Man-in-the-Middle | Breaking Cybersecurity News | The Hacker News

50K Cards Compromised using Credit Card Processor Some 50,000 credit and debit cardholders may have their information exposed following a security breach at Global Payments. The breach occurred sometime between between Jan. 21, 2012 and Feb. 25, 2012. Both Visa and MasterCard have confirmed they have warned U.S. banks that a credit card processor was reportedly breached. Both firms say their own security systems were not compromised. MasterCard said law enforcement has been notified of the matter and an "independent data security organization" is conducting a forensic review of the matter. " MasterCard's own systems have not been compromised in any manner, " a company spokesman said in a statement. The company will " continue to both monitor this event and take steps to safeguard account information ." Because it sits in this middle ground directing where payment information goes, an attack on its system would leave a lot of private financial data

FBI Cyber Chief Says U.S. Losing War Against Hackers FBI is struggling to combat cyberattacks by hackers. "We're not winning," FBI executive assistant director Shawn Henry said. Four top government cybersecurity officials have basically come out to say America is getting her hiney kicked in cyberattacks by nation state hackers. Shawn Henry, who is getting ready to leave the bureau after more than two decades with the law enforcement agency, says the United States is falling behind in the ongoing fight against cyber ne'er-do-wells. " Your government failed you ," testified Richard Clarke, a former cybersecurity and cyberterrorism advisor for the White House. He said that to Congress about 9/11, but now he's warning the people that we are defenseless when it comes to cybersecurity; our government has failed us again. Clarke stated, " Every major company in the United States has already been penetrated by China ." Who declared this war and

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

Six National Television Stations of Iran Hacked Co-Cain Warriors hackers today hack into 6 National Television Stations of Iran including Broadcasting Elam Center, IRIB Kermanshah Center, IRIB Kerman and 3 more. Hacker upload the deface page on their server and announce the day as " HappY 7Sin Day ". With growing conflicts in middle east more intrusions and DDOS attack on Iranian websites. Iran has been identified as the main cyber threat to the United States,Israel and European Countries. Yesterday we also report that, Iran's cyber defense headquarters has succeeded in making internal mail servers which would enable Iranian organizations and bodies to use local email addresses. Also last week, Iran launched a sophisticated cyber-attack against BBC Persian TV, according to the BBC News. The Reason behind this attack is part of a broader attempt by the government to disrupt the BBC's Persian service. This attack follows various tactics by the Iranian government, s

Malicious Android application stealing banking credentials A new form of smart Android malware can not only steal your online banking information, but update itself in the future and secretly send contact information stored on your device off to the Bad Guys. Security researchers at McAfee have discovered a malicious Android application capable of grabbing banking passwords from a mobile device without infecting the user's computer. From a McAfee blog post on the subject, penned by Malware Researcher Carlos Castillo: " To get the fake token, the user must enter the first factor of authentication (used to obtain initial access to the banking account). If this action is not performed, the application shows an error. When the user clicks "Generar" (Generate), the malware shows the fake token (which is in fact a random number) and sends the password to a specific cell phone number along with the device identifiers (IMEI and IMSI). The same information is also sent to one of the co

10 Lessons learnt from Kim Dotcom Article Cross Post from InternetServices. Kim Dotcom, a hacker that was able to take his knowledge and create a site called Megaupload, was recently arrested due to alleged copyright infringement allegations. Even though he was the top dog in the company, he did not commit these crimes alone, and many other key players were also arrested in the wake of these crimes. Unfortunately, while this guy is obviously intelligent, he should have been using those brains for good instead of evil. However it wasn't all bad, and some good did come from it. Check out 10 things the Internet learned from Kim Dotcom. Cyberlocker technology: This has also been referred to as a 'cloud storage infrastructure'. Basically this technology allowed you to store files that were too large to e-mail for free on the Internet. For instance, you could upload a big long wedding video and your family could go there to download it at no charge. If they wanted to watch it or downlo

