Technology News | Breaking Cybersecurity News | The Hacker News

This Sunday, The Capital , New Delhi plays host to an International The Hackers Conference where blackhat hackers will discuss the challenges of cyber safety with security agencies. Your Smartphone is an always-on and always-connected digital extension of your life which will be used by attackers to covertly steal your sensitive data and spy on you. Mahesh , An Independent Security Researcher and Android Developer/Hacker will demonstrate " Android Spy Agent ". This application allows us to remotely access the entire victim's personal information and even though the confidential data available in the android cell phone. The type of personal information includes the victim's contacts, call logs, messages, browser's history, GPS location and much more information directly available on the victim's cell phone.  Many-a-times we think that is there any way by which we can read the private sms of anyone. So here is the solution Mr. Mahesh will present in The Hack

Barack Obama has signed an executive order that could hand control of the internet to the U.S. Government, in the event of a natural disaster or terrorist attack. " The federal government must have the ability to communicate at all times and under all circumstances to carry out its most critical and time sensitive missions ," Obama said . President Obama adds that it is necessary for the government to be able to reach anyone in the country during situations it considers critical, writing, " Such communications must be possible under all circumstances to ensure national security, effectively manage emergencies and improve national resilience ." Later the president explains that such could be done by establishing a " joint industry-Government center that is capable of assisting in the initiation, coordination, restoration and reconstitution of NS/EP [national security and emergency preparedness] communications services or facilities under all conditions of emerging threats, cr

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

Apple is investigating yet another security breach in its iTunes app store . A Russian hacker worked out a way that allows people to bypass payment in the App Store and download products for free. The hacker, dubbed ZonD80 , posted a video of the crack on YouTube (Deleted by Youtube now ) and claims that the technique makes it possible to beat Apple's payment systems by installing a couple of certificates and assigning a specific IP address to the device. The new service, which has already been subject to attempts at shutting it down, requires no jailbreaking and only minimal configuration changes. It works by funneling purchase requests through a server operated by the hacker, rather than the legitimate one offered by Apple. As a result, charges that normally would be applied to a user's account are bypassed. Below are the steps to the hack: Install two certificates: CA and in-appstore.com. Connect via Wi-Fi network and change the DNS to 62.76.189.117. Press the Like but

In January 2012, Microsoft confirmed to PC manufacturers that they must enable Secure Boot by default on PCs to be "Certified for Windows 8". The purpose of Secure Boot is to put an end to computer viruses that sneak between the hardware and the operating system. These viruses, also known as bootkits, work by getting themselves loaded before the operating system, then they make changes to the operating system while it lies defenseless on disk, and then they load the now defenseless operating system and have their way with it. Secure Boot counters the bootkit by ensuring the hardware verifies the identity and authenticity of the software that sits between the hardware and the operating system - the bootloader, and also the software embedded in hardware devices like network and graphics adapters. Secure Boot sounds like a smart solution to the bootkit problem doesn't it? Who wouldn't want a secure boot? Proponents of alternative operating system don't want Secure Boot; not in its c

Call for Articles - July Edition | The Hacker News Monthly Magazine Attention Readers!! We know there is a writer in all of you and we invite you to submit your best work on the subject of BOTNETS for our July The Hacker News Monthly Magazine . Give us all your expertise and knowledge on the subject and we will give it a top priority! We'd like to thank our readers and supporters and know that we take your loyalty seriously and with great appreciation. See you in July! Ann Smith Executive Editor, The Hacker News

We are extremely delighted to announce the Call for Papers for The Hackers Conference 2012   It is a unique event, where the elite of the hacker world, leaders in the information security industry and the Internet community meet face to face to join their efforts to cooperate in addressing the most topical issues of the IT world. Conference will be held in New Delhi, India and aims to get together industry, government, academia and underground hackers to share knowledge and leading-edge ideas about information security and everything related to it. The following list contains major topics the conference will cover. Please consider submitting even if the subject of your research is not listed here. Topics Cloud Security Wireless hacking GSM/VoIP Security Smartphone / Mobile Security Exploit development techniques Advance in reverse engineering National Security & Cyber Warfare New Vulnerabilities and Exploits/0-days Antivirus/Firewall/UTM Evasion Techniques New Web atta

Anonymous: We Are Not Terrorists but Fearless Freedom Fighters Black Ops 2 trailer that was released recently, portrays the Anonymous organization as the enemy of the United States, which has pissed them off greatly. Anonymous has responded to Activision's marketing campaign for Call of Duty: Black Ops 2 , which paints the hacktivist group as terrorists. The video was uploaded by YouTube user ALEXIUS ANON, an account which was created only last week. It's thus important to underline that official Anonymous channels of communication have not confirmed they will be targeting Activision. That being said, they are certainly aware of what the company did. " This act will show you how serious our collective us and that we will protect any human who calls himself Anonymous, " says the video's narrator, who wears a Guy Fawkes mask. Also, Activision CEO Eric Hirshberg has been doxed , and are threatening to cause a lot of damage to the company's infrastructure. This is what th

