The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

181000 records compromised in Utah Security Breach Utah health officials said that hackers who broke into state computers last weekend stole far more medical records than originally thought, and the data likely includes Social Security numbers of children who have received public assistance. The Utah Department of Health has been hacked. 181,604 Medicaid/CHIP recipients have had their personal information stolen. 25,096 have had their Social Security numbers (SSNs) compromised. What is particularly threatening about this attack is the fact that the stolen records included personal information including client names, addresses, birth dates, SSNs, physician’s names, national provider identifiers, addresses, tax identification numbers, and procedure codes designed for billing purposes. “ We understand clients are worried about who may have accessed their personal information, and that many of them feel violated by having their information compromised ,” said Michael Hales, deputy dir...

Anonymous Leaks Tunisia Prime Minister ’s Emails Anonymous Hackers says it has hacked 2,725 emails belonging to Tunisia's ruling Ennahda party, including those of the prime minister, in the latest challenge to the Islamist-led government. The email addresses of the president, head of the Constituent Assembly, Ennahdha party officials, and other party leaders were disclosed as well as documents from the electoral campaigns. In a video posted on a Facebook page belonging to Anonymous TN, a hacker wearing the trademark activist "Guy Fawkes" mask, said the emails were released in protest against Ennahda's alleged failure to protect the unemployed and artists who were attacked by Salafi Islamists during a recent protest. The activist said the emails include phone numbers, bank transactions and invoices paid during Tunisia's election campaign in October, in which Ennahda won more than 40 percent of parliament seats, going on to lead the government. The Tunisian g...

Your Facebook credentials at risk on Android - iOS jailbroken devices Facebook allows its authentication credentials to be stored in plain text within the Apple iOS version of its mobile app, allowing an attacker complete control over your Facebook account if he knows where to look. Security researcher Gareth Wright noted the vulnerability and alerted Facebook. Wright wrote on his blog that he discovered the issue while exploring the application directories in his iPhone with a free tool and came across a Facebook access token in the Draw Something game on his phone. The simple ‘hack’ allows a user to copy a plain text file off of the device and onto another one. This effectively gives another user access to your account, profile and all on that iOS device. Facebook’s native apps for the two platforms not encrypting your login credentials, meaning they can be easily swiped over a USB connection, or more likely, via malicious apps. Facebook has responded that this issue only ...

Indian government get access to BlackBerry messages After a battle lasting almost two years, BlackBerry maker Research In Motion has knuckled under to the Indian government, giving security forces in that country access to private instant messages. RIM decided to set up Blackberry servers that were stationed in Mumbai, India. If you were thinking that this move could only lead to the Indian government seeking more control over what goes in and out of RIM’s Blackberry servers, you would be right on the money. Not only has the Indian government gotten their way with the Blackberry servers, but they will now be able to tap into BBM messages. This was confirmed by Indian security agencies who revealed that the process to decrypt the 256-bit encrypted data used by BBM is underway and would be up and running soon, claiming that the interception of BBM messages will be used in case where the government suspects that crimes or terror plots are being hatched. It should also be noted t...

Anonymous vs Britain's Home Office - Operation Trial At Home As announced during last days Anonymous has launched a Distributed Denial of Service (DDoS) against several UK government websites. A massive recruiting campaign is started on social media, a call to arm to protest the extradition of U.K. citizens to the United States. The Operation named “ Operation Trial At Home ,” fight the European Arrest Warrant (EAW) that could lead to the extradition of three accused criminals by the U.K.’s Home Office, the government department responsible for domestic security. Anonymous has provided Home Office’s IP address in its announcement to the supporters, Scheduling for April 7 the a DDoS ( with denial-of-service) attacks against the Home Office’s website. During the week I wrote and article on the intent of the famous group of hacktivist and on the possible reasons of the action. The attacks have mainly two motives: to protest against the extradition of Gary McKinnon, Christopher H...

Joomscan 4.4.2012 Security Scanner - 623 Vulnerabilities Added Security Team Web-Center just released an updated for Joomscan Security Scanner. The new database Have vulnarbilities 623. Joomla! is probably the most widely-used CMS out there due to its flexibility, user friendlinesss, extensibility to name a few.So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity.It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites. Check for new updates with command: ./joomscan.pl or check ./joomscan.pl update . A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site. Download for Windows (141 KB) Download for Linux (150 KB)

LulzSec hacker pleads guilty in Sony breach Accused LulzSec hacker Cody Kretsinger pleaded guilty today in a federal court in Los Angeles, California, to felony charges associated with the breach of Sony Pictures Entertainment that occurred in mid-2011. The hacker had previously pleaded not guilty.Kretsinger was arrested last September, months before the recent raid on the "leaders" of the group. The hacker had been charged with conspiracy and the unauthorized impairment of a protected computer and pleaded not guilty at the time for both counts. The indictment accused Kretsinger and co-conspirators of stealing confidential information from Sony Pictures' computer systems and distributing the material on LulzSec's website before trumpeting the attack on Twitter. The breach caused more than $600,000 in damages, according to court papers. He and other LulzSec hackers, including those known as "Sabu" and "Topiary," stole the personal information...

