The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Another Cyber attack on Sony this year, Hacking group called " NullCrew " hack into one of the biggest site of Sony mobile website (www.sonymobile.com) and leak complete database on Internet. Nullcrew releasing their hack dumps from their official twitter account @OfficialNull. The dump of database released on Pastebin with a small note from Hackers as given below: Sony, we are dearly dissapointed in your security. This is just one of eight sony servers that we have control of. Maybe, just maybe considering IP addresses are available. Maybe, just maybe it's the fact that not even your customers can trust you. Or maybe, just maybe the fact that you can not do anything correct technologically Stats of Dump: 441 Members Username with Email Addresses  24 User names with Hashed password from Think_Users table  3 Admin user data from admin_user table Not just Sony, Nullcrew recently hack into Cambodia Army website and dump database. " Recently the co-founder ...

Adobe has released an update for Photoshop CS6 that closes a critical heap-based buffer overflow vulnerability ( CVE-2012-4170 ) in its popular graphics editing program. Both the Mac and Windows versions of Photoshop CS6 (aka Photoshop 13.0) contain a critical vulnerability that could allow an attacker to take control of affected systems. Furthermore, company officials say Adobe is unaware of any attacks against this vulnerability.That said, the Photoshop 13.0.1 update contains 75 other bug fixes, including 31 for problems known to cause crashes, 18 pertaining to 3D features, and 15 for drawing and graphics features. Adobe said that users and administrators can download and install the patch by lunching the "update" tool within the Photoshop help menu.The company credited a pair of Secunia researchers in discovering and reporting the flaw directly. According to a Secunia advisory , the problem is caused by a boundary error in the "Standard MultiPlugin.8BF" modul...

Gottfrid Svartholm Warg , one of the founders of the file sharing website The Pirate Bay has been arrested in Cambodia after an international warrant was issued following a conviction in Sweden for copyright violations. The Swedish foreign ministry has confirmed only that a Swedish man "in his thirties" has been arrested in Phnom Penh. In May 2006, police seized The Pirate Bay's servers from the ISP PRQ's headquarters in Stockholm. Since then, the file-sharing site appeared in the headlines, especially after the high-profile trial in 2008 in which the principals were sentenced to prison terms and hefty damages. The ruling was appealed, but in February 2012, the Supreme Court not to discuss the case further. Svartholm Warg's lawyer Ola Salomonsson confirms that it is TPB-founder who now sits arrested, but says he does not know for what reason.Sweden has no formal extradition treaty with Cambodia, but that does not mean Svartholm Warg is safe. According to lawyer ...

The two students accused of Sony Pictures hack participated in Cyber Defense Competition team exercises at the University of Advanced Technology in Arizona. US authorities have reportedly arrested a second suspected member of hacking group LulzSec on charges of taking part in an extensive computer breach of Sony Pictures Entertainment. Raynaldo Rivera, 20, of Tempe, Arizona, surrendered to the FBI in Phoenix six days after a federal grand jury in Los Angeles returned an indictment charging him with conspiracy and unauthorised impairment of a protected computer. In September 2011 charged Cody Kretsinger, then 23, with being Recursion. This week, meanwhile, the FBI announced the arrest of Raynaldo Rivera, 20, after he was recently indicted by a federal grand jury on charges of conspiracy and the unauthorized impairment of a protected computer. Two men who've been arrested on charges that they hacked into the website of Sony Pictures Entertainment and posted stolen data studi...

Kaspersky Lab publishes research resulting from the digital forensic analysis of the hard disk images obtained from the machines attacked by the Wiper - a destructive malware program attacking computer systems related to oil facilities in Western Asia. Security researchers from Kaspersky Lab have uncovered information suggesting a possible link between the mysterious malware that attacked Iranian oil ministry computers in April and the Stuxnet and Duqu cyber espionage threats. The malware wipes data from hard drives, placing high priority on those with a .pnf extension, which are the type of files Stuxnet and Duqu used, and has other behavioral similarities, according to Schouwenberg. It also deletes all traces of itself. As a result, researchers have not been able to get a sample, but they've reviewed mirror images left on hard drives. Kaspersky's researchers were not able to find the mysterious malware, which was given the name Wiper, because very little data from the aff...

