The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

FlashBack Checker - Tool Detects Flashback Mac Malware A Mac developer has posted a tool that detects a Flashback malware infection on Apple's computers. Last week we posted about,  More than 600000 Macs system infected with Flashback Botnet . That's slightly more than 1 percent of all 45 million Macs in the world still a relatively small number, but a worrisome one for Mac users, as the tally of infected machines continues to grow. FlashBack Checker - 38KB tool was created by Juan Leon , a software engineer at Garmin International, the Kansas-based company best known for its GPS devices. When Flashback Checker is run, it displays "No signs of infection were found" or provides additional information if it does detect changes the malware has made to the Mac. According to Dr. Web, the Russian security company that was the first firm to quantify Flashback infections, nearly 2% of all Macs have been hit by the malware.  Dr. Web used a different technique to detect...

Anonymous target USTelecom and TechAmerica for supporting Cybersecurity Bill Two technology trade associations said they were targeted by the hacker-activist group Anonymous as it singled out supporters of proposed legislation to improve U.S. cybersecurity. The hacker group Anonymous claimed responsibility for taking down the websites of USTelecom and Tech America, which both back the Cyber Intelligence Sharing and Protection Act of 2011. Both sites remained unreachable as of Monday afternoon. The attacks began yesterday when users were unable to log onto the sites. USTelecom represents telecom companies, including AT&T, Verizon, and CenturyLink; and TechAmerica's members include tech companies such as IBM, Microsoft, and Apple. A Twitter account called @Anon_Central yesterday called the Rogers bill “ draconian ” and posted a link to groups and companies supporting the legislation.[ See List here ] Anonymous posted a YouTube video showing USTelecom's site down S...

Anonymous plans to take down Great Firewall of China Anonymous plans to launch more attacks on Chinese government Web sites in an effort to highlight corruption and push for human rights improvements. While they managed to deface well over 500 sites we are now hearing they aren’t finished yet and have even more plans for the Chinese government coming soon, and bigger targets. The group used the Twitter account “ Anonymous China ” to publicise the attacks, posting links to data files that contained passwords and other personal information from the hacked websites. This comes just days after all the attacks last week that even had messages warning of the downfall of the Chinese government. The attacks are part of a bigger plan according to Anonymous hacker “ f0ws3r ” who told Reuters that the group is hoping to take down the “ Great Firewall of China ” A recent tweet from the Anonymous China Twitter feed confirms the group’s plans. They claim to have hundreds of translat...

TigerBot - SMS Controlled Android Malware Stealing Information A new form of Android malware controlled via SMS messages has been discovered and the malware can record phone calls, upload the device’s GPS location, and reboot the phone, among other things. Researchers at NQ Mobile, working alongside researchers at North Carolina State University, have discovered this Android malware called "TigerBot", differs from “traditional” malware in that it is controlled via SMS rather than from a command & control (C&C) server on the Internet. A common aspect of Android malware is the use of a command and control server that tells the malware what to do next and acts as a repository for any captured passwords or banking information. The current information about this malware show that it can execute a range of commands including uploading the phone’s current location, sending SMS messages, and even recording phone calls. It works by intercepting SMS messages sent to the...

181000 records compromised in Utah Security Breach Utah health officials said that hackers who broke into state computers last weekend stole far more medical records than originally thought, and the data likely includes Social Security numbers of children who have received public assistance. The Utah Department of Health has been hacked. 181,604 Medicaid/CHIP recipients have had their personal information stolen. 25,096 have had their Social Security numbers (SSNs) compromised. What is particularly threatening about this attack is the fact that the stolen records included personal information including client names, addresses, birth dates, SSNs, physician’s names, national provider identifiers, addresses, tax identification numbers, and procedure codes designed for billing purposes. “ We understand clients are worried about who may have accessed their personal information, and that many of them feel violated by having their information compromised ,” said Michael Hales, deputy dir...

Anonymous Leaks Tunisia Prime Minister ’s Emails Anonymous Hackers says it has hacked 2,725 emails belonging to Tunisia's ruling Ennahda party, including those of the prime minister, in the latest challenge to the Islamist-led government. The email addresses of the president, head of the Constituent Assembly, Ennahdha party officials, and other party leaders were disclosed as well as documents from the electoral campaigns. In a video posted on a Facebook page belonging to Anonymous TN, a hacker wearing the trademark activist "Guy Fawkes" mask, said the emails were released in protest against Ennahda's alleged failure to protect the unemployed and artists who were attacked by Salafi Islamists during a recent protest. The activist said the emails include phone numbers, bank transactions and invoices paid during Tunisia's election campaign in October, in which Ennahda won more than 40 percent of parliament seats, going on to lead the government. The Tunisian g...