Windows 8 operating system will ban Firefox and Chrome A new version of the Windows 8 operating system could shut out browsers such as Firefox and Chrome, according to Mozilla. Microsoft has been saying all along that x86 apps wouldn't run on Windows on ARM and it explicitly said there would be no third-party code on Windows RT when it announced the details of the platform back in February. That's no plugins for IE on the Windows RT desktop as well as no desktop Firefox and Chrome. According to Mozilla, the makers of Firefox, Microsoft is planning to allow only one fully-functioning browser on Windows RT: Microsoft's own Internet Explorer. Writing on the Mozilla blog, Harvey Anderson, general counsel for the company, lashed out at Microsoft for the slight, and called the alleged move " an unwelcome return to the digital dark ages where users and developers didn't have browser choices. " Why is Mozilla focused on Microsoft? Anderson's answer: Microsoft is

Google's rogue engineer want to Stumble WI-FI Networks on Globe ? European privacy regulators said Wednesday that they were considering reopening their inquiries into Google's collection of personal e-mails and Web searches for its Street View service. Google's public version of events of how it came to secretly intercept Americans' data sent on unencrypted Wi-Fi routers over a two-year period doesn't quite mesh with what the search giant told federal regulators. A newly unredacted report from federal investigators and fresh information about the engineer behind the data collecting software are casting doubt on Google's assurances that it did not realize that its street-mapping cars were snatching personal data from Wi-Fi networks used by millions of unsuspecting households. A former state investigator identified YouTube programmer Marius Milner as 'Engineer Doe' at the center of Google's Street View scandal. Google's claim that it was one rogue engineer w

Iran Replicating Captured U.S. Drone RQ-170 Sentinel Iranian military aerospace chief General Amir Ali Hajizadeh was quoted having said:" The Americans should be aware to what extent we have infiltrated the plane. " Iran has broke the encryption codes and begun construction of a replica of the United States surveillance drone captured last year, according to Iranian officials. American spy drone that went down in Iran last year, including information that the aircraft was used to spy on Osama bin Laden weeks before he was killed. Iran also said it was building a copy of the drone. US Senator Joe Lieberman dismissed the claim that a copy was being made as " Iranian bluster " saying, "they're on the defensive because of our economic sanctions against them". The U.S. says the drone malfunctioned and downplayed any suggestion that Iran could mine the aircraft for sensitive information because of measures taken to limit the intelligence value of drones operating

Fuck CISPA - Stop censoring Internet ! -  By:    Patti Galle, Executive Editor The Cyber Intelligence Sharing and Protection Act (CISPA) H.R. 3532 is a new bill being introduced in Congress that is gunning to blast the ongoing cyber attacks that have occurred since internet users figured out the keyboard could be an effective weapon. If passed through Congress, the bill would allow the government access to personal correspondence of any person of their choosing. Once again, we are being fucked by those nosey neighbors in our government. You should be very mad and very afraid because CISPA is far worse than SOPA and PIPA in its effects on the internet. The wording of this bill is mumbo jumbo, vague and broad. Reading through the nonsense, basically the act would allow Congress to circumvent existing exemptions to online privacy laws, and would allow the monitoring and censorship of any user of the internet. Peeping Toms will be wetting their pants. The real kicker (in our asses) is

Security Concern : Internet Enabled TV can be hacked ! Is your Internet TV vulnerable to hackers? Internet TVs could be the newest avenue for cybercriminals to infiltrate your home or business. Last year, Researchers at Mocana, a security technology company in San Francisco, recently discovered they could hack into a best-selling Internet-ready HDTV model with unsettling ease. According to a new report from researcher NPD In-Stat predicts that 100 million homes in North America and Western Europe will own television sets that blend traditional programs with Internet content by 2016. What exactly these Internet Enabled TV have ?  Its IP addresses, always-on network interfaces, CPUs, storage, memory, and operating systems the details that have offered hackers a bounty of attack choices for the last three decades. " Our goal was to see if we could hack into the set-top box, steal customer personal information, pirate services, and incur denial-of-service conditions. " Rog

Julian Assange and Bradley Manning are Vested in Vision ! Two significant events will take place this week and cyber activists need to take note and pay attention. This will be your training on how to unfold the growing revolution that is spinning our world on a new and courageous path. First, Julian Assange has completed filming twelve episodes of his forthcoming show, " The World Tomorrow ". The first episode will be aired on RT and released online on Tuesday 17 April 2012, with other networks to follow. " The World Tomorrow " is a collection of twelve interviews featuring an eclectic range of guests, who are stamping their mark on the future: politicians, revolutionaries, intellectuals, artists and visionaries. The second event, Nobel Peace Prize nominee, and political prisoner Bradley Manning's next appearance in court will take place April 24-26 at Ft. Meade, MD. Bradley Manning was arrested in May 2010 in Iraq on suspicion of having passed classified material to the whis

