The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

FireEye researchers recently came across a zero-day security flaw in Adobe Reader that's being actively exploited in the wild. The zero-day vulnerability is in Adobe PDF Reader 9.5.3, 10.1.5, 11.0.1 and earlier versions. According to researchers, once malware takes advantage of the flaw, its payload drops two dynamic-link libraries, or DLLs, which are application extensions used by executable files to perform a task. In this case, they allow the infected computer to communicate with a hacker-owned server. No additional details about the zero-day vulnerabilities have been publicly released, and but researchers with antivirus provider Kaspersky Lab have confirmed the exploit can successfully escape the Adobe sandbox. " We have already submitted the sample to the Adobe security team. Before we get confirmation from Adobe and a mitigation plan is available, we suggest that you not open any unknown PDF files ," said FireEye team. But until the vulnerability gets patched,...

Television viewers in Montana, perhaps looking to stay inside from the scary cold outside, got an even scarier surprise when warnings of a zombie apocalypse took over their TV screens. There TV Stations Montana's KRTVMichigan's, WNMU-TV and WBUP-TV were victims of this zombie prank. The channels later said that somebody had hacked into its system. The message warned zombies were attacking the living and warned people not to approach or apprehend these bodies as they are extremely dangerous. Channel said on its website , " Someone apparently hacked into the Emergency Alert System and announced on KRTV and the CW that was an emergency in several Montana counties. The message did not originate from KRTV, and there is no emergency. Our engineers are investigating to determine what happened and if it affected other media outlets. " Officials with the stations in Michigan said law enforcement authorities determined the attack originated outside the U.S. The message was quickly...

The hacktivist group Anonymous says it's planning to block all live streams of President Obama's State of the Union address Tuesday night, in an operation entitled " Operation SOTU ". " We reject the State of the Union. We reject the authority of the President to sign arbitrary orders and bring irresponsible and damaging controls to the Internet, " the statement reads. " The President of the United States of America, and the Joint Session of Congress will face an Army tonight. " Anonymous group is upset with a pending Internet security bill. According to Anonymous and other Internet freedom activists, if the CISPA (Cyber Intelligence Sharing and Information Act) is passed it will infringe on online privacy and freedom. A Twitter account associated with Anonymous also hinted by tweeting ," ADVANCED WARNING: This year's State of the Union Address WILL be cancelled if internet regulation is passed by executive order #opLastResort " ...

What if you could easily host malicious websites, send phishing emails, and manage compromised hosts across diverse internet addresses? This week's Cobalt Strike adds the ability to manage multiple attack servers at once. Here's how it works: When you connect to two or more servers, Cobalt Strike will show a switch bar with buttons for each server at the bottom of your window. Click a button to make that server active. It's a lot like using tabs to switch between pages in a web browser. To make use of multiple servers, designate a role for each one. Assign names to each server's button to easily remember its role. Dumbly connecting to multiple servers isn't very exciting. The fun comes when you seamlessly use Cobalt Strike features between servers. For example: Designate one server for phishing and another for reconnaissance. Go to the reconnaissance server, setup the system profiler website. Use the phishing tool to deliver the reconnaissa...

Systems on your network log data 24/7/365. Simply allowing logs to take up disk space, reviewing them only after something has happened and deleting logs when you run low on disk space are all the strategies of an admin doomed to always being in firefighting mode, reacting to bad things when they happen. Proactive log management can help an admin get into a proactive mode You know that event log monitoring is important, since all your systems and key applications log data. But since no two systems log to the same place, or in the same format, it's almost impossible to get ahead of the logging and actually pay attention to what is being logged. That's where event log monitoring comes into play; here's why: Aggregate your logs in a central location:  With logs spread across dozens or even hundreds of systems, there's no way you can manage them where they are. Event log monitoring applications can gather up all your logs in a central location, making them easy to analyze, store, a...

