The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A new version of the Zeus botnet was used to steal about $47 million from European banking customers in the past year. This Zeus variant Trojan is blamed for attacks that stole more than 36 million Euros ($47 million U.S. dollars) from an estimated 30,000 consumer and corporate accounts at European banks. Dubbed "Eurograbber"  is more than just another banking Trojan. It's an exploitation of fundamental online banking authentication practices that could strike any institution. With the phone number and platform information, the attacker sends a text message to the victim's phone with a link to a site that downloads what it says is "encryption software" for the device. Customers become victims of Eurograbber by clicking on malicious links that may come in phishing-attack emails and then after injecting scripts to browser , the malware intercepts two-step authentication text messages sent to customers' phones. Customers at an estimated 30 banks fell vic...

Like many other security issues that now affect computer users, there is a growing threat known as phishing". Phishing attacks are perpetrated by criminals who send deceptive emails in order to lure someone into visiting a fraudulent web site or downloading malicious software, expressly for stealing sensitive information such as credit card numbers, account information, passwords, etc. Cyber criminals continue to evolve and refine their attack tactics to evade detection and use techniques that work. Spear phishing emails are on the rise because they work. We have notice many times that Spear Phishing Attacks are really Successful in order to compromise Enterprise Networks and Stealing Data. From last one month I was getting mails from an unknown spoofed email id regrading a paypal warning with subject " Your account has been limited until we hear from you ! " Guess what, even I am not using that email for my Paypal account, from here I just judge that it's...

Some critical vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service) attack. These vulnerabilities affect Apache Tomcat 6.x and Apache Tomcat 7.x . Apache Tomcat vulnerabilities CVE-2012-4534 Apache Tomcat denial of service CVE-2012-3546 Apache Tomcat Bypass of security constraints CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter According to CVE-2012-4431 , The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request. CVE-2012-4534, DOS includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system. Whereas, CVE-2012-3546 - where malicious users or people can bypass certain security mechanisms of the application. The act...

A new trojan horse app called Dockster is targeting Mac users by exploiting a known Java vulnerability CVE-2012-0507. The trojan is apparently being delivered through a website (gyalwarinpoche.com) dedicated to the Dalai Lama and once installed can collect user keystrokes and other personal information. Mac in Danger ?  Earlier this spring, a Russian security firm discovered a trojan piece of malware which took advantage of a Java vulnerability on many computers, Macs and PCs alike. This trojan, known as “Flashback,” was used to enlist some 600,000 infected computers into a botnet. Malware also provides an interface that allows attackers to download and execute additional malware. Dockster has been found to use the same exploit code as the previous SabPab virus to gain access through a backdoor. Dockster is also said to launch an agent called mac.dockset.deman, which restarts each time a user logs in to their Mac. Dockster is only the latest Mac-bas...

Even if you are considered to be a white hat hacker, you are always still walking a fine line between being a bad guy and a good guy in many people eyes. There are a lot of people out there who believe that there should be no hacking at all being done and everyone who does it should be considered a criminal. Of course that is a very small myopic view of how being a white hat hacker really works but there is always going to be an element of that kind of thought out there. There are just a lot of people out there who believe that if you ban hacking outright that it will never be done. And that is simply just not true and is a pure fantasy. But if you really want to be a good and effective white hat hacker, then there are some elements about the other side that you should really get to know. If you want to be able to beat your enemies then you should be able to figure out how they operate. It is not enough for you to be able to take a look at their attacks and try to study their patterns...