British Paypal hacker jailed for stealing millions Identities A UK cybercrook has been jailed for 26 months following his conviction for stealing millions of banking and PayPal identities. According to Report, Southwark Crown Court heard how Edward Pearson, 23, could have made about £834,000 if he chose to use the information he hacked out of people's Paypal accounts. Pearson, an 'incredibly talented' boarding school student who carried out the crime for an ‘intellectual challenge’, has been jailed for two years and two months. "One of his programs scanned through 200,000 accounts registered to online payment service PayPal - identifying names, passwords and current balances." according to the Daily Mail. Pearson might have been able to cash out the compromised accounts and make hundreds of thousands in ill-gotten gains. But in the event he actually only made £2,400 before his 21-year-old student girlfriend, Cassandra Mennim, used stolen credit cards to book...

Al-Qaeda websites hacked and remains down for past 12 days Al-Qaeda's main internet forums have been offline for the past 12 days in the longest sustained outages of the sites since they began operating. Several online forums frequently visited by al-Qaeda operatives were downed over the course of the last few weeks, including two of the terrorist organization’s top sites, al-Fida and Shamukh al-Islam. No one has claimed responsibility for disabling the sites but the breadth and duration of the outages have prompted speculation the forums have been taken down in a cyber attack launched perhaps by a government or hacking group. The digital sabotage could have been carried out by any number of governments or private hackers, said James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies. Some analysts have speculated that the administrators of the sites might have taken them down if they suspected that the forums had...

" Reboot " - Upcoming latest Hacker Movie you should watch Rosa Entertainment and Jan-Ken-Po Pictures just announced that their cyberpunk thriller short film “ Reboot ” will launch with a Sneak Preview at DEFCON. Written and Directed by Joe Kawasaki, and Produced by Sidney Sherman, the film stars a bevy of hot up-and-coming actors including Emily Somers (Gabriele Muccino’s upcoming “Playing the Field”), Travis Aaron Wade (“War of the Worlds”), Martin Copping (Australian series “Neighbours”), Sonalii Castillo (“NCIS”), and Janna Bossier (Slipnot’s “Vermilion"). Set within a dystopian world that is a collision between technology and humanity, “Reboot” touches upon many of the current social and political concerns that arise from becoming more and more intertwined with the virtual. In contemporary Los Angeles, a young female hacker (Stat) awakens from unconsciousness to find an iPhone glued to her hand and a mysterious countdown ticking away on the display. Suffering fr...

More than 600000 Macs system infected with Flashback Botnet The computer security industry is buzzing with warnings that more than half a million Macintosh computers may have been infected with a virus targeting Apple machines. Dr. Web originally reported Wednesday that 550,000 Macintosh computers were infected by the growing Mac botnet. But later in the day, Dr. Web malware analyst Sorokin Ivan announced on Twitter that the number of Macs infected with Flashback had increased to 600,000, with 274 of those based in Cupertino, Calif. Dr. Web explained that a system gets infected with the Mac Flashback trojan " after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system ." A specific JavaScript code on the site that contains the virus is then used to load a Java applet, which is how the malware makes its way onto a user's computer. This Trojan spreads via infected web pages and exploits Java vulnerabilities that have be...

Anonymous Plans 7 April Attack on British government UK hackers linked to the Anonymous group are encouraging supporters to attack the Home Office website this Saturday (7 April) in protest at the extradition of three UK citizens to the US. Called #OpTrialAtHome , the hacktivist group @AnonOpUK posted a warning on its Twitter page that an attack on the Home Office was planned for Saturday, 7 April. An associated photo/poster shows images of Gary McKinnon, Richard O’Dwyer and Christopher Tappin. McKinnon and O’Dwyer are awaiting extradition from the UK to the US. Tappin’s extradition was effected on 24 February when he was flown to El Paso, Texas. Supporters have been encouraged to launch denial-of-service attacks on the Home Office's IP address, which Anonymous has revealed. Those not savvy enough to launch automated attacks on the site could contribute to the effect by simply visiting the site in large numbers. Julian Assange, the editor-in-chief and founder of WikiLeaks, ...

