#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Usa Hacker News | Breaking Cybersecurity News | The Hacker News

Lulzsec hacker Sabu's sentencing postponed again

Lulzsec hacker Sabu's sentencing postponed again

Feb 22, 2013
Remember Hector Xavier Monsegur a.k.a Lulzsec hacker  Sabu ?  That  undercover   double agent working for the FBI. Once again Authorities abruptly postponed his sentencing due to his continued cooperation with the feds. All told, he faced a maximum time behind bars of 124 years associated with his guilty plea on ten counts of bank fraud and one count of identity theft. When he was a active member of LulzSec , the group hacked into sites belonging to the CIA, Serious Organised Crime Agency, Sony Pictures Europe and News International. " It's widely believed that Monsegur will receive a reduced sentence for signing a plea agreement and serving as an  informant " cnet said . Monsegur, an unemployed father of two, led the loosely organized group of hackers from his apartment in a public housing project in New York.
Hackers break into International Atomic Energy Agency servers

Hackers break into International Atomic Energy Agency servers

Nov 28, 2012
The UN nuclear watchdog has acknowledged one of its former computer servers had been hacked. The stolen information was contained in a statement by a group with an Iranian-sounding name calling for an inquiry into Israel's nuclear activities. The International Atomic Energy Agency (IAEA) is investigating Iran's nuclear program. A group called Parastoo Farsi for the swallow bird and a common Iranian girl's name claimed responsibility for posting the names on its website two days ago. The group had been known to be critical of Israel's undeclared nuclear weapons program. " The IAEA deeply regrets this publication of information stolen from an old server that was shut down some time ago ," agency spokesperson said and agency experts had been working to eliminate any " possible vulnerability " in it even before it was hacked. Israel and the United States accuse Iran of seeking to develop a nuclear weapons capability, a charge Tehran denies, and says the Islamic state is th
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
IRAN : US Is the source of Cyber Terrorism

IRAN : US Is the source of Cyber Terrorism

Oct 30, 2012
An obscure group identifying itself as the Izz ad-din al-Qassam Cyber Fighters claimed responsibility for the first wave of attacks as retaliation for the amateurish Innocence of Muslims film that mocked the Islamic prophet Mohammed and sparked protests throughout the Middle East.  Who's really responsible for a recent series of cyberattacks on American banks? A few days back US Defense Secretary Leon Panetta said Iran is responsible for cyberattacks launched against Saudi Aramco and RasGas and US banks. While Panetta did not directly link Iran to the Persian Gulf attacks, he later noted that Iran has " undertaken a concerted effort to use cyberspace to its advantage. " Today, Iran's defense minister said, The United States is the source of cyber terrorism. " and intends to pave the way for increasing its activities in relation to cyber terrorism through diverting attention and leveling accusation, " Defense Minister Ahmad Vahidi. The Iranian defense minister also sai
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
White House : No evidence of Espionage by Huawei

White House : No evidence of Espionage by Huawei

Oct 19, 2012
According to a White House-ordered review , a giant Chinese technology company " Huawei " is not a state-sponsored espionage tool. Huawei Technologies, the world's second-largest supplier of telecommunications equipment. The largely classified investigation, which delved into the security risks posed by suppliers to US telecommunications network operators, found Huawei was risky for other reasons, such as having products that are vulnerable to hackers. The committee, which conducted an 11-month investigation into privately held Huawei and ZTE, found the two companies uncooperative in providing information about their respective ties with Beijing. Some questions remain unanswered. For example, it is unclear if security vulnerabilities found in Huawei equipment were placed there deliberately. It is also not clear whether any critical new intelligence emerged after the inquiry ended. " The White House has not conducted any classified inquiry that res
Exclusive : Gary McKinnon wins 10-year fight against US extradition

Exclusive : Gary McKinnon wins 10-year fight against US extradition

Oct 16, 2012
Gary McKinnon has had his extradition blocked by the UK government. He has finally won his 10-year fight against extradition after Home Secretary Theresa May today halted proceedings on human rights grounds. The Home Secretary said medical reports warning the computer hacker would kill himself if sent to the US were sufficient grounds to bring the decade-long battle to an end. It is 10 years since he was first arrested, and his case has come to symbolise a purported imbalance in the extradition arrangements between the UK and the US. McKinnon was accused by US prosecutors of " the biggest military computer hack of all time ", but he claims he was simply looking for evidence of UFOs.  According to a report, Mr Burrowes increased the pressure on the Prime Minister last night by telling friends he will resign as a member of the Government if Mr McKinnon, who has Asperger's syndrome, is deported. There was no doubt McKinnon is seriously ill and the extradition warrant agains
Hackers steal more than $450,000 from Burlington city bank

