The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

WikiLeaks has published a new batch of the ongoing Vault 7 leak , detailing a spyware framework – which "provides remote beacon and loader capabilities on target computers" – allegedly being used by the CIA that works against every version of Microsoft's Windows operating systems, from Windows XP to Windows 10. Dubbed Athena/Hera , the spyware has been designed to take full control over the infected Windows PCs remotely, allowing the agency to perform all sorts of things on the target machine, including deleting data or uploading malicious software, and stealing data and send them to CIA server. The leak, which includes a user manual of Athena, overview of the technology, and demonstration on how to use this spyware, reveals that the program has two implications: Primary: Athena for XP to Windows 10  Secondary: Hera for Windows 8 through Windows 10 According to the whistleblower organization, Athena has the ability to allow the CIA agents to modify its co

If your PC has been infected by WannaCry – the ransomware that wreaked havoc across the world last Friday – you might be lucky to get your locked files back without paying the ransom of $300 to the cyber criminals. Adrien Guinet, a French security researcher from Quarkslab, has discovered a way to retrieve the secret encryption keys used by the WannaCry ransomware for free, which works on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 operating systems. WannaCry Ransomware Decryption Keys The WannaCry's encryption scheme works by generating a pair of keys on the victim's computer that rely on prime numbers, a "public" key and a "private" key for encrypting and decrypting the system's files respectively. To prevent the victim from accessing the private key and decrypting locked files himself, WannaCry erases the key from the system, leaving no choice for the victims to retrieve the decryption key except paying the ransom to

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a

If you ever ordered food from Zomato, You should be Worried! India's largest online restaurant guide Zomato confirmed today that the company has suffered a data breach and that accounts details of millions of its users have been stolen from its database. In a blog post published today, the company said about 17 Million of its 120 Million user accounts from its database were stolen. What type of information? The stolen account information includes user email addresses as well as hashed passwords. Zomato claims that since the passwords are encrypted, it cannot be decrypted by the attackers, so the "sanctity of your password is intact." It seems Zomato is downplaying the threat or unaware of the fact that these days hackers are using cloud computing, which enables them to decrypt even a 15-18 character passwords within a few hours. So there's no guarantee your passwords will not eventually get cracked. Update: As shown in the above screenshot taken

After the shutdown of Kickass Torrents and Torrentz.eu , it's time for the torrent community to say goodbye to the second most popular torrent site in the world, ExtraTorrent. Yes, the popular torrent site ExtraTorrent has permanently shut down. So, stop searching for ' extratorrents unblock ' and ' extratorrents proxy ' websites. In a short but clear message on its homepage , the ExtraTorrent portal announced Wednesday that it has shut down for good, saying "farewell" to its millions of users. The ShutDown Message Reads: " ExtraTorrent has shut down permanently " "ExtraTorrent with all mirrors goes offline.. We permanently erase all data. Stay away from fake ExtraTorrent websites and clones. Thx to all ET supporters and torrent community. ET was a place to be...." The message does not mention the reason of shutdown of the torrent site but indicates that the popular torrent index will not return. Launched in November

If your website is based on the popular Joomla content management system, make sure you have updated your platform to the latest version released today. Joomla, the world's second popular open source Content Management System, has reportedly patched a critical vulnerability in its software's core component. Website administrators are strongly advised to immediately install latest Joomla version 3.7.1, released today, to patch a critical SQL Injection vulnerability (CVE-2017-8917) that affects only Joomla version 3.7.0. " Inadequate filtering of request data leads to a SQL Injection vulnerability ." release note says. The SQL Injection vulnerability in Joomla 3.7.0 was responsibly reported by Marc-Alexandre Montpas, a security researcher at Sucuri last week to the company. According to the researcher , ' The vulnerability is easy to exploit and doesn't require a privileged account on the victim's site ,' which could allow remote hackers to steal sensitive inf