Anonymous hacks 500  Chinese websites Messages by the international hacking group Anonymous went up on a number of Chinese government websites on Thursday to protest internet restrictions. " Dear Chinese Government, you are not infallible, today websites are hacked, tomorrow it will be your vile regime that will fall, " the message read in English. " So expect us because we do not forgive, never. What you are doing today to your Great People, tomorrow will be inflicted to you. With no mercy. Nothing will stop us, nor your anger nor your weapons. You do not scare us, because you cannot afraid an idea. " Some of the messages were directed at the Chinese people while others addressed the government. Some websites that Anonymous said it attacked were working Thursday, and government officials denied the sites were ever hacked. China's National Computer Network Emergency Response Technical Team was not available for immediate comment. The hacks were announced on...

Internet #Censorship : CISPA - Newest Cyber Security Bill If you download and distribute copyrighted material on the Internet, or share any information that governments or corporations find inconvenient, you could soon be labeled a threat to national security in the United States. That’s the aim of a bill in Congress called the Cyber Intelligence Sharing and Protection Act (CISPA). The good news is that SOPA and PIPA haven’t come to pass, but the bad news is that they could be followed by a bill that is even more invasive and could violate even more of your civil liberties. According to a press release issued last week, the bill already has over a 100 congressional co-sponsors. Yet the bill is only now beginning to appear on the public radar. CISPA would let companies spy on users and share private information with the federal government and other companies with near-total immunity from civil and criminal liability. It effectively creates a ‘cybersecurity’ exemption to all ex...

Anonymous Exposes data of 10,000 Civic Democrats from Czech Last week, Hackers posted on the internet the private data of Czech Prime Minister Petr Necas, including the numbers of his three mobile telephones, after a series of cyber attacks on government web sites. Hacker groups Anonymous and TrollSec claimed responsibility for the cyber attacks and for posting private data of the prime minister, saying they were protesting the Czech authorities, who are ignoring public sentiment and want to ratify the controversial agreement. The cyber attacks on the Czech government web sites, including on the Cabinet's website, come in the wake of worldwide protests against the ratification of the Anti-Counterfeiting Trade Agreement (ACTA). Today Anonymous Hackers claim to released personal details about members of the largest of the three parties in the ruling Czech coalition, the Civic Democrats (ODS). Details including mobile telephone numbers and personal ID card numbers were made publ...

Adobe releases open source malware classification tool Adobe Systems has released a malware classification tool in order to help security incident first responders, malware analysts and security researchers more easily identify malicious binary files. The ' Adobe Malware Classifier ' tool uses machine learning algorithms to classify Windows executable and dynamic link library (DLL) files as clean, malicious or unknown, Adobe security engineer Karthik Raman said in a recent blog post , Raman originally developed Malware Classifier for in-house use by Adobe's Product Security Incident Response (PSIRT) Team. When run, the tool extracts seven key attributes from every analyzed binary file and compares them to data obtained by running the J48, J48 Graft, PART, and Ridor machine-learning algorithms on a set of 100,000 malicious programs and 16,000 clean ones, Raman said. “ Malware classification can be a difficult task for even experienced analysts, especially in the modern ...

Cloudworm - Candidate MS12-020 - POC How secure are cloud servers? In technical circles, people are aware of the cloud variables and that cloud service providers offload the virtual machine security onto the customer as much as possible. Technical people know this. Not all cloud customers fall into this category and not all clouds are created equally. There are more casual and also very (too busy) customers as well. It is highly probably that many Windows cloud images may be vulnerable to a MS12-020 RDP exploit by default. New research using the nmap nse script " rdp-ms12-020.nse " developed by @ea_foundation shows that all Rackspace Windows cloud images are vulnerable by default. And on AWS EC2 any existing, unpatched Windows AMIs or EBS images (pre 2012.03.13) that are booted with the AWS Management Console default firewall ruleset are vulnerable as well. A Cloudworm Although cloud service providers have taken some steps to mitigate MS12-020, it is nowhere near enough...

Johnny - GUI for John the Ripper Johnny is a GUI for John the Ripper. It was proposed by Shinnok. s release includes all things from development release plus nice tabbed panel for mode selection and some additional clean-ups. Basic functionality is supposed to work: password could be loaded from file and cracked with different options. The reasoning behind Johnny is simple but at the same time profound: Complexity through simplicity and non-intrusive expert and non-expert availability. Johnny is a GUI concept to John the Ripper written in C++ using the Qt framework, making it cross-platform on both Unix/Linux and Windows operating systems. It was programmed as a part of the Google Summer of Code 2012 and supports bother 32-bit and 64-bit architectures. The interface also leaves room for lots of new options, either future John options, as well as GUI specific options like, hash detection, dictionary editing and generation or interactive bruteforce charsets or rules creation and many ...