It's known, drones are privileged vehicles for reconnaissance and attacks, technology has achieved level of excellence and their use is largely diffused, that's why defense companies are providing new solution to make them increasingly effective. But the incredible amount of technological components could be itself a point of weakness, last year in fact an U.S. stealthy RQ-170 Sentinel drone was captured by Iranian military near the city of Kashmar. The vehicle was used in reconnaissance mission, it took off from near Afghanistan, exactly from Kandahar airfield. In this hours government of Teheran has announced to have captured a new drone, Iran’s Islamic Revolution Guards Corps (IRGC) Navy Commander Rear Admiral Ali Fadavi reported that on Dec. 5th Iranian defense has captured a Scan Eagle drone that violated the fly zone over the Persian Gulf, around Kharg Island, in southern Iran. The zone is a strategic area, the place provides a sea port for the export o...

Instagram - Facebook’s popular photo sharing app for iOS, is currently has a vulnerability that could make your account susceptible to hackers. A security researcher Carlos Reventlov  published on Friday another attack on Facebook's Instagram photo-sharing service that could allow a hacker to seize control of a victim's account. " The Instagram app communicates with the Instagram API via HTTP and HTTPs connections. Highly sensitive activities, such as login and editing profile data, are sent through a secure channel. However, some other request are sent through plain HTTP without a signature, those request could be exploited by an attacker connected to the same LAN of the victim’s iPhone. " Vulnerability Details --   The vulnerability is in the 3.1.2 version of Instagram's application, which is  susceptible to “eavesdropping and man in the middle attacks that could lead an evil user to delete photos and download private media without the victim’s con...

A notorious group of Internet trolls says it has unleashed a worm that has littered Tumblr blogs with inflammatory and racist posts. A massive bug affecting some 8,600 unique Tumblr users.  Gay Nigger Association of America , took responsibility for the attack. The infected post begins: " Dearest 'Tumblr' users  , This is in response to the seemingly pandemic growth and world-wide propagation of the most fucking worthless, contrived, bourgeoisie, self-congratulating and decadent bullshit the internet ever had the fortune of faciliating ." How worm work ?  Worm took advantage of Tumblr's reblogging feature, meaning that anyone who was logged into Tumblr would automatically reblog the infectious post if they visited one of the offending pages. Naked Security said . In a message posted to the company’s official Twitter account, the blogging site said, “ We are aware that there is a viral post circulating on Tumblr. We are working to resolve the issue as sw...

After five months NMAP team release latest version of open source utility for network exploration or security auditing - NMAP 6.25 . It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Updates: integration of over 3,000 IPv4 new OS fingerprint submissions, over 1,500 service/version detection fingerprints, and of the latest IPv6 OS submi...

Researcher discovered Multiple Zero-day vulnerabilities in MySQL database software including Stack based buffer overrun, Heap Based Overrun, Privilege Elevation, Denial of Service and  Remote Preauth User Enumeration. Common Vulnerabilities and Exposures (CVE) assigned as : CVE-2012-5611 — MySQL (Linux) Stack based buffer overrun PoC Zeroday CVE-2012-5612 — MySQL (Linux) Heap Based Overrun PoC Zeroday CVE-2012-5613 — MySQL (Linux) Database Privilege Elevation Zeroday Exploit CVE-2012-5614 — MySQL Denial of Service Zeroday PoC CVE-2012-5615 — MySQL Remote Preauth User Enumeration Zeroday Currently, all reported bugs are under review and most of the researchers believed that some of these can be duplicate of an existing bugs. CVE-2012-5612 and CVE-2012-5614 could cause the SQL instance to crash, according to researchers. Where as another interesting bug CVE-2012-5615 allow attacker to find out that either any username exist ...

Nationwide Insurance was breached last week and Sensitive information of about 1 Million people is at risk. The FBI is investigating a breach, including policy and non-policy holders. Nationwide mailed notices to all affected individuals last Friday. Insurance Commissioner Ralph Hudgens issued the following statement Monday concerning the unauthorized access of Nationwide Insurance‘s website. Spokeswoman Elizabeth Giannetti confirmed a statement by the California Department of Insurance earlier in the day which said “names, social security numbers, and other identifying information” of one million policyholders and non-policy holders were exposed. No credit card details were revealed. About 30,000 people in Georgia were affected, as well as more than 12,000 in South Carolina. Are you affected ? call  The Nationwide at number 800-760-1125.  Affected members and applicants free credit monitoring and identity theft protection services from Equifax fo...

