The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Android's DNS resolver is vulnerable to DNS poisoning due to weak randomness in its implementation. Researchers Roee Hay & Roi Saltzman from IBM Application Security Research Group demonstrate that how an attacker can successfully guess the nonce of the DNS request with a probability thatis su cient for a feasible attack. Android version 4.0.4 and below are Vulnerable to this bug. Weakness in its pseudo-random number generator (PRNG), which makes DNS poisoning attacks feasible. DNS poisoning attacks may endanger the integrity and con dentiality of the attacked system. For example, in Android, the Browser app can be attacked in order to steal the victim's cookies of a domain of the attacker's choice. If the attacker manages to lure the victim to browse to a web page controlled by him/her, the attacker can use JavaScript, to start resolving non-existing sub-domains. Upon success, a sub-domain points to the attacker's IP, which enables the latter to steal wild card...

A scientist working at the Atomic Energy Organisation of Iran said computer systems have been hit by a cyber-attack which forced them to play AC/DC's Thunderstruck at full volume in the middle of the night. The attack came to light after a researcher at security firm F-Secure received a string of emails from a Iran's atomic energy organisation." I am writing you to inform you that our nuclear program has once again been compromised and attacked by a new worm with exploits which have shut down our automation network at Natanz and another facility Fordo near Qom. " " It does sound really weird ," he said. "If there was an attack, why would the attacker announce themselves by playing ' Thunderstruck? " If true, this attack is the third hacking attempt aimed at Tehran's controversial nuclear program. It sounds like the AEOI may have been hit with an infrastructure-targeting malware attack, similar to those that have plagued the Middle East since 201...

The Vulnerability reported on 06/12/2012, dubbed as " CVE-2012-0217 " - according to that Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack. The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape. FreeBSD/amd64 runs on CPUs from different vendors. Due to varying behaviour of CPUs in 64 bit mode a sanity check of the kernel may be insufficient when returning from a system call. Successful exploitation of the problem can lead to local kernel privilege escalation, kernel data corruption and/or crash. Inj3ct0r team today released related private exploit on their website , which allow normal FreeBSD users to Privilege Escalation. All systems running 64 bit Xen hypervisor running 64 bit PV guests onIntel CPUs are vulnerable to this issue. However FreeBSD/amd64 running on AMD CPUs is not vulnerable to thisparticular problem.Systems w...

" Choose a job you love, and you will never have to work a day in your life " said Confucius. These would be the words that describe Marius Corîci the most. In 2003 he started doing business in the plumbing industry and co-founded ITS Group, a franchise for Romstal Company, the biggest plumbing installations retailer from South-Eastern Europe. In 2007 he moved into Artificial Intelligence field and founded Intelligentics, a group for Natural Language Processing. Now, he is very focused on infosec and got involved in all the biggest independent security projects in Romania: S3ntinel , Hack Me If You Can , Hack a Server and DefCamp . Marius considers himself a serial entrepreneur and is very passionate about Artificial Intelligence. Never a quitter, always a perfectionist, looking for challenges that will change the world we live in. He believes in people and the power of great teams, and he intends to start blogging in the near future. What determined you to shift your attention towar...

Four months after the gaming site Gamigo warned users about a hacker intrusion that accessed some portions of its users' credentials, more than 8 million usernames, emails and and encrypted passwords from the site have been published on the Web, according to the data breach alert service PwnedList. The list of passwords, which were scrambled using a one-way cryptographic hash algorithm, were published earlier this month to a forum on the password-cracking website Inside Pro . According to forbe," The list also contained 8.2 million unique e-mail addresses, including 3 million American accounts from the US, 2.4 million accounts from Germany, and 1.3 million accounts from France ." Gamigo warned users in early March that an attack on the Gamigo database had exposed hashed passwords and usernames and possibly other, unspecified additional personal data. The site required users to change their account passwords. PwnedList founder Steve Thomas said, " It's the largest leak I'v...

