The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Today was the day that Hector Xavier Monsegur, a.k.a. Sabu, Xavier DeLeon, and Leon, was supposed to be sentenced for the 12 counts of computer hacking conspiracies and other crimes he pleaded guilty to, including the infamous hacks of HBGary Federal, HBGary, Sony, Fox, and PBS, but he has had his sentencing delayed, perhaps as a reward for assisting the US police with their enquiries and investigations. Monsegur allegedly rooted out the vulnerabilities used in the hacks conducted by LulzSec, which went on a high-profile tear in 2011 that exposed emails, documents, and other information of its victim organizations. Sabu is the hacker nom de plume of 28-year-old New Yorker Hector Monsegur, an unemployed father of two who allegedly commanded a loosely organized, international team of perhaps thousands of hackers from his nerve center in a public housing project on New York's Lower East Side. According to the FBI, he could face a maximum sentence of 124 years and six months for 12 offe...

The U.S. Department of Homeland Security has issued an alert warning that hackers could exploit code in Siemens-owned technology to attack power plants and other national critical infrastructure. Justin W. Clarke, an expert in securing industrial control systems, disclosed at a conference in Los Angeles on Friday that he had figured out a way to spy on traffic moving through networking equipment manufactured by Siemens' RuggedCom division. RuggedCom, a Canadian subsidiary of Siemens that sells networking equipment for use in harsh environments such as areas with extreme weather, said it was investigating Clarke's findings, but declined to elaborate. Clarke said that the discovery of the flaw is disturbing because hackers who can spy on communications of infrastructure operators could gain credentials to access computer systems that control power plants and other critical systems. According to security researcher Justin W. Clarke, Rugged OS contains the same private key used...

Websense ThreatSeeker Network intercepted a malware campaign targeting BlackBerry customers. These fake emails state that the recipient has successfully created a BlackBerry ID. According to Security Labs , those users who are targeted receive an email with the subject line " Your BlackBerry ID has been created ." The email encourages users to follow instructions in the attached file on how to " enjoy the full benefits " of their ID. The malware comes attached to an email that is an exact copy of the email you receive when creating a new BlackBerry ID. It teases you by asking you to download an attachment that allows you to fully appreciate the BlackBerry user experience. Those who open the attached .zip file will drop a handful of executable files that will modify the system registry to start malware programs upon the machine's next startup.

Police on Thursday rounded up 357 foreigners accused of duping Taiwanese and Chinese citizens in an online scam in what an official described as the largest single-day operation against organized crime in the country.  Director Samuel Pagdilao Jr., CIDG director, said CIDG and Paocc agents led by Senior Supt. Ranier Idio raided 20 houses in several subdivisions in Quezon, Manila, Marikina, Cainta and Antipolo cities at around 6:30 a.m. on Thursday and they rounded up the foreigners. The suspects were brought to the Police National Training Institute (PNTI) in Camp Vicente Lim in Laguna. They face charges for violating the Access Device Act. The syndicate's operations involve the use of the internet, wherein the group will call unsuspecting victims in China, claiming that they represent police, prosecutor's office, courts, insurance companies, banks, and other financial institutions. The syndicate raked in at least P20 million ($472,000) each day using the scam, Pagdilao said...

Vehicles are becoming more and more reliant on computers for efficiency, safety systems, and infotainment systems. Most vehicles on the market today use throttle-by-wire systems, where the onboard computer controls the throttle of the vehicle. Toyota has had problems in the past with so-called unintended acceleration, with many pointing fingers at the electronic systems in the car. Intel's McAfee unit, which is best known for software that fights PC viruses, is one of a handful of firms that are looking to protect the dozens of tiny computers and electronic communications systems that are built into every modern car. McAfee, makers of the popular anti-virus software, are just one of the teams looking to protect automobiles from many bugs and viruses which could wreak havoc on the tiny computers inside modern cars. " You can definitely kill people ", said John Bumgarner, chief technology officer of the U.S. Cyber Consequences Unit, a non-profit organization that helps companies an...

