#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

WikiLeaks Promises to Publish Leaks on US Election, Arms Trade and Google

WikiLeaks Promises to Publish Leaks on US Election, Arms Trade and Google

Oct 04, 2016
Wikileaks completed its 10 years today, and within this timespan, the whistleblower site has published over 10 million documents, and there's more to come. In the name of celebration of its 10th Anniversary, Wikileaks promises to leak documents pertaining to Google, United States presidential election and more over the next ten weeks. Speaking by video link to an anniversary news conference at the Volksbuhne Theater in Berlin on Tuesday morning, WikiLeaks founder Julian Assange eagerly announced his plans to release a series of publications every week for the next 10 weeks. The upcoming leaks will include "significant material" related to Google, the US presidential election, military operations, arms trading and, the hot topic of past few years, mass surveillance. Assange also promised to publish all documents related to the US presidential race before the election day on November 8. "There is an enormous expectation in the United States," Assange said f
Beware! You Can Get Hacked Just by Opening a 'JPEG 2000' Image

Beware! You Can Get Hacked Just by Opening a 'JPEG 2000' Image

Oct 04, 2016
Researchers have disclosed a critical zero-day vulnerability in the JPEG 2000 image file format parser implemented in OpenJPEG library , which could allow an attacker to remotely execute arbitrary code on the affected systems. Discovered by security researchers at Cisco Talos group, the zero-day flaw, assigned as TALOS-2016-0193/ CVE-2016-8332 , could allow an out-of-bound heap write to occur that triggers the heap corruption and leads to arbitrary code execution. OpenJPEG is an open-source JPEG 2000 codec. Written in C language, the software was developed for coding and encoding JPEG2000 images, a format that is often used for tasks like embedding image files within PDF documents through popular software including PdFium, Poppler, and MuPDF. Hackers can exploit the security vulnerability by tricking the victim into opening a specially crafted, malicious JPEG2000 image or a PDF document containing that malicious file in an email. The hacker could even upload the malicious JP
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Download: 68 Million Hacked Dropbox Accounts are Just a Click Away!

Download: 68 Million Hacked Dropbox Accounts are Just a Click Away!

Oct 04, 2016
Over a month ago, The Hacker News reported about the Dropbox Hack , where hackers had managed to steal more than 68 Million Dropbox accounts in a data breach that was initially disclosed by the online cloud storage platform in 2012. Although the initial announcement failed to reveal the true scale of the data breach, it was in late August when the breach notification service LeakBase obtained files containing details on over 68 million accounts, which contains email addresses and hashed passwords for Dropbox users. Last month, a hacker was selling this Dropbox data dump on a Dark Web marketplace known as TheRealDeal for around $1200 . However, Motherboard recently discovered that a researcher has just uploaded the full dump of hacked Dropbox database online. Download DropBox Data Dump Here: Thomas White, known online as The Cthulhu, uploaded Monday the full Dropbox data dump onto his website in a move, as he claims, to help security researchers examine the data breach.
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Source Code for IoT botnet responsible for World's largest DDoS Attack released Online

Source Code for IoT botnet responsible for World's largest DDoS Attack released Online

Oct 03, 2016
With rapidly growing Internet of Thing (IoT) devices, they have become a much more attractive target for cybercriminals. Just recently we saw a record-breaking Distributed Denial of Service (DDoS) attacks against the France-based hosting provider OVH that reached over one Terabit per second (1 Tbps), which was carried out via a botnet of infected IoT devices. Now, such attacks are expected to grow more rapidly as someone has just released the source code for IoT botnet, which was 'apparently' used to carry out world's largest DDoS attacks. Internet of Things-Botnet 'Mirai' Released Online Dubbed Mirai , the malware is a DDoS Trojan that targets BusyBox systems , a collection of Unix utilities specifically designed for embedded devices like routers. The malware is programmed to hijack connected IoT devices that are using the default usernames and passwords set by the factory before devices are first shipped to customers. Spotted by Brian Krebs , the
United States set to Hand Over Control of the Internet to ICANN Today

United States set to Hand Over Control of the Internet to ICANN Today

Oct 01, 2016
Since the foundation of the Internet, a contract has been handed over to the United States Commerce Department under which the department had given authority to regulate the Internet. After 47 years, this contract ends tonight at midnight EDT i.e. Saturday, October 1st, 2016. If you think that the United States owns the Internet, then you're wrong. It doesn't. Founded in 1998, non-profit organization ICANN (The Internet Corporation for Assigned Names and Numbers) oversees the Internet's "address book" (or root zone) — the process of assigning domain names and the underlying IP addresses to keep the Internet running smoothly. But according to the contract, ICANN and its IANA department (the Internet Assigned Numbers Authority) was set to work under the supervision of National Telecommunications and Information Administration (NTIA), an agency of the U.S. Department of Commerce. That contract is ending today, and the US Commerce Department is schedule
Cybersecurity Resources