The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Pro-Tibetan activists become victim of Spear Phishing Hackers are ramping up their attacks against Tibetan activists and are using increasingly sophisticated techniques to deliver malware An interesting example of such a malicious email has recently been spotted by FireEye researcher Alex Lanstein, who is currently monitoring these spam campaigns. In the last few of months, several security vendors have reported targeted attacks that distributed malware designed to steal confidential information from people or organizations supporting the Tibetan cause. This tactic recently re-surfaced during our monitoring of Tibetan-leveraging malware campaigns. It came in the form of BKDR_RILER.SVR, a backdoor that arrives infected by PE_SALITY.AC. A simple Spear Phishing technique was used recently to trick Tibetan activists into opening malicious PDF email attachments, by quoting a legitimate email message sent by FireEye's Lanstein to people who submitted Tibet-related malware sampl...

Security Concern : Internet Enabled TV can be hacked ! Is your Internet TV vulnerable to hackers? Internet TVs could be the newest avenue for cybercriminals to infiltrate your home or business. Last year, Researchers at Mocana, a security technology company in San Francisco, recently discovered they could hack into a best-selling Internet-ready HDTV model with unsettling ease. According to a new report from researcher NPD In-Stat predicts that 100 million homes in North America and Western Europe will own television sets that blend traditional programs with Internet content by 2016. What exactly these Internet Enabled TV have ?  Its IP addresses, always-on network interfaces, CPUs, storage, memory, and operating systems the details that have offered hackers a bounty of attack choices for the last three decades. " Our goal was to see if we could hack into the set-top box, steal customer personal information, pirate services, and incur denial-of-service conditions. "...

Nikjju Mass injection campaign target more than 2 Millions Urls Daniel Cid an open source developer and information security professional reported on Sucuri blog that their team tracked a new mass SQL injection campaign that started early this month and till now more than 180,000 URLs have been compromised.  Nikjju is a mass SQL injection campaign targeting ASP/ASP.net sites. At the time of writing Google has identified 361,000 pages infected with that javascript call, but the number is growing really fast. In this case it adds the following javascript to the compromised sites. One more interesting fact that researchers have noticed that  Nikjju.com domain was registered on April 1st 2012 and in 18 days more than 180,000 urls get infected. This mass Sql Injection also compromise some Government sites also , as listed below : jnd.xmchengdu.gov.cn study.dyny.gov.cn www.cnll.gov.cn www.bj.hzjcy.gov.cn www.mirpurkhas.gov.pk www.tdnyw....

Google Sent Hacked Notification Messages to Millions of Webmasters Google’s head of the webspam team, Matt Cutts, announced on Twitter that they have sent out new message notifications to 20,000 web sites that are hacked. Specifically, Google sent these messages to sites doing “ weird redirects .” Weird redirects means the hack is where the hacker gains access to your HTACCESS and only redirects users who click from Google to your web site. Otherwise, if they type in the domain name directly, there will be no redirect. A year ago, Google began labeling hacked sites and sites with malware as sites that may compromised in the search results snippets. If a site has been hacked, it typically means that a third party has taken control of the site without the owner's permission, Hackers may change the content of a page, add new links on a page, or add new pages to the site. The intent can include Phishing to tricking users into sharing personal and credit card information or spam...

Julian Assange and Bradley Manning are Vested in Vision ! Two significant events will take place this week and cyber activists need to take note and pay attention. This will be your training on how to unfold the growing revolution that is spinning our world on a new and courageous path. First, Julian Assange has completed filming twelve episodes of his forthcoming show, “ The World Tomorrow ”. The first episode will be aired on RT and released online on Tuesday 17 April 2012, with other networks to follow. “ The World Tomorrow ” is a collection of twelve interviews featuring an eclectic range of guests, who are stamping their mark on the future: politicians, revolutionaries, intellectuals, artists and visionaries. The second event, Nobel Peace Prize nominee, and political prisoner Bradley Manning’s next appearance in court will take place April 24-26 at Ft. Meade, MD. Bradley Manning was arrested in May 2010 in Iraq on suspicion of having passed classified material to the whis...

