#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

News | Breaking Cybersecurity News | The Hacker News

How Hacker culture contributed to rise of United States economy

How Hacker culture contributed to rise of United States economy

Sep 03, 2012
How Hacker culture has contributed to the rise of the United States economy and one possible reason why it is now in decline…   by  Paul F. Renda,  Author at  The Hacker News Magazine This article is about how hacker culture has benefited the economy of the United States. It represents the creative, ingenious and innovative ideas that characterize the U.S. Also, how this sub-culture was created by the first US hacker Benjamin Franklin... Countries of the world marveled at The United States and its innovation, creativity, devices, ideas, gadgets and large middle-class. This innovation comes from the culture of a specific group. We have a hacker type culture, and when I say hacker type culture, it's not just a culture of hacking computers and electronic components, but a culture of hacking (reverse engineering) whatever innovative idea or high technology of the time. The high technology of Franklin's era could be farm implements, stoves (Franklin), light bulbs, steam engines, telephon
Sony Mobile website hacked by NullCrew

Sony Mobile website hacked by NullCrew

Sep 03, 2012
Another Cyber attack on Sony this year, Hacking group called " NullCrew " hack into one of the biggest site of Sony mobile website (www.sonymobile.com) and leak complete database on Internet. Nullcrew releasing their hack dumps from their official twitter account @OfficialNull. The dump of database released on Pastebin with a small note from Hackers as given below: Sony, we are dearly dissapointed in your security. This is just one of eight sony servers that we have control of. Maybe, just maybe considering IP addresses are available. Maybe, just maybe it's the fact that not even your customers can trust you. Or maybe, just maybe the fact that you can not do anything correct technologically Stats of Dump: 441 Members Username with Email Addresses  24 User names with Hashed password from Think_Users table  3 Admin user data from admin_user table Not just Sony, Nullcrew recently hack into Cambodia Army website and dump database. " Recently the co-founder of Pirate
Critical buffer overflow vulnerability in Photoshop CS6

Critical buffer overflow vulnerability in Photoshop CS6

Sep 01, 2012
Adobe has released an update for Photoshop CS6 that closes a critical heap-based buffer overflow vulnerability ( CVE-2012-4170 ) in its popular graphics editing program. Both the Mac and Windows versions of Photoshop CS6 (aka Photoshop 13.0) contain a critical vulnerability that could allow an attacker to take control of affected systems. Furthermore, company officials say Adobe is unaware of any attacks against this vulnerability.That said, the Photoshop 13.0.1 update contains 75 other bug fixes, including 31 for problems known to cause crashes, 18 pertaining to 3D features, and 15 for drawing and graphics features. Adobe said that users and administrators can download and install the patch by lunching the "update" tool within the Photoshop help menu.The company credited a pair of Secunia researchers in discovering and reporting the flaw directly. According to a Secunia advisory , the problem is caused by a boundary error in the "Standard MultiPlugin.8BF" modul
cyber security

Demonstrate Responsible AI: Get the ISO 42001 Compliance Checklist from Vanta

websiteVantaCompliance / Security Audit
ISO 42001 helps organizations demonstrate trustworthy AI practices in accordance with global standards. With Vanta, completing the requirements for ISO 42001 compliance can be done in a fraction of the time. Download the checklist to get started.
Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

May 20, 2024Software Security / Vulnerability
All developers want to create secure and dependable software. They should feel proud to release their code with the full confidence they did not introduce any weaknesses or anti-patterns into their applications. Unfortunately, developers are not writing their own code for the most part these days. 96% of all software contains some open-source components, and open-source components make up between  70% and 90% of any given piece of modern software . Unfortunately for our security-minded developers, most modern vulnerabilities come from those software components.  As new vulnerabilities emerge and are publicly reported as  Common Vulnerabilities and Exposures  (CVEs), security teams have little choice but to ask the developer to refactor the code to include different versions of the dependencies. Nobody is happy in this situation, as it blocks new features and can be maddening to roll back component versions and hope that nothing breaks. Developers need a way to  quickly  determine if
Pirate Bay Founder Arrested in Cambodia

