The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Android Malware as Chinese game " The Roar of the Pharaoh " Security researchers have spotted a bogus Chinese game, that’s actually a trojan horse gathering sensitive information from infected devices, next to sending premium-rate SMS messages. It is Chinese game that is original with its rights but on Android it is a fake application that inherits malware Trojan to steal important information from your cell phone. The malware works after an unknowing Android handset owner installs the app, allowing the malware to collect data, such as phone number, IMEI number, phone model, screen size and platform, and recording the OS version and platform used for sending via SMS to the Trojan’s authors. But it also noted the new Trojan is unusual as it does not ask for any specific permissions during installation, which is often an indicator an application is up to no good.It added the malware masquerades as a service called " GameUpdateService " a very plausible name for a ...

U.S. Ambassador claim to be hacked by Russians Michael McFaul, the U.S. ambassador to Russia, took to Twitter Thursday night to accuse Russian media organization NTV of hacking his cell phone and email account. “ I respect the right of the press to go anywhere & ask any question. But do they have a right to read my email and listen to my phone? ” he tweeted this afternoon. when McFaul arrived for a meeting with the group For Human Rights today, reporters from state-owned NTV began peppering him with questions that kept him on the freezing street without a coat.“ Everywhere I go NTV is there. Wonder who gives them my calendar? They wouldn’t tell me. Wonder what the laws are here for such things? ” McFaul tweeted. Russian news agencies said NTV dismissed McFaul’s complaint, and officials at the station, which is owned by Gazprom, the state-controlled monopoly, said they have a network of informants who provide them with information. Mr McFaul suggested the television reporters ...

DKFBootKit - First Android BootKit Malware NQ Mobile Security Research Center has recently uncovered a new malware DKFBootKit. This malware is identified when monitoring and analyzing the evolution of earlier DroidKungFu variants. What sets DKFBootKit apart from malware like DroidDream, is that DKFBootKit replaces certain boot processes and can begin running even before the system is completely booted up. DKFBootKit repackages legitimate apps by enclosing its own malicious payloads in them. However, the victim apps it chooses to infect are utility apps which require the root privilege to work properly. NQ says the malicious code has already infected 1,657 Android devices in the past two weeks and has appeared on at least 50 different mobile apps. These apps seem to have legitimate reasons to request root privilege for their own functionality. It is also reasonable to believe that users will likely grant the root privilege to these apps. DKFBootKit makes use of the grant...

Twitter Takes Tweetdeck Offline due to Vulnerability Twitter has taken its Tweetdeck app offline after an apparent bug has possibly given some Tweetdeck users access to others’ accounts. The web version of Tweetdeck is currently down , although older desktop editions of the software appear to continue to receive and send Tweets at the moment, and can still log out and back in. A Sydney, Australia-based Tweetdeck user named Geoff Evason says he discovered today he was somehow able to access hundreds of other accounts through Tweetdeck . “ I’m a tweetdeck user. A bug has given me access to hundreds of twitter and facebooks account through tweetdeck. I didn’t do anything special to make this happen. I just logged in one day, the account was was slower than normal, and I could post from many more accounts. ” And demonstrated that he could access another account by sending Tweet . Other accounts may well be affected, as Twitter quickly shut off access to Tweetdeck entirel...

Your Xbox 360 credit card details Vulnerable to Hack It has been discovered by researchers at Philadelphia’s Drexel University, that credit card data on older Xbox 360 systems that have been traded in or sold on. Hackers can now retrieve personal information from refurbished Xbox consoles, suggesting consumers exercise more caution with their electronic devices. " Anyone can freely download a lot of this software, essentially pick up a discarded game console, and have someone's identity ," said researcher Ashley Podhradsky. The team has discovered that even restoring your console to factory settings won’t remove some of the data stored on the Xbox 360. " Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described. Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox own...

