The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

How do you reset the password for your Facebook account if your primary email account also gets hacked? Using SMS-based security code or maybe answering the security questions? Well, it's 2017, and we are still forced to depend on insecure and unreliable password reset schemes like email-based or SMS code verification process. But these traditional access recovery mechanisms aren't safe enough to protect our all other online accounts linked to an email account. Yahoo Mail can be used as an excellent example. Once hackers have access to your Yahoo account, they can also get into any of your other online accounts linked to the same email just by clicking the link that says, "Forgot your password?" Fortunately, Facebook has a tool that aims to fix this process, helping you recover access to all your other online accounts securely. At the Enigma Conference in Oakland, California on Monday, Facebook launched an account recovery feature for other websites

Again bad news for consumers with Netgear routers: Netgear routers hit by another serious security vulnerability, but this time more than two dozens router models are affected. Security researchers from Trustwave are warning of a new authentication vulnerability in at least 31 models of Netgear models that potentially affects over one million Netgear customers. The new vulnerability, discovered by Trustwave's SpiderLabs researcher Simon Kenin, can allow remote hackers to obtain the admin password for the Netgear router through a flaw in the password recovery process. Kenin discovered the flaw ( CVE-2017-5521 ) when he was trying to access the management page of his Netgear router but had forgotten its password. Exploiting the Bug to Take Full Access on Affected Routers So, the researcher started looking for ways to hack his own router and found a couple of exploits from 2014 that he leveraged to discover this flaw which allowed him to query routers and retrieve thei

Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit edge-case vulnerabilities. Instead, they often use commonly available tools and exploit multiple vulnerability points. By simulating a real-world network attack, security teams can test their detection systems, ensure they have multiple choke points in place, and demonstrate the value of networking security to leadership. In this article, we demonstrate a real-life attack that could easily occur in many systems. The attack simulation was developed based on the MITRE ATT&CK framework, Atomic Red Team,  Cato Networks ' experience in the field, and public threat intel. In the end, we explain why a holistic secur

Just days before the inauguration of President Donald Trump, cyber criminals infected 70 percent of storage devices that record data from feds surveillance cameras in Washington D.C. in a cyber attack. Any guess, What kind of virus could have hit the storage devices? Once again, the culprit is Ransomware, which has become a noxious game of Hackers to get paid effortlessly. Ransomware is an infamous piece of malware that has been known for locking up computer files and then demanding a ransom in Bitcoins in order to help victims unlock their files. But over time, the threat has changed its way from computers and smartphones to Internet-of-Thing (IoT) devices. Ransomware Infected 70% Surveillance Cameras in Washington D.C. This time the hackers managed to plant ransomware in 123 of its 187 network video recorders, each controlling up to four CCTVs used in public spaces throughout Washington D.C, which eventually left them out from recording anything between 12 and 15 Jan

What's the worst that could happen when a Ransomware hits a Hotel? Recently, hundreds of guests of a luxurious hotel in Austria were locked in or out of their rooms when ransomware hit the hotel's IT system, and the hotel had no choice left except paying the attackers. Today, we are living in a digital age that is creating a digital headache for people and organizations around the world with cyber attacks and data breaches on the rise. Ransomware is one of them. The threat has been around for a few years, but during 2016, it has turned into a noxious game of Hackers to get paid effortlessly by targeting hospitals, Universities, private businesses and even police departments and making hundreds of millions of dollars. Now, the Romantik Seehotel Jäegerwirt 4-Star Superior Hotel has admitted it paid €1,500 (£1,275/$1,600) in Bitcoin ransom to cybercriminals who managed to break into their network and hack their electronic key card system that prevented its guests f

Law enforcement authorities from Europe and Russia have arrested five members of an international cyber criminal gang for stealing $3.2 million cash from ATMs using malware. Three of the suspects, Andrejs Peregudovs (41), of Latvia, Niklae Penkov (34) of Moldova, and Mihail Colibaba (30) of Romania, were arrested in Taiwan by the Taiwanese Criminal Investigation Bureau last summer, have already been sentenced to 5 years in prison for their role in a massive ATM heist operation, involving 22 individuals from 6 countries. The European-based cyber criminal gang used a variety of different hacking techniques to infect ATMs with malware and force them to dispense cash. According to Europol that began its investigation in early 2016, the gang used spear-phishing emails containing malicious attachments to target bank employees and penetrate the bank's internal networks. From there, the cyber crooks then located and hacked into the network of ATMs from the inside, and used a m

In an effort to expand its certificate authority capabilities and build the "foundation of a more secure web," Google has finally launched its root certificate authority. In past few years, we have seen Google taking many steps to show its strong support for sites using HTTPS, like: Giving more preference to HTTPS websites in its search rankings than others. Warning users that all HTTP pages are not secure. Starting an industry-wide initiative, Certificate Transparency − an open framework to log, audit, and monitor certificates that CAs have issued. However, Google has been relying on an intermediate Certificate Authority (Google Internet Authority G2 - GIAG2) issued by a third party, with the latest suppliers being GlobalSign and GeoTrust, which manages and deploys certificates to Google's products and services. Google announced Thursday the creation of its own certified, and independent Root Certificate Authority called Google Trust Services , allowing