The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

No More Ransom, so is the Ransomware Threat. The European Police agency Europol has joined forces with police and cyber security companies to launch a worldwide initiative to combat and tackle together the exponential growth of Ransomware used by cyber criminals. Europol announced today the initiative, dubbed NO More Ransom, that has been backed by technology giant Intel, cyber security firm Kaspersky Lab and the Netherlands police, aiming at decreasing an "exponential" rise in Ransomware threat. Ransomware is a piece of malware that typically locks victim's device using encryption and demands a fee to decrypt the important data. The estimated number of ransomware victims tripled in the first quarter of this year alone. "For a few years now ransomware has become a dominant concern for EU law enforcement," said Europol's deputy director Wil van Gemert. "We expect to help many people to recover control over their files, while raising awareness

Cyber attacks get bigger, smarter, more damaging. P*rnHub launched its bug bounty program two months ago to encourage hackers and bug bounty hunters to find and responsibly report flaws in its services and get rewarded. Now, it turns out that the world's most popular p*rn*graphy site has paid its first bounty payout. But how much? US $20,000! Yes,  P*rnHub  has paid $20,000 bug bounty to a team of three researchers, who gained Remote Code Execution (RCE) capability on its servers using a zero-day vulnerability in PHP – the programming language that powers  P*rnHub 's website. The team of three researchers, Dario Weißer (@haxonaut), cutz and Ruslan Habalov (@evonide), discovered two use-after-free vulnerabilities ( CVE-2016-5771/CVE-2016-5773 ) in PHP's garbage collection algorithm when it interacts with other PHP objects. One of those is PHP's unserialize function on the website that handles data uploaded by users, like hot pictures, on multiple paths,

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Guess What? Someone just downloaded Twitter's Vine complete source code. Vine is a short-form video sharing service where people can share 6-second-long looping video clips. Twitter acquired the service in October 2012. Indian Bug bounty hunter Avinash discovered a loophole in Vine that allowed him to download a Docker image containing complete source code of Vine without any hassle. Launched in June 2014, Docker is a new open-source container technology that makes it possible to get more apps running on the same old servers and also very easy to package and ship programs. Nowadays, companies are adopting Docker at a remarkable rate. However, the Docker images used by the Vine, which was supposed to be private, but actually was available publically online. While searching for the vulnerabilities in Vine, Avinash used Censys.io – an all new Hacker's Search Engine similar to Shodan – that daily scans the whole Internet for all the vulnerable devices. Using Censys, Avina

Finally, Someone has come forward to buy Yahoo! Guess Who? The telecommunication giant Verizon . Yes, Verizon Communications Inc. is reportedly closing in on a deal to acquire Yahoo's core business for about $5 Billion, according to a report from Bloomberg. Since the agreement between the companies has not been finalized, it is unclear at this moment that which Yahoo's assets the deal would include. "In order to preserve the integrity of the process, we're not going to comment on the issue until we've finalized an agreement," a Yahoo spokeswoman said in a statement provided to CNNMoney. You might be wondering Why Verizon is buying Yahoo! Well, I'll come to it in the second half of my article, because before discussing this point, let's first focus on why Yahoo! wants to get acquired. Why Yahoo Was Up For Sale? Founded in 1995, Yahoo! was once the brightest star of the Web. But when its rivals including Google, Facebook and even few-years-old com

Today, whistleblowing website Wikileaks has finally published more than 19,000 e-mails, which contains more than 8,000 attachments from the US Democratic National Committee (DNC) . The new trove of documents apparently pilfered from the DMC released after Wikileaks yesterday announced via its official Twitter account that a "series" about Hillary Clinton is coming soon. The published documents are part one of Wikileaks' new Hillary Leaks series, Wikileaks said in a press release. The emails released by Wikileaks were handed over to the whistleblower organization by the DNC hacker using handle " Guccifer 2.0 ," who hacked DNC's computer systems in a such a way that the hacker was able to read all email and chat traffic. The leaked 19,252 emails cover a period from January 2015 to May 2016 and allegedly come from the accounts of seven key figures in the DNC: Communications Director Luis Miranda — 10770 emails. National Finance Director Jordon Kapl

We just cannot imagine our lives without smartphones, even for a short while, and NSA whistleblower Edward Snowden had not owned a smartphone since 2013 when he began leaking NSA documents that exposed the government's global surveillance program. Snowden fears that cellular signals of the smartphone could be used to locate him, but now, to combat this, he has designed an iPhone case that would detect and fight against government snooping. With help from renowned hardware hacker Andrew "Bunnie" Huang, Snowden has devised the design, which they refer to as an " Introspection Engine, " that would keep journalists, activists, and human rights workers from being tracked by their own devices leaking their location details. "This work aims to give journalists the tools to know when their smartphones are tracking or disclosing their location when the devices are supposed to be in airplane mode," Huang and Snowden wrote in a blog post published Thu

Now no more fight with Apple or any smartphone maker, as federal authorities have discovered a new tool for unlocking phones, as far as your phone is using any biometric sensor… 3D Printing! Yes, Police in Michigan is considering 3D printing a dead man's fingers so they could unlock smartphones in investigation crimes using their biometric sensors. A new report published today from Flash Forward creator Rose Eveleth revealed that the police recently approached professors at the University of Michigan to reproduce a dead man's fingerprint from a prerecorded scan. Once reproduced, the 3D print would be used to create a false fingerprint of the dead man, which could then be used to unlock his smartphone using its biometric sensors. The man was a murder victim, and law enforcement investigators believed that his phone might contain some useful information relevant to the case. Why Police Can't 3D-Print Themselves? Because... Since smartphone biometric sensors used

We have heard a lot about privacy concerns surrounding Windows 10 and accusations on Microsoft of collecting too much data about users without their consent. Now, the French data protection authority has ordered Microsoft to stop it. France's National Data Protection Commission (CNIL) issued a formal notice on Wednesday, asking Microsoft to "stop collecting excessive data" as well as "tracking browsing by users without their consent." The CNIL, Commission Nationale de l'Informatique et des Libertés, ordered Microsoft to comply with the French Data Protection Act within 3 months, and if fails, the commission will issue a sanction against the company. Moreover, the CNIL notified Microsoft that the company must also take "satisfactory measures to ensure the security and confidentiality" of its users' personal data. The notice comes after a series of investigations between April and June 2016 by French authorities, revealing that Mic

The federal authorities have finally arrested the alleged mastermind behind the world's largest and most notorious BitTorrent distribution site Kickass Torrents (KAT) , the US Justice Department announced on Wednesday. After The Pirate Bay had suffered copyright infringement hardship, Kickass Torrents (KAT) became the biggest and most-used pirate site on the Internet, attracting millions of daily unique visitors. However, the site appears to be offline after its alleged owner Artem Vaulin , a 30-year-old Ukrainian national was apprehended in Poland today, and the US government has requested his extradition. Although some proxy sites seem to be currently up and running, its main site, https://kat.cr , appears to be down worldwide and most of the other Kickass Torrents domains, including kickasstorrents.com, kastatic.com, thekat.tv, kat.cr, kickass.cr, kickass.to, kat.ph, have been seized by the authorities. Charges Filed Against Kickass Torrents Owner According to cri