The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: hidden objects games

Fake Bad Piggies Game hijack Google Chrome browser

Fake Bad Piggies Game hijack Google Chrome browser

October 05, 2012Mohit Kumar
Rovio's latest game, Bad Piggies, is now available via Google Play and the App Store, and as a PC and Mac download, but it has not yet made its way to the Chrome Web Store. These pigs can indeed fly - "Bad Piggies," the spinoff to the monster hit game "Angry Birds," set a new record by soaring to the top of the charts just three hours after release. Scammers have quickly taken advantage of this, introducing bogus versions of Bad Piggies into the Chrome Web Store that exist primarily to serve up in-browser advertisements thanks to a few plug-in permissions.  Barracuda Networks’ lab today discovered a knock-off of the new and wildly popular “Bad Piggies” game which includes a phishing plug-in that may have injected an aggressive adware program into more than 82,000 Chrome browsers. The lack of a free online version for Bad Piggies left space for others to capitalize on the instant success of the game. Just days after the game launched, Jason Ding, a research sc
The 10 Most Infamous Student Hackers of All Time

The 10 Most Infamous Student Hackers of All Time

September 10, 2012Mohit Kumar
Hacking has always been inherently a young person’s game. The first usage of the word “hacker” was to describe pranksters meddling with the phones at MIT. Many hackers have cited boredom, a desire for change, or the thrill of going somewhere one is not supposed to go as their motivation for hacking, all of which could apply to scores of common activities on college campuses. While today’s hacking scene is dominated by large hacking groups like Anonymous and Masters of Deception, many of the greatest hacks ever have been pulled off by college, high school, and even middle school kids who rose to infamy armed only with a computer and the willingness to cross the bounds of legality. 1.) Sven Jaschan: In the words of one tech expert , “His name will always be associated with some of the biggest viruses in the history of the Internet.” The viruses: the Sasser and NetSky worms that infected millions of computers and have caused millions of dollars of damage since their release in 2004. The
Oracle releases patches for Java vulnerability CVE-2012-4681

Oracle releases patches for Java vulnerability CVE-2012-4681

September 01, 2012Mohit Kumar
Oracle has released a new patch which kills off a vulnerability in Java 7 that was being exploited by malware developers. " Due to the high severity of these vulnerabilities, Oracle recommends that customers apply this Security Alert as soon as possible ," Eric Maurice, the company's director of software security assurance. The out-of-band Security Alert CVE-2012-4681 includes fixes for “three distinct but related vulnerabilities and one security-in-depth issue” affecting Java running within the browser. Users with vulnerable versions of Java installed can have malware silently planted on their systems just by browsing to a hacked or malicious website unknowingly.Java is a free programming language widely used to enable every day programs and website elements to function, including some games, apps and chat, as well as enterprise apps. The attacks using this vulnerability so far have been Windows-based, the exploit was demonstrated on other platforms supported by Java
Malicious Olympic 2012 Android Apps & Domains

Malicious Olympic 2012 Android Apps & Domains

August 07, 2012Mohit Kumar
Whenever an important event takes place, new opportunities for cyber criminals, especially for those who develop attacks based on social engineering, arise. Currently, the whole world has its eyes glued to TV screens watching the London 2012 Olympic Games. Anti-malware and anti-virus solutions provider Webroot has issued a warning that an app app called " London Olympics Widget ," which is described as an app that displays aggregated Olympic news coverage. In fact, it's really just harvesting the user's contact list and device ID while reading up on SMS messages too. The package name is ‘com.games.London.Olympics.widget’. This app has a digital certificate claiming it was developed in New Delhi, India. For this scam, cybercriminals create websites that are very appealing; some even look very professional that they make it seem that you are close to having access to live programming. Researchers explain that the crooks rely on black hat SEO techniques to make sure t
Hack a Server - The man behind the idea

Hack a Server - The man behind the idea

July 24, 2012Mohit Kumar
“ Choose a job you love, and you will never have to work a day in your life ” said Confucius. These would be the words that describe Marius Corîci the most. In 2003 he started doing business in the plumbing industry and co-founded ITS Group, a franchise for Romstal Company, the biggest plumbing installations retailer from South-Eastern Europe. In 2007 he moved into Artificial Intelligence field and founded Intelligentics, a group for Natural Language Processing. Now, he is very focused on infosec and got involved in all the biggest independent security projects in Romania: S3ntinel , Hack Me If You Can , Hack a Server and DefCamp . Marius considers himself a serial entrepreneur and is very passionate about Artificial Intelligence. Never a quitter, always a perfectionist, looking for challenges that will change the world we live in. He believes in people and the power of great teams, and he intends to start blogging in the near future. What determined you to shift your attention towar
8 million passwords dumped from gaming website Gamigo

