#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Hacker News | Breaking Cybersecurity News | The Hacker News

300% Increase in malnets Attack in the past six months

300% Increase in malnets Attack in the past six months

Oct 03, 2012
Blue Coat systems has undertaken detailed research into the use of 'malnets' by criminals to help support their various attacks in order to uncover the best ways to take down these systems. Botnet infections are commonly spread though compromised websites seeded with malicious scripts and promoted via black hat SEO tactics such as link farms. These malware networks, or malnets, pose a growing threat, The company said the number of malnets now stands at more than 1,500, an increase of 300% in the past six months, and it expects they will be, "responsible for two-thirds of all malicious cyberattacks in 2012." According to Blue Coat, the largest known malnet is Shnakule, which has used up to 5,005 malicious hosts or servers at any given time, depending on the capabilities needed at any given moment by its operators. Blue Coat believes that Shnakule is controlled by a single gang, and it's been used to serve up just about every type of known attack, including &quo
Internet freedom : Anonymous Brings Philippines Government Sites Offline

Internet freedom : Anonymous Brings Philippines Government Sites Offline

Oct 03, 2012
Hacker groups that are against the controversial Cybercrime Prevention Law for its effect on the country's freedom of expression defaced 11 more government websites since 11 p.m. Monday A message which said, " Hacked by M4N1L4 PR1D3, PHILIPPINE CYBER ARMY AND -=TheFamilyPride=- ," appeared on the homepage of PNP's Police Community Relations Group (PCRG). "Private X" and "Anonymous Philippines" hacked websites of the Department of Interior and Local Government, the One-Stop Information Shop for Technologies in the Philippines of the Department of Science and Technology, National Telecommunications Commission (NTC), Philippine Nuclear Institute, Intellectual Property Office of the Philippines, Tourism website of the City of San Fernando, Optical Media Board, Pilipinas Anti-Piracy Team, Department of Health's Smoke Free Philippines, Marina Industry Authority and the Maritime Training Council. The Twitter account of the Department of Social Welfare and Services was
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Millions of DSL modems hacked in Brazil, spread banking malware

Millions of DSL modems hacked in Brazil, spread banking malware

Oct 02, 2012
More than 4.5 million DSL modems have been compromised as part of a sustained hacking campaign in Brazil, with the devices spreading malware and malicious web address redirects. According to the malware analyst at Kaspersky Lab in Brazil, Fabio Assolini. The vulnerability exploited by attackers allowed the use of a script to steal passwords and remotely access the configuration of modems. The attacks was described as " One firmware vulnerability, two malicious scripts, three hardware manufacturers, 35 malicious DNS servers, thousands of compromised ADSL modems, millions of victims. " According to Kaspersky, the Brazilian attackers sought to steal users' banking credentials by redirecting users to false versions of popular sites like Facebook or Google and prompting them to install malware. Some 40 DNS servers were set up outside Brazil too in order to serve forged requests for domain names belonging to Brazilian banks. Nakedsecurity writes,-- The first thing users ma
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Cisco CallManager vulnerable to brute force attack

Cisco CallManager vulnerable to brute force attack

Oct 01, 2012
Roberto Suggi Liverani , founder of the OWASP (Open Web Application Security Project) New Zealand chapter discover a vulnerability in Cisco CallManager AKA Unified Communications Manager. It is a software-based call-processing system developed by Cisco Systems. He described on his blog " During a security review, I have found a quick way to perform PIN brute force attack against accounts registered with a Cisco Unified Communications Manager (CallManager). " Researcher target the HTTP GET requests used by CallManager to initiate the login process. :  https://x.x.x.x/ccmpd/pdCheckLogin.do?name=undefined He Demonstrated the idea with Burp Suite (Penetration testing Framework). He showed the html form parameter used for login as shown below: https://x.x.x.x/ccmpd/login.do?sid=_sid_value_&userid=_userid_&pin=_PIN_ The sid token is required to perform the PIN brute force attack. So first get a valid sid token value and then you can brute force  userid and pin usin
Chinese hackers attack on White House computers

Chinese hackers attack on White House computers

Oct 01, 2012
The White House acknowledged Monday that one of its computer networks was hit by a cyber attack, but said there was no breach of any classified systems and no indication any data was lost. Including systems used by the military for nuclear commands were breached by Chinese hackers. A conservative newspaper that has been regularly critical of the Obama administration, called The Washington Free Beacon, first published the report on Sunday and said that the attackers were linked to the Chinese government. One official said the cyber breach was one of Beijing's most brazen cyber attacks against the United States and highlights a failure of the Obama administration to press China on its persistent cyber attacks. Disclosure of the cyber attack also comes amid heightened tensions in Asia, as the Pentagon moved two U.S. aircraft carrier strike groups and Marine amphibious units near waters by Japan's Senkaku islands. The official called the incident a " spear-phishing " a
Cyber Attacks on Six Major American Banks