Pirate Bay Founder Arrested in Cambodia

Sep 01, 2012
Gottfrid Svartholm Warg , one of the founders of the file sharing website The Pirate Bay has been arrested in Cambodia after an international warrant was issued following a conviction in Sweden for copyright violations. The Swedish foreign ministry has confirmed only that a Swedish man "in his thirties" has been arrested in Phnom Penh. In May 2006, police seized The Pirate Bay's servers from the ISP PRQ's headquarters in Stockholm. Since then, the file-sharing site appeared in the headlines, especially after the high-profile trial in 2008 in which the principals were sentenced to prison terms and hefty damages. The ruling was appealed, but in February 2012, the Supreme Court not to discuss the case further. Svartholm Warg's lawyer Ola Salomonsson confirms that it is TPB-founder who now sits arrested, but says he does not know for what reason.Sweden has no formal extradition treaty with Cambodia, but that does not mean Svartholm Warg is safe. According to lawyer
HP Launches Beta Release Of Open WebOS

HP Launches Beta Release Of Open WebOS

Sep 01, 2012
Months after Hewlett-Packard originally announced the open-source version of WebOS , the beta version of the platform is on its way out the door. Friday's release includes two environments for developers.  The first is the desktop build, which is boasted to provide "the ideal development environment" for designing the webOS user experience with more features and integrating other open source technologies on the Ubuntu desktop. The second is the OpenEmbedded build for porting webOS to new devices. Equipped with an ARM emulator for running db8 and node.js services, HP cited that it included OpenEmbedded because of its "widespread community adoption" and cross-compiling support for embedded platforms. The news is getting announced in a blog post : " It has taken a lot of hard work, long hours and weekend sacrifices by our engineering team to deliver on our promise and we have accomplished this goal ," the developers write on the site devoid of any HP branding. T
security researchers found yet another vulnerability in JAVA after update

security researchers found yet another vulnerability in JAVA after update

Aug 31, 2012
Oracle released an emergency patch on Thursday for previously unknown Java vulnerabilities that cybercriminals had targeted with popular exploit kits within hours after the bugs' existence became public, security researchers found yet another vulnerability that can be exploited to run arbitrary code on systems that have the runtime installed. Security researchers from Poland-based security firm Security Explorations claim to have discovered a vulnerability in the Java 7 security update released Thursday that can be exploited to escape the Java sandbox and execute arbitrary code on the underlying system. While so far the vulnerability has only been found being used against Windows, other platforms such as the Mac OS could potentially be targeted through the same exploit. Security Explorations sent a report about the vulnerability to Oracle on Friday together with a proof-of-concept exploit, Adam Gowdiak, the security company's founder and CEO said Friday via email. The compa
Malware Attack on 2nd Largest Liquefied Natural Gas Producer

Malware Attack on 2nd Largest Liquefied Natural Gas Producer

Aug 31, 2012
Reports have surfaced that liquified natural gas (LNG) producer RasGas , based in the Persian Gulf nation of Qatar, has been struck by an unidentified virus, this time shutting down its website and email servers. The malware, however, did not affect the company's operational computers that control the production and delivery of gas, an official of the Ras Laffan Liquefied Natural Gas company. The attack reportedly began Aug. 27. The RasGas website was still unavailable on Thursday, three days after the attack. For the second time in two weeks a virus outbreak has been reported at an energy company in that region. Earlier this week the Saudi Aramco oil company confirmed that its network was hit by a virus two weeks ago, shutting down 30,000 workstations. Neither company identified the virus, but in at least one of the cases it is believed to be malware known as "Shamoon." A joint venture between Qatar Petroleum and ExxonMobil, RasGas exports about 36.3 million tons of liq
Cross Platform Trojan steals Linux and Mac OS X passwords

