The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The United Kingdom Ministry of Defence website (www.qhm.mod.uk) hacked by two Null Hacking Crew members  @OfficialNull  and @Timoxeline  and They extracted data published online . The data dump include 3400 email addresses and passwords from Ministry of Defence portal. Hackers trying to trend  #FuckTheSystem hashtag on twitter and related it to all their hacks against UK government. Hacker wrote on note : " Your webmaster made a terrible mistake... You may criticize us on the simplicity of the vulnerability. But if you can get so much useful data so easily, why wouldn't you? " "We hope that all governments and organizations realize that #FuckTheSystem is definitely not a joke. We hope that you have the decency to grasp the concept of it. But hey... You're the government right... Just some butthurt little fags. This security just proves how much of a joke our governments are. " note continue. Hackers mention that, they hack the website ...

Adobe release updates for Flash Player on Windows, Mac, and Linux to address 7 recently identified critical security vulnerabilities. Updated version is now 11.5.502.110 for Windows or Mac OS X users or to 11.2.202.251 for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. A recent Q3 2012 Threat repor t from Kaspersky Lab showed that nearly 30% of the exploits circulating online are targeting Adobe products. Java vulnerabilities were exploited in more than 50% of all attacks. According to Oracle, different versions of this virtual machine are installed on more than 1.1 billion computers. CVE number of 7 critical Adobe Flash Player Vulnerabilities are CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5278, CVE-2012-5279, CVE-2012-5280. Adobe's advisory about this update is available here .

Security firm Trend Micro recent analyses the Russian crimeware markets and has found that malware tools and services range from one-time packages which cost just pennies to sophisticated packages and services which cost purchasers thousands of dollars per month. If you want to buy a botnet it will cost you somewhere in the region of $700. If you just want to hire someone else's botnet for an hour, though, it can cost as little as $2. There are at least 20 different types of services offered in Russian-speaking forums for just about anyone who wants to make a buck off of cybercrime, everything from crime-friendly VPN and security software-checking services to plain old off-the-shelf exploits. " As the Russian underground community continuously modifies targets and improves technologies, security companies and users must constantly face the challenge of effectively protecting their money and the information they store in their computers and other devices ," the ...

AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can't easily see. These "invisible" non-human identities (NHIs) now outnumber human accounts in most cloud environments, and they have become one of the ripest targets for attackers. Astrix's Field CTO Jonathan Sander put it bluntly in a recent Hacker News webinar : "One dangerous habit we've had for a long time is trusting application logic to act as the guardrails. That doesn't work when your AI agent is powered by LLMs that don't stop and think when they're about to do something wrong. They just do it." Why AI Agents Redefine Identity Risk Autonomy changes everything: An AI agent can chain multiple API calls and modify data without a human in the loop. If the underlying credential is exposed or overprivileged, each addit...

About five months ago, OLPC Project started a little experiment . They chose a village in Ethiopia where the literacy rate was nearly 0% and decided to drop off a bunch of Motorola Xooms there. The One Laptop Per Child project started as a way of delivering technology and resources to schools in countries with little or no education infrastructure, using inexpensive computers to improve traditional curricula. On the tablets, there was custom software that was meant to teach kids how to read. This experiment began earlier this year. Timeline of Experiment: 1st Four Minutes - One kid had opened the box and had figured out how to turn on the Xoom. In 1st Five Days -  The kids were using nearly 50 applications each every day. In Two Weeks - The kids were singing their ABC's in English. Now its 5th Month - They hacked the Motorola Xooms so they could enable the camera, which had been disabled by OLPC. OLPC founder Nicholas Negroponte at MIT Technology Review's EmTech confer...

A group of researchers has developed a side-channel attack targeting virtual machines that could pose a threat to cloud computing environments. Side-channel attacks against cryptography keys have, until now, been limited to physical machines, this attack is the first such attack demonstrated on a symmetric multiprocessing system virtualized using a modern VMM (Xen). A side channel is a form of information leakage that arises as a byproduct of resource exposure, such as the sharing of memory caches. A side-channel attack exploits such leakage to steal secrets, such as cryptographic keys. " In this attack, the researchers were able to extract a private ElGamal decryption key from the target VM's libgcrypt library; the target was running Gnu Privacy Guard. Over the course of a few hours of observations, they were able to reconstruct a 457-bit exponent accompanying a 4096-bit modulus with high accuracy. So high that the attacker was then left to search fewer than 10,000 possible...