Mobile Based Wireless Network MiTM Attack Illustration Bilal Bokhari from zer0byte.com Illustrated perfect example of Mobile Based Wireless Network MiTM Attack on his blog. Bilal want to share this article with our Readers at THN, Have a look : If we look at the history of computer development, the computer developers/engineers just 10 years back did not have any clue as to how this industry is going to be, the way this industry we have today. The Computers and its applications nowadays are more powerful and much smarter than ever before. Computer applications are used in every industry like engineering, designing, music programming, web development etc which enables their users to come up with amazing products every day. So far so good the story of the computer development sounds amazing but there is a problem with its development. When computer applications are developed, they are not particularly a complete perfect solution. They contain some flaws or bugs which can be exploi

Wifi Protector - Protect Your Android From Wi-Fi Sniffing Attacks The only app that is able to countermeasure " Man In The Middle " attacks on Android platform - Wifi Protector . No other app provides this type of high network security. Protects your phone from tools like FaceNiff, Cain & Abel, ANTI, ettercap, DroidSheep, NetCut, and all others that try to hijack your session via "Man In The Middle" through ARP spoofing / ARP poisoning. WifiKill can't take you offline with this app installed. The "Immunity" feature is the only one that requires root, all other features work without root access. Features - Uses very few resources - Uses no resources if Wi-Fi is disabled - Nearly zero battery consumption - Requires very few permissions. Requests only absolutely necessary permissions - Undetectable by the bad guy - 100% silent and passive inside the network. Generates no noise - Highly customizable notifications - Plays ringtone on atta

Hey @BarackObama ! Please don't extradite Gary McKinnon Gary McKinnon,  a Scottish systems administrator and hacker who has been accused of what one U.S. prosecutor claims is the " biggest military computer hack of all time " by hacking into the Pentagon, faces an ordeal of terrifying brutality if he is extradited to the United States. America wants to put him on trial, and if tried there he could face 60 years behind bars. Note : Request to Every Reader ! Please Re-Tweet/Share this article if you want to Support Gary McKinnon in the fight for justice. The mother Gary McKinnon has called for her son to stand trial in Britain claiming attempts to extradite him to the US have destroyed his life. He claims his motivation, drawn from a statement made before the Washington Press Club on 9 May 2001 by " The Disclosure Project ", was to find evidence of UFOs, antigravity technology, and the suppression of " free energy ", all of which he claims to have

We had an Interesting Article by " Paul F Renda " in our The Hacker News Magazine 's November Edition. We would Like to share this article with our website readers also. You can Download November Issue Here . This is a theoretical prima to bring out a discussion about whether an Internet doomsday worm can be created that is so intractable that it cannot be eradicated. This worm could also have the ability to carry multiple weaponized payloads. Can a doomsday worm shut down the Internet? I don't think anyone could shut down the Internet but I believe a worm can definitely create access problems. An intractable type of malware agent is not an abstract concept or science fiction. A doomsday like virus has been plaguing the U.S.Drone fleet. They keep trying to disinfect their hard drives but it keeps coming back. The Pentagon has been plagued by the worm agent.btz; they are still trying to remove it after 3 years. Some analyst think agent.btz was created by China.

Operation Hackerazzi : FBI arrests alleged Hacker for Stealing naked photos of Hollywood stars FEDERAL officials on Wednesday arrested a 35-year-old Florida man, Christopher Chaney  and charged him with 26 counts of cyber-related crimes against Hollywood stars following an 11-month federal probe dubbed "Operation Hackerazzi". Twitter was ablaze earlier today with messages claiming to link to naked pictures of film actress Scarlett Johansson, which were allegedly stolen from her iPhone by a hacker earlier this year.The photographs may or may not be of Scarlett Johansson, but I would suggest that every hot-blooded male exercises some restraint as it's extremely possible that cybercriminals might exploit the interest to post dangerous links on the web designed to infect computers or steal information. To gain access to these email accounts, Chaney would search through details of celebrity lives within magazines as well as social media accounts like Twitter and figure

Celebrating 5th Birthday of Wikileaks  (Born : 4th Oct 2006) The wikileaks.org domain name was registered on 4 October 2006. The website was unveiled, and published its first document, in December 2006. The site claims to have been " founded by Chinese dissidents, journalists, mathematicians and start-up company technologists, from the US, Taiwan, Europe, Australia and South Africa ". The creators of WikiLeaks have not been formally identified. It has been represented in public since January 2007 by Julian Assange and others. Assange describes himself as a member of WikiLeaks' advisory board. News reports in The Australian have called Assange the " founder of WikiLeaks ". According to Wired magazine, a volunteer said that Assange described himself in a private conversation as "the heart and soul of this organisation, its founder, philosopher, spokesperson, original coder, organizer, financier, and all the rest". 2006–08 WikiLeaks posted its fi

