The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Due to the worldwide promotion of Mirai botnet that knocked down half of the Internet last Friday, hackers and even script kiddies have started creating their own botnet networks by hacking millions of IoT devices and selling them as DDoS-for-hire service to overwhelm targets with data. A 19-year-old student from Hertford has pled guilty to running one such DDoS-for-hire service that shortly became one of the most popular DDoS booter tools in the market to conduct distributed denial of service (DDoS) attacks. Dubbed Titanium Stresser , the tool was used to conduct coordinated DDoS attacks around the world and brought Adam Mudd an income of more than US$385,000 (£315,000 A$505,000), according to the Eastern Region Special Operations Unit (ERSOU). On 28 October at the Old Bailey, Mudd pleaded guilty to two counts of the Computer Misuse Act and one count of money laundering offense and will be sentenced in December. Mudd, who was arrested at his home in 2015, admitted to comm

Hey Webmasters, are you using Memcached to boost the performance of your website? Beware! It might be vulnerable to remote hackers. Three critical Remote Code Execution vulnerabilities have been reported in Memcached by security researcher Aleksandar Nikolich at Cisco Talos Group that expose major websites, including Facebook, Twitter, YouTube, Reddit, to hackers. Memcached is a fabulous piece of open-source distributed caching system that allows objects to be stored in memory. It has been designed to speed up dynamic web applications by reducing stress on the database that helps administrators to increase performance and scale web applications. Memcached is widely used by thousands upon thousands of websites, including popular social networking sites such as Facebook, Flickr, Twitter, Reddit, YouTube, Github, and many more. Nikolich says that he discovered multiple integer overflow bugs in Memcached that could be exploited to remotely run arbitrary code on the targeted s

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Google's Threat Analysis Group publically disclosed on Monday a critical zero-day vulnerability in most versions of Windows just 10 days after privately disclosed both zero days to Microsoft and Adobe. While Adobe rushed an emergency patch for its Flash Player software on October 26, Microsoft had yet to release a fix. Microsoft criticized Google's move, saying that the public disclosure of the vulnerability — which is being exploited in the wild — before the company had time to prepare a fix, puts Windows users at "potential risk." The result? Windows Vista through current versions of Windows 10 is still vulnerable , and now everybody knows about the critical vulnerability. Now, Microsoft said that the company would be releasing a patch for the zero-day flaw on 8th November, as part of its regular round of monthly security updates. Russian Hackers are actively exploiting critical Windows kernel bug Microsoft acknowledged the vulnerability in a blog

With rapidly growing web-based services and widely expanding locations, organizations are using more and more SSL certificates as well as SSH keys than ever. From authentication, confidentiality, and integrity to preventing the organization from industrial espionage, SSL certificates play an important role. Managing SSL certificates across networks to ensure protection and prevent unanticipated failures is critical, and it also becomes complicated with multiple locations, divisions as well as the fastest growing use of external cloud-based services. This not only complicates the process of managing individual SSL certificate and SSH key for an administrator but also costs organizations heavily. A key solution for this issue is to use an advanced and efficient SSL certificate and SSH Key management system. An effective solution enables an organization to know what kinds of certificates and keys it has, simplifies certificate discovery and monitor across multiple vendors, an

Can you believe that it's been 6 years since we first launched The Hacker News? Yes, The Hacker News is celebrating its sixth anniversary today on 1st November. We started this site on this same day back in 2010 with the purpose of providing a dedicated platform to deliver latest infosec news and threat updates for Hackers, Security researchers, technologists, and nerds. Times flies when you are having fun! The Hacker News has become one of the World's popular and trusted Hacking News channel that went from ~100,000 readers to more than 10 million monthly readers — all because of THN readers high enthusiasm. In this short span of time, The Hacker News has achieved a series of milestone: The Hacker News Facebook page is going to hit 1.5 Million Followers, More than 1.6 Million followers on Google Plus+ , Over 200,000 Email Subscribers , And around 307,000 Twitter Followers. What's more? The Twitter Account of The Hacker News became officially verified (