The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

It seems sophisticated hackers have changed the way they conduct targeted cyber operations—instead of investing in zero-days and developing their malware; some hacking groups have now started using ready-made malware just like script kiddies. Possibly, this could be a smart move for state-sponsored hackers to avoid being attributed easily. Security researchers from multiple security firms, including Arbor Networks and FireEye , independently discovered a series of malware campaigns primarily targeting aerospace, defence contractors and manufacturing sectors in various countries, including the United States, Thailand, South Korea and India. What's common? All these attack campaigns, conducted by various hacking groups, eventually install same information and password stealer malware—dubbed FormBook —on the targeted systems. FormBook is nothing but a " malware-as-as-service ," which is an affordable piece of data-stealing and form-grabbing malware that has been

A Greek court has approved the U.S. extradition of a 38-year-old Russian national accused of laundering more than $4 billion in bitcoin for culprits involved in hacking attacks, tax fraud and drug trafficking with the help of the now-defunct BTC-e exchange. Alexander Vinnik , an alleged operator of BTC-e—a digital currency exchange service that has been in operation since 2011 but seized by the authorities right after Vinnik's arrest in a beachside village in northern Greece in late July 2016 at the request of US law enforcement authorities. Since his arrest, Moscow has also requested Vinnik be returned home, as it has previously done with other Russian nationals wanted by the United States. However, the Greek court ruled Wednesday (4 October) to extradite Vinnik to the U.S., where he will face trial on the charges with the operation of an unlicensed money service business, money laundering, conspiracy to commit money laundering, and engaging in unlawful monetary transact

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

The Apache Tomcat team has recently patched several security vulnerabilities in Apache Tomcat, one of which could allow an unauthorised attacker to execute malicious code on affected servers remotely. Apache Tomcat, developed by the Apache Software Foundation (ASF), is an open source web server and servlet system, which uses several Java EE specifications like Java Servlet, JavaServer Pages (JSP), Expression Language, and WebSocket, and provides a "pure Java" HTTP web server environment for Java concept to run in. Unlike Apache Struts2 vulnerabilities , which have recently been exploited to breach the systems of American credit reporting agency Equifax , Apache Tomcat flaws are less likely to be exploited. The critical Remote Code Execution (RCE) vulnerability (CVE-2017-12617) discovered in Apache Tomcat is due to insufficient validation of user-supplied input by the affected software. Only systems with HTTP PUTs enabled (via setting the "read-only" initi

Spain's National Court ruled on Tuesday to extradite a 36-year-old Russian computer programmer, accused by American authorities of malicious hacking offences, to the United States, according to a court document. Peter Yuryevich Levashov , also known as Peter Severa, was arrested in April this year when he was travelling with his family to Barcelona, Spain from his home in Russia—a country without an extradition treaty with the United States—for his role in a huge computer botnet. However, since Levashov has previously worked with for Vladimir Putin's United Russia Party for ten years, he fears that the US authorities would torture him for information about his political work if sent there to face the charges against him. " If I go to the U.S., I will die in a year. They want to get information of a military nature and about the United Russia party ," RIA news agency quoted Levashov as saying. " I will be tortured, within a year I will be killed, or I wil

The largest known hack of user data in the history just got tripled in size. Yahoo, the internet company that's acquired by Verizon this year, now believes the total number of accounts compromised in the August 2013 data breach, which was disclosed in December last year, was not 1 billion—it's 3 Billion . Yes, the record-breaking Yahoo data breach affected every user on its service at the time. Late last year, Yahoo revealed the company had suffered a massive data breach in August 2013, which affected 1 billion user accounts . The 2013 hack exposed user account information, including names, email addresses, telephone numbers, dates of births, hashed passwords (using MD5), and, in some cases, "encrypted or unencrypted security questions and answers," Yahoo said in 2016. At that time, Yahoo did confirm that hackers did not obtain bank account details or credit card information tied to the Yahoo accounts. The data breach was attributed to state-sponsored

Etherparty announced Sunday that its ICO (Initial Coin Offering) website selling tokens for a blockchain-based smart contract tool was hacked and the address for sending funds to buy tokens was replaced by a fraudulent address controlled by the hackers. Vancouver-based Etherparty is a smart contract creation tool that allows its users to create smart contracts on the blockchain. Companies like this launch ICO to let them raise funding from multiple sources. Etherparty said the company launched its Fuel token sale on Sunday, October 1 at 9 A.M. PDT, but just 45 minutes, some unknown attackers hacked into its ICO website and replaced the legitimate address by their own, redirecting cryptocurrencies sent by investors into their digital wallet. According to the details released by the Etherparty team, the company detected the hack after just 15 minutes and immediately took its website down for nearly one and half hour to fix the issue, preventing more people from sending funds to

Security researchers have discovered not one or two, but a total of seven security vulnerabilities in the popular open source Dnsmasq network services software, three of which could allow remote code execution on a vulnerable system and hijack it. Dnsmasq is a widely used lightweight network application tool designed to provide DNS (Domain Name System) forwarder, DHCP (Dynamic Host Configuration Protocol) server, router ads and network boot services for small networks. Dnsmasq comes pre-installed on various devices and operating systems, including Linux distributions such as Ubuntu and Debian, home routers, smartphones and Internet of Things (IoT) devices. A shodan scan for "Dnsmasq" reveals around 1.1 million instances worldwide. Recently, Google's security team reviewed Dnsmasq and discovered seven security issues, including DNS-related remote code execution, information disclosure, and denial-of-service (DoS) issues that can be triggered via DNS or DHCP. &q

Equifax data breach was bigger than initially reported, exposing highly sensitive information of more Americans than previously revealed. Credit rating agency Equifax says an additional 2.5 million U.S. consumers were also impacted by the massive data breach the company disclosed last month, bringing the total possible victims to 145.5 million from 143 million. Equifax last month announced that it had suffered a massive data breach that exposed highly sensitive data of hundreds of millions of its customers, which includes names, social security numbers, dates of birth and addresses. In addition, credit card information for nearly 209,000 customers was also stolen, as well as certain documents with personally identifying information (PII) for approximately 182,000 Equifax consumers. The breach was due to a critical vulnerability ( CVE-2017-5638 ) in Apache Struts 2 framework, which Apache patched over two months earlier (on March 6) of the security incident. Equifax was e

Remember the infamous encryption fight between the FBI and Apple for unlocking an iPhone belonging to terrorist Syed Farook behind the San Bernardino 2015 mass shooting that killed 14 people? The same Apple vs. FBI case where Apple refused to help feds access data on the locked iPhone and, later the Federal Bureau of Investigation reportedly paid over a million dollars to a vendor for unlocking the shooter's iPhone. For keeping the iPhone hack secret, three news organizations—The Associated Press, USA Today, and Vice Media—sued the FBI last year under the Freedom of Information Act (FOIA) and forced the agency to reveal the name of the company and the amount it was paid to unlock the iPhone . However, unfortunately, they failed. A US federal judge ruled Saturday that the FBI does not have to disclose the name of or how much it paid a private company for an  iPhone hacking tool that unlocked Farook's iPhone. Apple vs. FBI was one of the biggest legal battles in