Forensic FOCA - Power of Metadata in digital forensics Most of the e ort in today's digital forensics community lies in the retrieval and analysis of existing information from computing systems.  Metadata is data about data. Metadata plays a number of important roles in computer forensics. It can provide corroborating information about the document data itself. It can reveal information that someone tried to hide, delete, or obscure. It can be used to automatically correlate documents from different sources. More simply, electronic information about a file but not seen on a printed copy of the file. It is embedded and provides additional information, including when and by whom it was created, accessed, or modified. Informatica64  release Forensic FOCA (Fingerprinting Organizations with Collected Archives) , tool for forensic analysts focused on the use of metadata files to generate a forensic case. Several other metadata extraction tools exist but FOCA is combination of al

Botnets, DDoS attacks as weapon against financial sector DDOS attacks against the financial sector almost tripled during the first quarter of this year, according to DDoS mitigation specialist Prolexic. The firm also reported a 3,000 per cent quarter-on-quarter increase in malicious packet traffic targeted at the financial services sector, compared with the final quarter of 2011. China leads the way as the country from where DDoS attacks originate, followed by the U.S., Russia, then India. Prolexic says " more than 10 of the worlds largest banks due to market capitalization ," and " an almost threefold increase in the number of attacks against its financial services ". A distributed denial-of-service attack is one in which several compromised systems attack a single target, causing denial of service for legitimate users. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service. The average attack bandwidth

This month Microsoft released a total of six new security bulletins, but one in particular deals with a zero-day vulnerability impacting virtually every Microsoft user, which is already being exploited in the wild. Four of the six security bulletins are rated as Critical by Microsoft, with the remaining two ranked as Important. The Critical security bulletins include a fix for Windows and the .NET framework, as well as the perennial favorite the cumulative update for Internet Explorer. The biggest deal, though, is MS12-027, which addresses a critical flaw in Windows Common Controls. One of the fixes is gaining the most attention though, even from Microsoft. " We list MS12-027 as our highest priority security update to deploy this month because we are aware of very limited, targeted attacks taking advantage of the CVE-2012-0158 vulnerability using specially crafted Office documents as an exploit vector ," said the firm in an apparently hastily written blog post.

Your Facebook credentials at risk on Android - iOS jailbroken devices Facebook allows its authentication credentials to be stored in plain text within the Apple iOS version of its mobile app, allowing an attacker complete control over your Facebook account if he knows where to look. Security researcher Gareth Wright noted the vulnerability and alerted Facebook. Wright wrote on his blog that he discovered the issue while exploring the application directories in his iPhone with a free tool and came across a Facebook access token in the Draw Something game on his phone. The simple 'hack' allows a user to copy a plain text file off of the device and onto another one. This effectively gives another user access to your account, profile and all on that iOS device. Facebook's native apps for the two platforms not encrypting your login credentials, meaning they can be easily swiped over a USB connection, or more likely, via malicious apps. Facebook has responded that this issue only appl

Indian government get access to BlackBerry messages After a battle lasting almost two years, BlackBerry maker Research In Motion has knuckled under to the Indian government, giving security forces in that country access to private instant messages. RIM decided to set up Blackberry servers that were stationed in Mumbai, India. If you were thinking that this move could only lead to the Indian government seeking more control over what goes in and out of RIM's Blackberry servers, you would be right on the money. Not only has the Indian government gotten their way with the Blackberry servers, but they will now be able to tap into BBM messages. This was confirmed by Indian security agencies who revealed that the process to decrypt the 256-bit encrypted data used by BBM is underway and would be up and running soon, claiming that the interception of BBM messages will be used in case where the government suspects that crimes or terror plots are being hatched. It should also be noted that

Cloudworm - Candidate MS12-020 - POC How secure are cloud servers? In technical circles, people are aware of the cloud variables and that cloud service providers offload the virtual machine security onto the customer as much as possible. Technical people know this. Not all cloud customers fall into this category and not all clouds are created equally. There are more casual and also very (too busy) customers as well. It is highly probably that many Windows cloud images may be vulnerable to a MS12-020 RDP exploit by default. New research using the nmap nse script " rdp-ms12-020.nse " developed by @ea_foundation shows that all Rackspace Windows cloud images are vulnerable by default. And on AWS EC2 any existing, unpatched Windows AMIs or EBS images (pre 2012.03.13) that are booted with the AWS Management Console default firewall ruleset are vulnerable as well. A Cloudworm Although cloud service providers have taken some steps to mitigate MS12-020, it is nowhere near enough

The Pirate Bay Buys Greek Airspace for Launching Low Orbit Server Drones Few days back we reported that , One of the world's largest BitTorrent sites " The Pirate Bay " is going to put servers on GPS-controlled aircraft drones in order to evade authorities who are looking to shut the site down. Most of the people from World didn't take it serious, well but The Pirate Bay is apparently deadly serious about investing in drone servers that it will fly in international airspace to make it incredibly difficult for governments to stop its expansion. A blog posting on the Pirate Bay site said the service had gone offline for a few hours on 18th March to move its front machines (which redirect a user's traffic to a masked location). " We have now decided to try to build something extraordinary ," it said. If actually happening, it is part of a wider move to stay several steps ahead of the law, with The Pirate Bay gleefully thumbing its nose at the legislative attempts