According to the report from Bloomberg, In 2009, the FBI told Coca-Cola executives that hackers had broken into their computer systems, when a malicious link was emailed to a senior executive, but never revealed the incident. Hackers were able to spend a month operating undetected, logging commercially sensitive information. " Hackers had broken into the company's computer systems and were pilfering sensitive files about its attempted $2.4 billion acquisition of China Huiyuan Juice Group (1886), according to three people familiar with the situation and an internal company document detailing the cyber intrusion. " Bloomberg said . Coca-Cola, the world's largest soft-drink maker, has never publicly disclosed the loss of the Huiyuan information, despite its potential effect on the deal. Although the report claimed state-sponsored actors were involved, experts interviewed by the news wire said the attack had all the hallmarks of Comment a prolific Chinese hacking group. Re...

" Please don't mind, its 5th of November " slogan for today ! Anonymous Hackers hacked into " Telecom Italy " (www.telecomitalia.it) and dump Social Security Number, Social Insurance Number, 30000 credentials and lots of vulnerabilities exposed. In a blog post hackers said," Telecom Italy boasts 3000 XSS error and vulnerabilities that allow third parties to access the "htaccess" and other sensitive data. Anonymous will not publish sensitive information of individual users. This one can define a simple notice to show that you do not have appropriate security measures. In fact it is very simple appropriated credentials and social security numbers ." 3000 Cross site scripting ? wow its a huge number ! Hackers upload some paste regrading the hack as given below: 1.) Social Security Number and Social Insurance Number : Link 1 2.)  Some Credentials (sample only) : Link 2 In credentials disclosure we notice an interesti...

The Israeli military has set plans to boost its cyber warfare capabilities with a better Cyber Army by expand its Unit 8200. " It has become clear that the demand for soldiers in this field is growing, which is why we're searching for solutions not only in Israel but abroad as well ," a top officer in the Manpower Directorate. Unit 8200, Israel's equivalent to the NSA, is undergoing a massive expansion. The U.S. Army ad slogan may be: " The Army needs a few good men ." But IDF Unit 8200′s slogan is: " The IDF needs a few good hackers ." Actually not a few, more like hundreds if not thousands. The disclosure comes amid recent reports that the Israeli army is working to enhance its cyber-warfare abilities. Military intelligence chief Maj.-Gen. Aviv Kochavi is slated to invest 2 billion shekels (525 million U.S. dollars) to that end in the coming years. " The military officials are tasked to track "young computer geniuses" and persuade them to immigrate to Israel for...

5th November 2012 was the most exciting day in Cyberspace, yesterday we have report about few major hacks and leaks including Hacking of ImageShack Server , thousands of researchers database leak from Symantec portal, then  NBC Sports Rotoworld forums and NBC Mobile site was defaced by pyknic hacker and a claim that user names and passwords for the site had been compromised, Anonymous leaks the VMware ESX Server Kernel source code online , numerous Australian sites, and the Organization for Security and Cooperation in Europe. The Guy Fawkes Day start with the hack of  28,000 Paypal Accounts. AnonymousPress tweeted , " Paypal hacked by Anonymous as part of our November 5th protest privatepaste.com/e8d3b2b2b1 #5Nov " (File Removed now) Private Paste documents contained 27,935 entries from Paypal database table " mc_customers " including emails, names, passwords (encrypted) and corresponding telephone numbers. However acc...

Hackers hack into ImageShack server and expose all the files online, moreover Antivirus Company Symantec's portal also hacked by them and complete database of all 1000's of researchers dumped in a pastebin File. One of the hacker behind this hack avilable on twitter at  @ Doxbin . Hacker expose content of few most important files of the server, like /etc/passwd ,  /etc/shadow , Content list of ImageShack Web directory (/home/image/www) and many more. Hacker claimed to use some zero day vulnerability in order to get into the server. Whereas in  Symantec case, hackers leak complete database from online portal. Database information includes Phone numbers, email, domain, password, Name, Username etc. According to Hackers write up that exploit unknown zero-day bug of ZPanel used by Symantec to get into server. In same operation, hackers target  CrytoCC website (https://kerpia.cryt...