The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

With the release of the Microsoft security bulletins for December 2012, Company flag total 7 updates for Windows users, where one is rated as critical that could lead to remote code execution, where as other two are rated as important which fix flaws that could result in the operating system's security features being bypassed. All of the IE fixes involve use-after-free memory vulnerabilities. Where as kernel level exploits bundled into mass-exploitation kits is like Blackhole. In addition to IE, Microsoft is fixing a critical flaw in Microsoft Word that could enable attackers to execute remote code. The vulnerability could be exploited by way of a malformed Rich Text Format (RTF) document. Also Fonts can also be used as a potential attack vector, as this Patch Tuesday reveals. A pair of critical font parsing vulnerabilities are being patched this month, one for OpenType and the other for TrueType fonts. Details of all Updates : MS12-07...

ReVuln Ltd. , a small security company headed by Donato Ferrante and Luigi Auriemma, post a video that demonstrates that how attacks can gain root on the appliances. Samsung Smart TV contain a vulnerability which allows remote attackers to swipe data from attached storage devices. In this demonstration readers will see how it is possible to use a 0-day vulnerability to retrieve sensitive information, root access, and ultimately monitor and fully control the device remotely. Auriemma said, " We have tested different Samsung televisions of the latest generations running the latest version of their firmware.  Unfortunately we can't disclose additional information but we can only say that almost all the people having a Samsung TV at home or in their offices are affected by this vulnerability. ".

Saudi Arabia's national oil company " Aramco " is the country's largest oil production facility and is a significant exporter in the Organization of the Petroleum Exporting Countries. They said that a cyber attack against it in August which damaged some 30,000 computers was aimed at stopping oil and gas production at the biggest OPEC exporter. The interior ministry said it was carried out by organised hackers from several different foreign countries and Aramco employees and contractors were not involved. " The main target in this attack was to stop the flow of oil and gas to local and international markets and thank God they were not able to achieve their goals ," Abdullah al-Saadan, Aramco's vice president for corporate planning, said on Al Ekhbariya television. " Not a drop of oil was lost and the company was able to restore productivity in record time ," he added. The hackers used several methods to hide their location The attack used a computer viru...

Team Ghostshell a Hacktivists group of hackers, who before was in news for hacking Major Universities Around The Globe and leaked 120,000 records, are once again hit major organisations and expose around 1.6 million accounts  Hacker name the project as #ProjectWhiteFox , means " Freedom of Information " . These leaked 1.6 millions user accounts belongs to aerospace, nanotechnology, banking, law, education, government, military, all kinds of wacky companies & corporations working for the department of defense, airlines and more. In a Pastebin Note hackers mention, " How we went from 'cyber-criminals' to 'hacktivists' to 'e-terrorists' to 'bad actors' to blacklisted. #ProjectHellFire got the US wary of us, at that time we still wasn't sure if GhostShell had gotten X'd, but when the second release of #ProjectWestWind came out, you guys got so hyped about it that we knew it had started to unfold. " Hacked ...

Anonymous hackers once again hit Egyptian Government Websites and taken down. Hackers react under operation named #OpEgypt and hit 30 websites with DDos attack. Hacktivist using the handle @AnonymousGrupo claimed the responsibility of attack. Attacked websites include, The Egyptian Presidency website, The Egyptian Cabinet, Trade Agreements Sector (TAS), Maritime Transport site, Central Agency for Public Mobilization and Statistics, parliament website, Income Tax and many more. At the time of writing, many sites has been restored, but a few like https://www.presidency.gov.eg/ is still under maintenance. The Reason of Hack is mentioned in the banner shown above, was posted their facebook page. Readers can find list of sites under attack at Pastebin Note here .

