Cyber Attack | Breaking Cybersecurity News | The Hacker News

Security firm FireEye has released a new report  detailing cyber espionage attacks on European Ministries of Foreign Affairs (MFA) during recent G20 meetings by Chinese Hackers . According to FireEye's researcher Nart Villeneuve , hackers infiltrated the computer networks of five European foreign ministries by sending emails containing malware files to staff and gained access to their systems to steal credentials and high-value information. "We believe that the Ke3chang attackers are operating out of China and have been active since at least 2010," The cyber espionage campaign named as " Operation Ke3chang " and if the victim will download & open the malware file which disguised itself as files detailing a possible intervention in Syria ( US_military_options_in_Syria . pdf . zip ), it gets installed on the victim's computer with a backdoor. " They have also leveraged a Java zero-day vulnerability (CVE-2012-4681), as well as older, reliable exploits for Mi

File transfer services such as FTP or HTTP has been the most common way of file transfer for business requirements. Typically what a file transfer means is that a file transfer protocol such as FTP or HTTP is used to send the stream of bits stored as a single unit in a file system including file name, file size, timestamp and other metadata from one host to another host over a TCP-based network such as the Internet. But this process is not foolproof. FTP, by itself, is not a secure file transfer protocol and it has a lot of security vulnerabilities. It's a known fact that FTP doesn't provide any encryption for data transfer. Most of the times, the requirement in any business is pretty simple: to transfer files between two endpoints in different locations, and the parties involved do not think much about how secure the file transfer process is going to be. Using FTP for official file transfer can leave your data transmission exposed to many security attacks: FTP Bounce Attack Gener

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a

JPMorgan Chase , one of the world's biggest Banks has recently announced that it was the victim of a cyber attack and warned round 465,000 of its holders of prepaid cash cards on the possible exposure of their personal information. In the Security Breach that took place on the bank's website www.ucard.chase.com  in July, around 465,000 accounts are compromised i.e. 2% of the overall 25 million UCard users. JPMorgan confirmed that there is no risk for holders of debit cards, credit cards or prepaid Liquid cards. They informed the law enforcement in September, and till now no information on how attackers have conducted the attack has been disclosed. The JPMorgan spokesman Michael Fusco declared that the investigation allowed the identification of victim accounts and the data stolen, the bank already notifying the cardholders of the incident. JPMorgan representative also remarked that hackers haven't stolen money from any user's account, due this reason the company is not i

In a recent cyber attack on a Forum site, thousands of outdated legitimate WordPress blogs were abused to perform DDOS attacks using previously known vulnerabilities . After analyzing the Log file from the victim's server, we have noticed many Wordpress CMS based educational (.EDU) and Government (.GOV) websites from where the attack was originated. In the past we have reported about many such cyber attacks, where attackers hacked into the Wordpress blogs using password brute-force attack or they used the  PINGBACK  vulnerability in older versions of Wordpress without compromising the server. WordPress has a built in functionality called Pingback , which allows anyone to initiate a request from WordPress to an arbitrary site and it can be used for a single machine to originate millions of requests from multiple locations. We have seen more than 100,000 IP addresses involved in the recent DDOS attack and the victim's Forum website received more than 40,000 requests in 7 mi

If you think that a computer which is not connected to a network, doesn't have any USB sticks attached to it and doesn't accept any kind of electronic connection requests are reasonably safe against hackers and from all the malware, then you are Wrong. Here we have something shocking update that Some German Scientists have developed a proof of concept Malware prototype, could allow a hacker to infect your computers and other digital devices just using  Inaudible Audio signals . The ability to bridge an air gap could be a potent infection vector. Just imagine, a cyber attack using high-frequency sound waves to infect machines, where stolen data also can be transferred back to attacker without a network connection, Sounds very terrifying ? When a few weeks ago, a security researcher Dragos Ruiu claimed malware dubbed badBIOS  allowed infected machines to communicate using sound waves alone, means that the devices are physically disconnected from any networks, including the inter