8 million passwords dumped from gaming website Gamigo

July 23, 2012Mohit Kumar
Four months after the gaming site Gamigo warned users about a hacker intrusion that accessed some portions of its users’ credentials, more than 8 million usernames, emails and and encrypted passwords from the site have been published on the Web, according to the data breach alert service PwnedList. The list of passwords, which were scrambled using a one-way cryptographic hash algorithm, were published earlier this month to a forum on the password-cracking website Inside Pro . According to forbe," The list also contained 8.2 million unique e-mail addresses, including 3 million American accounts from the US, 2.4 million accounts from Germany, and 1.3 million accounts from France ." Gamigo warned users in early March that an attack on the Gamigo database had exposed hashed passwords and usernames and possibly other, unspecified additional personal data. The site required users to change their account passwords. PwnedList founder Steve Thomas said, “ It’s the largest leak I’v
Hacker made calls worth £10,000 from public phone

Hacker made calls worth £10,000 from public phone

June 27, 2012Mohit Kumar
Hacker made calls worth £10,000 from public phone Computer expert Dariusz Ganski, of Sunny Bank, Kingswood, used a router to tap into BT phone boxes and made hours of calls to expensive numbers. He make calls worth £10,000 of premium-line bills and he has been jailed for 18 months. Prosecutor David Maunder commented: " Police located the vehicle and they found Mr Ganski with two laptop computers and numerous mobile telephones." Bristol Crown Court heard that the 27-year-old committed his crimes to get electronic credits for music and on-line games, while still on licence from prison for almost identical offences. Ganski made 648 calls, totalling nearly 43 hours, from a phone box in Kelston, North East Somerset. BT was alerted to unpaid calls costing them about £7,700 on that box. He said: “ Your counsel says you’re intelligent. What a waste that what you really do is go round defrauding companies in this way. ”
Online game 'League of Legends' Compromised

Online game 'League of Legends' Compromised

June 10, 2012Mohit Kumar
Online game ' League of Legends ' Compromised A recent slew of security failures have left countless accounts hacked at sites like Linkedin and eHarmoney. Now League of Legends is the latest database to suffer from hackers this week. Riot has sent out a mail to registered League of Legends players in Europe, asking them to change their passwords due to a hackers accessing some player account information. Full details are below, but know that according to Riot,” absolutely no payment or billing information of any kind was included in the breach. ” but email addresses, encrypted account password, summoner name, date of birth, and for a small number of players – first and last name and encrypted security question and answer. Obviously, this information could be used in phishing scams. Riot Games does encrypt passwords through it warns “ our security investigation determined that more than half of the passwords were simple enough to be at risk of easy cracking ”. Marc Merr
Anonymous: We Are Not Terrorists but Fearless Freedom Fighters

Anonymous: We Are Not Terrorists but Fearless Freedom Fighters

May 11, 2012Mohit Kumar
Anonymous: We Are Not Terrorists but Fearless Freedom Fighters Black Ops 2 trailer that was released recently, portrays the Anonymous organization as the enemy of the United States, which has pissed them off greatly. Anonymous has responded to Activision’s marketing campaign for Call of Duty: Black Ops 2 , which paints the hacktivist group as terrorists. The video was uploaded by YouTube user ALEXIUS ANON, an account which was created only last week. It’s thus important to underline that official Anonymous channels of communication have not confirmed they will be targeting Activision. That being said, they are certainly aware of what the company did. " This act will show you how serious our collective us and that we will protect any human who calls himself Anonymous, " says the video's narrator, who wears a Guy Fawkes mask. Also, Activision CEO Eric Hirshberg has been doxed , and are threatening to cause a lot of damage to the company’s infrastructure. This is what th
Social game Zynga's YoVille gets hacked

Social game Zynga's YoVille gets hacked

May 08, 2012Mohit Kumar
Social game Zynga's YoVille gets hacked Matt Spencer has been an active player of "YoVille" since the Zynga-owned virtual world launched in 2008, but hasn't played the game in about three weeks. He  post a complaint on the gaming company's forum that i n late January, Spencer's " YoVille " account was compromised and he lost much of his collection of virtual items, including millions of virtual coins and a pair of sunglasses that have become a collectors' item. Hackers infiltrate the social game affecting gameplay and stealing users' virtual goods, but private and sensitive data isn't compromised. Zynga is aware of the security problem and is addressing it, said Cadir Lee, the company's chief technology officer. The company first started to get reports about it "a few weeks ago," he said. The company investigated the issue and found that it was due to some "compromised administrative and moderation tools," he
oclHashcat-plus v0.08 Released - fastest password Cracker