A Gold Coast, Australian medical centre computers are infected with some ransom malware by a group of Russian hackers . The hackers encrypted the practice's patient database, demanding payment of $4000 for the files to be decrypted. " Cyber criminals based mainly throughout Eastern Europe look for rich targets, places with identifying information to extort, " Mr Phair, director of the Centre for Internet Safety and a former investigator with the Australian High-Tech Crime Centre. There have been 11 similar offences in Queensland this year, according to police. David Wood, Miami Family Medical Centre's co-owner said, " We've got all the anti-virus stuff in place - there's no sign of a virus. They literally got in, hijacked the server and then ran their encryption software ". The server with encrypted information is being held offline and an IT contractor is working with the practice to restore a backup of patient records. IT security exper...

" H4ksniper " hacker claiming responsibility for disrupting three South African government websites. This morning after hack, website of The social development department opened to a black page with a window containing the animated graphic " Website hacked by H4ksniper ". Another message on the deface page was " Hello South Africa :D , Bad News For You IM BACK ! ..You Messed With Us & Now You Must Suffer..From Morocco with love. " On asking, hacker said that the reason of hack is " We all know that SA is the first supporter of the [República Árabe Saharaui Democrática] RASD and the enemy of Morocco since a long time and we are hackers and our goal is defending our country... " From statement, its clear that hacker belongs to Morocco and claiming to defend it from its enemy. Defaced domains : https://www.dsd.gov.za/ https://www.population.gov.za/ https://www.pnc.gov.za/ Mirror Links: https://www.th3mirror.com/mirror/id/146186/ http...

Hacker Supporting Anonymous Group, with his nickname - " PV~E.rr0r " hack 516 websites.  Deface page shows a very cool animated Anonymous logo with text " We unite as one but no one can divide us. Expect us! " Because hacker intention was not to harm the website, so he has not change or delete any file, rather he just just upload his deface page on each site at "/Err0r.html" . In a message, Hacker told The Hacker News that purpose of hacking website is just to show their admins that they are vulnerable and need more security. Hacker also mention on deface page " Hello admin, I am here to warn you about your secrutiy, It kinda sucks 70% Security 30% Dumbness. We hacked this site to put a warning before the Blackhat hackers come. Please cooperate! " Rest at end page reads " We are Anonymous, We are legion, We do not forgive, We do not forget, United as one, Divided by zero, Expect us. #Knowledge is power. Don't learn to ha...

Most of People are curious to become Hackers, but they do not know where to start, If you are in the same situation, then " Hacking S3crets " Book will guide you through the basic and advanced steps of Hacking and will help you develop The Hacker Attitude. Author Sai Satish, and Co-Author K. Srinivasa rao with Aditya Gupta put together Ethical hacking with examples of live websites. Contents of the Book 1. Basic Hacking 2. email-Hacking 3. Google Hacking 4. Websites and databases Hacking 5. Windows Passwords Cracking in seconds 6. Backtrack 7. Metasploit 8. Wireless Cracking 9. Mobile Hacking To get reviews, we distribute book to few readers share the feedback after reading this book , as given below: Review from Nikhil Kulkarni An awesome book to start off with if you are interested in hacking. It unwraps various methods and techniques performed by hackers today. Being into security field from past 4 years, I've...

Creator of the GNU Project & Free Software Foundation's Leader Richard Stallman has called out Ubuntu as being "spyware". Why ?  Because the operating system sends data to Ubuntu maker Canonical when a user searches the desktop. How ? Due to the Amazon search capabilities that have been integrated into Ubuntu's  Unity desktop environment with the Dash. First introduced in Ubuntu 12.10. Surveillance Program ?  Stallman equates the Amazon search integration into the Ubuntu desktop as having installed surveillance code. He said, " Ubuntu, a widely used and influential GNU/Linux distribution, has installed surveillance code. When the user searches her own local files for a string using the Ubuntu desktop, Ubuntu sends that string to one of Canonical's servers. (Canonical is the company that develops Ubuntu.) " Stallman's post , " The ads are not the core of the problem ," " The main issue is the spying. Canonical says it doe...