Cross Platform Trojan steals Linux and Mac OS X passwords

Aug 27, 2012
Russian anti-virus company Doctor Web reported about the first cross-platform backdoor to run under Linux and Mac OS X identified as " BackDoor.Wirenet.1 ". This malicious program designed to steals passwords entered by the user in Opera, Firefox, Chrome, and Chromium, and passwords stored by such applications as Thunderbird, SeaMonkey, and Pidgin. BackDoor.Wirenet.1 is the first-ever Trojan that can simultaneously work on these operating systems. BackDoor.Wirenet.1 is still under investigation. At launch BackDoor.Wirenet.1 creates a copy in the user's home directory. To interact with the command server located at 212.7.208.65, the malware uses a special encryption algorithm Advanced Encryption Standard (AES). BackDoor.
The Pirate Bay have nothing to do with Free VPN service

The Pirate Bay have nothing to do with Free VPN service

Aug 27, 2012
Yesterday someone anonymously posted on Slashdot that The Pirate Bay had launched a free VPN service called PrivitizeVPN ( https://freevpn.thepiratebay.se/ ) . But Just today team at torrentfreak confirms on behalf of team The Pirate Bay that its not  a Pirate Bay project. They're just running it as an ad next to the regular download links. According to people close to PrivitizeVPN they are working on the connectivity issues. Till now according to PrivitizeVPN statics more than 45,091,927  users Downloads VPN client after the fake news that " The Pirate Bay team is going to be making the RIAA angry, with the launch of a new ad-supported VPN service "
FireEye spotted Critical 0-day vulnerability in Java Runtime Environment

FireEye spotted Critical 0-day vulnerability in Java Runtime Environment

Aug 27, 2012
FireEye's Malware Intelligence Lab is making the claim that there is a new zero day vulnerability in the wild that affects the latest version of Java.Researcher. Atif Mushtaq wrote on the company's blog that he spotted the initial exploit on a domain that pointed to an IP address in China. The vulnerability allows computers to be infected by simply visiting a specially crafted web page, and the malware served in the current attacks contacts a C&C server in Singapore. Researchers from heise Security have also created a PoC page using information that is publicly available. A separate post published on Monday by researchers Andre M. DiMino and Mila Parkour said the number of attacks, which appear to install the Poison Ivy Remote Access Trojan, were low. But they went on to note that the typical delay in issuing Java patches, combined with the circulation of exploit code, meant it was only a matter of time until the vulnerability is exploited more widely by other attackers.
Team GhostShell leak One Million Records

Team GhostShell leak One Million Records

Aug 27, 2012
TeamGhostShell  a team linked with the Activist group Anonymous, is claiming that they have hacked some major U.S. institutions including major banking institutions, accounts of politicians and has posted those details online. The dumps comprising of millions of accounts has been let loose on the web by the hacking collective. The motivation behind the hack, the group claims, is to protest against banks, politicians and the hackers who have been captured by law enforcement agencies. The group justifies its operation, Project HellFire, as a " final form of protest this summer against the banks, politicians and for all the fallen hackers this year ". Hacker also announced the public data of this phase is only the beginning, the group will continue to coordinate with organizations hacker raging world's most powerful Anonymous for two more planned later this year. According to initial information, the data may have been stolen from the organizations like CIS Services (not related t
AVX Corporation Hacked by Anonymous #OpColtan

AVX Corporation Hacked by Anonymous #OpColtan

Aug 27, 2012
Anonymous Operation #OpColtan have announced another attack in the name of this operation and this time its on a Manufacturer and Supplierof Electronic Components AVX Corporation (www.avx.com). AVX It's a big firm wich produce ceramic and tantalum capacitors, connectors, thick and thin film capacitors, resistors and integrated passive components.  UN accused AVX, and many other firms to be interested in illegal coltan extraction and war in DRC. According to Hackers " Usually Coltan was stealed by war groups from Congo mines and carried out to the firms.Million of people lost their lives in Congo war, nature was destroied in order to dig coltan and a lots of gorillas were killed.Unfortunatelly UN decided to abandon the case and never punish the responsibles of the war an nature devastation ." " AVX and other involved firms published an ethical code in 2010; they claim that they don't get tantalium from war areas.NOW a new civil war is growing up in Congo and is
Hijacking Servers Remotely with Hikit advanced persistent threat

