The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

US Army’s CECOM Data leaked by Hacker Hacker Black Jester recently published contract information from a Web site connected to the U.S. Army Communications and Electronics Command (CECOM). " 30 record sets that include names, user IDs, physical addresses, email addresses, telephone numbers, and clear-text passwords were published in a Pastebin document ," writes Softpedia . "' Old crappy server, but has good info inside it. The list is not complete due the lazy condition and msaccess db , enjoy!' the hacker wrote next to the data dump ," Kovacs writes. The Pastebin post doesn’t contain the name of the site from where the data was leaked, but the hacker provided us with the IP address associated with it. That IP address led us to a Software Engineering Services site on which only “eligible users” may register.

Carberp Banking Trojan Scam - 8 Arrested in Russia 8 Men suspected of being involved in the Carberp phishing scam have been arrested in Russia. The men were arrested after a joint investigation by the Russian Ministry of Internal Affairs (MVD) and Federal Security Service (FSB). According to the MVD, the investigation found that two brothers were the ringleaders of the gang, and developed a plan to steal money from the accounts of online banking customers. The eight suspects allegedly stole more than 60 million Rubles ($2 million) from 90 victims using the Carberp Trojan. Russian security firm who assisted with the investigation, pegged the stolen loot at 130 million Rubles ($4.5 million). Police confiscated computers, bank cards, notary equipment, fake documentation, and more than 7 million Rubles ($240,000) in cash during the raid. The gang used the Carberp and RDP-door Trojans to snare victims. Carberp is a well-known Trojan that was recently seen on Facebook as part ...

Face to Face with Duqu malware Once again we discuss about Stuxnet, cyber weapons and of the malware that appears derivate from the dangerous virus. The international scientific community has defined a Stuxnet deadly weapon because been designed with a detailed analysis of final target environment supported by a meticulous intelligence work that for the first time in history has embraced the world of information technology. The agent was designed with the intent to strike the Iranian nuclear program and even more clear is who has always opposed such a program, U.S. and Israel first, and consider also the technology skill necessary to develope a weapon with the observed architecture is really high. Extremely important two factors af the event: 1. the choose of control systems as target of the malware. 2. the conception of the virus as an open project, a modular system for which it was designed a development platform used to assemble the deadly cyber weapons in relation to the final...

Vulnerability in Google Earth Software exposed by longrifle0x Ucha Gobejishvili, Security researcher also known as Longrifle0x , found another Interesting Security issue in one of the most famous software called,  Google Earth. He found a critical code execution vulnerability on google earth software client. For Proof of Concept , One can download any version of Google Earth, Then open "Click Placemark" , Put a malicious code there as one sample given below and Execute your code. Another past bug hunting by  Longrifle0x : 1.)  Cross Site Scripting (XSS) Vulnerability in Google 2.)  Skype Cross Site Vulnerabilities, user accounts can be Hijacked 3.) [POC] Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37 and More..

CNCERT Claims - Raising Web attacks on China China's National Computer Network Emergency Response Technical Team (CNCERT/CC)is claiming attacks on public and private organisations from outside of its borders have rocketed in the past year from five million computers affected in 2010 to 8.9m in 2011. They found 47,000 foreign IP address involved in remotely accessing and controlling computers in China during a random sample investigation in 2011. ' This shows that Chinese websites still face a serious problem from being maliciously attacked by foreign hackers or IP addresses ,' Mr Wang Minghua, deputy director of the team's operation department. It said Japan was the source of most attacks, 22.8 percent, followed closely by the United States, 20.4 percent, and the Republic of Korea, 7.1 percent. China has the world's largest Internet population. The number of its Internet users reached 485 million last June. However, a high percentage of that population had experi...