Hackers steal more than $450,000 from Burlington city bank

Oct 14, 2012
The city of Burlington is warning its employees to check their bank accounts after finding out funds have been stolen. The Skagit Valley Herald reports the money was electronically transferred to various personal and business accounts throughout the United States during a two-day period this week. " We really don't know exactly how it happened ," said City Manager Bryan Harrison. " Multiple banks in multiple states involved. " " Someone, either through the city system or Bank of America had actually accessed our electric authorization account. " The theft was first reported by the Skagit Valley Herald newspaper which said that Burlington's finance department reported the theft Thursday. Police and the Secret Service are investigating. Burlington is a city of about 8,400 people roughly 60 miles north of Seattle. They believe the money has been shifted to different banks around the world. Officials say they will recover the money that was
Another hope in Hacker Gary McKinnon extradition

Another hope in Hacker Gary McKinnon extradition

Oct 13, 2012
Gary's 10 years spent living on a knife-edge has been nothing short of cruel and unnecessary punishment. There is another new hope for Gary McKinnon who is fighting extradition after being accused of hacking US military computers. Computer hacker Gary McKinnon will win his 10-year legal battle against extradition have been significantly raised after Home Office-appointed psychiatrists warned that he would be very likely to attempt suicide if sent for trial in the US. It comes as the result of a medical report by two Home Office psychiatrists, which found there is a "significant risk" of suicidal behaviour by Mr McKinnon. The Home Secretary will tell MPs of her final decision on the case on Tuesday. McKinnon's mother, Janis Sharp, has called on government figures to honour their promises to save her son. But despite this it remains unclear if the Home Secretary, Theresa May, will halt his extradition or not, having previously put it on hold to consider new evidence. McKin
Barrett Brown charged with Internet threats, retaliation, conspiracy charges

Barrett Brown charged with Internet threats, retaliation, conspiracy charges

Oct 05, 2012
A Dallas man linked to the worldwide hacking group Anonymous is accused of threatening to ruin an FBI agent's life in online postings. Barrett Lancaster Brown , 31, of Dallas, was indicted on one count of making an Internet threat, one count of conspiring to make restricted personal information of an employee of the United States publicly available, and one count of retaliation against a federal law enforcement officer. Serious charges, but not totally unexpected. Authorities raided Brown's apartment and arrested him last month while he was chatting online with Anonymous folks, but authorities wouldn't say why he was being detained until Thursday, when the U.S. attorney's office announced a three-count indictment against him. Brown's attorney, Jay Leiderman, has said he believes some of the charges stem from a YouTube video in which Brown rails against law enforcement. The indictment lists several tweets in which Brown talks about having a " plan
Four million hotel locks vulnerable to 'Dry erase marker'

Four million hotel locks vulnerable to 'Dry erase marker'

Oct 05, 2012
At Black Hat security conference this year Cody Brocious demonstrated that How a simple Dry erase marker allows him to open an Onity hotel room door lock with an Arduino, which is totally James Bond. This is just kind of scary on multiple levels, the least being that dry erase markers are one of the most ordinary, non-suspicious objects we can think of. Watch the video below and be afraid – be very afraid. It has been refined to such a state where there are no dangling bits that come out of the marker, with a tip that looks totally normal sans any wires. All you need to do is touch the tip of the market to the door port, and you would have gained entry without mentioning a secret password. The story didn't stop there with Onity, the electronic door specialist in question, stepping in to introduce several measures to secure the doors. Brocious created a proof-of-concept device to show to security experts and press, but it was a bit crude. In order to build and test all of this yoursel
Cyber attack on Iran’s Internet system Disrupts Iran Internet

Cyber attack on Iran's Internet system Disrupts Iran Internet

Oct 04, 2012
IRAN state official has said that Cyber attackers have targeted Iranian infrastructure and communications companies, disrupting the Internet across the country. " Yesterday we had a heavy attack against the country's infrastructure and communications companies which has forced us to limit the Internet ," Iran the world's no. 5 oil exporter, has tightened cyber security since its uranium enrichment centrifuges were hit in 2010 by the Stuxnet computer worm, which Tehran believes was planted by arch-adversaries Israel or the United States. Last week, the Islamic republic cut citizens' access to Gmail and the secure version of Google Search. Gmail has since been restored. Since sites such as Youtube and Facebook were used to organise mass anti-government protests against the re-election of President Mahmoud Ahmadinejad back in 2009, the Iranian government has maintained one of the world's largest internet filters, blocking access to thousands of sites and IP address
Chinese hackers attack on White House computers