Lebanese Government sites hacked by ‘ Raise Your Voice ’ A group calling itself ‘ Raise Your Voice ’ hacked on Tuesday around 15 Lebanese government websites to ask for an improvement in living standards, the day the parliament launches a three-day session to assess the cabinet’s performance. “ To our dear “beloved” Lebanese Government,We are RYV, short for Raise Your Voice, and we are simply a group of people who could not bare sitting in silence, watching all the crimes and injustice going on in Lebanon. We will not be silenced and brainwashed by your media. We will not stop until the Lebanese people mobilize, demand their rights, and earn them. We will not stop until the standards of living are raised to where they should be in Lebanon. We will not stop until this government’s self-made problems are solved, like the power shortage, water shortage, rise in gas prices and rise in food product prices. We are RYV, expect us to break the silence, whether in the streets or on the Int...

MI6, CIA and Department of Justice Tango Down ! Hacker group Anonymous claimed it took down the CIA website for the second time in two months following a new DDoS attack on the U.S. secret service which lasted 45 minutes.  Anonymous is reportedly on a DDoS rampage today, downing the CIA, Department of Justice, and two Mi6 websites. Members of the group claimed responsibility throughout Facebook and Twitter. Brazilian hacktivist Havittaja reportedly launched the initial offensive on the DoJ and CIA for “lulz” while other members jumped on board a short time later. The technique also known as a DDoS (distributed denial-of-service) attack, is a concentrated effort by multiple individuals to make a network busy to its intended users. The end result is server overload. Anonymous makes a freeware tool available to its members to carry out these attacks, which it calls the Low Orbit Ion Cannon. The collective targeted the department of justice in January as part of Operation M...

Banking System Vulnerability - 3 million bank accounts hacked in Iran Iran's Central Bank has announced that the electronic information of 3 million customers of 10 Iranian banks have been compromised. These banks now require their customers to change their ATM pin numbers before they can access their account. This has caused a rush to the ATM machines by the worried customers. The hacker was identified as Khosro Zare', a former bank-system specialist in Iran who recently left the country.Zare' claimed in a blog that he hacked the PIN codes to highlight the vulnerability of Iran's banking system. According to the report, the hacker had provided the managing directors of the targeted banks with information about the bank accounts of 1000 customers in the previous Iranian calendar year (ended on March 19) to warn them about the susceptibility of their computer systems and networks to cyber threats. But Central bank officials had earlier downplayed the reports, sayi...

Forensic FOCA - Power of Metadata in digital forensics Most of the e ort in today's digital forensics community lies in the retrieval and analysis of existing information from computing systems.  Metadata is data about data. Metadata plays a number of important roles in computer forensics. It can provide corroborating information about the document data itself. It can reveal information that someone tried to hide, delete, or obscure. It can be used to automatically correlate documents from different sources. More simply, electronic information about a file but not seen on a printed copy of the file. It is embedded and provides additional information, including when and by whom it was created, accessed, or modified. Informatica64  release Forensic FOCA (Fingerprinting Organizations with Collected Archives) , tool for forensic analysts focused on the use of metadata files to generate a forensic case. Several other metadata extraction tools exist but FOCA is co...

Phone Phreaking  using Bluebox   Demonstrated  in India Christy Philip Mathew , an Indian Information Security Instructor and Hacker demonstrated Phone Phreaking  using Bluebox in his lab. This time we have something really special that would remind us the phone phreaking. Actually Phone Phreaking reminds us about the life of Kevin Mitnick, Steve Wozniak and John Drapper, mean the olden times when they used to play around with the bluebox. What is Blue Box : This device is certainly one of the most unique pieces of electronic equipment that I have been able to collect so far. It is essentially a hacking tool disguised to look like a common 1970's Texas Instruments hand held electronic calculator. Basically a real calculator was sacrificed and modified to produce audio frequency signaling tones which allowed the user to freely (and illegally) access the Bell Telephone System long distance network. The origin of the name " blue box " was due to the f...