NASA sub-domain and Australian Police targeted by Hackers Hacker with name " Black Jester " hack another subdomain (  http://airtrafficconflictresolutions.arc.nasa.gov )   of  NASA. Hacker compromise the database of site and leak password hashes of Users and Database Info also. The leaked info posed on Pastebin Note . In Another Attack, Hacker - S3rver.exe managed to breach the official website of the International Police Association of Australia (ipa-australiapolice.com.au). A Pastebin paste made by the hackers contains the site’s database structure along with names, usernames, email addresses and password hashes, Softpedia Reported. The hackers claim that they have warned International Police Association representatives that the site contains some serious vulnerabilities, but apparently they did nothing to secure it. The hackers also tried to root the servers, but apparently it can’t be rooted.

Casa Presidencial website defaced by Latinhack The  Casa Presidencial website  was in temporary control of hackers on  Sunday . The minister explained that the hack was noticed while doing a backup of the site. The cyber-attack was attributed to a group called Latinhack, whose members have perpetrated more than 13,000 attacks on various government sites in Spain, the United Kingdom, Venezuela, Chile and the Dominican Republic. He also said the website's information was never at risk because it is physically stored in different places at separate servers, so these events do not affect users. The prez's website is based on Joomla's Content Management System (CMS) which according to experts is vulnerable to hacks if not regularly maintained.

Pakistani Hackers attacks 31 government and 46 educational institutions Websites Maharashtra police said, websites of more than 46 educational institutions and 31 government websites based in the district were allegedly hacked by a group reportedly based in Pakistan. KhantastiC, a hacker who claimed to be a part of Pakistan Net Army (PNA) reported on 'zone-h.net' the number of 'Rajasthan.gov.in' domain named websites hacked by him since January 16, 2012. Muslim Liberation Army (MLA), an obscure group said to .be based in Lahore, allegedly hacked into  46 educational institutions websites. Cyber Crime Branch has launched investigations after receiving complaints in this regard.

Exclusive - Source Code Spoofing with HTML5 and the LRO Character Article Written by  John Kurlak for The Hacker News,He is  senior studying Computer Science at Virginia Tech. Today John will teach us that How to Spoof the Source Code of a web page. For example,   Open  http://www.kurlak.com/john/source.html  and Try to View Source Code of the Page ;-) Can you View ?? About eight months ago, I learned about HTML5’s new JavaScript feature, history.replaceState(). The history.replaceState() function allows a site developer to modify the URL of the current history entry without refreshing the page. For example, I could use the history.replaceState() function to change the URL of my page in the address bar from “ http://www.kurlak.com/example.html ” to “ http://www.kurlak.com/example2.html ” When I first learned of the history.replaceState() function, I was both skeptical and curious. First, I wanted to see if history.replaceState() supported changing ...

Mercury v1.0  - Framework for bug hunters to find Android vulnerabilities A free framework for bug hunters to find vulnerabilities, write proof-of-concept exploits and play in Android. Use dynamic analysis on Android applications and devices for quicker security assessments. Share publicly known methods of exploitation on Android and proof-of-concept exploits for applications and devices. The easy extensions interface allows users to write custom modules and exploits for Mercury Replace custom applications and scripts that perform single tasks with a framework that provides many tools. Mercury allows you to: Interact with the 4 IPC endpoints - activities, broadcast receivers, content providers and services Use a proper shell that allows you to play with the underlying Linux OS from the point of view of an unprivileged application (you will be amazed at how much you can still see) Find information on installed packages with optional search filters to allow ...

Kaspersky finds Malware that resides in your RAM Kaspersky Lab researchers have discovered a drive-by download attack that evades hard-drive checkers by installing malware that lives in the computer's memory. The 'fileless' bot is more difficult for antivirus software to detect, and resides in memory until the machine is rebooted. This Malware doesn't create any files on the affected systems was dropped on to the computers of visitors to popular news sites in Russia in a drive-by download attack.Drive-by download attacks are one of the primary methods of distributing malware over the web. They usually exploit vulnerabilities in outdated software products to infect computers without requiring user interaction. The attack code loaded an exploit for a known Java vulnerability (CVE-2011-3544), but it wasn't hosted on the affected websites themselves. Once the malware infected a Microsoft machine, the bot disabled User Account Control, contacted a command and control...

