#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

cyber crime detective | Breaking Cybersecurity News | The Hacker News

Bulgarian Hackers Group arrested

Bulgarian Hackers Group arrested

Jul 06, 2012
Bulgarian Hackers Group arrested Bulgarian authorities say that after months of investigation they have busted the "most powerful hacker group" in the country, the Cyber Warrior Invasion. The operation was conducted by Bulgaria's Sector for Computer Crimes, Intellectual Property and Gambling and the territorial units of the Chief Directorate for Fight with Organized Crime in the municipalities of Pleven, Shumen, Plovdiv, Burgas, Haskovo, Stara Zagora and Kyustendil. Using cyber "terrorist" methods, the group had attacked more than 500 websites worldwide, including those of financial institutions, web-based companies, and governmental and non-governmental organizations. On the confiscated computers, police discovered databases with large amounts of stolen emails, social network profiles and associated passwords, as well as stolen credit card data. The site www.cwi-group.org was used by the members of the group to coordinate their activities. Constantly changing its location and usin
Zemra Botnet Leaked, Cyber Criminals performing DDoS Attacks

Zemra Botnet Leaked, Cyber Criminals performing DDoS Attacks

Jun 27, 2012
Zemra Botnet Leaked, Cyber Criminals performing DDoS Attacks The Zemra DDoS Bot is currently sold in various forums for about 100 € and detected by Symantec as Backdoor.Zemra . Zemra first appeared on underground forums in May 2012. This crimeware pack is similar to other crime packs, such as Zeus and SpyEye, in that is has a command-and-control panel hosted on a remote server. Zemra uses a simple panel with an overview of all statistics is needed.With the help of two graphs can be seen operating machinery and the region location.In addition, statistics on online and for more information. You have a chance to see everything online Socks5 and export them to the list.Traffic is encrypted and protected using the algorithm AES, each client communicates with a unique generated key. Note : In " Tools Yard " we have Posted Zemra Source Code , Only for Educational Purpose. A brief functional: • Intuitive control panel • DDos (HTTP / SYN Flood / UDP) • Loader (Load and ru
SaaS Compliance through the NIST Cybersecurity Framework

SaaS Compliance through the NIST Cybersecurity Framework

Feb 20, 2024Cybersecurity Framework / SaaS Security
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a configuration policy that will apply to an HR app that manages employees, a marketing app that manages content, and an R&D app that manages software versions, all while aligning with NIST compliance standards.  However, there are several settings that can be applied to nearly every app in the SaaS stack. In this article, we'll explore some universal configurations, explain why they are important, and guide you in setting them in a way that improves your SaaS apps' security posture.  Start with Admins Role-based access control (RBAC) is a key to NIST adherence and should be applied to every SaaS a
Operation Card Shop : FBI Arrested 24 Credit Card Cyber Criminals

Operation Card Shop : FBI Arrested 24 Credit Card Cyber Criminals

Jun 27, 2012
Operation Card Shop : FBI Arrested 24 Credit Card Cyber Criminals The FBI has arrested 24 cybercriminals part of an international law enforcement operation aiming to arrest and prosecute the users of a sting operation called "Carder Profit". The suspects, collared after a two-year investigation dubbed "Operation Card Shop," allegedly stole credit card and banking data and exchanged it with each other online. " We put a major dent in cybercrime ," she said. " This is an unprecedented operation. "In the sting, which they called Operation Card Shop, undercover investigators created an online bazaar to catch buyers and sellers of credit card data and other private financial information. They also aimed at people who clone and produce the physical credit cards that are then used to buy merchandise. Some CarderProfit users apparently learned of the involvement of the feds months ago. A Twitter user with the name @JoshTheGod wrote that "has informants and most likly to be belie
cyber security

Are You Vulnerable to Third-Party Breaches Through Interconnected SaaS Apps?

websiteWing SecuritySaaS Security / Risk Management
Protect against cascading risks by identifying and mitigating app2app and third-party SaaS vulnerabilities.
Hacker made calls worth £10,000 from public phone