The Biggest Hacking Mania has arrived - ' The Hackers Conference 2012 '.  In this first of its kind conference in India, Blackhat hackers drawn from around the world will demonstrate how they access a victim's personal information, and even confidential data available on the Android cell phone. The conference will be held on July 29 at the India Habitat Centre in New Delhi. The use of Linux as an operating system is increasing rapidly, thanks partly topopular distributions such as 'RedHat' and 'Suse'. So far, there are very few Linuxfile infectors and they do not pose a big threat yet. However, with more desktopsrunning Linux, and probably more Linux viruses, the Linux virus situation couldbecome a bigger problem. 17 years old hacker, Aneesh Dogra will talk on " How to make a Linux ELF Virus (That works on your latest linux distribution) " at ' The Hackers Conference 2012 ' . Linux or Unix has the reputation of being "not so buggy", and of be...

Dmitry Olegovich Zubakha, a  Russian  man accused of launching distributed-denial-of-service (DDOS) attacks on Amazon.com, has been arrested this week by authorities in Cyprus based on an international warrant, the Department of Justice revealed. Zubakha, a native of Moscow, was indicted for two denial of service attacks in 2008 on the Amazon.com website. The indictment, unsealed Thursday, also details denial of service attacks on Priceline.com and eBay. " Orders from Amazon.com customers dropped significantly, as legitimate customers were unable to access the website and complete their e-commerce transactions during the pendency of the attack ," read an indictment unsealed in district court in western Washington on Thursday. The botnet involved requested "large and resource-intensive web pages" on a magnitude of between 600 and 1,000 percent of normal traffic levels, according to the indictment. The hacker is charged with conspiracy to intentionally cause damage...

Bitweasil lead developer going to Demonstrate an open source Tool called " Cryptohaze " at DEF CON 20 . The Cryptohaze Multiforcer supports CUDA, OpenCL, and CPU code (SSE, AVX, etc). All of this is aimed at either the pentester who can't spray hashes to the internet, or the hacker who would rather not broadcast what she obtained to pastebin scrapers. " Yes, that's 154B - as in Billion. It was done entirely with AMD hardware, and involved 9x6990, 4x6970, 4x5870, 2x5970, and 1x7970 - for a total of 31 GPU cores in 6 physical systems ." BitWeasil posted . WebTables is a new rainbow table technology that eliminates the need to download rainbow tables before using them, and the new Cryptohaze Multiforcer is an open source, GPLv2, network enabled platform for password cracking that is easy to extend with new algorithms for specific targets.  Bitweasil Bitweasil is the primary developer on the open source Cryptohaze tool suite, which implements network-cluster...

Hacker with nickname " mr.hack3r420 " has successfully compromise the web server of Reliance Communications ( rcom.co.in ) as shown in image ( screenshot taken by THN team and we make link hidden to save site from further misuse of damage ). Hacker most probably get this access because of Information disclosure Vulnerability in Reliance website.Most of the Folders on website are visible to everyone publicly and there is a interesting file called "Upload_AppId_VId.php" available , using which hacker may be able to upload his own php shell on the server to get access to FTP and Linux User account. This is not the first time Reliance become the victim, a few months back, hacker named "ISAC" was able to access  Reliance Communications ISP  server, and he release the list of all blocked sites by Reliance to Protest against Internet Censorship.

There was an incident that a group claiming to be the cyber hacker or hacktivist group Anonymous has threatened Dahabshiil an international funds transfer company and the leading bank in Somalia, but the international funds transfer company based in the Middle East, says Anonymous was not responsible for the attack on its banking systems. According to the report, The group alleged it was the hacktivist group Anonymous, and threatened to destroy Dahabshiil within two months if the company did not stop what the group alleged as supporting terrorist organizations and terrorists in Somalia and across the world. A group claiming to be Anonymous published thousands of account numbers, names and details online. The hackers claimed it had installed " cyber bombs " within financial institutions around the world and threatened to trigger them if the Dahabshiil did not confess within two months. In the statement the Anonymous group released, the group alleged that it was investig...