The NSA has the ability to trace " anyone, anywhere, anytime ". In September we reported that how NSA and GCHQ planted malware via LinkedIn and Slashdot traffic to hack largest telecom company Belgacom's Engineers. Yesterday, a  Dutch newspaper has   published a new secret NSA document provided by former intelligence employee  Edward Snowden . According to the newly exposed slide, NSA has infected more than 50,000 computer networks worldwide with software designed to steal sensitive information i.e. Malware . The slide from the NSA's 2012 management presentation, shows a world map with more than 50,000 targeted locations, uses a procedure called ' Computer Network Exploitation ' (CNE) that can secretly install malware in computer systems. The malware can be controlled remotely and be turned on and off at will. From the NSA website we found that, CNE includes enabling actions and intelligence collection via computer networks that exploit data gathered from target or enem

The FBI is warning that members of the hacktivist group Anonymous hacking collective have secretly accessed US Government computers and stolen sensitive information in a campaign that began almost a year ago. The Hacktivists have exploited a flaw in Adobe applications to compromise the target systems and install software backdoors to maintain the control of the victims computers over the time, the facts dated back to last December, according to a Reuters report. The hacking campaign affected the U.S. Army, Department of Energy , Department of Health and Human Services, and other government agencies,  FBI reveals.  The Federal Bureau of Investigation memo called the hacking campaign " a widespread problem that should be addressed. " and provided useful information for system administrators that how to determine if their networks were compromised. Government investigators are investigating the scope of the hacking, believed that hackers are still operatin

Yesterday at Stanford University in the United States, Cyber Security Experts and Leaders from more than 40 countries gathered to talk about the cyberspace security problems and cooperation among countries. The need for international cooperation in cybersecurity is evident, due to the nature of cyberspace itself. Cyberspace or the Internet is "borderless" in nature. Cai Mingzhao , Minister of the State Council Information Office of China said that China is keen to continue working with other countries to deal with cyber security Challenges. Interesting! When China is itself the culprit in major Cyber Threats and attacks. " To maintain cyber security, we need to strengthen international cooperation, " and " We are ready to expand our cooperation with other countries and relevant international organizations on the basis of equality and mutual benefit, " he said . He said that the China is a victim of cyber security breaches, where more than 80% of Chinese i

Last week we noticed a rise in cyber attacks particularly - website Defacement attacks on many governments and organizations of different countries by the hackers around the world. Targeted countries include Singapore, Mexico, Philippines, Australia, Egypt, United States, Syria and many more. Out of all these targets, most controversial were Philippines and Australia, hacked by Activist group Anonymous. Last Sunday, Anonymous hackers from Indonesia defaced hundreds of websites belonging to the Australian Government , saying the action was in response to reports of spying by Australia. The websites, defaced with a message reading " Stop Spying on Indonesia ". We have shared the list of all targeted website on a pastebin note . In a separate incident, Anonymous hackers defaced more than 38 Philippine Government websites, and called on the public to support an anti-corruption protest " Million Mask March " at the Batasang Pambansa on November 5. " The government,

Finnish commercial broadcaster MTV3 reports that the Finnish Ministry of Foreign Affair networks has been targeted in a four-year-long cyber espionage operation. Finland's foreign minister said, " I can confirm there has been a severe and large hacking in the ministry's data network ," A large scale spying attack   targeted the communications between Finland and the European Union using  a malware , similar to, and more sophisticated than Red October . The breach was uncovered during the early part of this year. MTV3 also mentioned that the breach was not discovered by the Finns themselves, but from a foreign tip-off reported to CERT.FI. Further the Finnish authorities kept the information under wraps for continuing the forensics. There are indications that information with the lowest level security classification has been compromised, he said. In January, 2013, we had reported about Red October Cyber-espionage operation that targeted th

Son of a Baptist Minister, 28-year-old British man named Lauri Love has been charged with hacking into the computer systems of the US army, NASA and other federal agencies. He was arrested Friday at his home in Stradishall, England by the National Crime Agency and according to the indictment alleges Love and his unnamed co-conspirators hacked into thousands of computer systems between October 2012 and October 2013. The indictment does not accuse Love of selling information or doing anything else with it for financial gain. His father Alexander Love, 60, a Baptist minister, works as a chaplain at HMP Highpoint North. His mother Sirkka-Liisa Love, 59, also works at the jail as a teacher. He is charged with one count of accessing a U.S. Department or agency computer without authorization and one count of conspiracy. The government said the purpose was to disrupt the operations and infrastructure of the federal government.  They stole data on more than 5,000 individuals, as well as info