Hacker made calls worth £10,000 from public phone

Jun 27, 2012
Hacker made calls worth £10,000 from public phone Computer expert Dariusz Ganski, of Sunny Bank, Kingswood, used a router to tap into BT phone boxes and made hours of calls to expensive numbers. He make calls worth £10,000 of premium-line bills and he has been jailed for 18 months. Prosecutor David Maunder commented: " Police located the vehicle and they found Mr Ganski with two laptop computers and numerous mobile telephones." Bristol Crown Court heard that the 27-year-old committed his crimes to get electronic credits for music and on-line games, while still on licence from prison for almost identical offences. Ganski made 648 calls, totalling nearly 43 hours, from a phone box in Kelston, North East Somerset. BT was alerted to unpaid calls costing them about £7,700 on that box. He said: " Your counsel says you're intelligent. What a waste that what you really do is go round defrauding companies in this way. "
The tale of LulzSec, two admits targeting websites

The tale of LulzSec, two admits targeting websites

Jun 27, 2012
The tale of LulzSec  two admits targeting websites Two British members of the notorious Lulz Security hacking collective have pleaded guilty to a slew of computer crimes, in the latest blow against online troublemakers whose exploits have grabbed headlines and embarrassed governments around the world. LulzSec members Ryan Cleary , 20, and Jake Davis , 19, pleaded guilty in a London court to launching distributed denial of service (DDoS) attacks last year against several targets, including the CIA, the Arizona State Police, PBS, Sony, Nintendo, 20th Century Fox, News International and the U.K.'s Serious Organized Crime Agency and National Health Service Ryan Cleary is from Essex, United Kingdom who was arrested by Metropolitan Police on June 21 2011 and charged with violating the Computer Misuse Act and the Criminal Law Act 1977. He was accused of being a member of LulzSec but was not a member of the said group although he admitted that he did run one of the IRC channels that t
A virus specialized for AutoCAD, a perfect cyber espionage tool

A virus specialized for AutoCAD, a perfect cyber espionage tool

Jun 23, 2012
A virus specialized for AutoCAD , a perfect cyber espionage tool In recent years we are assisting to a profoundly change in the nature of malware, it is increased the development for spy purposes, for its spread in both private and government sectors. The recent case of Flame malware has demonstrated the efficiency of a malicious agent as a gathering tool in a typical context of state-sponsored attack for cyber espionage. Event like this represent the tip of the iceberg, every day millions of malware instances infect pc in every place in the world causing serious damages related to the leak of sensible information. Specific viruses are developed to address particular sectors and information, that is the case for example of "ACAD/Medre.A", a malware specialized in the theft of AutoCAD files. The virus has been developed to steal blueprints from private companies mostly based in Peru according the expert of the security firm ESET. The virus is able to locate AutoCAD file on infected ma
Russian Botnet Hacker arrested for hacking into six million computers

Russian Botnet Hacker arrested for hacking into six million computers

Jun 23, 2012
Russian Botnet Hacker arrested for hacking into six million computers Police have detained a 22-year-old hacker who created a system of networked computers that was used to steal more than 150 million rubles ($4.47 million) from people's bank accounts and already one of the most wanted hacker in the world. But now, "Hermes" is, has been tapped over six million computers and earns around 5 million francs, was caught in Russia. The network infected around six million computers with a Trojan virus, which helped get access to users' bank accounts.  A bout the Trojans secretly installed, he had arranged illegal money transfers, said the interior ministry in Moscow on Friday. Police from Division K, the cybercrime branch of the Interior Ministry, searched the hacker's place of residence, confiscating computers and arresting the suspect. The statement did not specify when the arrest was made.The botnet built by the hacker included around 6 million computers from reg
LulzSec hacker - Brit Ryan Cleary charged for Sony and Fox hacks