Your Facebook credentials at risk on Android - iOS jailbroken devices Facebook allows its authentication credentials to be stored in plain text within the Apple iOS version of its mobile app, allowing an attacker complete control over your Facebook account if he knows where to look. Security researcher Gareth Wright noted the vulnerability and alerted Facebook. Wright wrote on his blog that he discovered the issue while exploring the application directories in his iPhone with a free tool and came across a Facebook access token in the Draw Something game on his phone. The simple ‘hack’ allows a user to copy a plain text file off of the device and onto another one. This effectively gives another user access to your account, profile and all on that iOS device. Facebook’s native apps for the two platforms not encrypting your login credentials, meaning they can be easily swiped over a USB connection, or more likely, via malicious apps. Facebook has responded that this issue only ...

Indian government get access to BlackBerry messages After a battle lasting almost two years, BlackBerry maker Research In Motion has knuckled under to the Indian government, giving security forces in that country access to private instant messages. RIM decided to set up Blackberry servers that were stationed in Mumbai, India. If you were thinking that this move could only lead to the Indian government seeking more control over what goes in and out of RIM’s Blackberry servers, you would be right on the money. Not only has the Indian government gotten their way with the Blackberry servers, but they will now be able to tap into BBM messages. This was confirmed by Indian security agencies who revealed that the process to decrypt the 256-bit encrypted data used by BBM is underway and would be up and running soon, claiming that the interception of BBM messages will be used in case where the government suspects that crimes or terror plots are being hatched. It should also be noted t...

Anonymous vs Britain's Home Office - Operation Trial At Home As announced during last days Anonymous has launched a Distributed Denial of Service (DDoS) against several UK government websites. A massive recruiting campaign is started on social media, a call to arm to protest the extradition of U.K. citizens to the United States. The Operation named “ Operation Trial At Home ,” fight the European Arrest Warrant (EAW) that could lead to the extradition of three accused criminals by the U.K.’s Home Office, the government department responsible for domestic security. Anonymous has provided Home Office’s IP address in its announcement to the supporters, Scheduling for April 7 the a DDoS ( with denial-of-service) attacks against the Home Office’s website. During the week I wrote and article on the intent of the famous group of hacktivist and on the possible reasons of the action. The attacks have mainly two motives: to protest against the extradition of Gary McKinnon, Christopher H...

Joomscan 4.4.2012 Security Scanner - 623 Vulnerabilities Added Security Team Web-Center just released an updated for Joomscan Security Scanner. The new database Have vulnarbilities 623. Joomla! is probably the most widely-used CMS out there due to its flexibility, user friendlinesss, extensibility to name a few.So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity.It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites. Check for new updates with command: ./joomscan.pl or check ./joomscan.pl update . A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site. Download for Windows (141 KB) Download for Linux (150 KB)

LulzSec hacker pleads guilty in Sony breach Accused LulzSec hacker Cody Kretsinger pleaded guilty today in a federal court in Los Angeles, California, to felony charges associated with the breach of Sony Pictures Entertainment that occurred in mid-2011. The hacker had previously pleaded not guilty.Kretsinger was arrested last September, months before the recent raid on the "leaders" of the group. The hacker had been charged with conspiracy and the unauthorized impairment of a protected computer and pleaded not guilty at the time for both counts. The indictment accused Kretsinger and co-conspirators of stealing confidential information from Sony Pictures' computer systems and distributing the material on LulzSec's website before trumpeting the attack on Twitter. The breach caused more than $600,000 in damages, according to court papers. He and other LulzSec hackers, including those known as "Sabu" and "Topiary," stole the personal information...

British Paypal hacker jailed for stealing millions Identities A UK cybercrook has been jailed for 26 months following his conviction for stealing millions of banking and PayPal identities. According to Report, Southwark Crown Court heard how Edward Pearson, 23, could have made about £834,000 if he chose to use the information he hacked out of people's Paypal accounts. Pearson, an 'incredibly talented' boarding school student who carried out the crime for an ‘intellectual challenge’, has been jailed for two years and two months. "One of his programs scanned through 200,000 accounts registered to online payment service PayPal - identifying names, passwords and current balances." according to the Daily Mail. Pearson might have been able to cash out the compromised accounts and make hundreds of thousands in ill-gotten gains. But in the event he actually only made £2,400 before his 21-year-old student girlfriend, Cassandra Mennim, used stolen credit cards to book...