Hacker @kingcope discovered critical vulnerability in Tectia SSH Server. Exploit working on SSH-2.0-6.1.9.95 SSH Tectia Server (Latest available version from www.tectia.com) that allow attacker to bypass Authentication remotely. Description :  An attacker in the possession of a valid username of an SSH Tectia installation running on UNIX (verified on AIX/Linux) can login without a password. The bug is in the “SSH USERAUTH CHANGE REQUEST” routines which are there to allow a user to change their password. A bug in the code allows an attacker to login without a password by forcing a password change request prior to authentication. Download Exploit Code : Click Here A default installation on Linux (version 6.1.9.95 of Tectia) is vulnerable to the attack. Eric Romang posted a Demo video on Youtube, hope you will like it :) Command Source : http://goo.gl/BHqWd

Security researchers have discovered what appears to be an experimental Linux rootkit designed to infect its highly select victims during a classic drive-by website attack. The malware allows hackers to inject code directly in any infected web page. The new malware, discovered on November 13 of this year, was written especially for servers that run Debian Squeeze and NGINX, on 64 bits. About Rootkit :  Rootkit.Linux.Snakso.a is designed to infect the Linux kernel version 2.6.32-5-amd64 and adds an iframe to all served web pages by the infected Linux server via the nginx proxy.  Based on research, the rootkit may have been created by a Russia-based attacker. The recently discovered malware is very dangerous because it does not infect a specific website. It infects the entire server and this can endanger all websites hosted on that server. Drive-by-downloads expose web surfers to malicious code that attempt to exploit unpatched software vulnerabilities in the...

While Exploring Zone-H , today we found that Turkish Ajan Hacker Group hacked into few Acer Indian domains and Deface the sites.  Hacker also dump the complete data of 20,000 users and upload the file on a file sharing website . 6 sub domains are reported to be hacked 24 hours before and having deface page their at the time of writing. Deface Page shows that, Hacker performed the hack to show their protest against bombing by Israel on Gaza. Hacked Sites http://acn.acer.co.in/index.html http://adn.acer.co.in/index.html http://aln.acer.co.in/index.html http://asn.acer.co.in/index.html http://humanet.acer.co.in/index.html http://select.acer.co.in/index.html Mirrors of Hacks: http://www.zone-h.org/mirror/id/18681361 http://www.zone-h.org/mirror/id/18681333 http://www.zone-h.org/mirror/id/18681316 http://www.zone-h.org/mirror/id/18681313 http://www.zone-h.org/mirror/id/18681314 http://www.zone-h.org/mirror/id/18681315

The Syrian government is almost certainly responsible for a blackout Thursday that shut down virtually all Internet service in the country. However, The Syrian government blamed the outage in internet service and mobile coverage in some areas on the armed groups' sabotage acts against cellular broadcast centers. Hacker with name Teamr00t has hacked and defaced Syrian government and showed their support for the people of Syria against President Bashaar Al-Assad's latest actions in shutting down the internet. Deface message President Bashaar Al-Assad You have taken a step too far in shutting down the internet so the outside world cannot see the horrific crimes you are committing upon your own people and this will not be tolerated by the world watching! The Syrian people have the right to freedom of speech, the right to live a normal happy life and the right to have access to the internet to connect with the rest of the world. By shutting down the internet you have denied you...

Shylock, a financial malware platform discovered by Trusteer in 2011, is a non-Zeus-based information-stealing trojan that improved methodology for injecting code into additional browser processes to take control of a computer, and an improved evasion technique to prevent malware scanners from detecting its presence. Why this Name ?  Shylock named after the ruthless money lender in Shakespeare's The Merchant of Venice, also deletes its installation files, runs solely in memory, and begins the process again once the infected machine reboots. Shylock has gained a new trick: The ability to detect whether it's running in a virtual machine (VM) that is being analyzed by malware researchers. What New ?  Latest Shylock dropper detects a remote desktop environment by feeding invalid data into a certain routine and then observing the error code returned. It uses this return code to differentiate between normal desktops and other "lab" environments. In particular, when execu...

