The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

There's hardly any business nowadays that don't use computers and connect to the Internet. Companies maintain an online presence through their official websites, blogs, and social media pages. People use online services to conduct day to day activities like banking. And of course, there are many businesses that are completely based on the web like online markets, e-Commerce websites and financial services. All of these activities create opportunities for cyber attacks. Various threats can affect websites, online services, API endpoints, and the applications used or provided by businesses. Such devastating attacks include privacy intrusion, DDoS attacks , data breaches, defacements of websites, online store shutdowns, scraping, payment fraud, abuse of online services, and backdoor installations. The 2019 Cost of Cybercrime Study by Accenture reports that there has been a 67% increase in cyber attacks over the last five years. The corresponding increase in financial ter

A British man suspected to be a member of ' The Dark Overlord ,' an infamous international hacking group, has finally been extradited to the United States after being held for over two years in the United Kingdom. Nathan Francis Wyatt , 39, appeared in federal court in St. Louis, Missouri, on Wednesday to face charges related to his role in hacking healthcare and accounting companies in the U.S. and then threatening to publish stolen information unless victims paid a ransom in Bitcoin. According to a court indictment unsealed yesterday, Wyatt faces one count of conspiracy, two counts of aggravated identity theft and three counts of threatening to damage a protected computer. However, the suspect has not yet pledged guilty to any of the charges in the U.S. federal court, where he appeared after fighting for 11 months to avoid being extradited from Britain. Cyber Attacks by The Dark Overlord Group British police first arrested Wyatt in September 2016 during an inves

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Besides rewarding ethical hackers from its pocket for responsibly reporting vulnerabilities in third-party open-source projects, Google today announced financial support for open source developers to help them arrange additional resources, prioritizing the security of their products. The initiative, called " Patch Rewards Program ," was launched nearly 6 years ago, under which Google rewards hackers for reporting severe flaws in many widely used open source software, including OpenSSH, OpenSSL, Linux kernel, Apache, Nginx, jQuery, and OpenVPN. So far, Google has paid hundreds of thousands of dollars as bounty to hackers across the world who helped improve the overall security of many crucial open source software and technologies that power the Internet, operating systems, and networks. The company has now also decided to motivate volunteer work done by the open source community by providing upfront financial help to project teams, using which they can acquire addition

LifeLabs, the largest provider of healthcare laboratory testing services in Canada, has suffered a massive data breach that exposed the personal and medical information of nearly 15 million Canadians customers. The company announced the breach in a press release posted on its website, revealing that an unknown attacker unauthorizedly accessed its computer systems last month and stole customers' information, including their: Names Addresses Email addresses Login information Passwords, for their LifeLabs account Dates of birth Health card numbers Lab test results The Toronto-based company discovered the data breach at the end of October, but the press release does not say anything about the identity of the attacker(s) and how they managed to infiltrate its systems. However, LifeLabs admitted it paid an undisclosed amount of ransom to the hackers to retrieve the stolen data, which indicates that the attack might have been carried out using a ransomware style malwa

Cybercriminals are busy innovators, adapting their weapons and attack strategies, and ruthlessly roaming the web in search of their next big score. Every manner of sensitive information, such as confidential employee records, customers' financial data, protected medical documents, and government files, are all subject to their relentless threats to cybersecurity . Solutions span a broad spectrum, from training email users to ensuring a VPN kill switch is in place, to adding extensive advanced layers of network protection. To successfully guard against severe threats from hackers, worm viruses to malware, such as botnet attacks, network managers need to use all tools and methods that fit well into a comprehensive cyber defense strategy. Of all the menaces mentioned above to a website owner's peace of mind, botnets arguably present the most unsettling form of security risk. They're not the mere achievements of malicious amateur cybercriminals. They're state

2010-2019 decade will be remembered as the time in which cybersecurity became acknowledged as a critical concern for all organizations. With rapidly growing security needs and respective budgets, it is now more essential than ever for security decision-makers to zoom out of the 'products' mindset and assess their security stack in light of the overall breach protection value that their investments return. The 2020 State of Breach Protection Survey ( click here to participate ) attempts to map out for the first time how breach protection is practiced and maintained globally – what are the common products, services, concerns, and challenges that are most common amongst organizations. Any security professional filling the anonymous salary survey questionnaire , organised by The Hacker News in partnership with Cynet, will get a free copy of the survey report once it is released in January 2020. You can complete the questionnaire here . Why is that important? Because unli

WhatsApp, the world's most popular end-to-end encrypted messaging application, patched an incredibly frustrating software bug that could have allowed a malicious group member to crash the messaging app for all members of the same group, The Hacker News learned. Just by sending a maliciously crafted message to a targeted group, an attacker can trigger a fully-destructive WhatsApp crash-loop, forcing all group members to completely uninstall the app, reinstall it, and remove the group to regain normal function. Since the group members can't selectively delete the malicious message without opening the group window and re-triggering the crash-loop, they have to lose the entire group chat history, indefinitely, to get rid of it. Discovered by researchers at Israeli cybersecurity firm Check Point , the latest bug resided in the WhatsApp's implementation of XMPP communication protocol that crashes the app when a member with invalid phone number drops a message in the grou