Months after Hewlett-Packard originally announced the open-source version of WebOS , the beta version of the platform is on its way out the door. Friday's release includes two environments for developers.  The first is the desktop build, which is boasted to provide "the ideal development environment" for designing the webOS user experience with more features and integrating other open source technologies on the Ubuntu desktop. The second is the OpenEmbedded build for porting webOS to new devices. Equipped with an ARM emulator for running db8 and node.js services, HP cited that it included OpenEmbedded because of its "widespread community adoption" and cross-compiling support for embedded platforms. The news is getting announced in a blog post : " It has taken a lot of hard work, long hours and weekend sacrifices by our engineering team to deliver on our promise and we have accomplished this goal ," the developers write on the site devoid of any HP branding. T...

Oracle released an emergency patch on Thursday for previously unknown Java vulnerabilities that cybercriminals had targeted with popular exploit kits within hours after the bugs' existence became public, security researchers found yet another vulnerability that can be exploited to run arbitrary code on systems that have the runtime installed. Security researchers from Poland-based security firm Security Explorations claim to have discovered a vulnerability in the Java 7 security update released Thursday that can be exploited to escape the Java sandbox and execute arbitrary code on the underlying system. While so far the vulnerability has only been found being used against Windows, other platforms such as the Mac OS could potentially be targeted through the same exploit. Security Explorations sent a report about the vulnerability to Oracle on Friday together with a proof-of-concept exploit, Adam Gowdiak, the security company's founder and CEO said Friday via email. The compa...

The Air Force Life Cycle Management Center posted a broad agency announcement recently, calling on contractors to submit concept papers detailing technological demonstrations of 'cyberspace warfare operations' capabilities.  Air Force is seeking to obtain the abilities to 'destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries' ability to use the cyberspace domain for his advantage' and capabilities that would allow them to intercept, identify, and locate sources of vulnerability for threat recognition, targeting, and planning, both immediately and for future operations. According to the document the issuing Program Office "is an organisation focused on the development and sustainment of Cyberspace Warfare Attack capabilites that directly support Cyberspace Warfare capabilities of the Air Force." Technologies that can map data and voice networks, provide access to the adversary's information, networks, systems or devices, manip...

Reports have surfaced that liquified natural gas (LNG) producer RasGas , based in the Persian Gulf nation of Qatar, has been struck by an unidentified virus, this time shutting down its website and email servers. The malware, however, did not affect the company's operational computers that control the production and delivery of gas, an official of the Ras Laffan Liquefied Natural Gas company. The attack reportedly began Aug. 27. The RasGas website was still unavailable on Thursday, three days after the attack. For the second time in two weeks a virus outbreak has been reported at an energy company in that region. Earlier this week the Saudi Aramco oil company confirmed that its network was hit by a virus two weeks ago, shutting down 30,000 workstations. Neither company identified the virus, but in at least one of the cases it is believed to be malware known as "Shamoon." A joint venture between Qatar Petroleum and ExxonMobil, RasGas exports about 36.3 million tons of liq...

Oracle has released a new patch which kills off a vulnerability in Java 7 that was being exploited by malware developers. " Due to the high severity of these vulnerabilities, Oracle recommends that customers apply this Security Alert as soon as possible ," Eric Maurice, the company's director of software security assurance. The out-of-band Security Alert CVE-2012-4681 includes fixes for "three distinct but related vulnerabilities and one security-in-depth issue" affecting Java running within the browser. Users with vulnerable versions of Java installed can have malware silently planted on their systems just by browsing to a hacked or malicious website unknowingly.Java is a free programming language widely used to enable every day programs and website elements to function, including some games, apps and chat, as well as enterprise apps. The attacks using this vulnerability so far have been Windows-based, the exploit was demonstrated on other platforms supported by Java...