The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Popular web hosting provider Hostinger has been hit by a massive data breach, as a result of which the company has reset passwords for all customers as a precautionary measure. In a blog post published on Sunday, Hostinger revealed that "an unauthorized third party" breached one of its servers and gained access to "hashed passwords and other non-financial data" associated with its millions of customers. The incident occurred on August 23 when unknown hackers found an authorization token on one of the company's servers and used it to gain access to an internal system API, without requiring any username and password. Immediately after the breach discovery, Hostinger restricted the vulnerable system, making this access no longer available, and contacted the respective authorities. "On August 23rd, 2019 we have received informational alerts that one of our servers has been accessed by an unauthorized third party," Hostinger said. "This

As suspected, the KYC details of thousands of Binance's customers that hackers obtained and leaked online earlier this month came from the company's third-party vendor, Malta-based cryptocurrency exchange Binance confirmed. For those unaware, Binance, the world's largest cryptocurrency exchange by volume, hit by a " Potential KYC leak " earlier this month, with an unknown hacker distributing the Know Your Customer (KYC) images of hundreds of its users online and to media outlets. Before leaking the KYC images online, the alleged hacker threatened the exchange to release KYC data of its 10,000 customers if the company did not pay 300 Bitcoins—equivalent to over $3 million at today's exchange value. While Binance CEO Changpeng Zhao called the incident a fud (fear, uncertainty, doubt), the exchange recently confirmed that some of the leaked images match actual accounts though others show evidence of manipulation. According to an official blog post , t

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

A prolific hacker who carried out phishing scams against hundreds of companies worldwide has been ordered to pay back more than $1.1 million (over £922,000) worth of cryptocurrencies to his victims. Grant West , a 27-year-old resident of Kent, England, targeted several well-known companies around the world since 2015 to obtain the financial data of tens of thousands of customers and then sold that data on underground forums in exchange for Bitcoins or other cryptocurrencies. West, who operated under the online moniker of 'Courvoisier,' stashed the resulting cryptocurrencies in multiple accounts and wallets, which was confiscated by the Metropolitan police after West's arrest in September 2017 following a two-year-long investigation code-named ' Operation Draba .' Metropolitan Police Cyber Crime Unit (MPCCU) also seized an SD card from West's home, which contained approximately 78 million individual usernames and passwords as well as 63,000 credit and de

Google today announced a new initiative—called Privacy Sandbox —in an attempt to develop a set of open standards that fundamentally enhances privacy on the web while continuing to support a free, open and democratic Internet through digital advertisements. A lot of websites on the Internet today, including The Hacker News, rely on online advertisements as their primary source of funding to operate and keep their professionally created content open and freely accessible to everyone. However, with the evolution of online advertising, the targeted advertisement technologies have become too much invasive because of involved intrusive practices and more prudent approaches to accurately curate users' personal information, thereby raising serious privacy concerns among Internet users. In its latest blog post , Google acknowledged that ad tracking is "now being used far beyond its original design intent," but also highlights that unplanned attempts to address privacy con

In a move to protect its users based in Kazakhstan from government surveillance, Google, Apple and Mozilla finally today came forward and blocked Kazakhstan's government-issued root CA certificate within their respective web browsing software. Starting today, Chrome, Safari and Firefox users in Kazakhstan will see an error message stating that the " Qaznet Trust Network " certificate should not be trusted when attempting to access a website that responds with the government-issued certificate. As The Hacker News reported last month , all major Kazakh Internet Service Providers (ISPs) are forcing their customers into installing a government-issued root certificate on their devices in order to regain access to their Internet services. The root certificate in question, labeled as " trusted certificate " or "national security certificate," if installed, allows ISPs to intercept, monitor, and decrypt users' encrypted HTTPS and TLS connections,

Silence APT , a Russian-speaking cybercriminal group, known for targeting financial organizations primarily in former Soviet states and neighboring countries is now aggressively targeting banks in more than 30 countries across America, Europe, Africa, and Asia. Active since at least September 2016, Silence APT group's most recent successful campaign was against Bangladesh-based Dutch-Bangla Bank, which lost over $3 million during a string of ATM cash withdrawals over a span of several days. According to a new report Singapore-based cybersecurity firm Group-IB shared with The Hacker News, the hacking group has significantly expanded their geography in recent months, increased the frequency of their attack campaigns, as well as enhanced its arsenal. The report also describes the evolution of the Silence hacking group from "young and highly motivated hackers" to one of the most sophisticated advanced persistent threat (APT) group that is now posing threats to bank

Well, here we have great news for Facebook users, which is otherwise terrible for marketers and publishers whose businesses rely on Facebook advertisement for re-targeted conversations. Following the Cambridge Analytica scandal , Facebook has taken several privacy measures in the past one year with an aim to give its users more control over their data and transparency about how the social media giant and other apps on its platform use that data. Now in its new effort, Facebook has launched a new privacy feature that allows its users to control data that the social media platform receives from other apps and websites about their online activity. Dubbed " Off-Facebook Activity ," the feature was initially announced by Facebook CEO Mark Zuckerberg last year as "Clear History," allowing users to clear the data that third-party websites and apps share with Facebook. "Off-Facebook Activity lets you see a summary of the apps and websites that send us infor

A fully functional jailbreak has been released for the latest iOS 12.4 on the Internet, making it the first public jailbreak in a long time—thanks to Apple. Dubbed " unc0ver 3.5.0 ," the jailbreak works with the updated iPhones, iPads and iPod Touches by leveraging a vulnerability that Apple previously patched in iOS 12.3 but accidentally reintroduced in the latest iOS version 12.4. Jailbreaking an iPhone allows you to install apps and other functions that are usually not approved by Apple, but it also disables some system protections that Apple put in place to protect its users, opening you up to potential attacks. Usually, iPhone Jailbreaks are sold for millions of dollars by exploit brokers, but if you want to jailbreak your Apple device, you can do it for free. An anonymous researcher who goes by the online alias "Pwn20wnd" has released a free jailbreak for iOS 12.4 on GitHub that exploits a use-after-free vulnerability in iOS kernel responsibly repor