Chinese Government sites defaced by Anonymous China @AnonymousChina Hackers taking down and defacing various Chinese government web sites. Hack is the part of operation #GlobalRevolution by Anonymous. The page is like other defacements with ASCII text, a message to the government in question and other Anonymous trademarks. This defacement is far more entertaining than past hacks, however, because they autoplay The Who’s classic song Baba O’Riley. Also it have one Chinese phrase, “患难见真情.” According to Google Translate, it means “ A friend in need is a friend indeed .” Deface sites include :  http://www.qnwqdj.gov.cn/ http://www.dzwqb.gov.cn/ http://www.bbdj.gov.cn/ http://tygtzy.gov.cn/index.php And with this, Hackers also leak the database info of http://www.wnpop.gov.cn/ and http://www.meda.gov.cn. Leaks are posted on Pastebin 1 and 2 .

50K Cards Compromised using Credit Card Processor Some 50,000 credit and debit cardholders may have their information exposed following a security breach at Global Payments. The breach occurred sometime between between Jan. 21, 2012 and Feb. 25, 2012. Both Visa and MasterCard have confirmed they have warned U.S. banks that a credit card processor was reportedly breached. Both firms say their own security systems were not compromised. MasterCard said law enforcement has been notified of the matter and an "independent data security organization" is conducting a forensic review of the matter. " MasterCard's own systems have not been compromised in any manner, " a company spokesman said in a statement. The company will " continue to both monitor this event and take steps to safeguard account information ." Because it sits in this middle ground directing where payment information goes, an attack on its system would leave a lot of private financial data...

Why Hackers Can't take down DNS root servers ? Interpol Chief Ronald Noble on Friday warned that a group of hackers might try to shut down internet service tomorrow. The hacking group, Anonymous, is protesting against several reasons including the crash of Wall Street and irresponsible leaders. There are 13 DNS servers that host the core databases for translating IP addresses. Anonymous hackers have announced " Operation Global Blackout ", promising to cause an Internet-wide blackout by disabling the core DNS servers. Anonymous  Hackers wants to bombard those 13 servers with traffic using a distributed denial of service attack. If the servers get too overloaded, they’ll crash and therefore be unable to fulfil DNS lookups rendering all domain names useless. But there are lots of Limitations in this type of attack : There are 13 Root Servers out there, It it not possible to shut down every of them. Even every root server is under control of various companies and they h...

CIA Chief : We will Spy on You Through Your TV According to the Central Intelligence Agency, the organization says spies won't have to plant bugs in homes, businesses or other places where they want to spy because of coming advances in computer and Internet technology. The CIA claims that when you download a Netflix film or listen to web radio, they will know exactly what you are doing. Spies will no longer have to plant bugs in your home, the rise of 'connected' gadgets controlled by apps will mean that people 'bug' their own homes, says CIA director David Petraeus. The CIA says it is very possible the agency and others will be able to "read" these and other gadgets from outside the places they want to monitor via the Internet and perhaps even with radio waves outside your home. Once upon a time, spies had to place a bug in your chandelier to hear your conversation. With the rise of the smart home, you’d be sending tagged, geolocated data that a spy...

FBI Cyber Chief Says U.S. Losing War Against Hackers FBI is struggling to combat cyberattacks by hackers. "We're not winning," FBI executive assistant director Shawn Henry said. Four top government cybersecurity officials have basically come out to say America is getting her hiney kicked in cyberattacks by nation state hackers. Shawn Henry, who is getting ready to leave the bureau after more than two decades with the law enforcement agency, says the United States is falling behind in the ongoing fight against cyber ne'er-do-wells. " Your government failed you ," testified Richard Clarke, a former cybersecurity and cyberterrorism advisor for the White House. He said that to Congress about 9/11, but now he's warning the people that we are defenseless when it comes to cybersecurity; our government has failed us again. Clarke stated, " Every major company in the United States has already been penetrated by China ." Who declared this war and ...