Cyber Attacks on Six Major American Banks

Oct 01, 2012
According to reports, some of the United States biggest financial institutions  including Wells Fargo, JPMorgan Chase, Bank of America, Citigroup, and Bancorp were hit by a series of cyber attacks last week, by a group claiming Middle Eastern ties, that caused Internet blackouts and delays in online banking. The banks suffered denial-of-service attacks, in which hackers barrage a website with traffic until it is overwhelmed and shuts down. Such attacks, while a nuisance, are not technically sophisticated and do not affect a company's computer network or, in this case, funds or customer bank accounts. Hacktivists, calling themselves " Mrt. Izz ad-Din alQasssam Cyber Fighters ," attacked Wells Fargo and posted on Pastebin that U.S. Bancorp and PNC Financial Services Group are next. The group said it had attacked the banks in retaliation for an anti-Islam video that mocks the Prophet Muhammad. It also pledged to continue to attack American credit and financial instit
100k IEEE site Plain-Text Passwords found on Public FTP

100k IEEE site Plain-Text Passwords found on Public FTP

Sep 25, 2012
A Romanian researcher - Radu Drăgușin  found that 100000 usernames and passwords of the Institute of Electrical and Electronics Engineers (IEEE) was stored in plaint-text on a publicly accessible FTP server. According to him, on Sept. 18 he first discovered a log with usernames and passwords in plaintext, publicly available via IEEE's FTP server for at least a month. He informed them of his find yesterday, and evidently the organization is addressing the issue. On the FTP server, according Dragusin were the logfiles for the offers and ieee.org spectrum.ieee.org - Total data to approximately 376 million HTTP requests. Including 411,308 log entries with login and password in plain text. Among the users who's information was exposed are researchers at NASA, Stanford, IBM, Google, Apple, Oracle and Samsung. IEEE's membership of over 340,000 is roughly half American (49.8 percent as of 2011). " IEEE suffered a data breach which I discovered on September 18. For a few da
Backdoored PhpMyAdmin distributed at SourceForge site

Backdoored PhpMyAdmin distributed at SourceForge site

Sep 25, 2012
A security issue has been reported in phpMyAdmin, which can be exploited by malicious people to compromise a vulnerable system. The security issue is caused due to the distribution of a compromised phpMyAdmin source code package containing a backdoor, which can be exploited to e.g. execute arbitrary PHP code. One of the SourceForge.net mirrors, namely cdnetworks-kr-1, was being used to distribute a modified archive of phpMyAdmin, which includes a backdoor. This backdoor is located in file server_sync.php and allows an attacker to remotely execute PHP code. Another file, js/cross_framing_protection.js, has also been modified. SourceForge.Net is the world's largest open source software development website. A very large impact on the domestic users with this incident. The vulnerability has been cataloged as being a critical one. A screenshot as shown of a system containing a malicious backdoor that was snuck into the open-source phpMyAdmin package. On official website in issue &qu
Symantec Norton Utilities 2006 source code leaked by Anonymous

Symantec Norton Utilities 2006 source code leaked by Anonymous

Sep 25, 2012
Symantec is looking into claims more of its products' source code has been leaked online, following a similar incident earlier this year. This time source code from Norton Utilities 2006 was reportedly leaked on The Pirate Bay by Anonymous member STUN. " As you all see its fully 7z packed content, whats in it!? The loosely Source Code of Norton Utilities 2006 made by one of the worse security vendors on planet earth, Symantec! Also as many of you know this was planned back before Sabu was arrested. Yeah McAfee you suck too! " says the accompanying text. The security vendor then admitted its servers had been hacked, but maintained it was unlikely its customers were affected by the leak. Symantec said it was investigating it. "Symantec is one of the most visible targets in the world for cyber attacks on a daily basis. We take each and every claim very seriously and have a process in place for investigating each incident," a spokesperson said, in an emailed statement sent to
New Android Exploit Could Force Factory Reset remotely