Hijacking Servers Remotely with Hikit advanced persistent threat

Aug 26, 2012
Security researchers have revealed the existence of an advanced persistent threat that has been making the rounds since April 2011.  Backdoor.Hikit  is a dangerous backdoor Trojan that will damage infected system and files. Usually, Backdoor. Hikit will open backdoor to allow remote attackers to connect to the infected system and carry out harmful activities, such as stealing information or destroying files and programs. It is really stubborn those antiviruses often fail to delete it for good, for it runs secretly and automatically when Windows boots without your knowledge or consent and can disguise it as fake system files or processes. Besides, many other threats, such as adware, redirecting virus, Trojan variants from family, such as Trojan Horse Generic 27.PN, BackDoor.Hupigon5.CJMY, Trojan.Zeroaccess.C, Trojan:win64/Sirefef.E and so on, which is really a threat to system and data security. According to experts from security firm Symantec , it all starts with the unknown dropper
Hackers Deface website of former British cabinet minister

Hackers Deface website of former British cabinet minister

Aug 26, 2012
Hackers claiming allegiance to the Anonymous movement of cyber-rebels have defaced the website of a former British cabinet minister in solidarity with WikiLeaks founder Julian Assange. " If the reason ... is revenge for Assange's treatment, it's weird to attack me," Hain said in comments carried by the BBC. "They have not done their research because I have supported Assange and opposed his extradition. " Hain's website was defaced Saturday by a group calling itself Anonymous UK, whose logo consisted of a dark, headless suit against a Union Jack. The group made a variety of allegations against the 62-year-old Labour Party politician, before adding: " The UK's persecution of Julian Assange will NOT be forgotten ." Assange's fight to avoid extradition took a dramatic turn in June, when Assange fled to the Ecuadorean Embassy seeking refuge. The ensuing standoff sparked a diplomatic crisis between Britain and Ecuador and could potentially drag on for months
I know how to get Julian Assange out of the Embassy

I know how to get Julian Assange out of the Embassy

Aug 24, 2012
Let's forget the political mumbo jumbo and posturing going on between countries about the release of Julian Assange. It is time to approach this in a "Sho-Gun" switch-a-roo style and get this over with. If not, we are going to be reading endless editorials and opinions about who is doing what, and what is doing who. Ugggh. With the help of the Ecuadorian Administration and some well planned orchestration with the group Anonymous, we can do this. Let's let the Guy Fawkes mask slide us into victory with my new handy dandy plan that is sure to get the by now, haggard and worried Assange, into Ecuadorian freedom and fame. It is simple really. We need a call to arms, a ready army of Anons that can be recruited at a moments notice to storm the embassy. Just stop for a minute and picture it. Hundreds, no thousands, of masked Anons, wearing black, storming the embassy at night and throwing a wig on Assange and, of course, a mask (I am sure he has one) and moving him out into the crowd
Frankenstein Malware turning legitimate software into invisible malware

Frankenstein Malware turning legitimate software into invisible malware

Aug 24, 2012
Many malware and viruses can be identified by detection software because of known bits of malicious code. But what if there was a virus compiled from little bits of programs you already had installed? That's just what two security researchers are looking into. Frankenstein or The Modern Prometheus is a classic story in which a doctor creates life through technology in the form of a creature assembled from the parts of dead men. While this biological idea exists only in fiction, researchers have recently used it to craft a very ingenious piece of malware. Vishwath Mohan and Kevin Hamlen at the University of Texas at Dallas are interested in how malware disguises itself in order to propagate more widely. In Windows Explorer alone, Frankenstein found nearly 90,000 gadgets in just over 40 seconds, which means that malware created by the system would have a huge number of possible variations, work quickly, and be very difficult to detect. Frankenstein follows pre-written blueprints
Turkish hackers hack FC Spartak Moscow Soccer team