Apple Azerbaijan got hacked by Team Nuts The domain Apple.az represents 'Apple Azerbaijan' and it redirect to the Official Reseller of Apple in Arizona ( www.almastore.az ) , Which Got Hacked By Member Of Team Nuts ' YasH' and 'COde InjectOr' today evening. 1st Deface page was uploaded by hacker on Index page, but later they upload it to another location : http://www.almastore.az/news/images/ . Linux kernel on server reported by hackers is 2.6.18-92.el5 #1 SMP Tue Jun 10 18:49:47 EDT 2008 i68 which have Vulnerability of Remote Arbitrary Code Execution. No web-shell was used in this attack.  Hackers added that this was not targetted. Last week same hacker hack into Stanford University website and deface it.

 eCommerce Fraud Detection Tool   - An Anti-fraud solution by MasterCard In the past, a lost wallet, stolen credit card, or misplaced ID were among the paramount culprits of identity theft.Today, one need not lose a thing to eventually lose it all. commerce merchants have a new tool at their disposal to help mitigate the risk of fraud in online transactions, with MasterCard’s introduction of Expert Monitoring Fraud Scoring for Merchants. MasterCard will release an e-commerce anti-fraud product for merchants in May, said Mike Plotnick, MasterCard's communications leader. MasterCard announced the product at the Merchant Risk Council show in Las Vegas. The solution is designed for global merchants to assess transactions on U.S.-issued cards. In other words, the service provides merchants with a “predictive fraud score for Card-Not-Present transactions in real time to measure the likelihood that a transaction is fraudulent.”Basically, the service looks at the buyer’s...

NMAP Script to Check Presence of ms12-020 RDP vulnerability Yesterday   Sam Bowne was working on a NMAP script, which will be able to  Check Presence of ms12-020 RDP vulnerability on a machine via scan only. But unfortunately, it was less in success rate, Later  @ea_foundation joins  Sam Bowne  to develop a working Nmap script. Microsoft bulletin ms12-020 patches two vulnerabilities. CVE-2012-0152 which addresses a DoS vulnerability inside Terminal Server,and CVE-2012-0002 which fixes a vulnerability in Remote Desktop Protocol.Both are part of Remote Desktop Services. The hackers worked quickly on this particular vulnerability and we've already seen attempts to exploit the flaw which exists in a part of Windows called the Remote Desktop Protocol. Script works by checking for a CVE-2012-0152 vulnerability.Patched and unpatched system differ in the  results from whichwe can conclude if the service is vulnerable or not. Download Nmap Scri...

Corruption & Persistent Vulnerability in Skype 5.8 and 5.5 Ucha Gobejishvili ( longrifle0x ) Benjamin Kunz Mejri (Rem0ve)&Alexander Fuchs (f0x23) , security Experts from The Vulnerability-Lab Team discovered a remote pointer corruption with persistent weakness on Skypes v5.8.0.156 Windows 7 & MacOS v5.5.2340. The security risk of the remote denial of service vulnerability via pointer corruption is estimated as high(-). Skype is a software application that allows users to make voice and video calls and chats over the Internet. Calls to other users within theSkype service are free, while calls to both traditional landline telephones and mobile phones can be made for a fee using a debit-baseduser account system. According to Expert, Vulnerability was reported to Vendor on 2012-02-24,  and Vendor Fix/Patch by Check on 2012-03-20. Affected versions are Skype - Windows, MacOs & Linux v5.8.0.156, 5.5.0.2340, 2.2 Beta. The exploitation met...

Office based Trojan threat for Mac OS X by Chinese hackers Security company ESET watches the newly found Trojan for OS X establish connections and receive commands to steal information. Earlier this month, researchers from AlienVault and Intego reported a new malware attack targeting Tibetan NGOs (Non-Governmental Organizations).  The attack consisted of luring the victim into visiting a malicious website, which then would drop a malicious payload on the target’s computer using Java vulnerability CVE-2011-3544 and execute it.  During installation on a Windows system, the payload deployed was a variant of Gh0st RAT (Remote Access Trojan). On the Mac though, a new payload, dubbed OSX/Lamadai.A, was used. ESET observed that once the Trojan installs it will establish a connection to a hard-coded remote C&C server located in China, and will wait in "busy" loop where it attempts to maintain its connection with the server. The server can then be used to issue co...