A researcher specializing in smart grids has released an open-source tool designed to assess the security of smart meters. Dubbed ' Termineter ,' the framework would allow users, such as grid operators and administrators, to test smart meters for vulnerabilities. It claims will let security researchers and penetration testers verify the security of electric utility smart meters being installed in millions of homes around the country. Termineter uses the serial port connection that interacts with the meter's optical infrared interface to give the user access to the smart meter's inner workings. The user interface is much like the interface used by the Metasploit penetration testing framework. It relies on modules to extend its testing capabilities. Spencer McIntyre, of the SecureState Research & Innovation Team, will perform the first live public demonstration of the Termineter framework during his presentation, "How I Learned To Stop Worrying and Love the Sma...

Security firm Zimperium developer of Android app zANTI (Android application Toolkit) now have World Best Hacker " Kevin Mitnick " in their Team. In a Press Release , Itzhak "Zuk" Avraham said " Zimperium is honored and excited to announce our newest member of the advisory board, world renowned hacker Kevin Mitnick.We are thrilled to have Kevin on board and feel that his leadership and consultancy will help Zimperium to get to the next level,through corporate efficiency, brand recognition and better quality solutions for our clients! " Zimperium Ltd. is a privately owned start-up located in Tel Aviv, Israel; whichdesigns and develops cutting edge Intellectual Property in the field ofinformation security and mobile technology. The company was founded in 2010. " Mobile devices are the new target-rich environment. Based on lessons learned in the early days of the personal computer,businesses should adopt a proactive approach to mobile security so they don'...

There have been numerous public statements made about WikiLeaks and its editor-in-chief Julian Assange that are factually inaccurate.Prime Minister Julia Gillard said about WikiLeaks, "It's illegal." Attorney General Nicola Roxon said my son "fled Sweden." The media repeatedly states, "Assange is charged or facing charges" in relation to Swedish sex allegations. If you want to know  The Truth About Julian Assange And Wikileaks , Please read our previous Story " One Man Fights for 7 Billion People, One Mother Battles to Wake Them Up " Letter is as below, To read complete Press Release ( Click Here) Dear Member of Parliament, We (Wikileaks Australian Citizens Alliance) are writing to you on behalf of Christine Assange, (Julian Assange's mother) who is currently in the UK, waiting for the UK Supreme Court Ruling on her son's appeal against extradition to Sweden. This ruling will be handed down later today (EST) and we, like Chris...

About 20 percent of Microsoft Account logins are found on lists of compromised credentials in the wake of hack attacks on other service providers, Eric Doerr, Group Program Manager for Microsoft's Account system said . A significant proportion of compromised credentials Microsoft sees from other services have the same username and password on the Microsoft account system (formerly Windows Live ID) logins, which cover services such as Hotmail, Messenger and SkyDrive. These logins have not been compromised from the Microsoft server, but are instead based on login information leaked from other sites. " These attacks shine a spotlight on the core issue people reuse passwords between different websites ," he said. Microsoft regularly gets lists of compromised third-party login details from ISPs, law enforcement and vendors, as well as from lists published on the internet by hackers, according to Doerr. This information is checked against Microsoft login details using an auto...

What if when you sent a message to someone, it had a very good chance of going to someone else in your contact list? That would be pretty scary right? That what some Skype users are reporting. The bug was first discussed in Skype's user forums, and seems to have followed a June 2012 update of the Skype software. Skype has confirmed the bug existence and that a fix is in the works. However, the company characterizes the bug as "rare." Purchased by Microsoft last year for $8.5 billion, the Luxemburg company which has as many as 40 million people using its service at a time during peak periods, explained that messages sent between two users were in limited cases being copied to a third party, but did not elaborate further on the matter. Five other individuals of the Microsoft-owned program confirmed they were also seeing instant messages being sent to the wrong person from their contact list. Sometimes it's just a few messages, while other times it's a whole conversation. Sk...

Barack Obama has signed an executive order that could hand control of the internet to the U.S. Government, in the event of a natural disaster or terrorist attack. " The federal government must have the ability to communicate at all times and under all circumstances to carry out its most critical and time sensitive missions ," Obama said . President Obama adds that it is necessary for the government to be able to reach anyone in the country during situations it considers critical, writing, " Such communications must be possible under all circumstances to ensure national security, effectively manage emergencies and improve national resilience ." Later the president explains that such could be done by establishing a " joint industry-Government center that is capable of assisting in the initiation, coordination, restoration and reconstitution of NS/EP [national security and emergency preparedness] communications services or facilities under all conditions of emerging threats, cr...