Android Video Malware found in Japanese Google Play Store A new Trojan has been found, and removed, from the Google Play/Android Market, McAfee reported on Friday afternoon. The post says applications carrying the Trojan promise, and in some cases deliver, trailers for upcoming video games or anime or adult-oriented clips, but they also request "read contact data" and "read phone state and identity" permissions before being downloaded. McAfee Mobile Security detects these threats as Android/DougaLeaker .A, the company said.McAfee said that the fifteen malicious applications of this sort had been found on Google Play, and that all had been removed from the market. The app gathers the Android ID not the IMEI code that can uniquely identify the device, but the 64-bit number that is randomly generated on the device's first boot and remains with it for the life of the device. The app also harvests the phone's phone number and contact list, along with every n...

Sabpab - Another Mac os Backdoor Trojan Discovered Security firm Sophos has discovered more malware for the Mac OS X platform called Sabpab . It uses the same Java vulnerability as Flashback to install itself as a “drive-by download.” Users of older versions of Java now have still more malware to worry about. It also doesn't require any user interaction to infect a system either just like Flashback all that needs to happen is for you to visit an infected webpage. Sabpab, according to Sophos, installs a backdoor that allows the hackers to capture screen snapshots, upload or download files and execute commands on infected Macs remotely. The Trojan creates the files /Users/ /Library/Preferences/com.apple.PubSabAgent.pfile /Users/ /Library/LaunchAgents/com.apple.PubSabAGent.plist Encrypted logs are sent back to the control server, so the hackers can monitor activity. Although one variant of Flashback installed a file in the LaunchAgents folder, not all tools for detectin...

Stuxnet was planted by Iranian double agent using memory stick The Stuxnet computer worm used to sabotage Iran's nuclear program was planted by a double agent working for Israel. The agent used a booby-trapped memory stick to infect machines deep inside the Natanz nuclear facility, according to a report published  on Wednesday. The worm is believed to have been placed on a specially crafted USB memory stick and handed over to a Natanz worker who, by all accounts, was an Iranian national belonging to a dissident group named Mujahideen-e Khalq (MEK). "The MEK has been listed as a 'foreign terrorist organization' since 1997 because of deadly attacks on Americans abroad, but members of the group have been trained at a secret site in Nevada. U.S. officials consider them 'the assassination arm of Israel’s Mossad intelligence service' as they have been connected to the killing of five Iranian nuclear scientists since 2007. The incident with Stuxnet is not the fir...

FBI track Anonymous hacker using his girlfriend's boobs The FBI swooped on Higinio O Ochoa III after he posted the snap, which included a gloating message to his online victims.He took the picture on his iPhone and posted it on Twitter without realising it contained GPS data pointing directly to his house. Researching the username “w0rmer”, investigators also found a reference online which included Ochoa’s full name. Ochoa, is an alleged member of CabinCr3w, an offshoot of the hacktivist collective Anonymous. A criminal complaint filed in connection with the case reveals that pictures of a amply proportioned young woman taken in an outer-Melbourne suburb played a key role in the case. The snap posted by 30-year-old Ochoa shows a girl in a bikini top from the neck down, with a printed message pinned to her skirt reading: “ PwNd by w0rmer & CabinCr3w ” This GPS location allowed local police to easily track down the presumed residence of the woman pictured in the photo, ...

[ Call for Articles ] The Hacker News Magazine - Hacktivism Special Edition - May 2012 A big shout out to all you cowboys and cowgirls who want to stir up some thoughtful reading and discussions by submitting to The Hacker News Magazine articles regarding Hacktivism . As you know, Hacktivism is the use of computers and computer networks as a means of protest to promote political ends. Given that, we’d love to have your articles to print in our May 2012 magazine . So, get to writing and wrangling.. CYBER WARFARE [ Download Here ] -  Last Month (April) The Hacker News turns over every leaf of the newest way world citizens are fighting wars and using their keyboards to destroy planet earth.  Join us as we explore this new frontier and let us know how you feel and what you have learned! If you enjoy our monthly publication, please spread the word! By sharing our free magazine with your family, friends, co-workers and other security experts, you’re helping t...