The Pirate Bay plans Low Orbit Server Drones to beat Censorship One of the world's largest BitTorrent sites " The Pirate Bay " is going to put servers on GPS-controlled aircraft drones in order to evade authorities who are looking to shut the site down. In a Sunday blog post, The Pirate Bay announced new " Low Orbit Server Stations " that will house the site's servers and files on unmanned, GPS-controlled, aircraft drones. TPB said: With the development of GPS controlled drones, far-reaching cheap radio equipment and tiny new computers like the Raspberry Pi, we’re going to experiment with sending out some small drones that will float some kilometers up in the air. This way our machines will have to be shut down with aeroplanes in order to shut down the system. A real act of war. We’re just starting so we haven’t figured everything out yet. But we can’t limit ourselves to hosting things just on land anymore. These Low Orbit Server Stations (LOSS) are jus...

Fake LinkedIn Emails Link to Blackhole Exploit Malware Cyber Criminals have been busy pumping out spam emails that pose as legitimate LinkedIn notices, enticing you to click on a link in order to read what message some random stranger has left for you. The incident was identified by researchers at security provider GFI Labs . If your Click the links, It will send you directly to a site housing a blackhole exploit kit that will attempt to take advantage of any system vulnerabilities in order to infect your PC with malware, Exactly which attempts to drop Cridex onto the PC. Cridex malware variant from the wild caught on camera that shows CAPTCHA tests used by some online services are still weak and can be broken by malware. The spammers did a good job crafting the bogus LinkedIn notices LinkedIn logo at the top left, familiar blue coloring, no obvious spelling mistakes, disguised links and even a spoofed sender’s address it’s pretty easy to spot the fake emails when you...

Security holes in Android with apps Advertisements Researchers at North Carolina State University have found privacy and security holes in Android apps because of in-application advertisements. They study the popular Android platform and collect 100,000 apps from the official Android Market in March-May, 2011 and Then they identify the possible 52.1% apps using Advertisements and further developa system called AdRisk to systematically identify potentialrisks. They explain that most of the ad libraries collect private information, some ofthem may be used for legitimate targeting purposes (i.e., the user’slocation) while others are hard to justify by invasively collectingthe information such as the user’s call logs, phone number, browserbookmarks, or even the list of installed apps on the phone. The researchers wrote in a paper to be presented at the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks in Tucson on April 17th, [ Read Here ] As one...

Mystery of Duqu Programming Language Solved An appeal for help from the programming community has allowed antivirus analysts to classify the unknown language used to develop key components of the Duqu Trojan. The sections responsible for downloading and executing additional modules in the Duqu Trojan, referred to by some as Stuxnet 2.0, were written in standard C++. Kaspersky Lab experts now say with a high degree of certainty that the Duqu framework was written using a custom object-oriented extension to C, generally called “OO C” and compiled with Microsoft Visual Studio Compiler 2008 (MSVC 2008) with special options for optimizing code size and inline expansion. Kaspersky’s Igor Soumenkov wrote, “ No matter which of these two variants is true, the implications are impressive. The Payload DLL contains 95 Kbytes of event-driven code written with OO C, a language that has no automatic memory management or safe pointers ,”. Kaspersky’s analysis now concludes: The Duqu Fra...

Yet Another Google Chrome Sandbox Critical Exploit by Turkish security experts Turkish security experts from Arf Iskenderun Technologies, finds the new vulnerability open in Google Chrome 17.0.963.78 , same risk working on new update 17.0.963.79 and bypass Chrome SandBox. Last week,  Vupen Security reports that it has officially "pwned" Google Chrome's sandbox. Vupen hacked Chrome 17.0.963.66 update. But, Turkish security experts claim that they hacked Chrome Sandbox after Vupen and This vulnerability is critical for Chrome.  A sandbox is security mechanism used to run an application in a restricted environment. If an attacker is able to exploit the browser in a way that lets him run arbitrary code on the machine, the sandbox would help prevent this code from causing damage to the system. The sandbox would also help prevent this exploit from modifying and even reading your files or any information on the system. Maiden says th...

