#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The Pirate Bay Caught Running Browser-Based Cryptocurrency Miner

The Pirate Bay Caught Running Browser-Based Cryptocurrency Miner

Sep 19, 2017
The world's popular torrent download website, The Pirate Bay , has again been in a new controversy—this time over secretly planting an in-browser cryptocurrency miner on its website that utilizes its visitors' CPU processing power in order to mine digital currencies. The Pirate Bay is the most popular and most visited file-sharing website predominantly used to share copyrighted material free of charge. The site has usually been in the news for copyright infringement by movie studios, music producers and software creators. The Pirate Bay has recently been caught generating revenue by secretly utilizing CPU power of its millions of visitors to mine a Bitcoin alternative called Monero without their knowledge. The modern Internet depends on advertising revenue to survive, which apparently sometimes spoils users' experience. But The Pirate Bay is trying to choose a different approach. Visitors to the Pirate Bay recently discovered a JavaScript-based cryptocurrency mine
Warning: CCleaner Hacked to Distribute Malware; Over 2.3 Million Users Infected

Warning: CCleaner Hacked to Distribute Malware; Over 2.3 Million Users Infected

Sep 18, 2017
If you have downloaded or updated CCleaner application on your computer between August 15 and September 12 of this year from its official website, then pay attention—your computer has been compromised. CCleaner is a popular application with over 2 billion downloads, created by Piriform and recently acquired by Avast, that allows users to clean up their system to optimize and enhance performance. Security researchers from Cisco Talos discovered that the download servers used by Avast to let users download the application were compromised by some unknown hackers, who replaced the original version of the software with the malicious one and distributed it to millions of users for around a month. This incident is yet another example of supply chain attack. Earlier this year, update servers of a Ukrainian company called MeDoc were also compromised in the same way to distribute the Petya ransomware , which wreaked havoc worldwide. Avast and Piriform have both confirmed that the W
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Become A Certified Hacker – 5 Online Learning Courses for Beginners

Become A Certified Hacker – 5 Online Learning Courses for Beginners

Sep 18, 2017
Hacking is not a trivial process, but it does not take too long to learn. If you want to learn Ethical Hacking and Penetration testing, you are at right place. We frequently receive emails from our readers on learning how to hack, how to become an ethical hacker, how to break into computers, how to penetrate networks like a professional, how to secure computer systems and networks, and so on. Wait! Wait! Don't associate hacking negative, as one of the best ways to test the security of anything is to breach it, just like hackers. A way to become an ethical hacker is to get a good computer hacking course, and if you're interested in getting started down the path of cybersecurity, the Computer Hacker Professional Certification Package is a great resource. This week's featured deal from THN Deals Store brings you 96% discount on an excellent, best-selling online training course: Computer Hacker Professional Certification Package . Since there is a huge demand for e
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Unpatched Windows Kernel Bug Could Help Malware Hinder Detection

Unpatched Windows Kernel Bug Could Help Malware Hinder Detection

Sep 18, 2017
A 17-year-old programming error has been discovered in Microsoft's Windows kernel that could prevent some security software from detecting malware at runtime when loaded into system memory. The security issue, described by enSilo security researcher Omri Misgav, resides in the kernel routine "PsSetLoadImageNotifyRoutine," which apparently impacts all versions of Windows operating systems since Windows 2000. Windows has a built-in API, called PsSetLoadImageNotifyRoutine, that helps programs monitor if any new module has been loaded into memory. Once registered, the program receives notification each time a module is loaded into memory. This notification includes the path to the module on disk. However, Misgav found that due to "caching behaviour, along with the way the file-system driver maintains the file name and a severe coding error," the function doesn't always return the correct path of the loaded modules. What's bad? It seems like Micro
Vevo Music Video Service Hacked — 3.12TB of Internal Data Leaked

Vevo Music Video Service Hacked — 3.12TB of Internal Data Leaked

Sep 16, 2017
OurMine is in headlines once again—this time for breaching the popular video streaming service Vevo . After hunting down social media accounts of HBO and defacing WikiLeaks website , the infamous self-proclaimed group of white hat hackers OurMine have hacked Vevo and leaked about 3.12 TB worth of internal files. Vevo is a joint venture between Sony Music Entertainment, Universal Music Group, Abu Dhabi Media, Warner Music Group, and Google's parent company Alphabet Inc. OurMine managed to get hold of Vevo's "sensitive" data including its internal office documents, videos and promotional materials after the hacking collective successfully hacked into the Vevo servers. The group then posted the stolen documents (approximately 3.12 terabytes) from Vevo on its website on late Thursday, though OurMine removed the stolen information from its website on Vevo's request. Although it's not clear what prompted OurMine to hack Vevo, the group noted on its
Yet Another Android Malware Infects Over 4.2 Million Google Play Store Users

Yet Another Android Malware Infects Over 4.2 Million Google Play Store Users

Sep 15, 2017
Even after so many efforts by Google, malicious apps somehow managed to fool its Play Store's anti-malware protections and infect people with malicious software. The same happened once again when at least 50 apps managed to make its way onto Google Play Store and were successfully downloaded as many as 4.2 million times—one of the biggest malware outbreaks. Security firm Check Point on Thursday published a blog post revealing at least 50 Android apps that were free to download on official Play Store and were downloaded between 1 million and 4.2 million times before Google removed them. These Android apps come with hidden malware payload that secretly registers victims for paid online services, sends fraudulent premium text messages from victims' smartphones and leaves them to pay the bill—all without the knowledge or permission of users. Dubbed ExpensiveWall by Check Point researchers because it was found in the Lovely Wallpaper app, the malware comes hidden in fre
75,000 Turks Arrested So Far for Downloading Encrypted Messaging App

75,000 Turks Arrested So Far for Downloading Encrypted Messaging App

Sep 15, 2017
WARNING: If you are Turkish and using or have installed ByLock —a little-known encrypted messaging app—you could be detained by Turkish authorities. You might be thinking why??? Because using this app in Turkish is illegal since last year. The background story begins here... Remember the deadliest Turkey's failed coup attempt? In July 2016, a section of the Turkish military launched a coordinated operation—by deploying soldiers, tanks on the streets of major Turkish cities—to topple the government and unseat President Recep Tayyip Erdogan . The Turkish government blamed Muhammed Fethullah Gülen, a Turkish preacher who lives in the United States, for leading the July 15-16 attempted coup , though Gülen denied any involvement. In the aftermath of the coup attempt, Milli İstihbarat Teşkilatı (MİT), the Turkish intelligence agency investigated and found that the ByLock messaging app was used as a communication tool by tens of thousands of Gülen movement followers to c
Cybersecurity Resources