POC Android botnet - Command and Control Channel over SMS To avoid detection, this proof-of-concept code utilizes the Short Messaging Service (SMS) as a command & control channel. This adds fault tolerance because, if a smartphone is not available on the GSM network due to being powered off or out of service range, when an SMS message arrives for delivery, the message is queued and delivered by the network. Download the POC code from Here. Compiling instructions are simple and straight forward. Please follow these: Compile with arm-gcc with the -static flag set Copy to anywhere on the underlying OS that is writable (/data/ is good). Rename /dev/smd0/ to /dev/smd0real/ Start the bot application Kill the radio application (ps | grep rild) The radio will automatically respawn and now the bot proxy will be working The PoC code for smartphone botnet C&C over SMS was presented at the Shmoocon held in January 2011. It seems that the author also has it working for the ...

Cyber Warfare - The Hacker News Magazine April 2012 Edition Call it Cyber Warfare, Terrorism, Computer Mania this month The Hacker News turns over every leaf of the newest way world citizens are fighting wars and using their keyboards to destroy planet earth. Most call it Cyber Warfare and we are once again proud to have some fantastic writers like Pierluigi Paganini , Mourad Ben Lakhoua , Lee Ives , Paul F. Renda and Ahmed Sherif back with us to help educate all our readers about the impending cyber war crisis and what we can do about it. Pierluigi Paganini gives us a step by step technical understanding of the issue and Ahmed Sherif gives a fantastic look at SCADA, the workings and the take downs. Join us as we explore this new frontier and let us know how you feel and what you have learned! Download   (Cyber Warfare)   April Edition [7.05 Mb PDF] Want to Download All other Editions ? [ Click Here ]

The Pirate Bay Buys Greek Airspace for Launching Low Orbit Server Drones Few days back we reported that , One of the world's largest BitTorrent sites " The Pirate Bay " is going to put servers on GPS-controlled aircraft drones in order to evade authorities who are looking to shut the site down. Most of the people from World didn't take it serious, well but The Pirate Bay is apparently deadly serious about investing in drone servers that it will fly in international airspace to make it incredibly difficult for governments to stop its expansion. A blog posting on the Pirate Bay site said the service had gone offline for a few hours on 18th March to move its front machines (which redirect a user’s traffic to a masked location). “ We have now decided to try to build something extraordinary ,” it said. If actually happening, it is part of a wider move to stay several steps ahead of the law, with The Pirate Bay gleefully thumbing its nose at the legislative attempts...

New Java Exploits boosts BlackHole exploit kit A widely disseminated exploit kit popular with hackers has been updated to take advantage of a recently discovered Java vulnerability. Researchers at Microsoft reported last week that it had observed this vulnerability being exploited in the wild. The Java exploit allows attackers to bypass the Java Runtime Environment's sandbox platform to install malicious code remotely. The malicious Java applet is loaded from an obfuscated HTML file. The Java applet contains two Java class files one Java class file triggers the vulnerability and the other one is a loader class used for loading. Named CVE-20120-0507, the flaw essentially allows hackers to bypass the Java sandbox, which is a mechanism designed to blunt attacks from malicious code. For its part, the BlackHole exploit kit, available underground, allows users armed with only basic computer knowledge to set up malicious websites to target vulnerable computers through the web browser...

Lulzsec Ryan Cleary Again in Jail for breaking his bail conditions The lawyer for a 19-year-old Briton Ryan Cleary suspected of links to the hacking group Lulz Security says her client's back behind bars for breaching his bail conditions. Mr Cleary, is accused of being a member of the hacktivist group LulzSec as it carried out a series of attacks on targets including the UK's Serious Organised Crime Agency, the CIA and News International. Cleary, who was never an official LulzSec member but ran an Internet Relay Chat that the group used to communicate, had apparently been trading e-mails with Hector Xavier Monsegur, a.k.a. Sabu, the recently outed LulzSec mastermind turned FBI informant. That was a direct violation of his bail agreement, which dictated that Cleary was to have no access to the Internet whatsoever. The Metropolitan Police said Cleary was rearrested on March 5, a day before the FBI disclosed that Monsegur, better known as Sabu, had been secretly working as...