Cyber Criminals Selling Millions of U.S military email addresses Web based underground market service currently selling Millions of harvested U.S government and U.S military harvested emails addresses to potential spammers, and find out just how easy it is to purchase that kind of data within the cyber crime ecosystem. Cyber criminals are getting more sophisticated in their scams and phishing schemes, which are designed to steal personal data and financial information. Spammers and virus creators are motivated by money and backed by organized crime on a global scale. They are also launching massive attacks on anti-spam organizations in an attempt to bring them down. In respect to targeted malware attacks, the service is currently offering 2.462.935 U.S government email addresses, and another 2.178.000 U.S military email addresses. A Screenshot of the inventory of harvested emails currently offered for sale: Spammers buy lists from brokers that continuously harvest email ...

Roman Andreev wins Facebook Hacker Cup 2012 25 of the world’s best hackers gathered for Facebook’s 2nd annual Hacker Cup event being held at its offices in Menlo Park. Roman Andreev from Russia completed one problem correctly in 1 hr 4 min and won Facebook’s Hacker Cup to get his name placed on an awesome and really heavy cement trophy along with a check for $5000. The registration for the event opened in January and started off with three online rounds of problem solving. Out of 6,000 (8,000 submissions total) qualifying submissions, the group has been shrunken down to just 25 and flown to Facebook for the finals.The top coders, all male from around the world, are a mix of students, independent coders, and professionals. Facebook paid their way to California, including a stipend for obtaining a Visa, since only one of the participants is from the United States. The rest of the finalists are from Russia, Germany, Ukraine, Poland, China, South Korea, Taiwan, and Japan. The par...

iPad 3 jailbroken on Launch Day by 3 ways The new Apple iPad (third iPad, iPad 3) has already been jailbroken in at least three different ways. On the same day that Apple started shipping the new iPad out to consumers, there were reports that at least one hacker had already jailbroken the latest tablet. The first to claim was @Musclenerd, a member of the iPhone Dev Team,  tweeted a couple of images showing that he had already jailbroken the device. This must be a great relief for Apple fans who want to have their Apple devices, but don’t want Cupertino based tech giant to keep it restricted as it wants. Within the 24 hours of the iOS 5.1 update, teammate @pod2g revealed an untethered jailbreak for the iPad 2 and iPhone 4S. With the new iPad running iOS 5.1 and an A5X processor. His hack was followed by the announcement of a successful untethered jailbreak by teammate, @i0n1c, who released a video as evidence to his accomplishment: Finally, a Tweet by @chpwn ...

Australia's first national cyber security competition Announced Australia's first national cyber security competition, the 2012 Cyber Defence University Challenge, was launched today by broadband minister Senator Stephen Conroy. If you are an undergraduate with top cyber problem-solving skills then Australia's first national Cyber Defence University Challenge is probably for you. The Challenge runs for 24 hours on 3 to 4 April, and will test the cyber problem-solving skills of teams of Australian undergraduates in a virtual network environment.The ultimate prize, sponsored by Telstra, is travel and entry to the Black Hat 2012 Conference in Las Vegas in July 2012. Senator Conroy sxays the competition is a partnership between the federal government, universities and Telstra. " The Government is committed to working with industry to develop a safe and secure digital economy for Australians ," Senator Conroy said in a statement. " We are also committed to i...

Microsoft Hacking Code leaked from security info-sharing program Microsoft on Friday confirmed that sample attack code created by the company had likely leaked to hackers from a program it runs with antivirus vendors. Code that was submitted to Microsoft last year to demonstrate a serious exploit in Windows has somehow made it into the wild, either through Redmond itself or one of its security partners. The exploit targets a vulnerability in Windows' remote desktop protocol, giving an attacker full control over a system and the ability to easily spread to other machines with remote desktop enabled. Security researchers raised alarms when a working exploit for the flaw was spotted in China shortly after the release, leading many to believe that malware writers were able to breach the Microsoft Active Protections Program security platform. " The details of the proof-of-concept code appear to match the vulnerability information shared with Microsoft Active Protections Progr...