New Android Exploit Could Force Factory Reset remotely

Sep 25, 2012
Clicking one wrong link can cause malicious code to execute, which could do anything from infecting your computer with malware to, apparently, wiping your phone data completely. At the Ekoparty security conference, researcher Ravi Borganokar demonstrated at the Ekoparty security conference in Argentina last week, that how a single line of HTML code could be used to run a factory reset or even clear the SIM card on certain Samsung phones. Malicious hackers can hide a code in a web page that will trigger a full factory reset of Samsung's best-selling Galaxy S3 smartphone, deleting contacts, photographs, music, apps and other valuable data. The devastating flaw lies in Samsung's dialling software, triggered by the tel protocol in a URL. It isn't applicable to all the company's Android handsets, but those that are vulnerable can have their PIN changed or be wiped completely just by visiting a web page or snapping a bad QR code, or even bonking up against the wrong wireless N
iPhone 5 and 4 Hacked with same Exploit

iPhone 5 and 4 Hacked with same Exploit

Sep 23, 2012
iPhone 5  is vulnerable to the same attack that successfully breached an iPhone 4S at the mobile Pwn2Own hacker contest held this week at the EUSecWest event in Amsterdam . As we reported that Joost Pol and Daan Keuper won the mobile Pwn2Own contest by compromising a fully patched iPhone 4S device and stealing contacts, browsing history, photos and videos from the phone. The vaunted security of the iPhone (4S) took an epic fail tumble during the event when they was able to build an exploit for a vulnerability in WebKit to beat Apple's code-signing features and the MobileSafari sandbox. The same bug is present in the iOS6 Golden Master development code base, which means iPhone 5 is  also vulnerable to the same exploit. Apple iPads and iPod Touch devices are also vulnerable. " We specifically chose this one because it was present in iOS 6, which means the new iPhone coming out today will be vulnerable to this attack ," Pol said. The duo won $30,000 for their effor
Oracle Database stealth password cracking vulnerability

Oracle Database stealth password cracking vulnerability

Sep 20, 2012
Oracle suffered with serious vulnerability in the authentication protocol used by some Oracle databases. This Flaw enable a remote attacker to brute-force a token provided by the server prior to authentication and determine a user's password. A researcher - Esteban Martinez Fayo, a researcher with AppSec tomorrow will demonstrate a proof-of-concept attack. Martinez Fayo and his team first reported the bugs to Oracle in May 2010. Oracle fixed it in mid-2011 via the 11.2.0.3 patch set, issuing a new version of the protocol. " But they never fixed the current version, so the current 11.1 and 11.2 versions are still vulnerable ," Martinez Fayo says, and Oracle has no plans to fix the flaws for version 11.1. The first step in the authentication process when a client contacts the database server is for the server to send a session key back to the client, along with a salt. The vulnerability enables an attacker to link a specific session key with a specific password hash. Th
6 Million Virgin Mobile users vulnerable to Hackers

6 Million Virgin Mobile users vulnerable to Hackers

Sep 20, 2012
Virgin Mobile customers beware: Your phone number is the key to your personal information. According to independent developer Kevin Burke, who warned Virgin Mobile USA customers about a glaring security hole in the phone company's account login protocol said, " If you are one of the six million Virgin subscribers, you are at the whim of anyone who doesn't like you. " Virgin Mobile USA users manage their account by logging in through an online portal, which requires a mobile number and a 6-digit pin. Once inside, customers can check their call records, change the handset associated with their number, and update their personal details. In a blog post on Monday, Kevin Burke detailed how the username and password system used by Virgin Mobile to let users access their account information, is inherently weak and open to abuse. " It is trivial to write a program that checks all million possible password combinations, easily determining anyone's PIN inside of one day
Exploit Released for Internet Explorer zero-day attacks : CVE-2012-4969

Exploit Released for Internet Explorer zero-day attacks : CVE-2012-4969

Sep 19, 2012
Microsoft has confirmed reports that a zero-day vulnerability in its Internet Explorer browser is being actively attacked in the wild. Four active exploits of a zero-day vulnerability in the browser exists. Microsoft will push out an out-of-cycle Windows patch to temporarily fix the critical Internet Explorer flaw. Security researcher Eric Romang identified the exploit code on a server used by the "Nitro" hacking group, believed to have exploited the Java zero-day vulnerability reported last month.  Security firm Rapid7 advises that Internet users try a different Web browser. The malware may be linked to an ongoing attack on companies that has been dubbed "Nitro", and was first discovered in October by Symantec. The zero-day in IE 6-9 is a use-after-free memory corruption vulnerability , similar to a buffer overflow, that would enable an attacker to remotely execute code on a compromised machine. The original exploit payload dropped the PoisonIvy remote access Trojan (RAT)
Android 4.0.4 multiple Zero-Day Vulnerabilities

Android 4.0.4 multiple Zero-Day Vulnerabilities

Sep 19, 2012
The Samsung Galaxy S3 can be hacked via NFC, allowing attackers to download all data from the Android smartphone, security researchers demonstrated during the Mobile Pwn2Own contest in Amsterdam. Using a pair of zero day vulnerabilities, a team of security researchers from U.K.-based MWR Labs hacked into a Samsung Galaxy S3 phone running Android 4.0.4 by beaming an exploit via NFC (Near Field Communications). NFC is a technology that allows data to be sent over very short distances. For mobile devices, the protocol allows digital wallet applications to transfer money to pay at the register. While the technology has been slow to take off, despite the adoption by Google for its Wallet payment application, a number of recent high-profile announcements have boosted its adoption. " Through NFC it was possible to upload a malicious file to the device, which allowed us to gain code execution on the device and subsequently get full control over the device using a second vulnerability
9 million PCs infected with ZeroAccess botnet