Kelihos Botnet with 110,000 PCs take down finally Botnets are particularly insidious, using thousands of virus-infected computers which their owners are unaware are being used for sending out spam, launching denial-of-service attacks and stealing data.But taking down a botnet poses challenges. The main problem is that legitimate security companies can’t use the same type of weapons as criminals. A group of malware experts from security companies Kaspersky Lab, CrowdStrike, Dell SecureWorks and the Honeynet Project, have worked together to disable the second version of the Kelihos botnet, which is significantly bigger than the one shut down by Microsoft and its partners. Kelihos is used to send spam, carry out DDoS attacks, and steal online currency such as bitcoin wallets. It operates as a so-called "peer-to-peer" bot network, which are more difficult to take down than those with a centralized command and control servers (C&C), according to Tillmann Werner, a senior ...

Dominican Republic Police arrested 6 Anonymous hackers Dominican Republic Police has arrested six hackers , Milton Corniell David Jimenez (Zerohack), Juan Rafael Leonardo Acosta (Nmap), Cristian de la Rosa Jose de los Santos (Mot), Robert Reynoso Delgado (Frank-Ostia) linked to Anonymous and accused by the authorities of attacking websites of state and private companies. Public Prosecutor German Vasquez alleges the six hacked into government websites, including ones for the president and the education ministry. He says the suspects range in age between 17 and 23. The members of combat cyber crime unit made the arrest in an joint operating in the country early Sunday in the capital Santiago. Defense lawyer Carlos Guerrero denies the accusations and says the government has no evidence. The defendants are accused of cyber terrorism, which the prosecution defined as a new form of threats and vulnerabilities in the Internet. denunciations of the "hacks" to institutions DG Int...

Japan orders Google to remove auto-complete function over privacy complaint Google has been ordered to disable part of its autocomplete function in Japan after complaints it violates privacy. According to a report by The Japan Times, the court was acting on a petition accusing Google’s autocomplete feature of being defamatory. The petition was filed by a Japanese man (name not disclosed) who alleged that some of the autocomplete suggestions accompanying his name were not only defamatory but also breached his privacy. The unnamed petitioner, in fact, claimed that these defamatory search suggestions even cost him his job. The man came to this conclusion after discovering that when people type his name into Google's search engine, words suggesting criminal acts, which he is unfamiliar with, automatically appear. If a computer-suggested term is selected, more than 10,000 items defaming or disparaging him show up in a list, Tomita said. Google has so far not carried out the court...

Customer Credit Reports for Resale in Black market Internet security concerns grew the most, Approximately half of respondents said they were seriously concerned about viruses, spam, and the safety of online shopping. 70% of respondents said they were seriously concerned about identity theft, and 68% said they were seriously concerned about credit or debit card fraud. MSNBC today reported that, Hackers breach into credit rating agencies and stealing customer credit reports for resale on the black market. They claim that AnnualCreditReport.com, Equifax.com, or CreditReport.com are being hacked and consumer data stolen from them. " I'm selling super prime credit reports and scores which include all 3 bureaus and other information ," brags one advertisement on one site. Hackers’ claim that the credit reporting firms are easy to compromise. The hacker explained that the trick is to open several credit report sites and keep trying random answers until one set works. A w...