DarkComet-RAT v5.1 Released - Remote Administration Tool This new version of the famous darkcomet RAT , a remote management tool created by DarkCoderSc . DarkComet is also considered as the most stable RAT around and it is even regarded more stable than some professional ones. Change Log: - [GUI ] Control center GUI change a little bit - [FUNC] New functions added in control center >> Network category, called WIFI Access points, now you can see near wifi networks and hardware wifi card(s) - [GUI ] Now in layout settings you can change the main windows GUI if you don't like the default one. - [FIX ] Fix the ftp upload keylogger problem - [SYS ] Edit server settings system was revised and optimized - [FIX ] DNS/IP backups issue fixed - [SYS ] DNS/IP backups algorythm revised and more reliable - [SYS ] Big problem fixed in client / server system - [SYS ] Loader environement is more lite, unused function / variables been track and clean also few important functions been ...

Six National Television Stations of Iran Hacked Co-Cain Warriors hackers today hack into 6 National Television Stations of Iran including Broadcasting Elam Center, IRIB Kermanshah Center, IRIB Kerman and 3 more. Hacker upload the deface page on their server and announce the day as " HappY 7Sin Day ". With growing conflicts in middle east more intrusions and DDOS attack on Iranian websites. Iran has been identified as the main cyber threat to the United States,Israel and European Countries. Yesterday we also report that, Iran's cyber defense headquarters has succeeded in making internal mail servers which would enable Iranian organizations and bodies to use local email addresses. Also last week, Iran launched a sophisticated cyber-attack against BBC Persian TV, according to the BBC News. The Reason behind this attack is part of a broader attempt by the government to disrupt the BBC’s Persian service. This attack follows various tactic...

SpoofTooph 0.5 : Automate Cloning of Bluetooth devices SpoofTooph 0.5 has been updated with some major bug fixes and new features. The new version 0.5 runs scans MUCH faster, which also allows for more Device Names to be resolved during scans. Spooftooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will only list one of the devices if more than one device in range shares the same device information when the devices are in Discoverable Mode (specificaly the same Address). Change Log v0.5: - Fixed segmentation fault in manual assigning of Device Name and Class of Device - Modified flags - Depreciated      -r: Assign random NAME, CLASS, and ADDR      -l : Load SpoofTooph CSV logfile      -d : Dump scan into SpoofTooph CSV logfile - New      -w : Write ...

Mutillidae 2.1.17 : Born to be Hacked A few days ago an update " Mutillidae " version 2.1.17 was released. Mutillidae is a free, open source web application provided to allow security enthusiest to pen-test and hack a web application. Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver. If you would like to practice pen-testing/hacking a web application by exploiting cross-site scripting, sql injection, response-splitting, html injection, javascript injection, clickjacking, cross frame scripting, forms-caching, authentication bypass, or many other vulnerabilities, then Mutillidae is for you. Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and others. Features Installs easily by dropping project files into the "htdocs" folder of XAMPP. Switch...

Iran makes internal email servers Iran's cyber defense headquarters has succeeded in making internal mail servers which would enable Iranian organizations and bodies to use local email addresses. " One of the most important problems in the cyber arena in Iran is that many individuals and even university professors are using email services like Gmail and Yahoo and have no local email, " Rahimi said, Head of Iran's Cyber Defense Headquarters. “ Technical infrastructures have been built in the country and mail servers have been made at the cyber defense headquarters to manage Iranian emails ,” he added. The Iranian official noted that the body also shoulders the responsibility to promote culture and education. Iran launched a cyber defense headquarters some five months ago. The key task of cyber defense is to prevent computer worms, or as some call it cyber weapons, from breaking into or stealing data from Iran’s maximum security networks, including nuclear facilitie...