Chinese hackers attack on White House computers

Oct 01, 2012
The White House acknowledged Monday that one of its computer networks was hit by a cyber attack, but said there was no breach of any classified systems and no indication any data was lost. Including systems used by the military for nuclear commands were breached by Chinese hackers. A conservative newspaper that has been regularly critical of the Obama administration, called The Washington Free Beacon, first published the report on Sunday and said that the attackers were linked to the Chinese government. One official said the cyber breach was one of Beijing's most brazen cyber attacks against the United States and highlights a failure of the Obama administration to press China on its persistent cyber attacks. Disclosure of the cyber attack also comes amid heightened tensions in Asia, as the Pentagon moved two U.S. aircraft carrier strike groups and Marine amphibious units near waters by Japan's Senkaku islands. The official called the incident a " spear-phishing " a
Oracle Database stealth password cracking vulnerability

Oracle Database stealth password cracking vulnerability

Sep 20, 2012
Oracle suffered with serious vulnerability in the authentication protocol used by some Oracle databases. This Flaw enable a remote attacker to brute-force a token provided by the server prior to authentication and determine a user's password. A researcher - Esteban Martinez Fayo, a researcher with AppSec tomorrow will demonstrate a proof-of-concept attack. Martinez Fayo and his team first reported the bugs to Oracle in May 2010. Oracle fixed it in mid-2011 via the 11.2.0.3 patch set, issuing a new version of the protocol. " But they never fixed the current version, so the current 11.1 and 11.2 versions are still vulnerable ," Martinez Fayo says, and Oracle has no plans to fix the flaws for version 11.1. The first step in the authentication process when a client contacts the database server is for the server to send a session key back to the client, along with a salt. The vulnerability enables an attacker to link a specific session key with a specific password hash. Th
6 Million Virgin Mobile users vulnerable to Hackers

6 Million Virgin Mobile users vulnerable to Hackers

Sep 20, 2012
Virgin Mobile customers beware: Your phone number is the key to your personal information. According to independent developer Kevin Burke, who warned Virgin Mobile USA customers about a glaring security hole in the phone company's account login protocol said, " If you are one of the six million Virgin subscribers, you are at the whim of anyone who doesn't like you. " Virgin Mobile USA users manage their account by logging in through an online portal, which requires a mobile number and a 6-digit pin. Once inside, customers can check their call records, change the handset associated with their number, and update their personal details. In a blog post on Monday, Kevin Burke detailed how the username and password system used by Virgin Mobile to let users access their account information, is inherently weak and open to abuse. " It is trivial to write a program that checks all million possible password combinations, easily determining anyone's PIN inside of one day
9 million PCs infected with ZeroAccess botnet

9 million PCs infected with ZeroAccess botnet

Sep 19, 2012
In recent months, we've seen the rootkit family Win32/Sirefef and Win64/Sirefef (also known as ZeroAccess Botnet ) update its command and control protocol and grow to infect more computers while connecting to over one million computers globally.  Before, disclosed that it creates its own hidden partition on the hard drive and uses hidden alternative data streams to hide and thrive. Then ZeroAccess developer changed infection tactics and stopped using kernel-mode components in the latest version Security firms tracked the growth of x64 version infections. But Recently uncovered by SophosLabs that ZeroAccess botnet took a major shift in strategy and operating entirely in user-mode memory. There are two distinct ZeroAccess botnets, and each has a 32-bit version and a 64-bit version, numbering four botnets in total. Each botnet is self-contained because it communicates exclusively on a particular port number hard-coded into the bot executable. The botnets can be categorised based o
Bank of America Website under Cyber Attack from Islamic Hackers

Bank of America Website under Cyber Attack from Islamic Hackers

Sep 19, 2012
Bank of America's website experienced periodic outages Tuesday due to cyber attacks launched in retaliation for " Innocence of Muslims ," the amateurish film whose mocking portrait of the Prophet Muhammad has incited deadly riots throughout the Middle East. " Cyber fighters of Izz ad-din Al qassam " said it would attack the Bank of America and the New York Stock Exchange as a "first step" in a campaign against properties of " American-Zionist Capitalists ." " After Successful attack to YouTube Servers in recent days made by Muslims around the world, many groups announce that they are ready to do similar attacks.When supporter of that sacrilegious movie try to punish the cast and crew, the publisher included, this story will end until that time these kinds of Cyber Attacks will be continued and the Cyber world will be an unsafe place for all of Enemies of Islam. " Hackers posted on their blog . People around the country reported on
The 10 Most Infamous Student Hackers of All Time