Chinese hacker targeting Indian government and Tibetan activists Sites Websites of Indian government and Tibetan activists in the country are under attack in a cyber attack campaign engineered by a Chinese hacker, working with one of the world's largest e-tailers Tencent. The cyber criminal in question is Gu Kaiyuan, once a graduate student at a Chinese university that receives government financial support for its computer security program and currently an employee at Chinese portal Tencent. Before Kaiyuan initiated the exploits, collectively called the Luckycat campaign , he was involved in recruiting students for his school’s computer security and defense research. The Luckycat cyber campaign, has been linked to 90 attacks in recent past against targets in India and Japan, as well as against Tibetan activists, said the report released by the Japanese network security firm. 'Luckycat' has been able to compromise about 233 computers many of which are in India. A report...

Android Malware as Chinese game " The Roar of the Pharaoh " Security researchers have spotted a bogus Chinese game, that’s actually a trojan horse gathering sensitive information from infected devices, next to sending premium-rate SMS messages. It is Chinese game that is original with its rights but on Android it is a fake application that inherits malware Trojan to steal important information from your cell phone. The malware works after an unknowing Android handset owner installs the app, allowing the malware to collect data, such as phone number, IMEI number, phone model, screen size and platform, and recording the OS version and platform used for sending via SMS to the Trojan’s authors. But it also noted the new Trojan is unusual as it does not ask for any specific permissions during installation, which is often an indicator an application is up to no good.It added the malware masquerades as a service called " GameUpdateService " a very plausible name for a ...

U.S. Ambassador claim to be hacked by Russians Michael McFaul, the U.S. ambassador to Russia, took to Twitter Thursday night to accuse Russian media organization NTV of hacking his cell phone and email account. “ I respect the right of the press to go anywhere & ask any question. But do they have a right to read my email and listen to my phone? ” he tweeted this afternoon. when McFaul arrived for a meeting with the group For Human Rights today, reporters from state-owned NTV began peppering him with questions that kept him on the freezing street without a coat.“ Everywhere I go NTV is there. Wonder who gives them my calendar? They wouldn’t tell me. Wonder what the laws are here for such things? ” McFaul tweeted. Russian news agencies said NTV dismissed McFaul’s complaint, and officials at the station, which is owned by Gazprom, the state-controlled monopoly, said they have a network of informants who provide them with information. Mr McFaul suggested the television reporters ...

DKFBootKit - First Android BootKit Malware NQ Mobile Security Research Center has recently uncovered a new malware DKFBootKit. This malware is identified when monitoring and analyzing the evolution of earlier DroidKungFu variants. What sets DKFBootKit apart from malware like DroidDream, is that DKFBootKit replaces certain boot processes and can begin running even before the system is completely booted up. DKFBootKit repackages legitimate apps by enclosing its own malicious payloads in them. However, the victim apps it chooses to infect are utility apps which require the root privilege to work properly. NQ says the malicious code has already infected 1,657 Android devices in the past two weeks and has appeared on at least 50 different mobile apps. These apps seem to have legitimate reasons to request root privilege for their own functionality. It is also reasonable to believe that users will likely grant the root privilege to these apps. DKFBootKit makes use of the grant...

Twitter Takes Tweetdeck Offline due to Vulnerability Twitter has taken its Tweetdeck app offline after an apparent bug has possibly given some Tweetdeck users access to others’ accounts. The web version of Tweetdeck is currently down , although older desktop editions of the software appear to continue to receive and send Tweets at the moment, and can still log out and back in. A Sydney, Australia-based Tweetdeck user named Geoff Evason says he discovered today he was somehow able to access hundreds of other accounts through Tweetdeck . “ I’m a tweetdeck user. A bug has given me access to hundreds of twitter and facebooks account through tweetdeck. I didn’t do anything special to make this happen. I just logged in one day, the account was was slower than normal, and I could post from many more accounts. ” And demonstrated that he could access another account by sending Tweet . Other accounts may well be affected, as Twitter quickly shut off access to Tweetdeck entirel...

Your Xbox 360 credit card details Vulnerable to Hack It has been discovered by researchers at Philadelphia’s Drexel University, that credit card data on older Xbox 360 systems that have been traded in or sold on. Hackers can now retrieve personal information from refurbished Xbox consoles, suggesting consumers exercise more caution with their electronic devices. " Anyone can freely download a lot of this software, essentially pick up a discarded game console, and have someone's identity ," said researcher Ashley Podhradsky. The team has discovered that even restoring your console to factory settings won’t remove some of the data stored on the Xbox 360. " Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described. Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox own...