The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Britain's Information Commissioner's Office (ICO) today hit British Airways with a record fine of £183 million for failing to protect the personal information of around half a million of its customers during last year's security breach . British Airways, who describes itself as "The World's Favorite Airline," disclosed a breach last year that exposed personal details and credit-card numbers of up to 380,000 customers and lasted for more than two weeks. At the time, the company confirmed that customers who booked flights on its official website (ba.com) and British Airways mobile app between August 21 and September 5 had had their details stolen by attackers. The cyberattack was later attributed to the infamous Magecart threat actor, one of the most notorious hacking groups specialized in stealing credit card details from poorly-secured websites, especially online eCommerce platforms. Magecart hackers have been known for using digital credit card ski

An unknown hacker yesterday successfully managed to hack into the official GitHub account of Canonical, the company behind the Ubuntu Linux project and created 11 new empty repositories . It appears that the cyberattack was, fortunately, just a "loud" defacement attempt rather than a "silent" sophisticated supply-chain attack that could have been abused to distribute modified malicious versions of the open-source Canonical software. In a statement, David from Canonical confirmed that attacker(s) used a Canonical owned GitHub account whose credentials were compromised to unauthorizedly access Canonical's Github account. "We can confirm that on 2019-07-06 there was a Canonical owned account on GitHub whose credentials were compromised and used to create repositories and issues among other activities," David said. "Canonical has removed the compromised account from the Canonical organization in GitHub and is still investigating the extent o

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

A 23-year-old hacker from Utah who launched a series of DDoS attacks against multiple online services, websites, and online gaming companies between December 2013 and January 2014 has been sentenced to 27 months in prison. Austin Thompson, a.k.a. "DerpTroll," pledged guilty back in November 2018 after he admitted to being a part of DerpTrolling , a hacker group that was behind DDoS attacks against several major online gaming platforms including Electronic Arts' Origin service, Sony PlayStation network, and Valve Software's Steam during Christmas. "Thompson typically used the Twitter account @DerpTrolling to announce that an attack was imminent and then posted "scalps" (screenshots or other photos showing that victims' servers had been taken down) after the attack," the DoJ says. According to a U.S. Department of Justice press release published Wednesday, Thompson's actions caused the victim companies at least $95,000 in damages. T

Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim's computer. Barak Tawily, an application security researcher, shared his findings with The Hacker News, wherein he successfully developed a new proof-of-concept attack against the latest version of Firefox by leveraging a 17-year-old known issue in the browser. The attack takes advantage of the way Firefox implements Same Origin Policy (SOP) for the "file://" scheme URI (Uniform Resource Identifiers), which allows any file in a folder on a system to get access to files in the same folder and subfolders. Since the Same Origin Policy for the file scheme has not been defined clearly in the RFC by IETF, every browser and software have implemented it differently—some treating all files in a folder as the same

Taiwanese networking equipment manufacturer D-Link has agreed to implement a "comprehensive software security program" in order to settle a Federal Trade Commission (FTC) lawsuit alleging that the company didn't take adequate steps to protect its consumers from hackers. Your wireless router is the first line of defense against potential threats on the Internet. However, sadly, most widely-used routers fail to offer necessary security features and have often found vulnerable to serious security flaws, eventually enabling remote attackers to unauthorizedly access networks and compromise the security of other devices connected to it. In recent years, the security of wireless networks has been more of a hot topic due to cyber attacks, as well as has gained headlines after the discovery of critical vulnerabilities—such as authentication bypass , remote code execution , hard-coded login credentials , and information disclosure—in routers manufactured by various brands.

Chinese authorities are secretly installing surveillance apps on smartphones of foreigners at border crossings in the Xinjiang region who are entering from neighboring Kyrgyzstan, an international investigation revealed. Xinjiang (XUAR) is an autonomous territory and home to many Muslim ethnic minority groups where China is known to be conducting massive surveillance operations, especially on the activities of Uighurs, a Muslim Turkic minority group of about 8 million people. The Chinese government has blamed the Muslim Turkic minority group for Islamic extremism and deadly attacks on Chinese targets. According to a joint investigation by New York Times , the Guardian, Süddeutsche Zeitung and more, the surveillance app has been designed to instantly extract emails, texts, calendar entries, call records, contacts and insecurely uploads them to a local server set-up at the check-point only. This suggests that the spyware app has not been designed to continuously and remotely t

Data loss and theft continues to rise, and hardly a day goes by without significant data breaches hit the headlines. In January 2019 alone, 1.76 billion records were leaked, and according to IBM's Data Breach study, the average cost of each lost or stolen record has reached about $148. Most of these data leaks are because of malicious attacks, where exploitation of web application vulnerabilities is one of the most common cyber attack vectors. An application security breach is a problem facing one and all, and no matter what's the size of your company, your web applications are prone to cyber attacks. Hackers breach sites for a variety of reasons—some do it for fame, some to get competitive information, whereas some do it just for financial gains. No matter what the reason is, the cost of a security breach is always higher than the cost of protection, leading to loss of data, substantial financial losses, and most importantly, loss of customers' trust. If you a