The latest release of Google's Android mobile operating system has finally been properly fortified with an industry-standard defense. It's designed to protect end users against hack attacks that install malware on handsets. Android 4.1 Jelly Bean includes several new exploit mitigations and a more extensive implementation of ASLR to help defeat many kinds of exploits. ASLR is an exploit mitigation method that randomizes the positions of key data areas such as libraries, heap, stack, and the base of the executable, in a process's address space, and that makes it near impossible for malware authors and hackers to predict where their malicious payloads will be loaded. " As we mentioned in our previous post on Android ASLR, the executable mapping in the process address space was not randomized in Ice Cream Sandwich, making ROP-style attacks possible using the whole executable as a source of gadgets. In Jelly Bean, most binaries are now compiled/linked with the PIE fla...

Apple is investigating yet another security breach in its iTunes app store . A Russian hacker worked out a way that allows people to bypass payment in the App Store and download products for free. The hacker, dubbed ZonD80 , posted a video of the crack on YouTube (Deleted by Youtube now ) and claims that the technique makes it possible to beat Apple's payment systems by installing a couple of certificates and assigning a specific IP address to the device. The new service, which has already been subject to attempts at shutting it down, requires no jailbreaking and only minimal configuration changes. It works by funneling purchase requests through a server operated by the hacker, rather than the legitimate one offered by Apple. As a result, charges that normally would be applied to a user's account are bypassed. Below are the steps to the hack: Install two certificates: CA and in-appstore.com. Connect via Wi-Fi network and change the DNS to 62.76.189.117. Press the Like but...

Nvidia shut down its Developer Zone online forum today after hackers gained access to members' account details.A statement Nvidia posted on the forum reads , " Nvidia suspended operations today of the Nvidia Developer Zone. We did this in response to attacks on the site by unauthorised third parties who may have gained access to hashed passwords. " Users are also warned not to provide any personal, financial or sensitive information in response to any email purporting to be sent by an NVIDIA employee or representative. All user passwords will be reset when the system comes back online, though it wasn't mentioned when that was going to be. NVIDIA insists it is "continuing to investigate this matter. Nvidia forum hack follows the recent LinkedIn and Yahoo! hacks . Earlier 6.5 million LinkedIn hashed passwords were stolen and subsequently published on unauthorized websites.

Nikhil Kolbekar, aka HellsAngel, was arrested on July 11 in Mumbai, India. Eric Bogle, known as Swat Runs Train, and Justin Mills, or xTGxKAKAROT, were taken into custody in Canada, respectively Colorado, US.  HellsAngel and  Bogle is suspected of selling complete credit card details, including names, addresses, social security numbers, birth dates, and bank account information. He also sold remote desktop protocol (RDP) access data that could be utilized to breach computers in countries such as Turkey, India, Czech Republic, Brazil, Germany, France, Italy, Spain, Sweden, and others. The suspect, Nikhil Kolbekar, was produced before the Esplanade Court on Thursday and has been remanded in judicial custody. He will be produced before the Patiala House court in Delhi on July 25, with the US pressing for his extradition through the Interpol. Carding refers to various criminal activities associated with stealing personal identification information and financial informatio...

Phandroid's Android Forums Web site is hacked and user account details stolen, according to a notice posted online. The data includes the user names, e-mail addresses, hashed passwords, and registration IP addresses of the forums' more than 1 million users. If you are one of them, you should change your password: go to your UserCP or use the Forgot your password? . Furthermore, if you use the same e-mail address and password combination elsewhere, you should change it there as well. " I have some unfortunate news to pass along ," the post reads. " Yesterday I was informed by our sever/developer team that the server hosting Androidforums.com was compromised and the website's database was accessed. While the breach is most likely harmless, there are important and potential pitfalls, and we want to provide as much helpful information to our users as possible (without getting too technical). " Phandroid will continue to investigate what happened. The ex...

