The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The real identity of Tessa88—the notorious hacker tied to several high-profile cyber attacks including the LinkedIn , DropBox and MySpace mega breaches—has been revealed as Maksim Vladimirovich Donakov (Максим Владимирович Донаков), a resident of Penza, Russian Federation. In early 2016, a hacker with pseudonym Tessa88 emerged online offering stolen databases from some of the biggest social media websites in the world, including LinkedIn, MySpace, VKontakte (vk.com), Dropbox, Rambler , and Twitter , for sale in various underground hacking forums. The stolen data, taken years ago from several social media sites, included more than half a billion username and password combinations, which were then used in phishing, account takeover, and other cyber attacks. Though Tessa88's profile was active for a few months between February and May 2016, the OPSEC analysis revealed that the same person was involved in various cybercriminal activities since as early as 2012 under different

This is why you should always think twice before opening innocent looking email attachments, especially word and pdf files. Cybersecurity researchers at Cisco Talos have once again discovered multiple critical security vulnerabilities in the Atlantis Word Processor that allow remote attackers to execute arbitrary code and take over affected computers. An alternative to Microsoft Word, Atlantis Word Processor is a fast-loading word processor application that allows users to create, read and edit word documents effortlessly. It can also be used to convert TXT, RTF, ODT, DOC, WRI, or DOCX documents to ePub. Just 50 days after disclosing 8 code execution vulnerabilities in previous versions of Atlantis Word Processor, Talos team today revealed details and proof-of-concept exploits for 3 more remote code execution vulnerabilities in the application. All the three vulnerabilities, listed below, allow attackers to corrupt the application's memory and execute arbitrary code und

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

It seems as though not a day goes by without a new story breaking about a high-level cyber attack on a major corporation or national government. Hackers are becoming increasingly adept at breaking through a variety of super-secure firewalls, and they're not just after the riches of Fortune 500 companies. Hackers are equally (if not more) interested in hacking into your personal computer and stealing everything from your browsing history to your banking information, and they can do so without your knowledge—even if you're browsing in the comfort of your own home. A VPN ( Virtual Private Network ) is your first and most important line of defense against everything from individual hackers to large-scale malware attacks, and if you're still surfing the Web without one, you may as well be leaving your laptop open and unattended in a crowded coffee shop. So What Exactly Does a VPN Do? VPNs are specialized apps that can be installed on virtually any device that has a

Two hackers have been sent to prison for their roles in hacking TalkTalk , one of the biggest UK-based telecommunications company, in 2015 and stealing personal information, banking, and credit card details belonging to more than 156,000 customers. Matthew Hanley, 23, and Connor Allsopp, 21, both from Tamworth in Staffordshire, were sentenced Monday to 12 months and 8 months in prison, respectively, after they admitted charges relating to the massive breach that cost TalkTalk £77 million in losses. The total cost also included the massive £400,000 fine imposed by the Information Commissioner's Office (ICO) on TalkTalk for failings to implement the most basic security measures in order to prevent the hack from happening. At the Old Bailey, the judge Anuja Dhir described Hanley as a "dedicated hacker" and sentenced him to 12 months in prison; whereas, Allsopp gets 8-months prison for his lesser role in the cyber attack. The Judge also said that it was a tragedy

Instagram has recently patched a security issue in its website that might have accidentally exposed some of its users' passwords in plain text. The company recently started notifying affected users of a security bug that resides in a newly offered feature called "Download Your Data" that allows users to download a copy of their data shared on the social media platform, including photos, comments, posts, and other information that they have shared on the platform. To prevent unauthorized users from getting their hands on your personal data, the feature asks you to reconfirm your password before downloading the data. However, according to Instagram, the plaintext passwords for some users who had used the Download Your Data feature were included in the URL and also stored on Facebook's servers due to a security bug that was discovered by the Instagram internal team. The company said the stored data has been deleted from the servers owned by Facebook, Instagra

