The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

No longer limited to Hollywood movies about cybercrime, webcam hacking has stealthily and aggressively broken into average households  " I've heard a hacker could access my webcam and watch me in front of my computer. Could this really happen? " YES, other than using a Remote administration tools, it is also technically possible using new Flash based flaw in Google Chrome. According to a recent report by security researchers, there's a big problem in Google Chrome's integrated Flash player. The proof-of-concept posted by Egor Homakov. When the play button is pressed, the user is actually allowing for his/her webcam to grab video and audio from a compromised computer without getting the user's permission. " This works precisely like regular clickjacking - you click on a transparent flash object, it allows access to Camera/Audio channel. Voila, attacker sees and hears you, " Homakov warned.  These kinds of virtual hacks have been taking place for years....

BlackBerry Z10 users should be aware that there is a privilege escalation vulnerability. The vulnerability potentially allows a hacker to modify or edit data on a stolen BlackBerry Z10 smartphone with BlackBerry Protect enabled, identified as BSRT-2013-006 (CVE-2013-3692) According to the advisory , an escalation of privilege vulnerability exists in the software 'BlackBerry® Protect™' of  Z10 phones, supposed to help users delete sensitive files on a lost or stolen smartphone , or recover it again if it is lost. " Taking advantage of the weak permissions could allow the malicious app to gain the device password if a remote password reset command had been issued through the BlackBerry Protect website, intercept and prevent the smartphone from acting on BlackBerry Protect commands, such as a remote smartphone wipe. " The company says that version 10.0.9.2743 is not affected and that they have found no evidence of attackers exploiting this vulnerability in...

Apple revealed on monday that it received between 4,000 and 5,000 data requests in six months from  U.S. law enforcement for user information and affected accounts. Apple said the most common forms of requests involved investigating robberies and other crimes.  Period between December 1, 2012 and May 31, 2013, federal, state and local law enforcement had requested customer information up to 5,000 times, related to between 9,000 and 10,000 accounts or devices. But the iPhone maker said it works vigorously to protect the privacy of its users and only provides information by court order.  " We will continue to work hard to strike the right balance between fulfilling our legal responsibilities and protecting our customers' privacy as they expect and deserve, " statement from Apple. Apple doesn't provide some types of information either because the company doesn't retain it or because it is encrypted , the company said.  Apple also specified certain ...

If you have followed the startling revelations about the scope of the US government's surveillance efforts, you may have thought you were reading about the end of privacy, and about the Enemies of the Internet. " My computer was arrested before I was ." a perceptive comment by an internet activist who had been arrested by means of online surveillance.  Online surveillance is a growing danger for journalists, bloggers, citizen-journalists and human rights defenders. Over the last few years, law enforcement agencies have been pushing for unprecedented powers of surveillance and access to your private online communications. This week the PRISM surveillance scandal has consumed the Internet as the implications of massive scale U.S. Government spying begin to sink in. The US National Security Organization (NSA) is almost certainly one of (if not the) most technologically sophisticated, well-funded and secretive organizations in the world. The Prism initiative was launched ...

A Philippine Anonymous hacker " #pR.is0n3r " has posted the President Benigno Aquino's three personal mobile telephone numbers online on facebook . Officials would not confirm if the numbers were really the President's. Aquino spokesman Ricky Carandang, " It's cyber vandalism plain and simple ," Carandang said. " We're dealing with it. That's all I can say for now. " Hacker urged his 10,000 followers to communicate directly with their president, but the numbers are no longer working. " The majority are not getting answers to so many issues. It is difficult to speak to a person through go-betweens. If we send him a letter we're not even sure he will receive it, " Hacker wrote in facebook post. In March 2013, Anonymous Hackers  also defaced the Philippines President 's website and other dozen government websites.

US Cloud hosting providers are constantly targeted by cyber crime according the revelations of two malware researchers Mary Landesman, a senior security researcher at Cisco Systems, and Dave Monnier security expert at Team Cymru explained during the 2013 Gartner Security and Risk Management Summit. The hackers are exploiting with a meaningful increase these architecture to organize financially motivated attacks. Landesman and Monnier explained in two distinct sessions that cyber criminals are exploiting US cloud hosting providers to deploy Command and Control servers for their malicious activities despite the great effort in monitoring activities operated by hosting cloud providers. US is one of privileged countries to host malicious architecture due high availability of its infrastructures and cyber criminals know it. " You can move your command and control servers to Kazakhstan, but that's not a very good business decision," "The U.S. has re...

Google says tens of thousands of Gmail accounts belonging to Iranian users have been targeted in an politically motivated hacking campaign in the weeks leading up to the country's closely watched presidential elections. For the last three weeks, the search giant said it has " detected and disrupted multiple email-based phishing campaigns aimed at compromising the accounts owned by tens of thousands of Iranian users. " " These campaigns, which originate from within Iran, represent a significant jump in the overall volume of phishing activity in the region, " Eric Grosse, Google's Vice President for Security Engineering. Phishing attacks are emails which appear official but instead lead users to websites where they are encouraged to reveal data including usernames, passwords, and credit card details. Google said it has a policy to alert users to " state-sponsored attacks and other suspicious activity ," but did not identify the perpetrators be...

About this time every year, Apple gives a gift to mobile developers: the newest version of iOS. The all-new Apple iOS 7 launched at WWCD 2013 this week and Just after 48 hours of  iOS 7  release, 36-year old Jose Rodriguez iPhone user able to hack and bypass Lockscreen to access the Photos in just a few seconds. iOS is infamously popular for its lockscreen security bugs that let anyone bypass the passcode on a device to gain access to information that would otherwise be private. Forbes points us to a new video showing how to completely bypass the iPhone's password protection by accessing the calculator available on the lock screen. " By opening iOS's Control Room and accessing the phone's calculator application before opening the phone's camera, anyone can access, delete, email, upload or tweet the device's photos without knowing its passcode. " iOS 7 beta only available to those with developer accounts for now, cost $99 a year thr...

Edward Snowden, the self confessed NSA Whistleblower of secret surveillance documents, claimed Wednesday that the United States intelligence agents have been hacking computer networks around the world, specially Chinese targets since 2009. Snowden alleged that the Prism program , which collects information on users of numerous technological services such as Google, Facebook and Twitter, targeted universities, businesses and public officials throughout mainland China and Hong Kong. Out of More than 61,000 targets of the National Security Agency , there are thousands of computers in China which U.S. officials have increasingly criticized as the source of thousands of attacks on U.S. military and commercial networks. China has denied such attacks. " We hack network backbones like huge Internet routers, basically that give us access to the communications of hundreds of thousands of computers without having to hack every single one ," he revealed. But why Snowden leaking all this infor...

Malware authors are notorious for quickly leveraging new exploits in the public domain for nefarious purposes. A recently discovered Linux kernel Local privilege escalation exploit , which allows attackers to gain complete control of infected devices, has been ported to the Android smartphone platform. The Linux kernel 2.6.x, including Red Hat Enterprise Linux 6, Ubuntu 12.04 LTS, Debian 6 and Suse Enterprise Linux 11 are vulnerable to privilege escalation flaw with CVE-2013-2094 .  CVE-2013-2094 states, " The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. " Exploit for Linux machines is publically available here . Privilege escalation exploits are particularly dangerous as they can allow cybercriminals to gain complete control over the compromised device.  The exploit can be used to to access d...