Al-Qaeda websites hacked and remains down for past 12 days Al-Qaeda's main internet forums have been offline for the past 12 days in the longest sustained outages of the sites since they began operating. Several online forums frequently visited by al-Qaeda operatives were downed over the course of the last few weeks, including two of the terrorist organization’s top sites, al-Fida and Shamukh al-Islam. No one has claimed responsibility for disabling the sites but the breadth and duration of the outages have prompted speculation the forums have been taken down in a cyber attack launched perhaps by a government or hacking group. The digital sabotage could have been carried out by any number of governments or private hackers, said James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies. Some analysts have speculated that the administrators of the sites might have taken them down if they suspected that the forums had...

" Reboot " - Upcoming latest Hacker Movie you should watch Rosa Entertainment and Jan-Ken-Po Pictures just announced that their cyberpunk thriller short film “ Reboot ” will launch with a Sneak Preview at DEFCON. Written and Directed by Joe Kawasaki, and Produced by Sidney Sherman, the film stars a bevy of hot up-and-coming actors including Emily Somers (Gabriele Muccino’s upcoming “Playing the Field”), Travis Aaron Wade (“War of the Worlds”), Martin Copping (Australian series “Neighbours”), Sonalii Castillo (“NCIS”), and Janna Bossier (Slipnot’s “Vermilion"). Set within a dystopian world that is a collision between technology and humanity, “Reboot” touches upon many of the current social and political concerns that arise from becoming more and more intertwined with the virtual. In contemporary Los Angeles, a young female hacker (Stat) awakens from unconsciousness to find an iPhone glued to her hand and a mysterious countdown ticking away on the display. Suffering fr...

More than 600000 Macs system infected with Flashback Botnet The computer security industry is buzzing with warnings that more than half a million Macintosh computers may have been infected with a virus targeting Apple machines. Dr. Web originally reported Wednesday that 550,000 Macintosh computers were infected by the growing Mac botnet. But later in the day, Dr. Web malware analyst Sorokin Ivan announced on Twitter that the number of Macs infected with Flashback had increased to 600,000, with 274 of those based in Cupertino, Calif. Dr. Web explained that a system gets infected with the Mac Flashback trojan " after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system ." A specific JavaScript code on the site that contains the virus is then used to load a Java applet, which is how the malware makes its way onto a user's computer. This Trojan spreads via infected web pages and exploits Java vulnerabilities that have be...

Anonymous Plans 7 April Attack on British government UK hackers linked to the Anonymous group are encouraging supporters to attack the Home Office website this Saturday (7 April) in protest at the extradition of three UK citizens to the US. Called #OpTrialAtHome , the hacktivist group @AnonOpUK posted a warning on its Twitter page that an attack on the Home Office was planned for Saturday, 7 April. An associated photo/poster shows images of Gary McKinnon, Richard O’Dwyer and Christopher Tappin. McKinnon and O’Dwyer are awaiting extradition from the UK to the US. Tappin’s extradition was effected on 24 February when he was flown to El Paso, Texas. Supporters have been encouraged to launch denial-of-service attacks on the Home Office's IP address, which Anonymous has revealed. Those not savvy enough to launch automated attacks on the site could contribute to the effect by simply visiting the site in large numbers. Julian Assange, the editor-in-chief and founder of WikiLeaks, ...

Anonymous hacks 500  Chinese websites Messages by the international hacking group Anonymous went up on a number of Chinese government websites on Thursday to protest internet restrictions. " Dear Chinese Government, you are not infallible, today websites are hacked, tomorrow it will be your vile regime that will fall, " the message read in English. " So expect us because we do not forgive, never. What you are doing today to your Great People, tomorrow will be inflicted to you. With no mercy. Nothing will stop us, nor your anger nor your weapons. You do not scare us, because you cannot afraid an idea. " Some of the messages were directed at the Chinese people while others addressed the government. Some websites that Anonymous said it attacked were working Thursday, and government officials denied the sites were ever hacked. China's National Computer Network Emergency Response Technical Team was not available for immediate comment. The hacks were announced on...