Japan's space agency says it is investigating a possible leak of data about its Epsilon rocket due to a computer virus. Malware Case :  The Japan Aerospace Exploration Agency said the virus, in a computer at its Tsukuba Space Centre, north-east of Tokyo, was found to be secretly collecting data and sending it outside the agency. JAXA said in a statement that information about the Epsilon , due to be launched next year, its M-5 rocket and H2A and H2B rockets may have been compromised. The agency said that it was unclear if the virus was a cyberattack. The agency said it is tightening security to prevent any further leaks. China behind this Cyber Attack ?  Recently, however, Japanese defense companies have been targets of similar information-stealing viruses, some of which had been traced back to China. The Epsilon, whose first launching is scheduled for next autumn, will also feature new technology that will allow it to be remotely controlled by a personal computer...

The European Space Agency (ESA) is an intergovernmental organisation dedicated to the exploration of space. Hacker going by name "SlixMe" find and exploit SQL Injection vulnerability on a sub domain of website. Hacker upload dump on his website, where he disclose the SQLi vulnerable link and Database tables also. Hacker also mention that other 5 domains are also hosted on same server, that can be exploited if he will be successful to exploit one site completely. Exploited Domain :  http://television.esa.int/ Method mentioned as "PostgreSQL AND error-based - WHERE or HAVING clause". In further discluse the PayLoad of injection also published. Site is vulnerable at time of publishing this article.

A popular scam that always seems to pop up around the holiday shopping season has once again resurfaced.Have you gotten a text message promising a free gift card? All you have to do is click on a link? However, it was a scam. Case :  A text message has been popping up on Central New Yorkers’ phones saying they've won a Target gift card worth $1,000. It’s a scam – do not click on it and quickly delete it. Links within the message connect you to bogus websites that are designed to collect sensitive, private information from people who think they've really won a prize. The text messages most frequently come from Target, Best Buy or Walmart. How did someone get your number?   How many times have we filled out things for either restaurant surveys or fill out this survey and get a coupon? If that information isn't being properly secured, it's very easy to get that data if its saved in clear text or unencrypted data. People have their cell phone ...

The Syrian situation is getting worse day by day, the regime is attacking dissident mercilessly meanwhile the world wide community is standing by and watch helplessly stopped by prohibition of military intervention imposed by Russia and China, historical allies of Damascus. Syria regime is fierce against the rebels in the streets as in cyber space, we have already discussed of the persecution of opposition made using spyware to catch the rebels. Syrian regime is also convinced that leaks from the country on the massacres by the regime might aggravate the position of the government and then several times in the last year the government has stopped internet access in the country thanks to a kill switch. In this hours it has been registered an unprecedented national internet blackout while the battle with rebels raging in the country and in the capital. This time the blackout as totally isolated the country blocking also land lines and cellphone networks. On the incident is started a m...

US CERT warn about Some Samsung printers, including models the Korean company made for Dell, have a backdoor administrator account coded into their firmware. This hard coded admin account in firmware could enable attackers to change their configuration, read their network information or stored credentials and access sensitive information passed to them by users. Screenshot Even if SNMP is disabled, this " backdoor administrator account " is still active and could be used by an attacker to access the printer. SNMP is an Internet protocol commonly used to monitor and read statistics from network-attached devices. US-CERT did not provide a list with the exact printer models affected by the issue, but said that, according to Samsung, models released after Oct. 31, 2012, are not vulnerable. As for the Dell model, Samsung builds Dell printers such as the B1160w modeled after Samsung's ML-2165W compact all-in-one printer. It's unclear what other Dell b...