17-year-old Hacker arrested for hacking into KPN mobile telecommunications A 17-year-old boy has been arrested for hacking into mobile telecommunications company KPN in the Netherlands. He has also been accused of other breaches in Japan, Korea, and Norway. The teenager was arrested last Tuesday in the Dutch town of Barendrecht, where police seized an encrypted computer, two laptops and other storage media including external hard drives, DVDs and USB sticks. The arrested teenager called himself "xS", "Yoshioka" and "Yui" online, is also suspected of breaching security of Tokohu University in Japan, as well as hacking computers at the Korea Advanced Institute of Science and Technology (KAIST) and at Trondheim University in Norway. Last but not least, he reportedly ran a website used for selling stolen credit card data. KPN also noted the arrest is unrelated to a January hack which resulted in the company taking 2 million e-mail accounts offline as a pre...

Microsoft censors The Pirate Bay links on Windows Live Messenger Microsoft has decided to block access to The Pirate Bay from Windows Live Messenger. When users try to send an instant message to a friend with a link from The Pirate Bay, Windows Live Messenger displays a warning, saying that the link is " blocked because it was reported as unsafe ." " We block instant messages if they contain malicious or spam URLs based on intelligence algorithms, third-party sources, and/or user complaints. Pirate Bay URLs were flagged by one or more of these and were consequently blocked ," Redmond told The Register in an emailed statement. The Pirate Bay has been a lightning rod of controversy for years now, as copyright holders take aim at the organisation for giving users access to their content. Much of the focus of last year's ill-fated Stop Online Piracy Act (SOPA) centered on stopping The Pirate Bay and other sites that provide a similar service. Still, The Pirate ...

A Russian Zeus attacker Sentenced from Million Dollar Fraud  A Russian Hacker, who was part of an elaborate Cyber attack that used Zeus Banking Trojan  in U.S. visas to move cash stolen from U.S. businesses out of the country was sentenced on March 23 to two years in U.S. federal prison. Nikokay Garifulin received a two-year prison term for his involvement in a global bank fraud scheme that used hundreds of phony bank accounts to steal over $3 million from dozens of U.S.accounts that were compromised by malware attacks. According to court documents and statements, Garifulin was part of a cyber bank fraud scheme, backed by Eastern European hackers to steal money from the bank accounts of small and mid-sized businesses throughout the U.S. The cyber attacks included Zeus Trojan, would embed itself in victims’ computers and record keystrokes as they logged into their online bank accounts. The hackers responsible for the malware then used the account information to take ...

In the biggest hacking case in China's Internet history, police have arrested a man suspected of leaking personal information about more than six million users. The suspect, surnamed Zeng , was nabbed in Wenzhou, east China's Zhejiang Province, on February 4 after an investigation into the case, Beijing News reported. Surnamed Zeng suspected of leaking personal information belonging to more than 6 million users of the China Software Developer Network (CSDN) . Zeng has been detained on charges of illegal acquisition of computer data. Police said the leaked information contained user IDs, passwords and e-mail addresses in clear text. The leak had a rippling effect on other websites, including online shopping, gaming, social networking and even financial service websites. Police noticed that most of the leaked data dated from July 2009 to July 2010, indicating the CSDN server was hacked before July 2010. Zeng caught the police's attention because he claimed in an online po...

Facebook profiles can be hijacked by Chrome extensions malware Cybercriminals are uploading malicious Chrome browser extensions to the official Chrome Web Store and use them to hijack Facebook accounts, according to security researchers from Kaspersky Lab. The rogue extensions are advertised on Facebook by scammers and claim to allow changing the color of profile pages, tracking profile visitors or even removing social media viruses. The attacks manifest as suggestions to download Facebook apps. Those apps are, alas, not real. Instead they are malware and, in one case, a malware-laden Chrome extension hosted in Google's very own Chrome Web Store. To do that, they must follow a series of steps, which include installing a fake Adobe Flash Player Chrome extension. The launchpad for the fake Flash Player is a Facebook app called “ Aprenda ”. If Aprenda is installed it redirects users to Chrome Web Store, encouraging them to install the fake Flash extension. “ This last o...

