The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Intego discovered a Multiplatform Java  Malware called " Jacksbot " , which is infecting Windows, Linux and Mac systems. The Jacksbot is described as a 'backdoor Trojan Java "on infected computers and collects system information, make screenshots, delete files, steal passwords and perform click fraud and DDoS attacks. Researchers said,Although it can run on any platform that supports JRE, It appears likely that this trojan is intended to be dropped by another component that has not yet been identified. " There is a possibility that this malware presents itself as a Minecraft modification to unsuspecting users as it contains the special command 'MC for stealing Minecraft passwords from the compromised system ," Johanne Demetria explain in post . " However, the malware's focus is mainly on Windows. The malware writers behind JACKSBOT may just be testing the waters for a successful multiplatform malware; however for now they appear to be unwilling to invest th...

Japanese police arrested five mobile applications developers for creating and embedding a virus into smartphone applications. According to The Metropolitan Police Department, Intial reports said that about 90,000 smartphones  users were infected with a virus lurking in applications they downloaded, But later they found that developers stole more than 10 million pieces of personal information from users mobile. These guys runs an IT-related company, they created a video applications for Android smartphones containing a virus that extracts personal information stored on the phone. The man released the apps on Google Inc.'s official store for free in late March and was downloaded 270,000 times. The free apps were marketed to customers by affixing the phrase " The Movie " to existing popular game titles. When the apps are downloaded and activated, they can automatically transmit personal data. The stolen information found on the server has not been used by the malware ...

FBI have arrested 14 people over the theft of $1 million from Citibank using cash advance kiosks at casinos located in Southern California and Nevada. Authorities say the suspects would open accounts at Citibank, then go to casinos in California and Nevada and withdraw the money from cash-advance kiosks as many times as they could in a 60-second span. Someone had figured out that a glitch prevented Citibank from recording the extra withdrawals. FBI agents assisted by the Glendale Police Department and the Los Angeles Police Department arrested 13 of the defendants in the Los Angeles area Wednesday and Thursday. The suspects used the money to gamble and were given comped hotel rooms because of the amount they were spending, according to the FBI. Withdrawals were kept under $10,000 to avoid federal transaction reporting requirements, the FBI release read. FBI Special Agent in Charge Daphne Hearn commented, " While advancements in technology have created a world of...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

An obscure group identifying itself as the Izz ad-din al-Qassam Cyber Fighters claimed responsibility for the first wave of attacks as retaliation for the amateurish Innocence of Muslims film that mocked the Islamic prophet Mohammed and sparked protests throughout the Middle East.  Who's really responsible for a recent series of cyberattacks on American banks? A few days back US Defense Secretary Leon Panetta said Iran is responsible for cyberattacks launched against Saudi Aramco and RasGas and US banks. While Panetta did not directly link Iran to the Persian Gulf attacks, he later noted that Iran has " undertaken a concerted effort to use cyberspace to its advantage. " Today, Iran's defense minister said, The United States is the source of cyber terrorism. " and intends to pave the way for increasing its activities in relation to cyber terrorism through diverting attention and leveling accusation, " Defense Minister Ahmad Vahidi. The Iranian defens...

In march 2011 CERT-Georgia has Discovered Cyber Espionage Attack Incident on country of Georgia.  Advanced Malicious Software was Collecting Sensitive, Confidential Information about Georgian and American Security Documents and then uploading it to some of Command and Control Servers. After a challenging investigating by CERT-Georgia researchers they found that this attack was linked Russian Official Security Agencies, Moreover investigators was able to turn on the webcam of mastermind behind the malware and they caught him on camera. Hacker hack some Georgian news sites and inject " Georbot Botnet " behind that, after visiting that page most of the readers get infected and malware take control of their systems. Malware was able to send any file from the local hard drive to the remote server, Steal certificates, Record audio using the microphone and web cams,  Scan the local network to identify other hosts on the same network. Malware was...

Last month we reported a worm targeting Skype users with spam messages designed to infect machines with the Dorkbot ransomware has been discovered. This malware is spreading through a question/ phrase sent to the users by someone and the question is: " lol is this your new profile pic? " Same spam now targeting most of the Indian skype users, Indian CERT (Computer Emergency Response Team) issue a warning about this ongoing spam attack via advisory. A number of Indians use 'Skype' to communicate with their friends, relatives and other contacts within and outside the country. " A malicious spam campaign is on the rise targeting Skype users by sending instant message which appears to come from friends in the Skype contact list ," the advisory reads. Security researchers from Avast had intercepted this Darkbot malware campaign, and they estimate that this affecting millions of Skype users. " The worm is reported as stealing user credentials, engaging in click fr...

Windows 8 launched in 37 languages and 140 worldwide markets, as the tech giant unveiled the new version of its computer operating system. The OS is now available in over 30 certified devices, and a broad selection of local apps are already available in the onboard Windows Store. It is also available for download onto PCs and other devices running previous iterations of Microsoft's Windows OS. Microsoft is currently running a special promotion upto 31st of January 2013, under which you can upgrade to Windows 8 Pro Edition for a very small amount. If you have purchased / are going to purchase a Personal Computer which is pre-loaded with genuine version of Windows 7 (any edition), then you are eligible to get Windows 8 Upgrade (Pro Edition) for $14.99 (US Dollar) or £14.99 (British Pounds) or €14,99 (Euros) or INR 699 (Indian Rupees). But because of a flaw in website providing promo code, now anyone is able to get the promo code, using which user can updrade his windows with...

78% of vulnerabilities are found in third-party programs. Security teams cannot monitor all of them manually or determine which ones are critical to their organization. Secunia, the leading provider of IT security solutions that enables businesses and private individuals to manage and control vulnerability threats, today announced the general availability of the new version of Secunia's Vulnerability Intelligence Manager, the VIM 4.0. The Secunia VIM 4.0 is the latest evolutionary step in the technology Secunia has developed to help organizations handle vulnerabilities and protect business critical information and assets against potential attacks. Because it covers more than 40,000 software systems and applications, the VIM 4.0 solution provides the most comprehensive intelligence about software vulnerabilities available to organizations, ensuring that all security threats can be dealt with before the IT infrastructure is compromised by cybercriminals . "  We're v...

Recently we reported about that  Symantec provide overview and analysis of the year in global threat activity via its Internet Security Threat Report (ISTR) , with a exclusive details that 400 million new variants of malware were created in 2011, which is an average of 33 million new variants of malware a month, or an average of one million new variants a day. In order to develop malware that evades detection by the security companies malware writers come up with some clever, yet quite simple techniques. If malware stops itself when it detects that it is running in a virtual environment, it may trick an automated threat analysis system into thinking that it is a clean program. So malware may not only fool automated threat analysis systems, but also a corporate system administrator who is searching for computers compromised by malware. Malware authors have recently attempted to use other approaches to fool automated threat analysis systems as well. Latest example of su...

Matthew Higgins, now 20 and a university student, hacked into his school computer system to obtain a girl's details and then boasted on a hackers' forum. Matthew is son of a police inspector. Caernarfon Crown Court heard it was the case of a clever young man caught red-handed. The defendant says there is a conspiracy to fabricate evidence against him. Matthew first hacked the girl's file and then did a fake mail. In mail he claimed to be a constituent suggesting there was an insecure internet system at the school. " Mr Higgins denies securing unauthorised access to computer data at Eirias High School in March last year and attempting to do so again two months later ." BBC said. The prosecution accused Mr Higgins of having "played a game of bluff and smoke screens" and trying to portray himself as a victim. The trial is continuing.