oclHashcat-plus v0.08 Released - fastest password Cracker

May 01, 2012Mohit Kumar
oclHashcat-plus v0.08 Released - fastest password Cracker oclHashcat-plus is Worlds first and only GPGPU based rule engine and Worlds fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. Features Free Multi-GPU (up to 16 gpus) Multi-Hash (up to 24 million hashes) Multi-OS (Linux & Windows native binaries) Multi-Platform (OpenCL & CUDA support) Multi-Algo (see below) Low resource utilization, you can still watch movies or play games while cracking Focuses highly iterated, modern hashes Focuses single dictionary based attacks Supports pause / resume while cracking Supports reading words from file Supports reading words from stdin Integrated thermal watchdog 20+ Algorithms implemented with performance in mind ... and much more Algorithms MD5 Joomla osCommerce, xt:Commerce SHA1 SHA-1(Base64), nsldap, Netscape LDAP SHA SSHA-1(Base64), nsldaps, Netscape LDAP SSHA Oracle 11g SMF > v1.1 OSX v10.4, v10.5, v10.6 MSSQL(2000) MSSQL(2005) MySQL
zDefender - Enterprise smartphone IDS/IPS released by Zimperium

zDefender - Enterprise smartphone IDS/IPS released by Zimperium

April 21, 2012Mohit Kumar
zDefender - Enterprise smartphone IDS/IPS released by Zimperium Do you recall the security firm Zimperium which came out with ANTI , the killer Android app that allowed even the clueless to hack and pwn like a pentester? Zimperium, an Israeli security start up founded by Zuk Avraham, a world-renowned hacker and security researcher, has debuted its latest product, the zDefender at DEMO in Santa Clara, California. Called zDefender , this product can detect malicious attacks and take proactive measures to reduce threats via automatic preventive traffic filters and a remote management console. With the onslaught of mobile malware, everyone should have antivirus up and running immediately after purchasing a smartphone. You’d think you were protected from various attacks like man in the middle (MITM) attacks ? At DEMO Spring 2012 , Zuk planted 2 Routers, providing 3 Access points, which have claimed about 3,000 mobile device victims so far. zDefender is able to do this by using Zimpe
Android Video Malware found in Japanese Google Play Store

Android Video Malware found in Japanese Google Play Store

April 15, 2012Mohit Kumar
Android Video Malware found in Japanese Google Play Store A new Trojan has been found, and removed, from the Google Play/Android Market, McAfee reported on Friday afternoon. The post says applications carrying the Trojan promise, and in some cases deliver, trailers for upcoming video games or anime or adult-oriented clips, but they also request "read contact data" and "read phone state and identity" permissions before being downloaded. McAfee Mobile Security detects these threats as Android/DougaLeaker .A, the company said.McAfee said that the fifteen malicious applications of this sort had been found on Google Play, and that all had been removed from the market. The app gathers the Android ID not the IMEI code that can uniquely identify the device, but the 64-bit number that is randomly generated on the device's first boot and remains with it for the life of the device. The app also harvests the phone's phone number and contact list, along with every n
Legacy Native Malware in Angry Birds Space to pwn your Android !

Legacy Native Malware in Angry Birds Space to pwn your Android !

April 12, 2012Mohit Kumar
Legacy Native Malware in Angry Birds Space to pwn your Android A new malware threatens phones and tablets running Google's OS by hiding inside a copy of the popular game. Researchers at the mobile security firm Lookout identified the reworked malware as Legacy Native (LeNa), which poses as a legitimate app to gain unauthorized privileges on Android phones.  Under the appearance of a legitimate application, LeNa tricked users into allowing it access to information. " By employing an exploit, this new variant of LeNa does not depend on user interaction to gain root access to a device. This extends its impact to users of devices not patched against this vulnerability (versions prior to 2.3.4 that do not otherwise have a back-ported patch), " Lookout said in a blog post. In March, another Trojan appeared pretending to be legitimate Chinese game, The Roar of the Pharaoh . The malicious app appeared on the Google Play store, stealing users' data and money by sending S
Homeland Security hacking into gaming consoles to obtain user data

Homeland Security hacking into gaming consoles to obtain user data

April 10, 2012Mohit Kumar
Homeland Security hacking into gaming consoles to obtain user data The U.S. government has hired a California-based company to hack into video game consoles, such as Xbox 360 and PlayStation 3, to watch criminals, especially child predators, and learn how to collect evidence against them. The U.S. government has awarded a $177,000 contract to Obscure Technologies to develop tools that can be used to extract data from video games systems. The $177,000 contract with Obscure Technologies of San Rafael, Calif., is being executed by the U.S. Navy on behalf of the Department of Homeland Security because of the Navy’s expertise in the field, officials said. Anyone who has ever played a few games of Call of Duty or Halo online knows that communities like Xbox Live aren’t exactly models of good behavior. But the federal government believes the occasional bursts of profanity may not be the worst of what’s going on according with consoles, and it wants a way to dig deeper. In explaining t
Your Facebook credentials at risk on Android - iOS jailbroken devices