eToro Vulnerable to Database Dump Security Experts at Zsecure.net discover a serious Vulnerability in eToro, which is a financial trading company based in Cyprus and one of the top ranked Forex Trading Service Provider Worldwide. It provides personal online financial services in forex, commodities and stock indices through its own electronic trading platform. eToro is primarily a platform and a software provider; it is not itself a financial broker. Rather, it connects its customers with third party brokerage services provided by various brokers. About the Vulnerability zSecure team has detected detected an active vulnerability in eToro's web-portal which allows the complete access to their database and even the complete database can be dumped/downloaded. Since the company is handling the portfolio thousands of trader's keeping their database vulnerable to outside attack is a shame on the part of the company which is said to carrying millions of value of transactions every...

Oxford University launches Cyber Security Centre Cyber crime is not going away. As the world becomes ever more interconnected and dependent on networks, laptops and personal handheld devices, the opportunities are just too great. The personal information stored on such devices credit card information, drivers’ licenses and Social Security numbers is at high risk and is often targeted by criminals because of the price it can bring on the black market. The Oxford Cyber Security Center is the new home to cutting-edge research designed to tackle the growing threats posed by cyber terrorism and cyber crime, and to safeguard the trustworthiness of electronically-stored information. In addition to being a springboard for new research, is an umbrella for current research activity worth in excess of £5m, supported close involvement of over 12 permanent academic staff, and in excess of 25 research staff, 18 doctoral students. Each year brings its own set of risks and chal...

Return of Lulzsec , Dump 170937 accounts from Military Dating Site Another Hacking group after Lulzsec , comes with name LulzsecReborn has posted names, usernames, passwords, and emails of 170,937 accounts on MilitarySingles.com on Pastebin as part of the group’s Operation Digiturk. LulzSec was a major ticket item last year as the group hacked a number of high profile Web sites all in the name of the “lulz.” After their so called “50 Day Cruise,” the group broke up and went their separate ways.Hacker claim that, There are emails such as @us.army.mil ; @carney.navy.mil ; @greatlakes.cnet.navy.mil ; @microsoft.com ; etc.. in dump. In response to a query by the Office of Inadequate Security, ESingles, the parent company of MilitarySingles.com, said that there is “ no actual evidence that MilitarySingles.com was hacked and it is possible that the Tweet from Operation Digiturk is simply a false claim. ”. LulzSecReborn hack the site and added his deface page here , (as shown in abo...

Anonymous Attacker Package by Maxpain " Maxpain " Hacker and Security Developer, Releases two tools in an Package called " Anonymous Attacker Package ". First one is - Anonymous external attack , allows you to execute udp flood web attack, into websites, this tool was made as external of LOIC, the following package contains : #Anonymous External Attack - A console application made in C# that allows you to flood the websites with anonymous style , and sending 4096 packets each second. The program delays some seconds for each packet that it makes, so it flood effectively without lagging your own connections. Cool for DDoS attacks. (213kb file) #Anonymous DNS Extractor - Extracts the dns and ip servers of the following website, Developer included this program, cause in the target ip of AEA - anonymous external attack you need to use an IP. (128kb file) Both of programs are really light and console applications, by giving you the ultimate experience web attack. ...

Free Configuration Check Tool by eEye Digital Security eEye Digital Security, the industry’s leading innovator of threat management solutions, just released new research, “ Working Toward Configuration Best Practices ” . Findings verify that proper configuration and mitigations remain the most effective way to secure IT infrastructure. The research team at eEye also found that the leading mitigations it recommended in 2011 disabling WebDAV and Microsoft Office document converters - prevented even more vulnerabilities in 2011 than in 2010. In the case of turning off the Office document converters, the percentage increased from eight to 10 percent. Combined, the two tactics mitigate 20 percent of vulnerabilities. To put these relatively simple recommendations into action, IT administrators can download a new, free tool from the eEye researchers. It tests for some of the most highly recommended configuration updates and: • Offers a simple pass/fail and informational status ...