The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A former employee—who worked for an elite hacking group operated by the U.S. National Security Agency—pleaded guilty on Friday to illegally taking classified documents home , which were later stolen by Russian hackers. In a press release published Friday, the US Justice Department announced that Nghia Hoang Pho , a 67-year-old of Ellicott City, Maryland, took documents that contained top-secret national information from the agency between 2010 and 2015. Pho, who worked as a developer for the Tailored Access Operations (TAO) hacking group at the NSA, reportedly moved the stolen classified documents and tools to his personal Windows computer at home, which was running Kaspersky Lab software. According to authorities, the Kaspersky Labs' antivirus software was allegedly used, one way or another, by Russian hackers to steal top-secret NSA documents and hacking exploits from Pho's home PC in 2015. "Beginning in 2010 and continuing through March 2015, Pho removed an

Roman Valerevich Seleznev , the son of a prominent Russian lawmaker who's already facing a 27-year prison sentence in the United States, has been handed another 14-year prison sentence for his role in an "organized cybercrime ring" that caused $59 Million in damages across the US. In April this year, Seleznev, the 33-year-old son of a Russian Parliament member of the nationalist Liberal Democratic Party (LDPR), was sentenced to 27 years in prison for payment card fraud, causing nearly $170 million in damages to small business and financial institutions in the US. The sentence was so far the longest sentence ever imposed in the United States for a hacking-related case. Now, after pleading guilty in two criminal cases stemming from a hacking probe in September, Seleznev Thursday  received another 14-year prison sentence for racketeering in Nevada and another 14 years for conspiracy to commit bank fraud charges in Georgia. The sentences will run concurrently to

The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing security and compliance leadership to a vCISO, these organizations can more easily obtain cybersecurity expertise specialized for their industry and strengthen their cybersecurity posture. MSPs and MSSPs looking to meet this growing vCISO demand are often faced with the same challenge. The demand for cybersecurity talent far exceeds the supply. This has led to a competitive market where the costs of hiring and retaining skilled professionals can be prohibitive for MSSPs/MSPs as well. The need to maintain expertise of both security and compliance further exacerbates this challenge. Cynomi, the first AI-driven vCISO platform , can help. Cynomi enables you - MSPs, MSSPs and consulting firms

To improve performance and reduce crashes caused by third-party software on Windows, Google Chrome, by mid-2018, will no longer allow outside applications to run code within its web browser. If you are unaware, many third-party applications, like accessibility or antivirus software, inject code into your web browser for gaining more control over your online activities in order to offer some additional features and function properly. However, Google notes that over 15 percent of Chrome users running third-party applications on their Windows machines that inject code into their web browsers experience crashes—and trust me it's really annoying. But don't you worry. Google now has a solution to this issue. In a blog post published Thursday on Chromium Blog, Google announced its plan to block third-party software from injecting code into Chrome—and these changes will take place in three steps: April 2018 — With the release of Chrome 66, Google will begin informing use

Do you own a Hewlett-Packard (HP) Windows PC or laptop? Multiple HP customers from around the world are reporting that HP has started deploying a "spyware" onto their laptops—without informing them or asking their permission. The application being branded as spyware is actually a Windows Telemetry service deployed by HP, called "HP Touchpoint Analytics Client," which was first identified on November 15. According to reports on several online forums, the telemetry software—which the HP customers said they never opted to have installed and had no idea was continually running in the background—was pushed out in a recent update. However, it's not yet clear whether the software has come with the latest Microsoft's Windows updates, or via HP's support assistant processes. An official description of the software says that the program "harvests telemetry information that is used by HP Touchpoint's analytical services." HP Touchpoint

Some websites have found using a simple yet effective technique to keep their cryptocurrency mining javascript secretly running in the background even when you close your web browser. Due to the recent surge in cryptocurrency prices, hackers and even legitimate website administrators are increasingly using JavaScript-based cryptocurrency miners to monetize by levying the CPU power of their visitor's PC to mine Bitcoin or other cryptocurrencies. After the world's most popular torrent download website, The Pirate Bay , caught secretly  using Coinhive , a browser-based cryptocurrency miner service, on its site last month, thousands of other websites also started using the service as an alternative monetization model to banner ads. However, websites using such crypto-miner services can mine cryptocurrencies as long as you're on their site. Once you close the browser window, they lost access to your processor and associated resources, which eventually stops mining. Un