Your Facebook credentials at risk on Android - iOS jailbroken devices

April 09, 2012Mohit Kumar
Your Facebook credentials at risk on Android - iOS jailbroken devices Facebook allows its authentication credentials to be stored in plain text within the Apple iOS version of its mobile app, allowing an attacker complete control over your Facebook account if he knows where to look. Security researcher Gareth Wright noted the vulnerability and alerted Facebook. Wright wrote on his blog that he discovered the issue while exploring the application directories in his iPhone with a free tool and came across a Facebook access token in the Draw Something game on his phone. The simple ‘hack’ allows a user to copy a plain text file off of the device and onto another one. This effectively gives another user access to your account, profile and all on that iOS device. Facebook’s native apps for the two platforms not encrypting your login credentials, meaning they can be easily swiped over a USB connection, or more likely, via malicious apps. Facebook has responded that this issue only appl
"Reboot" - Upcoming latest Hacker Movie you should watch !

"Reboot" - Upcoming latest Hacker Movie you should watch !

April 06, 2012Mohit Kumar
" Reboot " - Upcoming latest Hacker Movie you should watch Rosa Entertainment and Jan-Ken-Po Pictures just announced that their cyberpunk thriller short film “ Reboot ” will launch with a Sneak Preview at DEFCON. Written and Directed by Joe Kawasaki, and Produced by Sidney Sherman, the film stars a bevy of hot up-and-coming actors including Emily Somers (Gabriele Muccino’s upcoming “Playing the Field”), Travis Aaron Wade (“War of the Worlds”), Martin Copping (Australian series “Neighbours”), Sonalii Castillo (“NCIS”), and Janna Bossier (Slipnot’s “Vermilion"). Set within a dystopian world that is a collision between technology and humanity, “Reboot” touches upon many of the current social and political concerns that arise from becoming more and more intertwined with the virtual. In contemporary Los Angeles, a young female hacker (Stat) awakens from unconsciousness to find an iPhone glued to her hand and a mysterious countdown ticking away on the display. Suffering fr
Android Malware as Beware of Chinese called "The Roar of the Pharaoh"

Android Malware as Beware of Chinese called "The Roar of the Pharaoh"

April 01, 2012Mohit Kumar
Android Malware as Chinese game " The Roar of the Pharaoh " Security researchers have spotted a bogus Chinese game, that’s actually a trojan horse gathering sensitive information from infected devices, next to sending premium-rate SMS messages. It is Chinese game that is original with its rights but on Android it is a fake application that inherits malware Trojan to steal important information from your cell phone. The malware works after an unknowing Android handset owner installs the app, allowing the malware to collect data, such as phone number, IMEI number, phone model, screen size and platform, and recording the OS version and platform used for sending via SMS to the Trojan’s authors. But it also noted the new Trojan is unusual as it does not ask for any specific permissions during installation, which is often an indicator an application is up to no good.It added the malware masquerades as a service called " GameUpdateService " a very plausible name for a
Your Xbox 360 credit card details Vulnerable to Hack

Your Xbox 360 credit card details Vulnerable to Hack

March 30, 2012Mohit Kumar
Your Xbox 360 credit card details Vulnerable to Hack It has been discovered by researchers at Philadelphia’s Drexel University, that credit card data on older Xbox 360 systems that have been traded in or sold on. Hackers can now retrieve personal information from refurbished Xbox consoles, suggesting consumers exercise more caution with their electronic devices. " Anyone can freely download a lot of this software, essentially pick up a discarded game console, and have someone's identity ," said researcher Ashley Podhradsky. The team has discovered that even restoring your console to factory settings won’t remove some of the data stored on the Xbox 360. " Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described. Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox own
'The Consortium' Just Called the Movement a 'SLUT '

'The Consortium' Just Called the Movement a 'SLUT '

March 14, 2012Mohit Kumar
' The Consortium ' Just Called the Movement a ' SLUT ' I’m disappointed. At the pinnacle of one of the greatest and most innovative political movements the world has ever seen, you have the new hackers group named “Consortium” bringing the movement to a new low and quite frankly, an embarrassment. When the world is finally revolting against tyranny, corruption and a disgraceful abuse of human rights, the group Consortium chooses to hack into a porn site and stole Users identity and credit card numbers of men and women, mostly who are serving in the military. ( List of Military Emails , Used in Porn Site to sign up is available in our last related article) May I ask Consortium to what end does this serve? There have been depictions of a sexual nature as old as civilization, such as, the Venus figurines and sexual rock art since prehistoric times. Using the excuse that the site was poorly secured, is no excuse at all for demeaning and demoralizing people using the
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.