Security researchers working for F-Secure have found a web exploit that detects the operating system of the computer and drops a different trojan to match.The attack was first seen on a Columbian transport website which had been hacked by a third party. This malware is known as GetShell.A and requires users to approve a Java applet installation. It detects if you're running Windows, Mac OS X, or Linux, and then downloads the corresponding malware for your platform. The malicious files developed for each type of OS connect to the same Command & Control server that F-Secure has localized at IP address 186.87.69.249. Karmina Aquino, a senior analyst with F-Secure said " All three files for the three different platforms behave the same way. They all connect to 186.87.69.249 to get additional code to execute. The ports are 8080, 8081, and 8082 for OSX, Linux and Windows, respectively ." On upcoming 29th July 2012 Security Researchers  Sina Hatef Matbue and Arash Shirk...

A list of over 450,000 email addresses and plain-text passwords, in a document marked " Owned and Exposed " apparently from users of a Yahoo! service, is in circulation on the internet. The affected accounts appeared to belong to a voice-over-Internet-protocol, or VOIP, service called Yahoo Voices, which runs on Yahoo's instant messenger. The Voices service is powered by Jajah, a VOIP platform that was bought by Telefonica Europe BV in 2010. The dump, posted on a public website by a hacking collective known as D33Ds Company , said it penetrated the Yahoo subdomain using what's known as a union-based SQL injection. By injecting powerful database commands into them, attackers can trick back-end servers into dumping huge amounts of sensitive information. Since all the accounts are in plain-text, anyone with an account present in the leak which also has the same password on other sites (e-mail, Facebook, Twitter, etc), should assume that someone has accessed their accoun...

Two Argentina-based cyber security experts -   Chris Russo  and Fernando Viacanel , who claimed to have cracked the security code of IT systems involved in the discovery of 'God Particle', today conducted training sessions for Indian government officials. Both the hackers are partners of IT security firm E2 Labs and their company in arrangement with industry chamber Assocham has plans to conduct series of technology exchange programmes on cyber security. Russo said that three times he has been able to find vulnerability in IT system of European Organisation for Nuclear Research (CERN) that has been involved in discovery of 'God Particle' or Higgs Boson. Programme was attended by officials from Cabinet secretariat, National Technical Research Organisation, Airforce, C-DAC, Income Tax Department, Assam's AMTRON along with representatives from private sector entities, Aircel and Cisco. "Talents required to be cyber security experts are mostly available in peo...

Formspring, a social Q&A website popular with teenagers,this week disabled its users' passwords after discovering a security breach. Formspring founder and CEO Ade Olonoh apologized to users for the inconvenience, and advised them to change their passwords when they log back into Formspring. A blog entry posted by Formspring's CEO and founder Ade Olonoh explains that the passwords of all 28 million users have been disabled and the company was notified that 420,000 password hashes that seem to belong to its users have been posted to a security forum, and immediately began an internal investigation. Usernames and other identifying information were not posted with the passwords, but Formspring found that someone had broken into one of its development servers and stolen data from a production database. Encrypted passwords aren't immediately useable, although they can sometimes be decoded by a savvy attacker. Formspring launched in 2009 as a crowd-powered question-and-a...

Sucuri Malware Labs notify that some zero-day exploits are available to Hackers which are being used to Hack into Parallels' Plesk Panel (Port Number 8443). These attacks was keep on raising from last few months as you can see in the Graph: At least 4000 new websites were infected each day, Sucuri malware researcher Daniel Cid. On other News Portals , there was a news recently that Some 50,000 websites have been compromised as part of a sustained iframe injection attack campaign. Security analyst found that, The majority of the sites being targeted are running Plesk Panel version 10.4.4 or older versions. Brian Krebs on his blog report that Hackers in the criminal underground are selling an exploit that extracts the master password needed to control Parallels' Plesk Panel. This zero-day exploit for Plesk is being sold on the black market for around $8,000 per purchase. Many of the queries probed for web hosting software Plesk, a finding backed by the Sans Interne...