Indian Security Research Atul Alex presented his surprise paper at the International Malware Conference, MalCon on what can be termed as the onset of next generation of hardware based malware that can target mobile devices irrespective of Platforms. Typically, one of the largest challenges for malware coders are to target multiple platforms. A malware for Android will not work in Windows phone, Symbian or Apple iOS, which come in way of malware coders. Also, devices such as iPhone are extremely secure and there is little that can be extracted from a locked / secure iPhone, unless they are jailbroken. Atul Alex's research abuses voice dialing feature which is enabled by default on all mobile platforms - and combines a bugged headset with a micro controller and code to steal private data. The bugged headset can also dial a pre-defined number by detecting if the device is in use or not and turn the phone into a spy device. Further, it can steal contacts from all devic...

Algerian Hacker today hijack DNS Yahoo, Microsoft or Google and Paypal redirect users to a deface page. Credit being taken by Hacker going by name MCA-CRB , a serial website defacer. MCA-CRB is a prolific online graffiti artist who has defaced at least 5,000 sites, according to records kept by Zone-H. After Hijacking both domains resolve to an IP address located in the Netherlands,” at 95.128.3.172 (server1.joomlapartner.nl). “ When we heard about this incident, we were pretty skeptical about the attack. A site such as Google’s can be theoretically hacked, but it is very unlikely. Then we noticed that both domains were directed to an IP address in the Netherlands […], so it seemed more like a DNS poisoning attack ,” said Stefan Tanase from Kaspersky Lab Romania. " All we know is that Google's public DNS servers (8.8.8.8 and 8.8.4.4) were resolving requests for google.ro and other major .RO websites to the IP address hosting the defacement page ," Tanase said. Google ...

Inj3ct0r Team found cross site scripting vulnerability in  4shared , a file sharing site. Vulnerability link is exposed in a note  available at their website.  In general, cross-site scripting refers to that hacking technique that leverages vulnerabilities in the code of a web application to allow an attacker to send malicious content from an end-user and collect some type of data from the victim. Also same hackers claiming to get access over a private server of NATO Library and expose the links online. Website titled " NATO Multimedia Library Online Catalog ". Inj3ct0r member told The Hacker News , " We found another secret NATO server. We received a root on the server and gave the world the hidden database to NATO personnel. Now everyone can look for a secret document ." These three servers are available online without authorization, but its not confirm that servers got hacked or not.

Lulzsec Hacker , Jeffrey Hammond faces a potential prison sentence of more than 30 years if found guilty of all charges filed against him. U.S. District Court chief judge Loretta Preska, who presided over a bail hearing for Hammond want last week. Hammond was also charged with using some of the stolen credit card data to help make $700,000 in unauthorized charges, and accused of participating in a hack of the Arizona Department of Public Safety website. " In early May 2012, a federal grand jury handed down a superseding indictment in the case against alleged LulzSec and Anonymous leaders, accusing Hammond of masterminding the LulzSec and Anonymous attacks against the website of Stratfor (a.k.a. Strategic Forecasting), beginning in December 2011. " Informationweek said . " At last week's hearing in a Southern District of New York federal courtroom, Hammond's defense attorney, Elizabeth Fink, suggested that the FBI may have used entrapment to catch her client, ...

The UN nuclear watchdog has acknowledged one of its former computer servers had been hacked. The stolen information was contained in a statement by a group with an Iranian-sounding name calling for an inquiry into Israel's nuclear activities. The International Atomic Energy Agency (IAEA) is investigating Iran's nuclear program. A group called Parastoo Farsi for the swallow bird and a common Iranian girl’s name claimed responsibility for posting the names on its website two days ago. The group had been known to be critical of Israel's undeclared nuclear weapons program. “ The IAEA deeply regrets this publication of information stolen from an old server that was shut down some time ago ,” agency spokesperson said and agency experts had been working to eliminate any “ possible vulnerability ” in it even before it was hacked. Israel and the United States accuse Iran of seeking to develop a nuclear weapons capability, a charge Tehran denies, and says the Islamic state is th...

