The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Almost half a million people in the United States are highly recommended to get their pacemakers updated, as they are vulnerable to hacking. The Food and Drug Administration (FDA) has recalled 465,000 pacemakers after discovering security flaws that could allow hackers to reprogram the devices to run the batteries down or even modify the patient's heartbeat, potentially putting half a million patients lives at risk. A pacemaker is a small electrical battery-operated device that's surgically implanted in the chest of patients to help control their heartbeats. The device uses low-energy electrical pulses to stimulate the heart to beat at a normal rate. Six types of pacemakers, all manufactured by health-tech firm Abbott (formerly of St. Jude Medical) are affected by the recall, which includes the Accent, Anthem, Accent MRI, Accent ST, Assurity, and Allure. All the affected models are radio-frequency enabled cardiac devices—typically fitted to patients with irregular he

Whenever we feel like the Locky ransomware is dead, the notorious threat returns with a bang . Recently, researchers from two security firms have independently spotted two mass email campaigns, spreading two different, but new variants of the Locky ransomware . Lukitus Campaign Sends 23 Million Emails in 24 Hours The campaign spotted by researchers at AppRiver sent out more than 23 million messages containing Locky ransomware in just 24 hours on 28 August across the United States in what appears to be one of the largest malware campaigns in the second half of this year. According to the researchers, the emails sent out in the attack were "extremely vague," with subjects lines such as "please print," "documents," "images," "photos," "pictures," and "scans" in an attempt to convince victims into infecting themselves with Locky ransomware. The email comes with a ZIP attachment (hiding the malware payload) tha

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

A team of hackers at the CIA, the Central Intelligence Agency, allegedly used a Windows hacking tool against its targets to gain persistent remote access. As part of its Vault 7 leaks , WikiLeaks today revealed details about a new implant developed by the CIA, dubbed AngelFire , to target computers running Windows operating system. AngelFire framework implants a persistent backdoor on the target Windows computers by modifying their partition boot sector. AngelFire framework consists five following components: 1. Solartime — it modifies the partition boot sector to load and execute the Wolfcreek (kernel code) every time the system boots up. 2. Wolfcreek — a self-loading driver (kernel code that Solartime executes) that loads other drivers and user-mode applications 3. Keystone — a component that utilizes DLL injection technique to execute the malicious user applications directly into system memory without dropping them into the file system. 4. BadMFS — a covert file

Instagram has recently suffered a possibly serious data breach with hackers gaining access to the phone numbers and email addresses for many "high-profile" users. The 700 million-user-strong, Facebook-owned photo sharing service has currently notified all of its verified users that an unknown hacker has accessed some of their profile data, including email addresses and phone numbers, using a bug in Instagram. The flaw actually resides in Instagram's application programming interface (API), which the service uses to communicate with other apps. Although the company did not reveal any details about the Instagram's API flaw, it assured its users that the bug has now been patched and its security team is further investigating the incident. "We recently discovered that one or more individuals obtained unlawful access to a number of high-profile Instagram users' contact information—specifically email address and phone number—by exploiting a bug in an Instagr

OurMine is in headlines once again—this time for defacing WikiLeaks website. The notorious hacking group, OurMine, is known for breaching into high-profile figures and companies' social media accounts, including Facebook CEO Mark Zuckerberg , Twitter CEO Jack Dorsey , Google CEO Sundar Pichai , HBO , Game of Thrones and Sony's PlayStation Network (PSN). According to screenshots circulating on Twitter , the official website of WikiLeaks has reportedly been defaced by the OurMine hacking group, who left a message on the site, as shown above. WikiLeaks is a whistleblowing website that since March, has been revealing top CIA hacking secrets under Vault 7 , including the agency's ability to break into different mobile and desktop platforms , security camera live video streams , air-gap computers and many more. There is no indication of WikiLeaks servers and website been compromised, instead it seems their website has been redirected to a hacker-controlled server