A multinational security firm ' Raytheon ' has secretly developed software called ' RIOT ', capable of tracking people's movements and predicting future Behavior by mining data from social networking websites. The multi billion dollar company, didn't want its concept video revealed, but the Guardian posted it anyway. Raytheon has not yet sold RIOT to any clients but has been shared with the US government as part of a joint research project to develop a Big Data system capable of surveilling large parts of the population. The software can also pull metadata from pictures taken to pinpoint a user's location when the picture was taken. From this and other location data taken from applications i.e Foursquare, the software can predict future movements of users. The video shows how Riot works on a sample Raytheon staff member, tracking his regular visits to Washington Nationals Park and a local gym. RIOT creates unique profiles from publicly available data, inclu...

One week after launching a Bug bounty program by the Kim Dotcom 's new file-storage and sharing service MEGA claims to have fixed seven vulnerabilities. Although Mega hasn't shared how much money and to whom it paid out in the first week. But as promised, it is clear that MEGA paid out thousands of dollars in bug bounties during the first week of its security program. We found bug hunter yesterday (tweeted)- Mr.  Frans Rosén received 1000 Euros in the bug fixing challenge. This tweet was also Re-tweeted by Kim Dotcom later, that confirmed Frans's class III bugs reward. Congratulations @ fransrosen for XSS in #MEGA . Handsome EUR 1000 in Bug Bounty Program twitter.com/fransrosen/sta… — The Hacker News™ (@TheHackersNews) February 10, 2013 In a blog post, Mega explained how it classifies vulnerabilities and their impacts. Vulnerabilities were classified into VI classes, with I being the lowest risk and VI being the highest. Seven qualified bug details are as shown...

Mozilla's Firefox OS, the mobile operating system from the company that makes the Firefox browser build entirely on open web standards and having ability to beat Android or iOS.  Firefox OS is Mozilla's ambitious attempt to build an operating system that brings more openness to the walled gardens of Apple's iOS and Google's Android. New Operating Systems for Smartphones Its a new mobile operating system built entirely using open web standards and with codename  Boot to Gecko , means a Linux distro that automatically loads Gecko or in more simple words apps for Firefox OS are basically just websites written in HTML, JavaScript, and CSS. The Web is the Platform, which means not only taking down barriers, but also a lighter system that makes your apps run smoothly and an optimal battery life. Firefox OS written with basic HTML, CSS, and JavaScript Mozilla has also added some extra hooks to Firefox OS that allow developers to access a phone's hardware v...

Several Myanmar journalists have recently received warnings from Google that their Gmail accounts may have been targets of state-sponsored attacks. After they login to their Gmail accounts, warning message," We believe state-sponsored attackers may be attempting to compromise your account or computer " was displayed on top as shown. Google had begun the policy of notifying users of suspicious activity in June. " We are constantly on the lookout for malicious activity on our systems, in particular attempts by third parties to log into users' accounts unauthorized. " Google said in a blog post . " If you see this warning it does not necessarily mean that your account has been hijacked. It just means that we believe you may be a target, of phishing or malware for example, and that you should take immediate steps to secure your account ." The Voice Weekly Journal's editor Aung Soe, Aye Aye Win, a Myanmar correspondent for the Associated Press, and Myat Thura, a Mya...

The Cyber Intelligence Sharing and Protection act (CISPA) will be reintroduced by House Intelligence Committee Chairman Mike Rogers (R-Mich.) and ranking member Rep. Dutch Ruppersberger (D-Md.) before the US House next week . CISPA would've allowed any company to give away all the data its collected on you if asked by the government and The bill that plan to introduce next week will be identical to the version of CISPA that passed the House last spring. May be the recent reports of cyber espionage against The New York Times and The Wall Street Journal,  along with attacks on the Federal Reserve 's Web site and on several U.S. banks have brought the issue back to the fore. " This is clearly not a theoretical threat - the recent spike in advanced cyber attacks against the banks and newspapers makes that crystal clear, " Rogers said in a statement. If implemented, An independent Intelligence Community Inspector General would review the government's use of any...