Internet #Censorship : CISPA - Newest Cyber Security Bill If you download and distribute copyrighted material on the Internet, or share any information that governments or corporations find inconvenient, you could soon be labeled a threat to national security in the United States. That’s the aim of a bill in Congress called the Cyber Intelligence Sharing and Protection Act (CISPA). The good news is that SOPA and PIPA haven’t come to pass, but the bad news is that they could be followed by a bill that is even more invasive and could violate even more of your civil liberties. According to a press release issued last week, the bill already has over a 100 congressional co-sponsors. Yet the bill is only now beginning to appear on the public radar. CISPA would let companies spy on users and share private information with the federal government and other companies with near-total immunity from civil and criminal liability. It effectively creates a ‘cybersecurity’ exemption to all ex...

Anonymous Exposes data of 10,000 Civic Democrats from Czech Last week, Hackers posted on the internet the private data of Czech Prime Minister Petr Necas, including the numbers of his three mobile telephones, after a series of cyber attacks on government web sites. Hacker groups Anonymous and TrollSec claimed responsibility for the cyber attacks and for posting private data of the prime minister, saying they were protesting the Czech authorities, who are ignoring public sentiment and want to ratify the controversial agreement. The cyber attacks on the Czech government web sites, including on the Cabinet's website, come in the wake of worldwide protests against the ratification of the Anti-Counterfeiting Trade Agreement (ACTA). Today Anonymous Hackers claim to released personal details about members of the largest of the three parties in the ruling Czech coalition, the Civic Democrats (ODS). Details including mobile telephone numbers and personal ID card numbers were made publ...

Adobe releases open source malware classification tool Adobe Systems has released a malware classification tool in order to help security incident first responders, malware analysts and security researchers more easily identify malicious binary files. The ' Adobe Malware Classifier ' tool uses machine learning algorithms to classify Windows executable and dynamic link library (DLL) files as clean, malicious or unknown, Adobe security engineer Karthik Raman said in a recent blog post , Raman originally developed Malware Classifier for in-house use by Adobe's Product Security Incident Response (PSIRT) Team. When run, the tool extracts seven key attributes from every analyzed binary file and compares them to data obtained by running the J48, J48 Graft, PART, and Ridor machine-learning algorithms on a set of 100,000 malicious programs and 16,000 clean ones, Raman said. “ Malware classification can be a difficult task for even experienced analysts, especially in the modern ...

Cloudworm - Candidate MS12-020 - POC How secure are cloud servers? In technical circles, people are aware of the cloud variables and that cloud service providers offload the virtual machine security onto the customer as much as possible. Technical people know this. Not all cloud customers fall into this category and not all clouds are created equally. There are more casual and also very (too busy) customers as well. It is highly probably that many Windows cloud images may be vulnerable to a MS12-020 RDP exploit by default. New research using the nmap nse script " rdp-ms12-020.nse " developed by @ea_foundation shows that all Rackspace Windows cloud images are vulnerable by default. And on AWS EC2 any existing, unpatched Windows AMIs or EBS images (pre 2012.03.13) that are booted with the AWS Management Console default firewall ruleset are vulnerable as well. A Cloudworm Although cloud service providers have taken some steps to mitigate MS12-020, it is nowhere near enough...

Johnny - GUI for John the Ripper Johnny is a GUI for John the Ripper. It was proposed by Shinnok. s release includes all things from development release plus nice tabbed panel for mode selection and some additional clean-ups. Basic functionality is supposed to work: password could be loaded from file and cracked with different options. The reasoning behind Johnny is simple but at the same time profound: Complexity through simplicity and non-intrusive expert and non-expert availability. Johnny is a GUI concept to John the Ripper written in C++ using the Qt framework, making it cross-platform on both Unix/Linux and Windows operating systems. It was programmed as a part of the Google Summer of Code 2012 and supports bother 32-bit and 64-bit architectures. The interface also leaves room for lots of new options, either future John options, as well as GUI specific options like, hash detection, dictionary editing and generation or interactive bruteforce charsets or rules creation and many ...

POC Android botnet - Command and Control Channel over SMS To avoid detection, this proof-of-concept code utilizes the Short Messaging Service (SMS) as a command & control channel. This adds fault tolerance because, if a smartphone is not available on the GSM network due to being powered off or out of service range, when an SMS message arrives for delivery, the message is queued and delivered by the network. Download the POC code from Here. Compiling instructions are simple and straight forward. Please follow these: Compile with arm-gcc with the -static flag set Copy to anywhere on the underlying OS that is writable (/data/ is good). Rename /dev/smd0/ to /dev/smd0real/ Start the bot application Kill the radio application (ps | grep rild) The radio will automatically respawn and now the bot proxy will be working The PoC code for smartphone botnet C&C over SMS was presented at the Shmoocon held in January 2011. It seems that the author also has it working for the ...

