The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Twitter account of another high-profile CEO has been hacked! This time, it's Niantic CEO John Hanke , the developer behind the world's most popular game Pokémon GO . And it seems like Hanke is so busy with its newly launched game Pokémon GO that he hasn't noticed or took any measures against it even after over 12 hours of the hack, as the tweets made by hackers are still displaying on his Twitter timeline (at the time of writing). OurMine claimed responsibility for the hack, which was spotted after the hacking group managed to post a series of messages on Hanke's Twitter timeline. OurMine is the same group of Saudi Arabian hackers that previously compromised social media accounts of other CEOs including: Google's CEO Sundar Pichai Facebook's CEO Mark Zuckerberg Twitter CEO Jack Dorsey Twitter's ex-CEO Dick Costolo Facebook-owned virtual reality company Oculus CEO Brendan Iribe It appears that OurMine managed to post on Hanke's Twi

There's a lot more to come from the DNC Hack. The Associated Press confirmed yesterday that the computer systems used by Hillary Clinton's presidential campaign were hacked as part of the recent Democratic National Convention (DNC) hack. Last week's email dump containing almost 20,000 emails from top DNC officials was just the beginning, which led DNC Chairwoman Debbie Wasserman Schultz to resign as the group's leader, as WikiLeaks announced that it was part one of its new Hillary Leaks series. This suggests WikiLeaks Founder Julian Assange has had his hands on more data from the DNC hack that, according to him, could eventually result in the arrest of Hillary Clinton. Assange — Wikileaks' Next Leak will lead to Arrest of Hillary Clinton In an interview with Robert Preston of ITV last month, Assange made it clear that he hopes to harm Hillary Clinton's chances from becoming president of the United States, opposing her candidacy on both policies as well

Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit edge-case vulnerabilities. Instead, they often use commonly available tools and exploit multiple vulnerability points. By simulating a real-world network attack, security teams can test their detection systems, ensure they have multiple choke points in place, and demonstrate the value of networking security to leadership. In this article, we demonstrate a real-life attack that could easily occur in many systems. The attack simulation was developed based on the MITRE ATT&CK framework, Atomic Red Team,  Cato Networks ' experience in the field, and public threat intel. In the end, we explain why a holistic secur

When it comes to safeguarding your Internet security, installing an antivirus software or running a Secure Linux OS on your system does not mean you are safe enough from all kinds of cyber-threats. Today majority of Internet users are vulnerable to cyber attacks, not because they aren't using any best antivirus software or other security measures, but because they are using weak passwords to secure their online accounts. Passwords are your last lines of defense against online threats. Just look back to some recent data breaches and cyber attacks, including high-profile data breach at OPM ( United States Office of Personnel Management ) and the extra-marital affair site Ashley Madison , that led to the exposure of hundreds of millions of records online. Although you can not control data breaches, it is still important to create strong passwords that can withstand dictionary and brute-force attacks . You see, the longer and more complex your password is, the much harder

Facebook's legal war with Brazilian government seems to be never-ending. Facebook-owned cross-platform messaging service WhatsApp has already been blocked a total of three times in Brazil since December for failing to comply with a court order asking the company to access WhatsApp data under criminal investigation. But, now the Brazilian government has taken an even tougher step. On Wednesday, the public federal prosecutor in the Brazilian state of Amazonas said the court froze 38 Million real ( US $11.7 Million ) of funds held in Facebook's bank account, Reuters reports . The prosecutor has said that the decision to freeze Facebook funds was made after the social media giant failed to comply with the court order to hand over data of WhatsApp users who are under criminal investigation. Since WhatsApp communications are end-to-end encrypted , even the company would not be able to access any message exchanged between users. Facebook representatives weren't imme

