The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A well-known company popular for buying and selling zero-day vulnerabilities is now offering up to $100,000 for providing a working zero-day exploit for bypassing the Flash Player's Heap Isolation mitigation . Few months back, Adobe deployed Heap Isolation in Flash version 18.0.0209 with an aim at making the Use-After-Free (UAF) vulnerabilities more difficult for cybercriminals to exploit. Zerodium is a startup by the infamous French-based company Vupen that Buys and Sells zero-day exploits and vulnerabilities. Zerodium, which describes itself as " the premium zero-day acquisition platform ," recently paid $1 Million bounty to a hacker for submitting a remote browser-based iOS 9.1/9.2b Jailbreak (untethered) Exploit. What is "Isolated Heap" Mitigation Technique? The use-after-free vulnerability is a type of memory corruption flaw that can be exploited by Hackers to execute arbitrary code or even allows full remote code execution capab

SCADA system has always been an interesting target for cyber crooks, given the success of Stuxnet malware that was developed by the US and Israeli together to sabotage the Iranian nuclear facilities a few years ago, and " Havex " that previously targeted organizations in the energy sector. Now once again, hackers have used highly destructive malware and infected, at least, three regional power authorities in Ukraine, causing blackouts across the Ivano-Frankivsk region of Ukraine on 23rd December. The energy ministry confirmed it was investigating claims a cyber attack disrupted local energy provider Prykarpattyaoblenergo, causing the power outage that left half of the homes in Ivano-Frankivsk without electricity just before Christmas. According to a Ukrainian news service TSN, the outage was the result of nasty malware that disconnected electrical substations. Related Read: Dragonfly Russian Hackers Target 1000 Western Energy Firms . First Malware to

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Windows 10 here, Windows 10 there, and it is everywhere. This is exactly what Microsoft dreamed of, and it seems like the company is actively working to reach its One Billion goal by the end of 2017 or mid-2018. Proudly announcing its first huge success, Microsoft reported that its newest Windows 10 operating system is now officially installed on more than 200 Million devices worldwide since its launch five months ago. Windows 10 is the latest as well as the greatest operating system from Microsoft that took less than six months to hit 200 Million milestone. The growth is really impressive, and Microsoft's Corporate Vice President of Windows and Devices Yusuf Mehdi outlined other milestones for Windows 10 in a blog post on Monday. Here's the list: Windows 10's adoption is growing 140% faster than Windows 7 and over 400% faster than Windows 8. More than 40% of the new Windows 10 devices were activated since Black Friday. Over 11 Billion hours have b

Here's New Year's first Ransomware: Ransom32 . A new Ransomware-as-a-service, dubbed Ransom32 , has been spotted that for the first time uses a ransomware written in JavaScript to infect Mac, Windows as well as Linux machines. Ransom32 allows its operators to deploy the malware very quickly and easily. It has a dashboard that enables operators to designate their Bitcoin addresses to which the ransom can be sent. The dashboard also shows stats about how much Bitcoins they have made. In short, this new ransomware-as-a-service is so simple, and efficient at the same time, that anyone can download and distribute his/her own copy of the ransomware executable as long as he/she have a Bitcoin address. The copy of Ransom32 was first analysed by Emsisoft, which found that the new ransomware family, which embedded in a self-extracting WinRAR archive, is using the NW.js platform for infiltrating the victims' computers, and then holding their files by encrypting the

A British-educated businessman who later joined Islamic State (ISIS) militant group in Syria has been killed in a US drone strike. Siful Haque Sujan , a Bangladesh-born man, was killed on 10 December 2015 by a US drone strike near Raqqa, Syria. Sujan has been described as one of the ISIS's top computer hackers who also coordinated anti-surveillance technology and weapons development by a senior United States Army official. A statement issued by Army Col. Steve Warren , a spokesman from Combined Joint Task Force Operation Inherent Resolve, via CENTCOM (United States Central Command) reads : "Sujan was an external operations planner and a United Kingdom-educated computer systems engineer. Sujan supported ISIS hacking efforts, anti-surveillance technology and weapons development. Now that he is dead, ISIL has lost a key link between networks." The 31-year-old man not just suspected of running a global money-laundering ring for ISIS from his former base i

Tibet is an area in the Republic of China that has been the point of conflict for many years in China. While China believes that Tibet has been under Chinese rule for many centuries, Tibetans claim that they declared itself an independent republic in 1912. Tibetan Groups, especially pro-democracy activists, are being repeatedly targeted by persistent Cyber Attacks by Chinese State-sponsored hackers. Our Sources in Tibetan Community told The Hacker News that they are once again being targeted by Chinese hackers; this time their social network website. Chinese hackers are believed to have targeted a Tibetan only social networking site, unitib.com ( United Tibet ) as Beijing views the platform as a threat promoting free Tibet movement. The Unitib technical team sought assistance from Taiwanese and Indian security experts after they were forced to take the platform offline for few days due to the attack. Tashi, a member of the technical team at Unitib told The Hac

What's the coolest part of the Iron Man movies? The hyper-intelligent Artificial Intelligence that helps Tony Stark by doing data analysis, charging his armor, presenting information at crucial times and doing other business operations. That's right — we are talking about J.A.R.V.I.S. , Iron Man's personal assistant. We all dream of having one of its kinds, and even Facebook's Founder and CEO Mark Zuckerberg has ambitions to live more like Iron Man's superhero Tony Stark. While disclosing his 2016 resolution via a Facebook post on Sunday, Zuckerberg revealed that he is planning to build his own Artificial Intelligence to help him run his home and assist him at office — similar to Iron Man's digital butler Edwin Jarvis . "You can think of it kind of like Jarvis in Iron Man," Zuckerberg wrote in his Facebook post . "I'll start teaching it to understand my voice to control everything in our home — music, lights, tempe

Hackers enjoy much playing with PlayStation and Xbox, rather than playing on them. And this time, they have done some crazy things with Sony's PlayStation gaming console. It appears that a console-hacking that goes by the name of Fail0verflow have managed to hack PlayStation 4 (PS4) to run a Linux kernel-based operating system. Fail0verflow announced this week that they successfully cracked the PlayStation 4 and managed to install a full version of Linux on the system, turning the PlayStation 4 into a real PC . With this latest PS4 hack, the console-hacking group gave the homebrew software community hope that Sony's popular game console will soon become a valuable tool in their arsenal. Group Managed to Run Game Boy Advance and Pokémon on PS4 What's even more interesting? The hacking group didn't stop with Linux. The group also managed to install an emulator for the Game Boy Advance and a version of Pokémon , dubbing it the "PlayStat