Botnets, DDoS attacks as weapon against financial sector DDOS attacks against the financial sector almost tripled during the first quarter of this year, according to DDoS mitigation specialist Prolexic. The firm also reported a 3,000 per cent quarter-on-quarter increase in malicious packet traffic targeted at the financial services sector, compared with the final quarter of 2011. China leads the way as the country from where DDoS attacks originate, followed by the U.S., Russia, then India. Prolexic says " more than 10 of the worlds largest banks due to market capitalization ," and " an almost threefold increase in the number of attacks against its financial services ". A distributed denial-of-service attack is one in which several compromised systems attack a single target, causing denial of service for legitimate users. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service. The average attack bandwidth...

Ransomware replaces Windows MBR and asking users for Money Security researchers from TrendMicro, F-Secure and Dr. Web have intercepted two new ransomware variants currently circulating in the wild. This new ransomware variant prevents infected computers from loading Windows by replacing their master boot record (MBR) and displays a message asking users for money. Cris Pantanilla, a threat response engineer at Trend Micro said, " Based on our analysis, this malware copies the original MBR and overwrites it with its own malicious code ," " Right after performing this routine, it automatically restarts the system for the infection take effect ." The MBR is a piece of code that resides in the first sectors of the hard drive and starts the boot loader. The boot loader then loads the OS. Instead of starting the Windows boot loader, the rogue MBR installed by the new ransomware displays a message that asks users to deposit a sum of money into a particular account via...

This month Microsoft released a total of six new security bulletins, but one in particular deals with a zero-day vulnerability impacting virtually every Microsoft user, which is already being exploited in the wild. Four of the six security bulletins are rated as Critical by Microsoft, with the remaining two ranked as Important. The Critical security bulletins include a fix for Windows and the .NET framework, as well as the perennial favorite the cumulative update for Internet Explorer. The biggest deal, though, is MS12-027, which addresses a critical flaw in Windows Common Controls. One of the fixes is gaining the most attention though, even from Microsoft. " We list MS12-027 as our highest priority security update to deploy this month because we are aware of very limited, targeted attacks taking advantage of the CVE-2012-0158 vulnerability using specially crafted Office documents as an exploit vector ," said the firm in an apparently hastily written blog post. ...

Two from Team Poison arrested in MI6 hotline phone hack Police in the UK have arrested two teens as part of an investigation into illegal recordings of conversations on Scotland Yard’s anti-terror hotline, which were later posted on Youtube . Two teenage boys aged 16 and 17 years have been arrested in the West Midlands in connection with an investigation into reports that hackers accessed Scotland Yard's anti-terror hotline. The hackers claimed to have carried out the cyber-attack in response to the alleged detention of innocent people on terrorism charges and the recent ruling to deport a number of terror suspects to the United States.  In the recording of the conversation, two people are heard discussing an earlier alleged attack in which a group calling themselves TeamPoison ( TeaMp0isoN ) apparently jammed the hotline by bombarding it with calls from computers . " We are confident the communication systems have not been breached and remain, as they always have been, s...

Samba remote code execution vulnerability, Patch Released ! Samba is an award-winning free software file, print and authentication server suite for Windows clients. The project was begun by Australian Andrew Tridgell. There is a serious remotely exploitable vulnerability in the Samba open-source software that could enable an attacker to gain root privileges without any authentication. The bug is in all versions of Samba from 3.0.x to 3.6.3, but has been fixed in Samba 3.6.4, which is the current stable release. The vulnerability was discovered by security researcher Brian Gorenc and an unnamed colleague, working for the Zero Day Initiative. The flaw, which is located in the code generator for Samba's remote procedure call (RPC) interface, makes it possible for clients on the network to force the Samba server to execute arbitrary code. Three new security releases (Samba 3.4.16, Samba 3.5.14, Samba 3.6.4) for currently supported versions have been issued over at samba.org/samb...