Has Wikileaks founder Julian Assange officially been charged with any unspecified criminal offense in the United States? — YES United States prosecutors have accidentally revealed the existence of criminal charges against Wikileaks founder Julian Assange in a recently unsealed court filing in an unrelated ongoing sex crime case in the Eastern District of Virginia. Assistant US Attorney Kellen S. Dwyer, who made this disclosure on August 22, urged the judge to keep the indictment [ pdf ] prepared against Assange sealed (secret) "due to the sophistication of the defendant, and the publicity surrounding the case." Dwyer is assigned to the WikiLeaks case. Dwyer also said the charges would "need to remain sealed until Assange is arrested in connection with the charges" in the indictment and can, therefore "no longer evade or avoid arrest and extradition in this matter." WikiLeaks, the website that published thousands of classified U.S. government do

We live in an age where data flows like water, becoming the new life source of our everyday ventures. As such, you can just imagine what all of that entails and the weight that data receive, especially when it comes to a decision making on how to handle this fairly new and arguably invaluable resource. Of course, we are well aware from a very young age that our water needs to be pure, filtered and possibly protected, so this pops the question and makes us wonder: How exactly does all of this translate for our data, its handling processes and ultimately our Security? It is no secret that our personal information is as valuable if not more than actual currency. Imagining your social security number, medical bills or paycheck amounts flowing through vast amounts of seemingly random servers all across the globe can be unnerving. It brings out the same questions that we would have for anything else of value: Where is it going? Who can see it? Why are they holding it? ... Is

A security researcher has disclosed details of a critical vulnerability in one of the popular and widely active plugins for WordPress that could allow a low-privileged attacker to inject malicious code on AMP pages of the targeted website. The vulnerable WordPress plugin in question is " AMP for WP – Accelerated Mobile Pages " that lets websites automatically generate valid accelerated mobile pages for their blog posts and other web pages. AMP , stands for Accelerated Mobile Page s , is an open-source technology that has been designed by Google to allow websites build and server faster web pages to mobile visitors. Though I am pretty sure the main version of "The Hacker News" website is enough fast for both desktop and mobile device users, you can also check the AMP version for this specific article here . Out of hundreds of plugins that allows WordPress websites to create Google-optimize AMP pages, "AMP for WP" is the most popular among others

At Pwn2Own 2018 mobile hacking competition held in Tokyo on November 13-14, white hat hackers once again demonstrated that even the fully patched smartphones running the latest version of software from popular smartphone manufacturers can be hacked. Three major flagship smartphones—iPhone X, Samsung Galaxy S9, and Xiaomi Mi6—were among the devices that successfully got hacked at the annual mobile hacking contest organized by Trend Micro's Zero Day Initiative (ZDI), earning white hat hackers a total of $325,000 in reward. Teams of hackers participated from different countries or representing different cybersecurity companies disclosed a total of 18 zero-day vulnerabilities in mobile devices made by Apple, Samsung, and Xiaomi, as well as crafted exploits that allowed them to completely take over the targeted devices. Apple iPhone X Running iOS 12.1 — GOT HACKED! A team of two researchers, Richard Zhu and Amat Cama, who named themselves Fluoroacetate, discovered and managed to

Disclosed earlier this year, potentially dangerous Meltdown and Spectre vulnerabilities that affected a large family of modern processors proven that speculative execution attacks can be exploited in a trivial way to access highly sensitive information. Since then, several more variants of speculative execution attacks have been discovered, including Spectre-NG , SpectreRSB, Spectre 1.1, Spectre1.2, TLBleed , Lazy FP , NetSpectre and Foreshadow , patches for which were released by affected vendors time-to-time. Speculative execution is a core component of modern processors design that speculatively executes instructions based on assumptions that are considered likely to be true. If the assumptions come out to be valid, the execution continues, otherwise discarded. Now, the same team of cybersecurity researchers who discovered original Meltdown and Spectre vulnerabilities have uncovered 7 new transient execution attacks affecting 3 major processor vendors—Intel, AMD, ARM. W