If you get caught using a VPN (Virtual Private Network) in Abu Dhabi, Dubai and the broader of United Arab Emirates (UAE), you could face temporary imprisonment and fines of up to $545,000 (~Dhs2 Million). Yes, you heard that right. Online Privacy is one of the biggest challenges in today's interconnected world. The governments across the world have been found to be using the Internet to track people's information and conduct mass surveillance. Here VPNs and proxy servers come into Play. VPNs and proxy servers are being used by many digital activists and protesters, who are living under the most oppressive regimes, to protect their online activity from prying eyes. However, using VPN or proxy in the UAE could land you into great difficulty. The UAE President Sheikh Khalifa bin Zayed Al Nahyan has issued new sovereign laws for combating cyber crimes, which includes a regulation that prohibits anyone, even travelers, in the UAE from using VPNs to secure their web traff

Do you know that you can access your WeChat, Line and WhatsApp chats on your desktop as well using an entirely different, but fastest authentication system? It's SQRL , or Secure Quick Response Login, a QR-code-based authentication system that allows users to quickly sign into a website without having to memorize or type in any username or password. QR codes are two-dimensional barcodes that contain a significant amount of information such as a shared key or session cookie. A website that implements QR-code-based authentication system would display a QR code on a computer screen and anyone who wants to log-in would scan that code with a mobile phone app. Once scanned, the site would log the user in without typing in any username or password. Since passwords can be stolen using a keylogger, a man-in-the-middle (MitM) attack, or even brute force attack, QR codes have been considered secure as it randomly generates a secret code, which is never revealed to anybody else.

A critical zero-day flaw has been discovered in the popular cloud password manager LastPass that could allow any remote attacker to compromise your account completely. LastPass is one of the best password manager that also available as a browser extension that automatically fills credentials for you. All you need is to remember one master password to unlock all other passwords of your different online accounts, making it much easier for you to use unique passwords for different sites. However, the password manager isn't as secure as it promises. Also Read:  Popular Password Managers Are Not As Secure As You Think Google Project Zero Hacker Tavis Ormandy discovered several security issues in the software that allowed him to steal passwords stored with LastPass. " Are people really using this LastPass thing? I took a quick look and can see a bunch of obvious critical problems. I'll send a report asap ," Ormandy revealed on Twitter . Once compromise a v

SMS-based Two-Factor Authentication (2FA) has been declared insecure and soon it might be a thing of the past. Two-Factor Authentication or 2FA adds an extra step of entering a random passcode sent to you via an SMS or call when you log in to your account as an added layer of protection. For example, if you have 2FA enabled on Gmail, the platform will send a six-digit passcode to your mobile phone every time you sign in to your account. But, the US National Institute of Standards and Technology (NIST) has released a new draft of its Digital Authentication Guideline that says SMS-based two-factor authentication should be banned in future due to security concerns. Here's what the relevant paragraph of the latest DAG draft reads: "If the out of band verification is to be made using an SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not wi

Radio-based wireless keyboards and mice that use a special USB dongle to communicate with your PC can expose all your secrets – your passwords, credit card numbers and everything you type. Back in February, researchers from the Internet of things security firm Bastille Networks demonstrated how they could take control of wireless keyboards and mice from several top vendors using so-called MouseJack attacks. The latest findings by the same security firm are even worse. Researchers have discovered a new hacking technique that can allow hackers to take over your wireless keyboard and secretly record every key you press on it. Dubbed KeySniffer , the hack is death for millions of wireless, radio-based keyboards. The Cause: Lack of Encryption and Security Updates The KeySniffer vulnerability affects wireless keyboards from eight different hardware manufacturers that use cheap transceiver chips ( non-Bluetooth chips ) – a less secure, radio-based communication protocol. T

Researchers have discovered over 100 malicious nodes on the Tor anonymity network that are "misbehaving" and potentially spying on Dark Web sites that use Tor to mask the identities of their operators. Two researchers, Amirali Sanatinia and Guevara Noubir, from Northwestern University, carried out an experiment on the Tor Network for 72 days and discovered at least 110 malicious Tor Hidden Services Directories (HSDirs) on the network. The nodes, also known as the Tor hidden services directories ( HSDirs ) are servers that act as introductory points and are configured to receive traffic and direct users to hidden services (" .onion " addresses). In other words, the hidden services directory or HSDir is a crucial element needed to mask the true IP address of users on the Tor Network. But, here's the issue: HSDir can be set up by anyone. "Tor's security and anonymity is based on the assumption that the large majority of its relays are honest and