Once again a zero day vulnerability exploit is sold by cyber criminals in the underground, once again a the flaw is related to Oracle’s Java software that could allow to gain remote control over victim's machine. The news has been reported by KrebsOnSecurity blog that announced that the exploit being sold on an Underweb forum. The vulnerability is related to the most recent version of Java JRE 7 Update 9, it isn't present in previous versions of the framework, in particular the bug resides within the Java class “MidiDevice according the info provided by the seller that describes it with following statements: “ Code execution is very reliable, worked on all 7 version I tested with Firefox and MSIE on Windows 7 ,” “ I will only sell this ONE TIME and I leave no guarantee that it will not be patched so use it quickly. ” The exploited class is a component of Java that handles audio input and output. It's easy to understand that similar vulnerability has a great value du...

Anonymous Hacker managing Operation Syria ( OpSyria ) have released 1 GB of emails dump from  Syrian Ministry of Foreign Affairs. Files are in files are in Arabic language. Documents includes scanned copies of Syrian ministers passports, details about an arms transport from Ukraine, report which shows that 200 tons of Syrian bank notes have been shipped from Russia. " Within the stash you will find details about cargo flights from Russia, each containing 30 tons of fresh Syrian Cash " Hackers said. " Furthermore you will find lulzy documents such as scanned passports from Syrian ministers (PDF) and details about arms transportation from Ukraine ". Emails are available here and Full Archive is available to download also.

A group of Internet hackers appeared in an Ankara court on Monday on charges of terrorism, the first time alleged cyber criminals have been put on trial in Turkey. Those arrested in suspicion of the attacks are mostly students who deny having the technical skills required to carry out such a hack. RedHack has denied the allegations, saying 10 people currently being tried have no ties with the group and that the allegations of terrorism are simply part of the government’s policy against all of its opponents in the country. The defendants, who deny the charges, risk prison sentences ranging from eight to 24 years if convicted. Redhack claims to be affiliated with the international hackers' group Anonymous group, and has carried out several online attacks against state and private domains since 1997. Shortly after the arrests, RedHack declared that the individuals taken into custody had no association with the group. After releasing the statement, the collective brought down seve...

Hacker group Anonymous claims he took down North-side Independent School District's website (www.NISD.net) on Saturday to protest the district's use of tracking badges. On Sunday, Nov. 25, the same hacktivist released a statement via Pastebin giving the school district “1-3 days” to meet with parents and explain the student tracking program in detail. If the district fails to comply with the request, hacktivist promise to “simply shut down” the school district website once again. The hacker group also sent a Twitter message to the NISD account on Thursday, teasingly notifying them that their site was down. " They're tracking students! They have rights too. I want a statement about this, nobody agrees with that, even the parents! " Anonymous said. NISD said it wanted to expand the Student Locator Project to 112 Texas schools and around 100,000 students to curb truancy, apparently a major problem at the school district in question. It was reported th...

An Egyptian hacker “ TheHell ” is selling an exploit in $700 that allows individuals to hijack a Yahoo! email account. The method is shown off in a video that was posted on YouTube. A cross-site scripting (XSS) flaw on Yahoo! Mail creates a means to steal cookies and hijack accounts. In order to work, the victim must click on a malcious link. Upon doing so, the user’s cookies will be stolen and he or she will be redirected back to the Yahoo! email home page. " I'm selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers ," "TheHell" explained. " And you don't need to bypass IE or Chrome xss filter as it do that itself because it's stored xss ." Yahoo! has been notified and is looking for the security hole, which it says can be fixed in a few hours once discovered. They says this XSS flaw falls into the category of a stored vulnerability, which inserts malicious code into a file, database, or back-end system. The mali...