LulzSec hacker - Brit Ryan Cleary charged for Sony and Fox hacks

Jun 15, 2012
LulzSec hacker - Brit Ryan Cleary charged for Sony and Fox hacks A 20-year-old Briton suspected of links to the hacking group Lulz Security is accused of cracking into websites for a Fox reality TV show, a venerable news show and other sites to deface them or steal personal information, federal prosecutors said Wednesday. Ryan Cleary, 20, reportedly had ties to the well-known branch of Anonymous called LulzSec before he was arrested in London last June (although the hacktivist group denies his involvement with it). U.S. federal prosecutors said today that he worked to take down, deface, and steal personal information from Web sites. In a separate and similar case filed against Cleary in the United Kingdom in 2011, he faces allegations that he and others hacked a law enforcement agency, the Serious Organized Crime Agency, and various British music sites - all while he was still a teenager. Commenting on Tuesday's indictment, FBI spokesperson Laura Eimiller said, "Cleary is a skilled
Zeus 2.x variant includes ransomware features

Zeus 2.x variant includes ransomware features

May 22, 2012
Zeus 2.x variant includes ransomware features Cybercriminals are getting more sophisticated, as reports are coming in that hacker coders have successfully merged a ransom trojan with a Zeus malware successor called Citadel . A notorious malware platform targeting financial information has added a new trick to its portfolio a digital version of hijack and ransom. F-Secure researchers have recently spotted a new Zeus 2.x variant that includes a ransomware feature. Basically a customised version of Zeus, the malware aims to provide better support for its offshoot of the Zeus code base, whilst at the same time allowing clients to vote on feature requests and code their own modules for the crimeware platform. Net-security explains the working of this Zeus 2.x variant,that Once this particular piece of malware is executed, it first opens Internet Explorer and points it towards a specific URL : lex.creativesandboxs.com/locker/lock.php. Simultaneously, the users are blocked from doing an
Call for Articles : THN Magazine June 2012, Malware Edition

Call for Articles : THN Magazine June 2012, Malware Edition

May 21, 2012
Call for Articles : THN Magazine June 2012, Malware Edition The Hacker News is calling for our June Magazine on the issue related to MALWARE . We'd like to see an analysis of the history of these most worrying viruses and the contemporary usage in cyber espionage and cyber warfare. It would be interesting to analyze the impact of the malware diffusion in the private sector and in government agencies, emphasizing the effectiveness of the cyber threat. Other topics to study are cyber crime activities that involve malware as method of monetization, with particular references to principal frauds schemes. What is the awareness level on hazards of the malware in common people and how the theat could harm new scenarios like mobiles and Cloud. What are the main countermeasures to mitigate virus diffusion? Thank you for your thoughtful consideration and we are looking forward to your work on this very important topic!  Email us at  admin@thehackernews.com Download all THN Magazin
17 year old Teenager arrested over TeamPoison hacking attacks

17 year old Teenager arrested over TeamPoison hacking attacks

May 12, 2012
17 year old Teenager arrested over TeamPoison hacking attacks A teenage boy has been arrested on suspicion of being a member of "TeamPoison", a computer hacking group that has claimed responsibility for 1,400 offences including an attack on the phone system of Scotland Yard's counter-terrorism unit last month. These include attacks on the United Nations, the UK Anti-Terrorist Hotline, MI6 and RIM, as well as politicians including Nicolas Sarkozy and Tony Blair. The boy, who police suspect used the hacker nickname 'MLT' and was a spokesman for TeamPoison, was interviewed at a local police station on offences under the Computer Misuse Act on Wednesday. The arrest is part of an ongoing investigation by the Police Central e-Crime Unit (PCeU) division of the Metropolitan Police into various hacking gangs who have made headlines in the last year or so. TeamPoison's highest-profile attack was mounted against Scotland Yard's counter-terror hotline last month, has als
Security Alert: Wi-Fi Hotels used to Spread Malware