Turkish hackers hack FC Spartak Moscow Soccer team

Aug 24, 2012
Turkish hackers recently hacked the Web site of soccer team FC Spartak Moscow after the Russian team's fans burned Turkish flags and pictures of Atatürk during a Champions League playoff match against Turkish team Fenerbahce on August 21. A portrait of Atatürk next to a Turkish flag was also posted on the website. The group replaced the website's original content with a statement that called on the team to "immediately apologize." " You will immediately apologize to the Turkish Republic and the Turkish people. No crime goes without punishment, and FIFA may forgive you, but we won't ," The Spartak site was running again by Thursday afternoon after the club used its Twitter account to blame the incident on 'Turkish hackers. Spartak Moscow fans burned flags and posters of modern Turkey's founding father, Mustafa Kemal Atatürk, during their team's 2-1 victory over the Istanbul giants in the first leg of their Champions League playoff.
NetWeirdRC - Commercial backdoor tool targeting Mac

NetWeirdRC - Commercial backdoor tool targeting Mac

Aug 24, 2012
NetWeirdRC is a commercial backdoor tool targeting Mac OS X 10.6 and later, as well as Windows, Linux and Solaris, according to Intego . The product is sold for US$60 in the malware world, relatively cheap in comparison to the OSX/Crisis malware that was being sold for €200,000 ($240,000). It's a commercial remote access tool, that after installation, calls home to the IP address 212.7.208.65 on port 4141 and awaits instructions. Then it carries out functions including installing files, gathering system information, stealing browser passwords and grabbing screen shots. In addition, it said, the malware can " harvest stored and encrypted usernames and passwords from Opera, Firefox, SeaMonkey, and Thunderbird browsers and mail clients ." It's able to infect Apple OS X (versions 10.6 and newer), Linux, Solaris, and Windows systems.
For the LULZ of it, I apologize to Lulzsec

For the LULZ of it, I apologize to Lulzsec

Aug 24, 2012
Note : This Article Cross posted from our Magazine's 13th Issue - August 2012 called "BOTNET | The Hacker News Magazine", Written by Ann Smith (Executive Editor, The Hacker News Magazine). You can Download full magazine free here . Shame on me.  When someone mentioned Lulzsec I would slightly bristle and turn a mighty heel towards the "real" movement.  You know, the Anons that are taking down corruption and terror, targeting the real enemies of the world.  If you were doing it for the LULZ of it, well, you were playing in the proverbial sand box and I thought you were hindering, instead of helping.  I even wrote an editorial spanking them for releasing the emails of servicemen who had signed up for a porn site.   Then, I read the book, WE ARE ANONYMOUS by Parmy Olson. Every person who considers themselves Anonymous or who  sympathizes and rallies for the cause, must read this book.  You will not only get a good education from this history of the movement but also get t
LulzSec Leader Sabu Gets 6-Month Sentencing Delay for helping Feds

LulzSec Leader Sabu Gets 6-Month Sentencing Delay for helping Feds

Aug 23, 2012
Today was the day that Hector Xavier Monsegur, a.k.a. Sabu, Xavier DeLeon, and Leon, was supposed to be sentenced for the 12 counts of computer hacking conspiracies and other crimes he pleaded guilty to, including the infamous hacks of HBGary Federal, HBGary, Sony, Fox, and PBS, but he has had his sentencing delayed, perhaps as a reward for assisting the US police with their enquiries and investigations. Monsegur allegedly rooted out the vulnerabilities used in the hacks conducted by LulzSec, which went on a high-profile tear in 2011 that exposed emails, documents, and other information of its victim organizations. Sabu is the hacker nom de plume of 28-year-old New Yorker Hector Monsegur, an unemployed father of two who allegedly commanded a loosely organized, international team of perhaps thousands of hackers from his nerve center in a public housing project on New York's Lower East Side. According to the FBI, he could face a maximum sentence of 124 years and six months for 12 offe
Cybersecurity
Expert Insights
Cybersecurity Resources