another Big Milestone – Let's Encrypt is now offering Free HTTPS certificates to everyone. Let's Encrypt has opened to the public, allowing anyone to obtain Free SSL/TLS ( Secure Socket Layer/Transport Layer Security ) certificates for their web servers and to set up HTTPS websites in a few simple steps ( mentioned below ). Let's Encrypt – an initiative run by the Internet Security Research Group (ISRG) – is a new, free, and open certificate authority recognized by all major browsers , including Google's Chrome, Mozilla's Firefox and Microsoft's Internet Explorer. The Free SSL Certification Authority is now in public beta after testing a trial among a select group of volunteers. Why Let's Encrypt? Let's Encrypt promised to offer a certificate authority (CA) which is: Free – no charge for HTTPS certs. Automatic – the installation, configuration as well as the renewal of the certificates do not require any administrator a

In the most surprising manner, the Chinese government said it arrested criminal hackers behind the massive cyber attack on US Office of Personnel Management (OPM) earlier this year, dismissing its involvement. Three months back, we reported that China arrested a handful of hackers within its borders who were suspected of allegedly stealing commercial secrets from US companies. The arrests took place shortly before China President Xi Jinping visited the United States in September 2015 when both heads of states agreed that neither side will participate in commercial espionage against one another. China: Cyber Criminals Hacked OPM, Not Government Spies Now, those suspected hackers have turned out to be the ones in connection with the OPM hack that resulted in the theft of personal details of more than 21 Million United States federal employees, including 5.6 Million federal employees' fingerprints . Citing an " investigation ", the Chinese governme

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

Are you Using HTTPS on your Website to securely encrypt traffic? Well, we'll see you in the court. At least, that's what CryptoPeak is saying to all big brands that utilize HTTPS on their web servers. BIG Brands Sued for Using HTTPS: 'Patent Troll' Texas-based company CryptoPeak Solutions LLC has filed 66 lawsuits against many big businesses in the US, claiming they have illegally used its patented encryption method – Elliptic Curve Cryptography (ECC) – on their HTTPS websites. Elliptic Curve Cryptography (ECC) is a key exchange algorithm that is most widely used on websites secured with Transport Layer Security (TLS) to determine what symmetric keys are used during a session. Encryption is on the rise after Edward Snowden made the world aware of government's global surveillance programs. Today, many big tech and online services are using encryption to: Protect the data transmitted to/from visitor to domain Lessen the risk of hacking

Adobe is Finally Killing FLASH, but not actually. Adobe Flash made the Internet a better place with slick graphics, animation, games and applications, but it never stood a chance of surviving in the same world as HTML5. Of course, Flash has plagued with various stability and security issues , which is why developers had hated the technology for years. So, now it's time to say GoodBye to Adobe Flash Professional CC, and Welcome Adobe Animate CC . Meet the new Flash, Adobe Animate CC , same as the old Flash, and still insecure mess. Adobe Animate CC Embraces HTML5 Adobe has officially announced that "over a third of all content created in Flash Professional today uses HTML5," so the company is acknowledging the shift with the new name. Adobe Animate CC — Adobe's Premier Web animation tool for developing HTML5 content . Yes, that's what the company has the focus on. The application – mostly looks like an update to the Fla

The point of Sale systems are the most tempting target for cyber crooks to steal your credit card information and with this Christmas, you need to be more careful while using your credit cards at retailers and grocery stores. Here's why… Cyber criminals are now selling a new powerful strain of Point of Sale (PoS) malware through underground forums. Like several POS malware families discovered last year, including vSkimmer and BlackPOS , the new malware is also designed to steal payment card data from the infected POS systems and support TOR to hide its C&C (Command and Control) servers. Pro PoS – Light Weight, Yet Powerful Malware However, the new malware, dubbed " Pro PoS ," packs more than just a PoS malware. Pro PoS weighs only 76KB, implements rootkit functionalities, as well as mechanisms to avoid antivirus detection, according to threat intelligence firm InfoArmor. What's even more interesting about this malware is… Pro P