Security Alert: Wi-Fi Hotels used to Spread Malware

May 11, 2012
Security Alert : Wi-Fi Hotels used to Spread Malware According to a report from the Internet Crime Complaint Center (IC3) – a partnership between the FBI and the National White Collar Crime Center (NW3C) - Hackers are targeting foreigners' laptops using hotel Wi-Fi, the Internet Crime Complaint Centre and FBI have warned. The malware is spread through hotel Wi-Fi networks, posing as an update for a popular software product. The number of laptops getting infected with malicious software while using hotel Internet connections is on the rise. " Analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travellers abroad through pop-up windows while establishing an internet connection in their hotel rooms ," the IC3 said. The officials didn't explain what the malware actually did, but the FBI warned that anyone travelling overseas, and particularly on governmental or private-sector business, should take extra care when abroad and plan
Anonymous Hackers Targeting Russian government websites for Putin Inauguration

Anonymous Hackers Targeting Russian government websites for Putin Inauguration

May 05, 2012
Anonymous Hackers Targeting Russian government websites for Putin Inauguration Anonymous hackers to launch cyber attacks on the websites of the Russian state agencies to support the opposition. In a YouTube video , Hackers said that the Russian government website will be subjected to DDOS attack on May 6, and on May 7 the same will happen with the prime minister's site. " Join us! All it takes is a few simple actions to bring this rotten and corrupt system to its logical end. " The hackers then posted instructions for everyone who would like to participate in attacks. Putin convincingly won a six-year presidential term in March despite a wave of protests following a December parliamentary poll the opposition said was tarnished by large-scale voting fraud in support of his party. It said it would launch attacks on the Russian government website Government.ru at 1200 GMT on May 6 and on the prime minister's website Premier.gov.ru on May 7 at 0900 GMT. Anonymous demanded that
UK's Serious Organised Crime Agency's website taken offline after DDoS attack

UK's Serious Organised Crime Agency's website taken offline after DDoS attack

May 03, 2012
UK's Serious Organised Crime Agency 's website taken offline after DDoS attack The Serious Organised Crime Agency's website was temporarily shut down today after a cyber attack.It was the victim of a scam known as distributed denial of service (DDOS) whereby an internet address is flooded with bogus traffic, effectively making it unreachable. It is the second time in a year that the website has fallen victim to hackers." We elected to take the website offline temporarily at about 10:00 pm (2100 GMT) last night ," a SOCA spokesman said. SOCA was the first target of the AntiSec campaign launched back in June by Anonymous and LulzSec. Soon after, 19-year-old Ryan Cleary was arrested and charged with allegedly playing a role in the DDoS attack that took down the SOCA Web site. Since then, the site was seemingly operating as expected. A Twitter news feed that claims links to the Anonymous hacking collective publicised the DDoS on Thursday, but did not claim respon
36 Web domains seized tied to online financial fraud

36 Web domains seized tied to online financial fraud

Apr 26, 2012
Thirty-six websites used to sell stolen bank account details have been taken down following an investigation by the Serious Organised Crime Agency ( SOCA ). The arrest of two men in the UK and another in Macedonia is the result of an international operation in which 36 web domains, used to trade compromised banking data, were taken offline. SOCA has been tracking the development of AVCs and monitoring their use by cyber criminals, who support payment card and online banking fraud on a global scale. Working with the FBI, the BKA in Germany, the KLPD in the Netherlands, the Ukraine Ministry of Internal Affairs, the Australian Federal Police, and the Romanian National Police, SOCA has recovered over 2.5 million items of compromised personal and financial information over the past 2 years. Lee Miles, head of cyber operations for SOCA, said: " Our activities have saved business, online retailers and financial institutions potential fraud losses estimated at more than half a billion pounds
10 Lebanese government websites taken down by Hacktivist group

10 Lebanese government websites taken down by Hacktivist group

Apr 26, 2012
Several Lebanese ministry websites were the target of a hack attack Thursday by the group Raise Your Voice, in the second such attack on government-related portals this month. " We are RYV, short for Raise Your Voice, and we are simply a group of people who could not bare (sic) sitting in silence, watching all the crimes and injustice going on in Lebanon. We will not be silenced and brainwashed by your media. We will not stop until the Lebanese people mobilize, demand their rights, and earn them ," said the group's message posted on the hacked websites. It is unclear whether Lebanon Anonymous is affiliated with the hacktivist group #Anonymous, renowned for its attacks on websites of governments and corporations it considers corrupt or seeking to limit free speech on the web. Last month, they took down the Interpol's website as a response to the arrest of 25 of their members, as well as the United Nations' official site. Below is the list of the websites that were hacked on
Julian Assange and Bradley Manning are Vested in Vision !

