The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A vulnerability in different versions of Microsoft's widely used browser Internet Explorer can allow hackers to track the movements of your mouse. Microsoft is investigating reports of a mouse-tracking flaw that puts virtual keyboards and keypads at risk to remote monitoring. Spider.io, a UK-based company in the advertising analytics field, alleged that two unnamed companies are improperly using a flaw that allows them to track whether display advertisements, sometimes buried far down in web pages, are actually viewed by users. Almost every US-based user of Internet Explorer will have their mouse cursor tracked via this exploit almost every day they browse the web. Microsoft has confirmed that every version of Internet Explorer, from version 6 dating back to 2001 up to 10, released this year, is vulnerable. How this works ? All a hacker needs to do is, buy a ad space on any webpage and wait until a user visits it. If the tab remains open, the hacker has continuous access to use...

This Friday I was working with my co-security researcher " Christy Philip Mathew " in +The Hacker News  Lab for testing the Cookie Handling Vulnerabilities in the most famous email services i.e Hotmail and Outlook. Well, both are merged now and part of the same parent company - Microsoft, the software giant.  Vulnerability allows an attacker to Hijack accounts in a very simple way, by just exporting & importing cookies of an user account from one system to attacker's system, and our results shows that even after logout by victim, the attacker is still able to reuse cookies at his end. There are different way of stealing cookies, that we will discuss below. In May 2012, another Indian security researcher Rishi Narang claimed similar vulnerability in Linkedin website. Vulnerability Details Many websites including Microsoft services uses cookies to store the session information in the user's web browser. Cookies are responsible for main...

A former University of Georgia (UGA) student under investigation for allegedly hacking into the school's computerized personnel records system committed suicide last month. Stell attended classes at UGA between 2005 and 2007. The Data breach was carried out around two months back near 15th October and that may have led to compromised Full names and Social Security numbers, along with additional sensitive data of 8,500 current and former school employees. According to reports , an investigation into the security breach was ongoing when the suspect, Charles Staples Stell , 26, was found dead at his home in Athens on Nov. 7. The UGA Police Department's computer forensics team was investigating the hack. They said, There is no evidence that the compromised data were used to commit additional crimes. The employee files involved in the security breach were found under the control of Stell during the ensuing forensic evaluation of evidence obtained during the course of the invest...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

Japan's National Police Agency has offered a monetary reward for a wanted hacker, use programming languages like C# to create a virus called " iesys.exe " and Hijack systems of innocent people to post aggressive messages on Internet on behalf of Users.  Method called a " Syberian Post Office " to post messages to popular Japanese bulletin board. Hacker use cross-site request forgery exploit, that allow hackers to making online postings via innocent users automatically. The messages included warnings of plans for mass killings at an elementary school posted to a city website. It is the first time that Japan's National Police Agency has offered a monetary reward for a wanted hacker  and will pay up to 3 million yen (US$36,000). The case is an embarrassing one for the police, in which earlier this year four individuals were wrongly arrested after their PCs were hacked and used to post  such messages on public bulletin boards. " Up until now t...

The Homepage of BSNL ( Bharat Sanchar Nigam Limited ) https://www.bsnl.co.in/ was hacked today morning by hacking group Anonymous.  BSNL is an Indian state-owned telecommunications company, the largest provider of fixed telephony and fourth largest mobile telephony provider in India, and is also a provider of broadband services. The website's homepage was hacked saying, "  Hacked by Anonymous India,  support Aseem trivedi (cartoonist) and alok dixit on the hunger strike,  remove IT Act 66a,  databases of all 250 bsnl site has been deleted .............Do not think of BACKUP "  with a images of Mr. Aseem while he was arrested by Police. Hack was performed by Anonymous India hacking group and claiming to hack whole server, with 250 Databases. Hacker wrote on deface page, that they deleted all the databases and dump credentials of BSNL database servers in a pastebin File . Analyzing the dump of database After analyzing ...

The U.S. Department of Justice said on Tuesday that they've arrested 10 suspects from from Bosnia and Herzegovina, Croatia, Macedonia, New Zealand, Peru, the United Kingdom, and the United States involved in a global botnet operation that infected more than 11 million systems. The ring is said to have caused more than $850m in losses in one of the largest cyber crime hauls in history. Officials said international cyber crime rings linked to Butterfly (aka Mariposa) botnet, first discovered in December 2008 and shut down a year later, infected over 12 million PCs worldwide and was spread primarily through file-sharing and instant messaging attacks. It also harvested financial information from over 800,000 victims. FBI said , " Facebook's security team provided assistance to law enforcement throughout the investigation by helping to identify the root cause, the perpetrators, and those affected by the malware. Yahos targeted Facebook users from 2010 to October 2012, a...

Some 22,300 purported student and staff records held by the Australian Defence Force Academy were stolen and published online last month. A member of the Anonymous group, known as Darwinaire , is claiming responsibility for the theft. The systems were compromised in November, with UNSW notifying staff and students within a day, but has only now come to light. Among the victims are hundreds of senior officers in the army, navy and air force, as well as military personnel from other nations who are enrolled at the academy. Hacker express the lack of security as '' I know, right, very surprised I didn't get kicked out. So simple, took like three minutes , ''. The University of Canberra in which the ADFA resides had warned students of possible phishing attacks but said the compromised passwords were mostly redundant.  Darwinare, who describes himself as ''black hacker'', has previously breached the networks of online bookstore Amazo...

The Izz ad-Din al-Qassam Cyber Fighters published a new message on their Pastebin profile , warning of a new round of cyber attacks against U.S. financial institutions, beginning this week. In September and October , al-Qassam launched widespread distributed denial-of-service (DDoS) attacks against numerous banking websites . A Bank of America spokesperson told that the bank is " aware of the reports of possible cyber attacks and [is] monitoring [its] systems, which are fully operational .". Hacker said in new warning note ," After stopping one month attack of Izz ad-Din al-Qassam Group to American banks, today, this group has announced a new cycle of attacks, via an Email which has been sent to us, and has acclaimed that its aim is to compensate guilty offends to holy Prophet of Islam, Mohammad(PBUH). Also, in internet conversations earlier, this group had been stated that these attacks won't stopped and even in new announcements, it's been marked that there will b...

With the release of the Microsoft security bulletins for December 2012, Company flag total 7 updates for Windows users, where one is rated as critical that could lead to remote code execution, where as other two are rated as important which fix flaws that could result in the operating system's security features being bypassed. All of the IE fixes involve use-after-free memory vulnerabilities. Where as kernel level exploits bundled into mass-exploitation kits is like Blackhole. In addition to IE, Microsoft is fixing a critical flaw in Microsoft Word that could enable attackers to execute remote code. The vulnerability could be exploited by way of a malformed Rich Text Format (RTF) document. Also Fonts can also be used as a potential attack vector, as this Patch Tuesday reveals. A pair of critical font parsing vulnerabilities are being patched this month, one for OpenType and the other for TrueType fonts. Details of all Updates : MS12-07...

ReVuln Ltd. , a small security company headed by Donato Ferrante and Luigi Auriemma, post a video that demonstrates that how attacks can gain root on the appliances. Samsung Smart TV contain a vulnerability which allows remote attackers to swipe data from attached storage devices. In this demonstration readers will see how it is possible to use a 0-day vulnerability to retrieve sensitive information, root access, and ultimately monitor and fully control the device remotely. Auriemma said, " We have tested different Samsung televisions of the latest generations running the latest version of their firmware.  Unfortunately we can't disclose additional information but we can only say that almost all the people having a Samsung TV at home or in their offices are affected by this vulnerability. ".