The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

OllyDbg 2.01 alpha 4 released Other new features in this version: - Patch manager, similar to 1.10 - Shortcut editor, supports weird things like Ctrl+Win+$ etc. Now you can customize and share your shortcuts. I haven't tested it on Win7, please report any found bugs and incompatibilities! - Instant .udd file loading. In the previous versions I've postponed analysis, respectivcely reading of the .udd file till the moment when all external links are resolved. But sometimes it took plenty of time, module started execution and was unable to break on the breakpoints placed in the DLL initialization routine - Automatic search for the SFX entry point, very raw and works only with several packers. Should be significantly more reliable than 1.10. If you tried it on some SFX and OllyDbg was unable to find real entry, please send me, if possible, the link or executable for analysis! - "Go to" dialog lists of matching names in all modules - Logging breakpoints can proto...

Microsoft BlueHat Security contest - Mega Prize $250,000 Microsoft today launched a $250,000 contest for researchers who develop defensive security technologies that deal with entire classes of exploits. The total cash awards for Microsoft's " BlueHat Prize " contest easily dwarfs any bug bounty that's been given by rivals. The company announced the contest as this year's Black Hat security conference got under way today in Las Vegas. " We want to make it more costly and difficult for criminals to exploit vulnerabilities, " said Katie Moussouris, a senior security strategist lead at Microsoft, in a news conference today. " We want to inspire researchers to focus their expertise on defensive security technologies. "  " Overall, it seemed to us that to take an approach to block entire classes was the best way to engage with the research community and protect customers ," said Moussouris. WHAT IS THE CONTEST? The inaugural Microsof...

British police issue warning to Anonymous , Lulzsec and other internet hacktivists The Metropolitan Police have taken the unusual step of using Twitter to send a message to anyone considering supporting internet attacks against companies and governments.A message posted on the Met Police's official Twitter account cautioned would-be hacktivists that engaging in denial-of-service (DDoS) attacks, defacing websites or breaking into corporate databases is illegal.In the past, hacktivists have compared their activities to legitimate civil disobedience - but such a view is not a defence if suspected hackers are brought to court. Sophos Notice this tweet first. The full warning posted by the Met Police reads as follows: The investigation into the criminal activity of so-called "hacktivist" groups #Anonymous and #LulzSec continues. We want to remind people of the law in this area: The Law Against Computer Misuse Anyone considering accessing a computer without autho...

Cross Application Scripting vulnerability in Android browser  Recently IBM researchers detected a security vulnerability in Android’s Browser which can be exploited by a non-privileged application in order to inject JavaScript code into the context of any domain.This vulnerability has the same implications as global XSS, albeit from an installed application rather than another website. Android 2.3.5 and 3.2 have been released, which incorporate a fix for this bug. Patches are available for Android 2.2.* and will be released at a later date. The complete advisory can be found here . The browser holds sensitive information such as cookies, cache and history, and injected JavaScript could make it possible to extract that information, indirectly breaking the Android sandbox architecture. The attack exploits flaws in how the browser reacts to calls to view web pages from other applications. IBM demonstrates the proof of concept for Android Cross Application scripting ...

Operation Shady RAT - Biggest Cyber Attacks in history uncovered When the history of 2011 is written, it may well be remembered as the Year of the Hacks. McAfee publish a new report that it says is one of the most comprehensive analysis ever revealed of victim profiles from a five-year long targeted operation by a specific actor dubbed Operation Shady RAT. McAfee released a 14-page report that details the largest coordinated cyber attack recorded to date. This particular attack, possibly orchestrated by China, broke into 72 organizations over the course of five years.The targets include the US, Canada, Taiwan, India, South Korea, and Vietnam. The attack also hit the UN, the International Olympic Committee, the World Anti-doping agency, defense contractors, tech companies and more. Most attacks lasted less than a month, but some, like that on the UN Secretariat, lasted for almost two years. McAfee say learned of the extent of the hacking campaign in March this year, when it...

PythonLOIC - Python Low Orbit Ion Cannon Ddos Tool Released Low Orbit Ion Cannon for all platforms to test the resistance of the server or ddos servers.  Presentation of pythonloic running on iphone os: Download PythonLOIC

Operation Defense - Anonymous shut down Colombia's president website Anonymous and Colombian Hackers shut down the websites of Colombia's president , the interior and justice ministry, the intelligence service DAS and the governing U party. According to hacker's Twitter page, the hacker attack was meant as a protest against government censorship. The DoS attack on the government websites named " Operation Defense ". On the website of the U Party, the hackers posted a fake biography of President Juan Manuel Santos in which the hackers talk about the break-in of the President's facebook page carried out on July 20, Colombia's Independence Day.

Zero-day flaw in WordPress image utility allows to upload files and execute codes Mark Maunder , CEO of Seattle-based technology firm Feedjit, discovered the flaw after his own blog was hacked to load advertising content. He ended up tracing the issue back to TimThumb, which he uses on his blog. Hackers are exploiting a zero-day vulnerability affecting TimThumb, a free image resizing utility widely used on the blogging platform WordPress. Vulnerability in brief : An image resizing utility called timthumb.php is widely used by many WordPress themes. Google shows over 39 million results for the script name. If your WordPress theme is bundled with an unmodified timthumb.php as many commercial and free themes are, then you should immediately either remove it or edit it and set the $allowedSites array to be empty. The utility only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory. I haven’t audited the rest...

CA security finds Android Trojan which records phone calls A new Android Trojan is capable of recording phone conversations, according to a CA security researcher . The trojan is triggered when the Android device places or receives a phone call. It saves the audio file and related information to the phone's microSD card, and includes a configuration file with information on a remote server and settings used by the trojan. The malware also " drops a 'configuration' file that contains key information about the remote server and the parameters ," CA security researcher Dinesh Venkatesan writes in a blog, perhaps suggesting that the recorded calls can be uploaded to a server maintained by an attacker. According to the post, the trojan presents itself as an " Android System Message " that requires users to press an "Install" button for it to insert itself in the phone. Once installed, the trojan records all incoming and outgoing calls to a di...

Sun website 1000's users data stolen Britain's Rupert Murdoch-owned tabloid The Sun has sent a message to readers warning them that computer hackers may have published their data online after an attack on the paper's website last month. News International, News Group's parent company, issued a statement that said: " We take customer data extremely seriously and are working with the relevant authorities to resolve this matter.We are directly contacting any customer affected by this. " Hacking group LulzSec claimed responsibility for the cyber attack, which forced Murdoch's British papers to pull their websites and culminated in The Sun's site being replaced with a hoax story reporting the mogul had died. The company said it had reported the matter to the police and the Information Commissioner. The stolen information is believed to include names, addresses, dates of birth, email addresses and phone numbers. No financial or password data was comprom...