The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

FBI's Cyber Division has a new and sharper focus on cyber-intrusion ," You are one click from compromising your network " FBI said. Giving priority to the labeling of suspects follows claims by the Pentagon that the military now has the capability to single out and retaliate against hackers. FBI over the past year has put in place an initiative to uncover and investigate web-based intrusion attacks and develop a cadre of specially trained computer scientists able to extract hackers digital signatures from mountains of malicious code. " A key aim of the Next Generation Cyber Initiative has been to expand our ability to quickly define the attribution piece of a cyber attack to help determine an appropriate response ", said Richard McFeely , executive assistant director of the Bureau's Criminal, Cyber, Response, and Services Branch. Investigators can send findings to the FBI Cyber Division's Cyber Watch command, a 24-hour station at headquarters, where sp...

16.0.2 Firefox is now available for anyone who wants to try before anyone else. Mozilla address one serious vulnerability. According to the information security of Mozilla, they has fixed a number of issues related to the Location object in order to enhance overall security. The Location object is supported by all major browsers and contains information about the URL being requested. Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users. Another issue centers on the CheckURL function, which if exploited could be used during an XSS attack or to execute malicious code. On Oct. 9, Mozilla released Firefox 16, but quickly pulled it back after a serious vulnerability was discovered. It was quickly addressed, but not before exploit code was made available. Generally Firefox of...

Image Credit : Sophos Microsoft committed itself a Trustworthy Computing program, each new version of Windows has introduced new security features and significantly improved its security posture, whereas phisher took advantage of this new exclusive release. Sophos noticed a mail pretending to come from " Microsoft Windows 8 Team ", and offering a free version of Windows 8 to victim and if you click the link ..on next page a page hosted on Slovakian web server will ask you to enter your username, password, email address and server domain name. Global phishing attacks increased by 12 percent during the first half of this year compared with the second half of 2011, to 93,462 from 83,083.  Phishing attacks are most common and taking advange of hot cakes is also not new. We recommend readers to delete such mails and Do not click on such link which offer's free stuff like Windows or softwares. Attacks decreased, however, compared with the first half of 2011...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

Collective hacking group Anonymous  leaks username-passwords  and classified documents from Greek Finance Ministry server. Just a few days before the Greek Parliament is scheduled to vote on a $17.45 billion spending cut and tax hike plan. Attack was carried out under anonymous operation named - #opGreece . The leaked documents include various classified data from e-mails that were exchanged between the Greek Ministry and envoys from international lenders negotiating more austerity measures and bailouts, to thousands of passwords of Greek individuals and evaluations of banks. " The cyber-attack was described as one of the most serious against Greek government networks " secnews.gr said in report .  The attackers claim that they wanted to expose the date on the state of Greek economy so that all Greeks know the truth and thus just days before the 13.5-billion-euro austerity package goes to Parliament for voting. " Citizens of Greece you are paying Ba...

Japanese police had arrested three people, accused them of making death threats via email and discussion forums. However, later Researchers at Symantec have determined that a piece of malware was making death and bomb threats online on behalf of its victims infected. Symantec  confirmed that the malware " Backdoor.Rabasheeta " is capable of controlling a compromised computer from a remote location and the creator has the capability to command the malware to make the threats like bomb and murders. The most curious thing about this particular dropper is that it comes with a graphical user interface (GUI). The dropper for Backdoor.Rabasheeta drops a main module and a configuration file. The dropper creates a registry entry so that the main module is executed whenever the compromised computer starts. This dropper also modifies CreationTime, LastWriteTime, and LastAccessTime of the main module with random values to help keep it hidden. Then the dropper will execute the...

Hacking Group Anonymous has threatened to target Zynga, according to a post on the group's official news channel and a since-deleted YouTube video (but it was removed because it was considered a "violation of YouTube's policy on depiction of harmful activities") which suggests that the social game company is planning further layoffs which threaten to bring about " the end of the US game market as we know it ". Zynga announced plans to lay off 150 employees last week and shut down a number of its offices, as it looks to make savings of between $15 and $20 million. The operation, dubbed maZYNGA, will consist of the shutting down of Facebook - the platform on which Zynga games are hosted - and the distribution of previously obtained Zynga game codes for free. " During the last few days anonymous has been targeting Zynga for the outrageous treatment of their employees and their actions against many developers. We have come to believe that this actions of Zynga will res...

A group has hacked the French website for the EuroMillions lottery (https://euromillions.fr/) with warnings denouncing gambling as the work of the devil. A group going by name " Moroccanghosts ", posted the message in Arabic and French  - " Oh you believers. Wine, games of chance, statues all augur impurity and are the work of the devil. " It exhorted people to quit gambling, saying it was used by the devil along with alcohol to " sow hatred between yourselves and turn you away from God and prayer ". The company behind the site, Francaise des Jeux, took the passage down and the site was unavailable from last 12 hours later, but now Euromillions.fr  redirects to https://www.fdj.fr , the secure website of the firm that runs the Euromillions lottery in France. The Twitter user Moroccanghosts appeared to threaten that other gambling sites could be next. So there may be more attacks. France has a population of 65 million, including an estimated four million Mu...

So you just bought a new Android-based smartphone, what comes next? What else but the most exciting part downloading the right apps to boost its functionality. Android gives you the freedom to personalize your device, which has made it attractive to those who want their smartphones to be as unique as possible " Many apps will ask you to grant them network access so they can download updates. Others seek permission to read your phone's state and identity so calls won't disrupt them from doing what they're doing. Unfortunately, these permissions can be abused for criminal intentions. " Trendmicro  said in report. Before android applications was abusing permissions to access user's personal data, but now new generations of adware targeting Android smartphones are increasingly violating user privacy by grabbing personal information and using it without permission. Adware is software that is used to gather information about the users. This ...

Raymond announce X-Ray 2.0, a program which is frontend for VirusTotal multi scanner. X-Ray will provide users with automatic submission of files that you think are suspicious to 35 (Agnitum, Antiy Labs, Avast, AVG, Avira, Bitdefender, QuickHeal, ClamAV, Comodo, Dr.Web, Emsisoft, ESET, F-Prot, F-Secure, Fortinet, Hacksoft, Ikarus, K7Antivirus, Kaspersky, Kingsoft, McAfee, Microsoft, Norman, nProtect, Panda, PC Tools, Rising, Sophos, SUPERAntiSpyware, Symantec, TotalDefense, TrendMicro, VBA32, Vipre, ViRobot). Key Features: - Abort upload progress - Retrieve latest scan report from VirusTotal (API 2.0) - Send file to VirusTotal for scanning (API 2.0) - Automatic failover when chosen method for sending files to VirusTotal fails. - Two methods of sending files to VirusTotal (Email and API) - Copying MD5 hash and results to clipboard via right click context menu. - History (VirusTotal detection report and Analysis Submission date & time) - Clear History - Change submission m...

Symantec provide overview and analysis of the year in global threat activity via its Internet Security Threat Report (ISTR) , with a exclusive details that 400 million new variants of malware were created in 2011, which is an average of 33 million new variants of malware a month, or an average of one million new variants a day. The report is based on data from the Global Intelligence Network, which Symantec's analysts use to identify, analyze, and provide commentary on emerging trends in attacks, malicious code activity, phishing, and spam. Here are some highlights from the threat landscape of 2011. " It is impossible to manually analyze such a large number of sample files, so it is therefore necessary to use an automated threat analysis system to analyze sample behavior and prioritize the files that virus definitions should be created for ." Symantec said in a blog post. Political activism and hacking were two big themes in 2011 themes that are continuing into 2012...