The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A Chinese certificate authority (CA) appeared to be making a significant security blunder by handing out duplicate SSL certificates for a base domain if someone just has control over its any subdomain. The certificate authority, named WoSign , issued a base certificate for the Github domains to an unnamed GitHub user. But How? First of all, do you know, the traditional Digital Certificate Management System is the weakest link on the Internet today and has already been broken? Billions of Internet users blindly rely on hundreds of Certificate Authorities (CA) around the globe to ensure the confidentiality and integrity of their personal data. But, these CAs have powers to issue valid SSL cert for any domain you own, despite the fact you already have one purchased from another CA. ...and that's the biggest loophole in the CA system. In the latest case as well, WoSign issued a duplicate SSL certificate for GitHub domains without verifying ownership of the base domain.

The son of a prominent Russian lawmaker has been found guilty in the United States of running a hacking scheme that stole and sold 2.9 million US credit card numbers using Point-of-Sale (POS) malware, costing financial institutions more than $169 Million. Roman Seleznev , 32, the son of Russian Parliament member Valery Seleznev, was arrested in 2014 while attempting to board a flight in the Maldives, which sparked an international dispute between American and Russian authorities, who characterized the extradition as a " kidnapping ." Prosecutors introduced evidence from a corrupted laptop seized by the authorities at the time of his arrest.  "I don't know of any case that has allowed such outrageous behavior," said his lawyer, John Henry Browne. Also Read: How to Freeze Credit Report To Protect Yourself Against Identity Theft . According to the Department of Justice, Seleznev, who also went by the moniker ' Track2 ' online, was convicted in

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Opera has reset passwords of all users for one of its services after hackers were able to gain access to one of its Cloud servers this week. Opera Software reported a security breach last night, which affects all users of the sync feature of its web browser. So, if you've been using Opera's Cloud Sync service , which allows users to synchronize their browser data and settings across multiple platforms, you may have hacked your passwords, login names, and other sensitive data. Opera confirmed its server breach on Friday, saying the "attack was quickly blocked" but that it "believe some data, including some of [their] sync users' passwords and account information, such as login names, may have been compromised." Opera has around 350 Million users across its range products, but around 1.7 Million users using its Sync service had both their synchronized passwords as well as their authentication passwords leaked in the hack. Since the company has already reset pas

How to Hack a Facebook Account? That's possibly the most frequently asked question on the Internet today. Though the solution is hard to find, a white hat hacker has just proven how easy it is to hack multiple Facebook accounts with some basic computer skills. Your Facebook account can be hacked, no matter how strong your password is or how much extra security measures you have taken. No joke! Gurkirat Singh from California recently discovered a loophole in Facebook's password reset mechanism that could have given hackers complete access to the victim's Facebook account, allowing them to view message conversations and payment card details, post anything and do whatever the real account holder can. The attack vector is simple, though the execution is quite difficult. The issue, Gurkirat ( @GurkiratSpeca ) says, actually resides in the way Facebook allows you to reset your password. The social network uses an algorithm that generates a random 6-digit passcode ‒

Researchers have designed a new computer chip that promises to boost the performance of computers and data centers while processing applications in parallel. Princeton University researchers have developed a 25-core open source processor, dubbed Piton named after the metal spikes used by rock climbers, which has been designed to be flexible, highly scalable, fast and energy-efficient to satisfy the demands of massive-scale data centers. Every computer has a processor, but it's the core, a processing unit, which defines its actual efficiency and performance. A Processor can have a single core or multiple cores, which receive instructions, then performs calculations on it based on those instructions, and gives the results back. For example, the four independent processing units i.e. Cores of a quad-core processor can run multiple instructions at the same time, increasing the overall performance for applications compatible with parallel processing. Your Future Desktop