The 10 Most Infamous Student Hackers of All Time

Sep 10, 2012
Hacking has always been inherently a young person's game. The first usage of the word "hacker" was to describe pranksters meddling with the phones at MIT. Many hackers have cited boredom, a desire for change, or the thrill of going somewhere one is not supposed to go as their motivation for hacking, all of which could apply to scores of common activities on college campuses. While today's hacking scene is dominated by large hacking groups like Anonymous and Masters of Deception, many of the greatest hacks ever have been pulled off by college, high school, and even middle school kids who rose to infamy armed only with a computer and the willingness to cross the bounds of legality. 1.) Sven Jaschan: In the words of one tech expert , "His name will always be associated with some of the biggest viruses in the history of the Internet." The viruses: the Sasser and NetSky worms that infected millions of computers and have caused millions of dollars of damage since their release in 2004. The
Iran still on target of 'Mahdi' malware after detection

Iran still on target of 'Mahdi' malware after detection

Sep 03, 2012
In JULY Kaspersky Lab and Seculert revealed the presence of a new cyber-espionage weapon known targeting users in the Middle East. Despite the recent uncovering of the 'Madhi' malware that has infected several hundred computers in the Middle East, researchers say the virus is continuing to spread. The malware, known as 'Mahdi' or 'Madi', was originally discovered by Seculert. In addition to stealing data from infected Windows computers, it is also capable of monitoring email and instant messages, recording audio, capturing keystrokes and taking screenshots of victims' computers. Working together, researchers at Seculert and Kaspersky sinkholed the malware's command and control servers and monitored the campaign. What they found was a targeted attack that impacted more than 800 victims in Iran, Israel and other countries from around the globe. Israeli security company Seculert said it had identified about 150 new victims over the past six weeks as deve
Air Force openly Seeks Offensive Cyber Weapons

Air Force openly Seeks Offensive Cyber Weapons

Aug 31, 2012
The Air Force Life Cycle Management Center posted a broad agency announcement recently, calling on contractors to submit concept papers detailing technological demonstrations of 'cyberspace warfare operations' capabilities.  Air Force is seeking to obtain the abilities to 'destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries' ability to use the cyberspace domain for his advantage' and capabilities that would allow them to intercept, identify, and locate sources of vulnerability for threat recognition, targeting, and planning, both immediately and for future operations. According to the document the issuing Program Office "is an organisation focused on the development and sustainment of Cyberspace Warfare Attack capabilites that directly support Cyberspace Warfare capabilities of the Air Force." Technologies that can map data and voice networks, provide access to the adversary's information, networks, systems or devices, manip
Kaspersky Labs uncover 'Gauss' Espionage Malware hits Middle East banks

Kaspersky Labs uncover 'Gauss' Espionage Malware hits Middle East banks

Aug 10, 2012
A new cyber surveillance virus has been found in the Middle East that can spy on banking transactions and steal login and passwords, according Kaspersky Lab , a leading computer security firm. After Stuxnet, Duqu, and Flame, this one seems to mainly spy on computer users in Lebanon. It's been dubbed Gauss (although Germanic-linguistic purists will no doubt be complaining that it should be written Gauß). Gauss is a complex cyber-espionage toolkit, highly modular and supports new functions which can be deployed remotely by the operators in the form of plugins. The currently known plugins perform the following functions: Intercept browser cookies and passwords. Harvest and send system configuration data to attackers. Infect USB sticks with a data stealing module. List the content of the system drives and folders Steal credentials for various banking systems in the Middle East. Hijack account information for social network, email and IM accounts. The researchers at Russia-based Ka
Security researchers will disclose vulnerabilities in Embedded, ARM, x86 & NFC

Security researchers will disclose vulnerabilities in Embedded, ARM, x86 & NFC

Jul 24, 2012
Security researchers are expected to disclose new vulnerabilities in near field communication (NFC), mobile baseband firmware, HTML5 and Web application firewalls next week at the Black Hat USA 2012 security conference. The Black Hat session aim to expose sometimes shocking vulnerabilities in widely used products. They also typically show countermeasures to plug the holes. Two independent security consultants will give a class called " Advanced ARM exploitation ," part of a broader five-day private class the duo developed. In a sold-out session, they will detail hardware hacks of multiple ARM platforms running Linux, some described on a separate blog posting. The purpose of the talk is to reach a broader audience and share the more interesting bits of the research that went into developing the Practical ARM Exploitation and presenters Stephen Ridley and Stephen Lawler demonstrate how to defeat XN, ASLR, stack cookies, etc. using nuances of the ARM architecture on Linux. I
Cybersecurity Resources