The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Spain's National Court ruled on Tuesday to extradite a 36-year-old Russian computer programmer, accused by American authorities of malicious hacking offences, to the United States, according to a court document. Peter Yuryevich Levashov , also known as Peter Severa, was arrested in April this year when he was travelling with his family to Barcelona, Spain from his home in Russia—a country without an extradition treaty with the United States—for his role in a huge computer botnet. However, since Levashov has previously worked with for Vladimir Putin's United Russia Party for ten years, he fears that the US authorities would torture him for information about his political work if sent there to face the charges against him. " If I go to the U.S., I will die in a year. They want to get information of a military nature and about the United Russia party ," RIA news agency quoted Levashov as saying. " I will be tortured, within a year I will be killed, or I wil

The largest known hack of user data in the history just got tripled in size. Yahoo, the internet company that's acquired by Verizon this year, now believes the total number of accounts compromised in the August 2013 data breach, which was disclosed in December last year, was not 1 billion—it's 3 Billion . Yes, the record-breaking Yahoo data breach affected every user on its service at the time. Late last year, Yahoo revealed the company had suffered a massive data breach in August 2013, which affected 1 billion user accounts . The 2013 hack exposed user account information, including names, email addresses, telephone numbers, dates of births, hashed passwords (using MD5), and, in some cases, "encrypted or unencrypted security questions and answers," Yahoo said in 2016. At that time, Yahoo did confirm that hackers did not obtain bank account details or credit card information tied to the Yahoo accounts. The data breach was attributed to state-sponsored

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

Etherparty announced Sunday that its ICO (Initial Coin Offering) website selling tokens for a blockchain-based smart contract tool was hacked and the address for sending funds to buy tokens was replaced by a fraudulent address controlled by the hackers. Vancouver-based Etherparty is a smart contract creation tool that allows its users to create smart contracts on the blockchain. Companies like this launch ICO to let them raise funding from multiple sources. Etherparty said the company launched its Fuel token sale on Sunday, October 1 at 9 A.M. PDT, but just 45 minutes, some unknown attackers hacked into its ICO website and replaced the legitimate address by their own, redirecting cryptocurrencies sent by investors into their digital wallet. According to the details released by the Etherparty team, the company detected the hack after just 15 minutes and immediately took its website down for nearly one and half hour to fix the issue, preventing more people from sending funds to

Security researchers have discovered not one or two, but a total of seven security vulnerabilities in the popular open source Dnsmasq network services software, three of which could allow remote code execution on a vulnerable system and hijack it. Dnsmasq is a widely used lightweight network application tool designed to provide DNS (Domain Name System) forwarder, DHCP (Dynamic Host Configuration Protocol) server, router ads and network boot services for small networks. Dnsmasq comes pre-installed on various devices and operating systems, including Linux distributions such as Ubuntu and Debian, home routers, smartphones and Internet of Things (IoT) devices. A shodan scan for "Dnsmasq" reveals around 1.1 million instances worldwide. Recently, Google's security team reviewed Dnsmasq and discovered seven security issues, including DNS-related remote code execution, information disclosure, and denial-of-service (DoS) issues that can be triggered via DNS or DHCP. &q

Equifax data breach was bigger than initially reported, exposing highly sensitive information of more Americans than previously revealed. Credit rating agency Equifax says an additional 2.5 million U.S. consumers were also impacted by the massive data breach the company disclosed last month, bringing the total possible victims to 145.5 million from 143 million. Equifax last month announced that it had suffered a massive data breach that exposed highly sensitive data of hundreds of millions of its customers, which includes names, social security numbers, dates of birth and addresses. In addition, credit card information for nearly 209,000 customers was also stolen, as well as certain documents with personally identifying information (PII) for approximately 182,000 Equifax consumers. The breach was due to a critical vulnerability ( CVE-2017-5638 ) in Apache Struts 2 framework, which Apache patched over two months earlier (on March 6) of the security incident. Equifax was e

Remember the infamous encryption fight between the FBI and Apple for unlocking an iPhone belonging to terrorist Syed Farook behind the San Bernardino 2015 mass shooting that killed 14 people? The same Apple vs. FBI case where Apple refused to help feds access data on the locked iPhone and, later the Federal Bureau of Investigation reportedly paid over a million dollars to a vendor for unlocking the shooter's iPhone. For keeping the iPhone hack secret, three news organizations—The Associated Press, USA Today, and Vice Media—sued the FBI last year under the Freedom of Information Act (FOIA) and forced the agency to reveal the name of the company and the amount it was paid to unlock the iPhone . However, unfortunately, they failed. A US federal judge ruled Saturday that the FBI does not have to disclose the name of or how much it paid a private company for an  iPhone hacking tool that unlocked Farook's iPhone. Apple vs. FBI was one of the biggest legal battles in