The Windows version of Crisis , a piece of malware discovered in July, is capable of infecting VMware virtual machine images, Windows Mobile devices and removable USB drives, according to researchers from antivirus vendor Symantec.The installer was actually a Java archive (JAR) file which had been digitally signed by VeriSign. Crisis is distributed via social engineering attacks that trick users into running a malicious Java applet. The applet identifies the user's OS, Windows or Mac OS X and executes the corresponding installer. " The threat uses three methods to spread itself: one is to copy itself and an autorun.inf file to a removable disk drive, another is to sneak onto a VMware virtual machine, and the final method is to drop modules onto a Windows Mobile device ," Symantec explained in a blog post . Malware authors are putting significant efforts into making sure that new variants of their Trojan programs are not detected by antivirus products when they are released. Also...

The website of  the Moscow district court that sentenced three members of the band Pussy Riot to jail has been attacked by hackers posting anti-Putin messages. As well as the anti-Putin slogan Anonymous Russia posted an appeal for the band's release as well as a video clip of one of the band's songs.The slogan read: " Putin's thieving gang is plundering our country, wake up comrades! " In a message posted on the website, the hackers said the in Russian that :  We are American group Anonymous. We don't forget and we don't forgive. Justice system has to be transparent. Pussy [Riot's members] are alive. Another caption called for the release of the band's jailed members - Nadezhda Tolokonnikova, 22, Marina Alyokhina, 24, and Yekaterina Samutsevich, 30. Jude Marina Syrova said that the women had grossly violated public order and " deeply insulted the faith of the believers with their disrespectful criminal act " when they took over a church pulpit in Moscow's Chri...

The amount of malware crafted and aimed at Android devices is ever-increasing. With Android being the most popular platform for smartphones and tablets around the world, Android users have become the low-hanging fruit when it comes to writing malware by the nefarious users. A new Android threat has affected 500,000 devices in China so far. Analysts at TrustGo Security Labs have discovered the Trojan!SMSZombie.A. It is a complex and sophisticated malware that exploits a vulnerability in the China Mobile SMS Payment System to fund unauthorised payments, steal bank card numbers and receipt information regarding money transfers. The trojan is difficult to detect, and even more difficult to remove.  SMSZombieA was first discovered on August 8, and the malware is embedded in several wallpaper apps. The wallpaper apps are noted to use provocative titles and nude images to encourage users to download. The trojan installs itself on a device after its user has downloaded and installed the...

AuthenTec, a leading provider of mobile and network security, today introduced a new security offering that provides military-grade encryption to data stored on today's Android smartphones and tablets without sacrificing device performance. AuthenTec's MatrixDAR(TM) for Android meets the stringent requirements of FIPS 140 certification.  MatrixDAR allows for full disk encryption in both the device and its storage media and incorporates AuthenTec's SafeZone software. This expands the company's security services for data-in-transit over SSL and IPSec connections and data-as-rest stored on a mobile device. It prevents unauthorized access and renders the smartphone or tablet useless if lost or stolen. AuthenTec offers the product for OEMs to directly install on devices, allowing IT departments to avoid installation of separate encryption software. " Our new MatrixDAR offering gives smartphone and tablet OEMs the ability to easily integrate military-grade FIPS 140-cert...

It is now possible to hack the human brain ? YES ! This was explained researchers at the Usenix Conference on Security, held from 8 to 10 August in Washington State. Using a commercial off-the-shelf brain-computer interface, the researchers have shown that it's possible to hack your brain, forcing you to reveal information that you'd rather keep secret. In a study of 28 subjects wearing brain-machine interface devices built by companies like Neurosky and Emotiv and marketed to consumers for gaming and attention exercises, the researchers found they were able to extract hints directly from the electrical signals of the test subjects' brains that partially revealed private information like the location of their homes, faces they recognized and even their credit card PINs. Brain-computer interface or BCIs are generally used in a medical setting with very expensive equipment, but in the last few years cheaper, commercial offerings have emerged. For $200-300, you can buy an Emotive...