The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Ransomware is now a common practice for money-motivated cyber criminals. It's basically a type of software written in any system-based programming language that has the ability to hijack victim's computer, encrypts files and then ask for a ransom amount to get them back. One such ransomware dubbed Linux.Encoder targets Linux-powered websites and servers by encrypting MySQL, Apache, and home/root folders associated with the target site and asks for 1 Bitcoin ( $453.99 ) to decrypt those crucial files. But, the good news is it is very easy to get rid of it. The Malware author released the third version of the Linux.Encoder ransomware, which security researchers from Bitdefender have managed to crack, yet again, after breaking previous two versions. However, before the team managed to release the Linux.Encoder decryption tool, the third iteration of Linux.Encoder ransomware, which was first discovered by antivirus maker Dr.Web, has infected a nearly 600 servers w

Who else didn't see this coming? It was so obvious as I stressed earlier that the  Let's Encrypt free HTTPS certificates would not just help legitimate website operators to encrypt its users' traffic, but also help criminals to bother innocent users with malware through secure sites. Let's Encrypt allows anyone to obtain free SSL/TLS ( Secure Socket Layer/Transport Layer Security ) certificates for their web servers that encrypt all the Internet traffic passed between a server and users. Let's Encrypt is recognized by all major browsers, including Google's Chrome, Mozilla's Firefox and Microsoft's Internet Explorer. The organization started offering Free HTTPS certs to everyone from last month, and it is very easy for anyone to set up an HTTPS website in a few simple steps ( How to Install Free SSL Cert ). However, the most bothersome part is that Let's Encrypt free SSL certs are not only used by website owners to secure its

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Someone is threatening Windows 7 users with a misleading warning. Guess who? Microsoft itself… Microsoft has just issued a clear warning saying Windows 7 users should remain on the aging operating system " at your own risk, at your own peril. " But why particularly Windows 7 Users? Since Windows 7 runs on 55 percent of all the computers on the planet, Microsoft is worried that its goal to reach 1 Billion Windows 10 installations by 2017 could be harder. During a recent interview with the Windows Weekly , Microsoft chief marketing officer Chris Capossela warned about the risks of using Windows 7 and urged users that it's time to switch to the new Windows 10 operating system instead. Capossela also stressed that Windows 7 is apparently less secure than Windows 10, so it is "so incredibly important to try to end the fragmentation of the Windows install base" as well as to get them to a "safer place." Here the so-called saf

It is a common problem: Home Wireless Router's reach is terrible that the WiFi network even does not extend past the front door of the room. My house also has all kinds of Wi-Fi dead zones, but can we fix it? The answer is: YES . The problem will improve with a future, longer range version of Wi-Fi that uses low power consumption than current wireless technology and specifically targets at the internet of things (IoTs). Global certification network the WiFi Alliance has finally approved a new wireless technology standard called 802.11ah, nicknamed " HaLow ." HaLow: Long Range WiFi Wi-Fi HaLow has twice the range of conventional Wi-Fi and has the ability to penetrate walls that usually create blackspots in our homes. The Wi-Fi Alliance unveiled this latest WiFi technology at the Consumer Electronics Show (CES) in Las Vegas. Although currently used 802.11 Wi-Fi standards commonly operate in frequency bandwidths between 2.4GHz and 5GHz, the n

A well-known company popular for buying and selling zero-day vulnerabilities is now offering up to $100,000 for providing a working zero-day exploit for bypassing the Flash Player's Heap Isolation mitigation . Few months back, Adobe deployed Heap Isolation in Flash version 18.0.0209 with an aim at making the Use-After-Free (UAF) vulnerabilities more difficult for cybercriminals to exploit. Zerodium is a startup by the infamous French-based company Vupen that Buys and Sells zero-day exploits and vulnerabilities. Zerodium, which describes itself as " the premium zero-day acquisition platform ," recently paid $1 Million bounty to a hacker for submitting a remote browser-based iOS 9.1/9.2b Jailbreak (untethered) Exploit. What is "Isolated Heap" Mitigation Technique? The use-after-free vulnerability is a type of memory corruption flaw that can be exploited by Hackers to execute arbitrary code or even allows full remote code execution capab

SCADA system has always been an interesting target for cyber crooks, given the success of Stuxnet malware that was developed by the US and Israeli together to sabotage the Iranian nuclear facilities a few years ago, and " Havex " that previously targeted organizations in the energy sector. Now once again, hackers have used highly destructive malware and infected, at least, three regional power authorities in Ukraine, causing blackouts across the Ivano-Frankivsk region of Ukraine on 23rd December. The energy ministry confirmed it was investigating claims a cyber attack disrupted local energy provider Prykarpattyaoblenergo, causing the power outage that left half of the homes in Ivano-Frankivsk without electricity just before Christmas. According to a Ukrainian news service TSN, the outage was the result of nasty malware that disconnected electrical substations. Related Read: Dragonfly Russian Hackers Target 1000 Western Energy Firms . First Malware to