Cyber Warfare - The Hacker News Magazine April 2012 Edition Call it Cyber Warfare, Terrorism, Computer Mania this month The Hacker News turns over every leaf of the newest way world citizens are fighting wars and using their keyboards to destroy planet earth. Most call it Cyber Warfare and we are once again proud to have some fantastic writers like Pierluigi Paganini , Mourad Ben Lakhoua , Lee Ives , Paul F. Renda and Ahmed Sherif back with us to help educate all our readers about the impending cyber war crisis and what we can do about it. Pierluigi Paganini gives us a step by step technical understanding of the issue and Ahmed Sherif gives a fantastic look at SCADA, the workings and the take downs. Join us as we explore this new frontier and let us know how you feel and what you have learned! Download   (Cyber Warfare)   April Edition [7.05 Mb PDF] Want to Download All other Editions ? [ Click Here ]

The Pirate Bay Buys Greek Airspace for Launching Low Orbit Server Drones Few days back we reported that , One of the world's largest BitTorrent sites " The Pirate Bay " is going to put servers on GPS-controlled aircraft drones in order to evade authorities who are looking to shut the site down. Most of the people from World didn't take it serious, well but The Pirate Bay is apparently deadly serious about investing in drone servers that it will fly in international airspace to make it incredibly difficult for governments to stop its expansion. A blog posting on the Pirate Bay site said the service had gone offline for a few hours on 18th March to move its front machines (which redirect a user’s traffic to a masked location). “ We have now decided to try to build something extraordinary ,” it said. If actually happening, it is part of a wider move to stay several steps ahead of the law, with The Pirate Bay gleefully thumbing its nose at the legislative attempts...

New Java Exploits boosts BlackHole exploit kit A widely disseminated exploit kit popular with hackers has been updated to take advantage of a recently discovered Java vulnerability. Researchers at Microsoft reported last week that it had observed this vulnerability being exploited in the wild. The Java exploit allows attackers to bypass the Java Runtime Environment's sandbox platform to install malicious code remotely. The malicious Java applet is loaded from an obfuscated HTML file. The Java applet contains two Java class files one Java class file triggers the vulnerability and the other one is a loader class used for loading. Named CVE-20120-0507, the flaw essentially allows hackers to bypass the Java sandbox, which is a mechanism designed to blunt attacks from malicious code. For its part, the BlackHole exploit kit, available underground, allows users armed with only basic computer knowledge to set up malicious websites to target vulnerable computers through the web browser...

Lulzsec Ryan Cleary Again in Jail for breaking his bail conditions The lawyer for a 19-year-old Briton Ryan Cleary suspected of links to the hacking group Lulz Security says her client's back behind bars for breaching his bail conditions. Mr Cleary, is accused of being a member of the hacktivist group LulzSec as it carried out a series of attacks on targets including the UK's Serious Organised Crime Agency, the CIA and News International. Cleary, who was never an official LulzSec member but ran an Internet Relay Chat that the group used to communicate, had apparently been trading e-mails with Hector Xavier Monsegur, a.k.a. Sabu, the recently outed LulzSec mastermind turned FBI informant. That was a direct violation of his bail agreement, which dictated that Cleary was to have no access to the Internet whatsoever. The Metropolitan Police said Cleary was rearrested on March 5, a day before the FBI disclosed that Monsegur, better known as Sabu, had been secretly working as...

Chinese hacker targeting Indian government and Tibetan activists Sites Websites of Indian government and Tibetan activists in the country are under attack in a cyber attack campaign engineered by a Chinese hacker, working with one of the world's largest e-tailers Tencent. The cyber criminal in question is Gu Kaiyuan, once a graduate student at a Chinese university that receives government financial support for its computer security program and currently an employee at Chinese portal Tencent. Before Kaiyuan initiated the exploits, collectively called the Luckycat campaign , he was involved in recruiting students for his school’s computer security and defense research. The Luckycat cyber campaign, has been linked to 90 attacks in recent past against targets in India and Japan, as well as against Tibetan activists, said the report released by the Japanese network security firm. 'Luckycat' has been able to compromise about 233 computers many of which are in India. A report...