Julian Assange and Bradley Manning are Vested in Vision !

Apr 17, 2012
Julian Assange and Bradley Manning are Vested in Vision ! Two significant events will take place this week and cyber activists need to take note and pay attention. This will be your training on how to unfold the growing revolution that is spinning our world on a new and courageous path. First, Julian Assange has completed filming twelve episodes of his forthcoming show, " The World Tomorrow ". The first episode will be aired on RT and released online on Tuesday 17 April 2012, with other networks to follow. " The World Tomorrow " is a collection of twelve interviews featuring an eclectic range of guests, who are stamping their mark on the future: politicians, revolutionaries, intellectuals, artists and visionaries. The second event, Nobel Peace Prize nominee, and political prisoner Bradley Manning's next appearance in court will take place April 24-26 at Ft. Meade, MD. Bradley Manning was arrested in May 2010 in Iraq on suspicion of having passed classified material to the whis
Lebanese Government sites hacked by ‘Raise Your Voice’

Lebanese Government sites hacked by 'Raise Your Voice'

Apr 17, 2012
Lebanese Government sites hacked by ' Raise Your Voice ' A group calling itself ' Raise Your Voice ' hacked on Tuesday around 15 Lebanese government websites to ask for an improvement in living standards, the day the parliament launches a three-day session to assess the cabinet's performance. " To our dear "beloved" Lebanese Government,We are RYV, short for Raise Your Voice, and we are simply a group of people who could not bare sitting in silence, watching all the crimes and injustice going on in Lebanon. We will not be silenced and brainwashed by your media. We will not stop until the Lebanese people mobilize, demand their rights, and earn them. We will not stop until the standards of living are raised to where they should be in Lebanon. We will not stop until this government's self-made problems are solved, like the power shortage, water shortage, rise in gas prices and rise in food product prices. We are RYV, expect us to break the silence, whether in the streets or on the Int
Phone based denial-of-service (DoS) attack on MI6 Anti-terrorism Agency

Phone based denial-of-service (DoS) attack on MI6 Anti-terrorism Agency

Apr 12, 2012
Phone based denial-of-service (DoS) attack on MI6 Anti-terrorism Agency The Hacking group, ' TeaMp0isoN ' said they targeted counter-terrorism officers at MI6 with a barrage of phone calls for a period of 24 hours, which meant nobody else could get through. By using a cleverly developed script, the hackers were able to make calls to the agency's offices for 24 hours non-stop, basically launching a phone-based denial-of-service (DOS) attack. " The script is based on the Asterisk software and uses a SIP protocol to phone ," TriCk told us. " Everytime they picked up the phone the server would play a robot voice which said 'teamp0ison' ." It said the attacks were motivated by the recent decision at the European Court of Human Rights that said Babar Ahmad, Adel Abdel and other suspected terrorists could be extradited to the United States, Huffingtonpost Reported . Trick also released what he claimed was the audio of the moment called the number and spoke to MI6 officers perso
Indian government get access to BlackBerry messages

Indian government get access to BlackBerry messages

Apr 09, 2012
Indian government get access to BlackBerry messages After a battle lasting almost two years, BlackBerry maker Research In Motion has knuckled under to the Indian government, giving security forces in that country access to private instant messages. RIM decided to set up Blackberry servers that were stationed in Mumbai, India. If you were thinking that this move could only lead to the Indian government seeking more control over what goes in and out of RIM's Blackberry servers, you would be right on the money. Not only has the Indian government gotten their way with the Blackberry servers, but they will now be able to tap into BBM messages. This was confirmed by Indian security agencies who revealed that the process to decrypt the 256-bit encrypted data used by BBM is underway and would be up and running soon, claiming that the interception of BBM messages will be used in case where the government suspects that crimes or terror plots are being hatched. It should also be noted that
Cybersecurity Resources