Windows 10 here, Windows 10 there, and it is everywhere. This is exactly what Microsoft dreamed of, and it seems like the company is actively working to reach its One Billion goal by the end of 2017 or mid-2018. Proudly announcing its first huge success, Microsoft reported that its newest Windows 10 operating system is now officially installed on more than 200 Million devices worldwide since its launch five months ago. Windows 10 is the latest as well as the greatest operating system from Microsoft that took less than six months to hit 200 Million milestone. The growth is really impressive, and Microsoft's Corporate Vice President of Windows and Devices Yusuf Mehdi outlined other milestones for Windows 10 in a blog post on Monday. Here's the list: Windows 10's adoption is growing 140% faster than Windows 7 and over 400% faster than Windows 8. More than 40% of the new Windows 10 devices were activated since Black Friday. Over 11 Billion hours have b

Here's New Year's first Ransomware: Ransom32 . A new Ransomware-as-a-service, dubbed Ransom32 , has been spotted that for the first time uses a ransomware written in JavaScript to infect Mac, Windows as well as Linux machines. Ransom32 allows its operators to deploy the malware very quickly and easily. It has a dashboard that enables operators to designate their Bitcoin addresses to which the ransom can be sent. The dashboard also shows stats about how much Bitcoins they have made. In short, this new ransomware-as-a-service is so simple, and efficient at the same time, that anyone can download and distribute his/her own copy of the ransomware executable as long as he/she have a Bitcoin address. The copy of Ransom32 was first analysed by Emsisoft, which found that the new ransomware family, which embedded in a self-extracting WinRAR archive, is using the NW.js platform for infiltrating the victims' computers, and then holding their files by encrypting the

A British-educated businessman who later joined Islamic State (ISIS) militant group in Syria has been killed in a US drone strike. Siful Haque Sujan , a Bangladesh-born man, was killed on 10 December 2015 by a US drone strike near Raqqa, Syria. Sujan has been described as one of the ISIS's top computer hackers who also coordinated anti-surveillance technology and weapons development by a senior United States Army official. A statement issued by Army Col. Steve Warren , a spokesman from Combined Joint Task Force Operation Inherent Resolve, via CENTCOM (United States Central Command) reads : "Sujan was an external operations planner and a United Kingdom-educated computer systems engineer. Sujan supported ISIS hacking efforts, anti-surveillance technology and weapons development. Now that he is dead, ISIL has lost a key link between networks." The 31-year-old man not just suspected of running a global money-laundering ring for ISIS from his former base i

Tibet is an area in the Republic of China that has been the point of conflict for many years in China. While China believes that Tibet has been under Chinese rule for many centuries, Tibetans claim that they declared itself an independent republic in 1912. Tibetan Groups, especially pro-democracy activists, are being repeatedly targeted by persistent Cyber Attacks by Chinese State-sponsored hackers. Our Sources in Tibetan Community told The Hacker News that they are once again being targeted by Chinese hackers; this time their social network website. Chinese hackers are believed to have targeted a Tibetan only social networking site, unitib.com ( United Tibet ) as Beijing views the platform as a threat promoting free Tibet movement. The Unitib technical team sought assistance from Taiwanese and Indian security experts after they were forced to take the platform offline for few days due to the attack. Tashi, a member of the technical team at Unitib told The Hac

What's the coolest part of the Iron Man movies? The hyper-intelligent Artificial Intelligence that helps Tony Stark by doing data analysis, charging his armor, presenting information at crucial times and doing other business operations. That's right — we are talking about J.A.R.V.I.S. , Iron Man's personal assistant. We all dream of having one of its kinds, and even Facebook's Founder and CEO Mark Zuckerberg has ambitions to live more like Iron Man's superhero Tony Stark. While disclosing his 2016 resolution via a Facebook post on Sunday, Zuckerberg revealed that he is planning to build his own Artificial Intelligence to help him run his home and assist him at office — similar to Iron Man's digital butler Edwin Jarvis . "You can think of it kind of like Jarvis in Iron Man," Zuckerberg wrote in his Facebook post . "I'll start teaching it to understand my voice to control everything in our home — music, lights, tempe

Hackers enjoy much playing with PlayStation and Xbox, rather than playing on them. And this time, they have done some crazy things with Sony's PlayStation gaming console. It appears that a console-hacking that goes by the name of Fail0verflow have managed to hack PlayStation 4 (PS4) to run a Linux kernel-based operating system. Fail0verflow announced this week that they successfully cracked the PlayStation 4 and managed to install a full version of Linux on the system, turning the PlayStation 4 into a real PC . With this latest PS4 hack, the console-hacking group gave the homebrew software community hope that Sony's popular game console will soon become a valuable tool in their arsenal. Group Managed to Run Game Boy Advance and Pokémon on PS4 What's even more interesting? The hacking group didn't stop with Linux. The group also managed to install an emulator for the Game Boy Advance and a version of Pokémon , dubbing it the "PlayStat