Israel is considered one of the most advanced country in cyber security, but at the same time is a privileged target for hostile governments intent in sabotage and cyber espionage on his technology. Yesterday, Cybersecurity experts revealed that a major artery in Israel's national road network located in the northern the city of Haifa suffered a cyber attack, that caused massive traffic congestion in the City. Isreal military officials are aware of cyber threats that could hit the infrastructure of the country and they afraid the possible effect of a cyber attack on a large scale. Israeli government websites suffer thousands of cyberattacks each day according Ofir Ben Avi, head of the government's website division. The Israel Electric Corp. confirmed that its servers register about 6,000 unique computer attacks every second. In June, Prime Minister Benjamin Netanyahu stated that Iran militia, Hezbollah and Hamas have targeted in numerous occasions Israel

Last Tuesday, The National Police Agency of South Korea warned the people that many Malware infected video games being offered in the South Korean markets with the purpose of launching Cyber attacks on the Country. That Malware is collecting location data and IP addresses of infected users and according to experts, malware is sending data back to its master servers based in North Korea . Just today the Korea's largest anti-virus software firm AhnLab  confirmed that they have detected distributed denial-of-service (DDoS) attacks on local companies' websites. According to the report, about 16 websites of 13 companies, including Daum, MSN and the JoongAng Ilbo newspaper had been affected. AhnLab said that some 10-thousand computers have been hit, mainly because they failed to install a vaccination program or update an existing one since the last cyber attack in July. The attack was detected around 4:00 p.m. on Thursday, infecting around 10,000 computer

A phishing attack is a complex combination of technology and psychology. There are numerous ways in which people are being made fools and they can be conned by hitting on unsecured website links. Sophos experts detected this week an intriguing case of phishing against the Italian postal service Poste Italiane , the scheme attracted the researcher's attention due the reuse of an old social engineering trick. The brand Poste Italiane includes postal, Financial and payment services in its product portfolio and was considered top brand victims by recent F-Secure Threat report. The number of attacks against Poste Italiane is remarkable, the purpose is always to induce its customers into unwittingly submitting their credentials to fake login sites. In the recent attack criminals sent the classic email containing an HTML attachment which the recipient is enticed into opening. " To activate the "Security web Postepay " you need to : - Downlo

A U.S. Grand jury indicted and accused 13 members of the hacking group Anonymous for allegedly participating in the cyber attacks against a number of websites as an  anti-copyright campaign called " Operation Payback " Hackers took down the sites by inflicting a denial of service, or DDoS, attack , including those belonging to the Recording Industry Association of America, Visa and MasterCard. The attacks were in retaliation for the shutdown of " The Pirate Bay ," a Sweden-based file-sharing website used to illegally download copyrighted material. The DDoS Campaign was later extended to Bank of America and credit card companies such as Visa and MasterCard after they refused to process payments for WikiLeaks . According to the indictment, the suspects are charged with conspiracy to intentionally cause damage to protected computers. Suspects downloaded and used software known as Low Orbit Ion Cannon , or LOIC, to launch distributed denial-of-service

Hackers broke into Adobe Systems' internal network on Thursday, stealing personal information on 2.9 million customers and the source code for several of Adobe's most popular products. This an absolutely massive blow to Adobe, especially their reputation. Adobe, which makes Photoshop and other programs, revealed that cyber attackers had access user information, including account IDs and encrypted passwords as well as credit and debit card numbers. The company did not specify which users of its various software programs were hit. But Products compromised in this attack include Adobe Acrobat, ColdFusion , and ColdFusion Builder. " We believe these attacks may be related. We are working diligently internally, as well as with external partners and law enforcement, to address the incident. " the company said in a customer security alert . Adobe's Arkin says the company is not aware of zero-day exploits or other specific threats to its customers due to the

Nation-state driven cyber attacks are routinely conducted on a global scale to defend national sovereignty and project national power. We are living in the cyber era, human conflict is involving also the fifth domain of warfare , the cyberspace . As never before disputes take place with blows of bits, militias of every government are developing cyber capabilities dedicating great effort for the establishment of cyber units . Network security company, FireEye, has released a report titled " World War C: Understanding Nation-State Motives Behind Today's Advanced Cyber Attacks " which describes the effort spent by governments in cyber warfare context, the document analyzes in detail the different approaches adopted by various countries in conducting nation-state driven cyber attacks . Security experts highlight the intensification of state-sponsored attacks for both cyber espionage and sabotage purpose, campaigns such as Moonlight Maze and Titan Rain or the destruc