9 million PCs infected with ZeroAccess botnet

Sep 19, 2012
In recent months, we've seen the rootkit family Win32/Sirefef and Win64/Sirefef (also known as ZeroAccess Botnet ) update its command and control protocol and grow to infect more computers while connecting to over one million computers globally.  Before, disclosed that it creates its own hidden partition on the hard drive and uses hidden alternative data streams to hide and thrive. Then ZeroAccess developer changed infection tactics and stopped using kernel-mode components in the latest version Security firms tracked the growth of x64 version infections. But Recently uncovered by SophosLabs that ZeroAccess botnet took a major shift in strategy and operating entirely in user-mode memory. There are two distinct ZeroAccess botnets, and each has a 32-bit version and a 64-bit version, numbering four botnets in total. Each botnet is self-contained because it communicates exclusively on a particular port number hard-coded into the bot executable. The botnets can be categorised based o
Bharatiya Janata Party website defaced by Anonymous Hackers

Bharatiya Janata Party website defaced by Anonymous Hackers

Sep 19, 2012
Hackers from Indian Anonymous Group hacked Bharatiya Janata Party's website, BJP.org , last night, and defaced it. They post a set of messages with pictures, reflecting the group's condemnation of recent events including the government's approval of 51% FDI in multi-brand retail, diesel price hike, corruption, the cartoon controversy, and the Kudankulam Power Project, among others. Hackers also asked people to stand up and participate in the #OccupyIndiaground protest, which according to the message starts 23rd September 2012 (this Sunday) 3pm at India Gate, Delhi, Freedom Park, Bangalore, Marine Beach, Chennai, Park Street Crossing, Kolkata, MG Road, Pune and Subhash Park, Kochi. Defaced domains are: https://bjp.org https://bjpmp.org.in/ The group also posted a YouTube video with a message from anonymous: Video Saying that the group's been observing the deteriorating condition of free speech in India, and the government's attempts to block social media. Last month, Anonymous
Bank of America Website under Cyber Attack from Islamic Hackers

Bank of America Website under Cyber Attack from Islamic Hackers

Sep 19, 2012
Bank of America's website experienced periodic outages Tuesday due to cyber attacks launched in retaliation for " Innocence of Muslims ," the amateurish film whose mocking portrait of the Prophet Muhammad has incited deadly riots throughout the Middle East. " Cyber fighters of Izz ad-din Al qassam " said it would attack the Bank of America and the New York Stock Exchange as a "first step" in a campaign against properties of " American-Zionist Capitalists ." " After Successful attack to YouTube Servers in recent days made by Muslims around the world, many groups announce that they are ready to do similar attacks.When supporter of that sacrilegious movie try to punish the cast and crew, the publisher included, this story will end until that time these kinds of Cyber Attacks will be continued and the Cyber world will be an unsafe place for all of Enemies of Islam. " Hackers posted on their blog . People around the country reported on
Security in a Serious Way - The Hacker News Magazine September 2012 Edition

Security in a Serious Way - The Hacker News Magazine September 2012 Edition

Sep 16, 2012
Hey faithful readers and people interested in Internet Security! Enjoy our - The Hacker News Magazine  September 2012 Edition , Issue #14 packed full of computer security issues and a great interview with a young hacker who defines the world of hacking and the future. Let us know what you think and many thanks for following our website!
Electromagnetic Pulse Attacks : Are we prepared ?

Electromagnetic Pulse Attacks : Are we prepared ?

Sep 14, 2012
An electromagnetic pulse (EMP) attack is a threat few Americans are familiar with, yet one which could easily destroy their lives. What would you do if your electricity suddenly went out and didn't come back on for months or even years? How long would you last with the food in your pantry, the bottled water you have shelved, and your net worth reduced to the cash in your pocket? These are the factual consequences of EMP attack. A single EMP attack could disable all modern electronics in the United States, eliminating communications, food, water, transportation, medicine distribution, and our financial system. Experts from the Department of Homeland Security (DHS) and the US Department of Defense (DOD) have told a House Homeland Security subcommittee that Defense systems that depend on the commercial electric grid are vulnerable to electromagnetic pulse attacks and solar storms that could seriously damage the nation's infrastructure. U.S. power grids and other civilian infrastruc
Cybersecurity Resources