Legacy Native Malware in Angry Birds Space to pwn your Android A new malware threatens phones and tablets running Google's OS by hiding inside a copy of the popular game. Researchers at the mobile security firm Lookout identified the reworked malware as Legacy Native (LeNa), which poses as a legitimate app to gain unauthorized privileges on Android phones.  Under the appearance of a legitimate application, LeNa tricked users into allowing it access to information. " By employing an exploit, this new variant of LeNa does not depend on user interaction to gain root access to a device. This extends its impact to users of devices not patched against this vulnerability (versions prior to 2.3.4 that do not otherwise have a back-ported patch), " Lookout said in a blog post. In March, another Trojan appeared pretending to be legitimate Chinese game, The Roar of the Pharaoh . The malicious app appeared on the Google Play store, stealing users' data and money by sending S...

Phone based denial-of-service (DoS) attack on MI6 Anti-terrorism Agency The Hacking group, ' TeaMp0isoN ' said they targeted counter-terrorism officers at MI6 with a barrage of phone calls for a period of 24 hours, which meant nobody else could get through. By using a cleverly developed script, the hackers were able to make calls to the agency’s offices for 24 hours non-stop, basically launching a phone-based denial-of-service (DOS) attack. “ The script is based on the Asterisk software and uses a SIP protocol to phone ,” TriCk told us. “ Everytime they picked up the phone the server would play a robot voice which said ‘teamp0ison’ .” It said the attacks were motivated by the recent decision at the European Court of Human Rights that said Babar Ahmad, Adel Abdel and other suspected terrorists could be extradited to the United States, Huffingtonpost Reported . Trick also released what he claimed was the audio of the moment called the number and spoke to MI6 officers perso...

Extreme GPU Bruteforcer - Crack passwords with 450 Million passwords/Sec Speed Extreme GPU Bruteforcer , developed by InsidePro is a program meant for the recovery of passwords from hashes of different types, utilizing the power of GPU which enables reaching truly extreme attack speed of approx 450 Millions passwords/Second . The software supports hashes of the following types: MySQL, DES, MD4, MD5, MD5(Unix), MD5(phpBB3), MD5(Wordpress), NTLM, Domain Cached Credentials, SHA-1, SHA-256, SHA-384, SHA-512 and many others. The software implements several unique attacks, including mask and hybrid dictionary attacks, which allow recovering even the strongest passwords incredibly fast. Utilizing the power of multiple graphics cards running simultaneously (supports up to 32 GPU), the software allows reaching incredible search speeds of billions of passwords per second! Type hashes average speed (Using NVIDIA GTS250): MD5 420 000 000 n / a MySQL 1.08 billion n / a MD4 605 000 000 n / ...

Iran replacing Google, Hotmail with its own internal search engines and email services Iran has denied the report that it plans to cut itself off from the Internet. In a statement, the ministry said ” The report is in no way confirmed by the ministry ”. It added that it was “ completely baseless ,” and that it served only, “ the propaganda wing of the West and providing its hostile media with a pretext emanating from a baseless claim ”. Iranian minister for Information and Communications Technology Reza Taghipour was reported to have said that Iran plans to disconnect itself from the Internet and replace popular services like Google, Yahoo, and Hotmail with homegrown, Iranian services. They also claim that a system is in beta testing which includes a search engine called " Ya-Haq ", which directly translates as "calling God". The government is already accepting applications for Iran Web Mail accounts , which require you to enter a first and last name, postal add...

Homeland Security hacking into gaming consoles to obtain user data The U.S. government has hired a California-based company to hack into video game consoles, such as Xbox 360 and PlayStation 3, to watch criminals, especially child predators, and learn how to collect evidence against them. The U.S. government has awarded a $177,000 contract to Obscure Technologies to develop tools that can be used to extract data from video games systems. The $177,000 contract with Obscure Technologies of San Rafael, Calif., is being executed by the U.S. Navy on behalf of the Department of Homeland Security because of the Navy’s expertise in the field, officials said. Anyone who has ever played a few games of Call of Duty or Halo online knows that communities like Xbox Live aren’t exactly models of good behavior. But the federal government believes the occasional bursts of profanity may not be the worst of what’s going on according with consoles, and it wants a way to dig deeper. In explaining t...