Contest Winners Announcement : Wireless Penetration Testing Guide book We ran a competition for the book " Backtrack 5 Wireless Penetration Testing " last week. Today, Vivek Ramachandran, the author of the book and Founder of SecurityTube.net is announcing the winners in the video below. We will be contacting the winners via email soon. Two Best Comments Selected by Author are : Scott Herbert : For me it's the "man-in-the middle" and other cutting edge wireless attacks that make it a book worth getting (even if I don't win). neutronkaos : What interests me most about this book is that it is dedicated to wireless hacking. In an age where almost everybody is rocking a wireless AP, this book could do alot in offense and defense. I have been a Backtrack fan since Backtrack 3 and I have seen several of Mr. Ramachandran's primers on security tube. I am currently deployed to Afghanistan and I am working towards a degree in Network Security. I would love to have this boo

Man-in-the-Middle Remote Attack on Diebold Touch-screen Voting Machine The Vulnerability Assessment Team (VAT) at the U.S. Dept. of Energy's Argonne National Laboratory in Illinois has managed to hack a Diebold Accuvote touch-screen voting machine. Voting machines used by as many as a quarter of American voters heading to the polls in 2012 can be hacked with just $10.50 in parts and an 8th grade science education, according to computer science. " This is a national security issue ," VAT team leader Roger Johnston told me, echoing what I've been reporting other computer scientists and security experts telling me for years. " It should really be handled by the Department of Homeland Security. " " The level of sophistication it took to develop the circuit board" used in the attack "was that of basically an 8th grade science shop ," says Argonne's John Warner. " Anybody with an electronics workbench could put this together. &quo

HTTPS SSL encryption Vulnerable To Crypto Attack The secure sockets layer (SSL) and transport layer security (TLS) encryption protocol, used by millions of websites to secure Web communications via HTTPS, is vulnerable to being decrypted by attackers. Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that's passing between a webserver and an end-user browser. Juliano Rizzo and Thai Duong say the vulnerability compromises TLS (Transport Layer Security) 1.0, the encryption mechanism that secures Web sites accessed using HTTPS (Secure Hypertext Transfer Protocol). TLS is the successor to SSL (Secure Sockets Layer) and is widely used at financial sites. Companies, including Google, Facebook, and Twitter, are urging the wider use of TLS on the Web. The exploit – demonstrated with a tool called BEAST – targets a flaw that could leave transactions open to attack a

Book : Backtrack 5 Wireless Penetration Testing by Vivek Ramachandran This book will provide a highly technical and in-depth treatment of Wi-Fi security. The emphasis will be to provide the readers with a deep understanding of the principles behind various attacks and not just a quick how-to guide on publicly available tools. We will start our journey with the very basics by dissecting WLAN packet headers with Wireshark, then graduate to the next level by cracking WEP, WPA/WPA2 and then move on to real life challenges like orchestrating Man-in-the-Middle attacks, creating Wi-Fi Honeypots and compromise networks running WPA-Enterprise mechanisms such as PEAP and EAP-TTLS. Even though touted as a Beginner's Guide, this book has something for everyone - from the kiddies to the Ninjas. You can purchase the book from: Global: https://www.amazon.com/BackTrack-Wireless-Penetration-Testing-Beginners/dp/1849515581/ India: https://www.packtpub.com/backtrack-5-wireless-penetration-testi

Google tells Iranians to Change their Gmail password Google is advising all its users in Iran to change their Gmail passwords, and check that their Google accounts have not been compromised.In a blog post , Google said that it was directly contacting users in Iran who may have been hit by a man-in-the-middle attack. The move follows the compromise of Dutch SSL certificate authority DigiNotar. Hackers created fake SSL certificate credentials for Google.com and many other domains. These fake Google credentials were used to run man-in-the-middle attacks against Gmail users in Iran, according to an examination of authentication look-ups logs at DigiNotar and other evidence. Specifically, Google recommends that users in Iran change their passwords; verify their account recovery options; check the Web sites and applications that are allowed to access their Google account; check Gmail settings for suspicious forwarding addresses or delegated accounts; and pay attention to warnings tha