The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Japanese authorities have arrested a 14-year-old boy in Osaka, a prefecture and large port city, for allegedly creating and distributing a ransomware malware . This is the first such arrest in Japan which involves a Ransomware-related crime. Ransomware is a piece of malware that encrypts files on a victim's computer and makes them inaccessible until the victim pays a ransom, usually in Bitcoins, in order to get the decryption keys for the encrypted files. Ransomware has been around for a few years, but currently, it has become a major cyber threat for businesses and users across the world. Just last month, the WannaCry ransomware hit over 300,000 PCs within just 72 hours, wreaking havoc worldwide. The recent arrest came after the teenager, who is a third-year junior high school student, created a ransomware virus and uploaded its source code on the Internet, according to multiple Japanese media. The student, who admitted to the allegations, combined free encryption

The FBI arrested a 25-year-old NSA contractor on Saturday (3rd June) for leaking classified information to an online news outlet which published its report yesterday (5th June) — meaning the arrest was made two days before the actual disclosure went online. Reality Leigh Winner , who held a top-secret security clearance and worked as a government contractor in Georgia with Pluribus International, was arrested from her home in Augusta on charges involving the leak of top-secret NSA files to 'The Intercept,' an online publication that has been publishing NSA documents leaked by Edward Snowden since 2014. The Intercept published a report on Monday, 5th June, based upon a classified document it received anonymously, which claims in August 2016, Russia's military intelligence agency "executed a cyber attack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials days before [the] election." The

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

" If you want to keep living, Pay a ransom, or die ." This could happen, as researchers have found thousands of vulnerabilities in Pacemakers that hackers could exploit. Millions of people that rely on pacemakers to keep their hearts beating are at risk of software glitches and hackers, which could eventually take their lives. A pacemaker is a small electrical battery-operated device that's surgically implanted in the chest to help control the heartbeats. This device uses low-energy electrical pulses to stimulate the heart to beat at a normal rate. While cyber security firms are continually improving software and security systems to protect systems from hackers, medical devices such as insulin pumps or pacemakers are also vulnerable to life-threatening hacks. In a recent study, researchers from security firm White Scope analysed seven pacemaker products from four different vendors and discovered that they use more than 300 third-party libraries, 174 of which are

Remember Ramona Fricosu ? A Colorado woman was ordered to unlock her encrypted Toshiba laptop while the FBI was investigating alleged mortgage fraud in 2012, but she declined to decrypt the laptop saying that she did not remember the password. Later the United States Court ruled that Police can force defendants to decrypt their electronic devices, of course, as it does not violate the Fifth Amendment that prevents any citizen from having to incriminate themselves. Forgetting passwords for your electronic devices could be a smart move to avoid complying with a court order, but not every time, as US judges have different opinions on how to punish those who do not compel the order to unlock their phones. On a single day last week, one defendant got six months jail for allegedly refusing to reveal his iPhone passcode, while a second defendant walks through after he claimed he forgot his passcode. A Florida circuit court judge ruled last week that child abuse defendant Christopher

Until last year, cyber criminals were only targeting computers of individuals and organisations with ransomware and holding them for ransom, but then they started targeting unprotected online databases and servers around the globe for ransom as well. Earlier this year, we saw notorious incidents where tens of thousands of unprotected MongoDB and Elasticsearch databases were hacked and held for ransom in exchange of the data the hackers had stolen and deleted from the poorly configured systems. Now, cyber crooks have started targeting unprotected Hadoop Clusters and CouchDB servers as well, making the ransomware game nastier if your servers are not securely configured. Nearly 4,500 servers with the Hadoop Distributed File System (HDFS) — the primary distributed storage used by Hadoop applications — were found exposing more than 5,000 Terabytes (5.12 Petabytes) of data, according to an analysis conducted using Shodan search engine. This exposure is due to the same issue — H