The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

It should be noted that hacking a system for unauthorised access that does not belong to you is an illegal practice, no matter what's the actual intention behind it. Now I am pointing out this because reportedly someone, who has been labeled as a 'vigilante hacker' by media, is hacking into vulnerable 'Internet of Things' devices in order to supposedly secure them. This is not the first time when any hacker has shown vigilance, as we have seen lots of previous incidents in which hackers have used malware to compromise thousands of devices, but instead of hacking them, they forced owners to make them secure. Dubbed Hajime , the latest IoT botnet malware, used by the hacker, has already infected at least 10,000 home routers, Internet-connected cameras, and other smart devices. But reportedly, it's an attempt to wrestle their control from Mirai and other malicious threats. Mirai is an IoT botnet that threatened the Internet last year with record-sett

Ransomware has been around for a few years, but it has become an albatross around everyone's neck, targeting businesses, hospitals, financial institutions and individuals worldwide and extorting millions of dollars. Forget about developing sophisticated banking trojans and malware to steal money out of people and organizations. Today, one of the easiest ways that can help cyber criminals get paid effortlessly is Ransomware. This threat became even worse after the arrival of ransomware as a service (RaaS) – a variant of ransomware designed to be so user-friendly that anyone with little or no technical knowledge can also easily deploy them to make money. Now, security researchers have uncovered an easy-to-use ransomware service that promises profit with just one successful infection. Dubbed Karmen , the RaaS variant is based on the abandoned open-source ransomware building toolkit dubbed Hidden Tear and is being sold on Dark Web forums from Russian-speaking hacker named D

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

A Chinese infosec researcher has reported about an "almost impossible to detect" phishing attack that can be used to trick even the most careful users on the Internet. He warned, hackers can use a known vulnerability in the Chrome, Firefox and Opera web browsers to display their fake domain names as the websites of legitimate services, like Apple, Google, or Amazon to steal login or financial credentials and other sensitive information from users. What is the best defence against phishing attack? Generally, checking the address bar after the page has loaded and if it is being served over a valid HTTPS connection. Right? Okay, then before going to the in-depth details, first have a look at this demo web page  ( note: you may experience downtime due to high traffic on demo server ), set up by Chinese security researcher Xudong Zheng, who discovered the attack. " It becomes impossible to identify the site as fraudulent without carefully inspecting the site's URL o

Image by New York Times The Internet just lost one of its most prominent innovators. Robert W Taylor, a computer scientist who was instrumental in creating the Internet as well as the modern personal computer, has died at the age of 85. Mr. Taylor, who is best known as the mastermind of ARPAnet (precursor of the Internet), had Parkinson's disease and died on Thursday at his home in Woodside, California, his son Kurt Kurt Taylor told US media . While the creation of the Internet was work of many hands, Mr. Taylor made many contributions. As a researcher for the US military's Advanced Research Projects Agency (ARPA) in 1966, Taylor helped pioneer the concept of shared networks, as he was frustrated with constantly switching between 3 terminals to communicate with researchers across the country. His frustration led the creation of ARPAnet — a single computer network to link each project with the others — and this network then evolved into what we now know as the In

The latest dump of hacking tools allegedly belonged to the NSA is believed to be the most damaging release by the Shadow Brokers till the date. But after analyzing the disclosed exploits, Microsoft security team says most of the windows vulnerabilities exploited by these hacking tools, including EternalBlue, EternalChampion, EternalSynergy, EternalRomance and others, are already patched in the last month's Patch Tuesday update. " Most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products. Customers still running prior versions of these products are encouraged to upgrade to a supported offering, " Microsoft Security Team said in a blog post  published today. On Good Friday, the Shadow Brokers released a massive trove of Windows hacking tools allegedly stolen from NSA that works against almost all versions of Windows, from Windows 2000 and XP to Windows 7 and 8, and their server-side variants such as Serve

Update: Most of the exploits made publicly available (mentioned in this article) by the Shadow Brokers group are already patched by Microsoft in the last month's Patch Tuesday update. So, it is always recommended that you keep your systems up-to-date in order to prevent you from being hacked. The Shadow Brokers – a hackers group that claimed to have stolen a bunch of hacking tools from the NSA – released today more alleged hacking tools and exploits that target earlier versions of Windows operating system, along with evidence that the Intelligence agency also targeted the SWIFT banking system of several banks around the world. Last week, the hacking group released the password for an encrypted cache of Unix exploits , including a remote root zero-day exploit for Solaris OS, and the TOAST framework the group put on auction last summer. The hacking tools belonged to " Equation Group " – an elite cyber attack unit linked to the National Security Agency (NSA).