Rootkit named as "Necurs" infect 83,427 unique machines during the month of November 2012. It is a multi-purpose rootkits capable of posing a threat to both 32 and 64-bit Windows systems. Distributed via drive-by download on the websites that host the BlackHole exploit kit. Like other rootkits it is able to hide itself from detection and also capable of downloading additional malware from outside. Attackers can maintain remote access to a machine this way in order to monitor activity, send spam or install scareware. Rootkit also stop security applications from functioning and hence no detection. Microsoft list this as  Trojan:Win32/Necurs . Trojan:Win32/Necurs is a family of malware that work together to download additional malware and enable backdoor access and control of your computer. The malware can be installed on its own or alongside rogue security software, such as Rogue:Win32/Winwebsec. The malware downloads itself into the folder " %windi...

According to reports, the hackers targeted personal computers retired Admiral Mike Mullen , the former chairman of the Joint Chiefs of Staff. The FBI is hunting for foreign hackers. Mullen is currently teaching WWS 318: U.S. Military and National and International Diplomacy and will teach an unnamed graduate seminar in the spring. According to Mullen's aides, however, he did not save or view classified information on his personal computers. Agents from an FBI cyber-security unit contacted Mullen in late October or early November, and asked that he surrender his computers in connection with the ongoing inquiry. Mullen agreed, and in early November at least one FBI agent collected the computers at his office at the U.S. Naval Institute. One official said that evidence gathered by the FBI points to China as the origin of the hacking, and that it appeared the perpetrators were able to access a personal email account of Mullen. Officials said that...

Samsung which is currently believed to the highest Smartphones Seller in the World is now providing a Remote tracking solution in all its smartphones to Track the lost phone with the name " Samsung Dive ". The Service is based on the Architecture which primarily acquires precise location of the smart phone using it GPS and other subsidiary location acquisition techniques. The Service is basically meant to be used by the users to track their phone in case of theft or lost phone. Security Researcher Jiten Jain discovered that this GPS based location tracking service provided by manufacturer (Samsung) is also vulnerable to Theft and Malwares. To use this inbuilt tracking Service, User has to simply create an account with Samsung (www.samsungdive.com). Users than have to enable remote services to track device and wipe data remotely. The permission can be disabled or modified only by the Samsung account holder after logging in and cannot be disabled by anyone else...

A new version of the Zeus botnet was used to steal about $47 million from European banking customers in the past year. This Zeus variant Trojan is blamed for attacks that stole more than 36 million Euros ($47 million U.S. dollars) from an estimated 30,000 consumer and corporate accounts at European banks. Dubbed "Eurograbber"  is more than just another banking Trojan. It's an exploitation of fundamental online banking authentication practices that could strike any institution. With the phone number and platform information, the attacker sends a text message to the victim's phone with a link to a site that downloads what it says is "encryption software" for the device. Customers become victims of Eurograbber by clicking on malicious links that may come in phishing-attack emails and then after injecting scripts to browser , the malware intercepts two-step authentication text messages sent to customers' phones. Customers at an estimated 30 banks fell vic...

Like many other security issues that now affect computer users, there is a growing threat known as phishing". Phishing attacks are perpetrated by criminals who send deceptive emails in order to lure someone into visiting a fraudulent web site or downloading malicious software, expressly for stealing sensitive information such as credit card numbers, account information, passwords, etc. Cyber criminals continue to evolve and refine their attack tactics to evade detection and use techniques that work. Spear phishing emails are on the rise because they work. We have notice many times that Spear Phishing Attacks are really Successful in order to compromise Enterprise Networks and Stealing Data. From last one month I was getting mails from an unknown spoofed email id regrading a paypal warning with subject " Your account has been limited until we hear from you ! " Guess what, even I am not using that email for my Paypal account, from here I just judge that it's...

Some critical vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service) attack. These vulnerabilities affect Apache Tomcat 6.x and Apache Tomcat 7.x . Apache Tomcat vulnerabilities CVE-2012-4534 Apache Tomcat denial of service CVE-2012-3546 Apache Tomcat Bypass of security constraints CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter According to CVE-2012-4431 , The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request. CVE-2012-4534, DOS includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system. Whereas, CVE-2012-3546 - where malicious users or people can bypass certain security mechanisms of the application. The act...

A new trojan horse app called Dockster is targeting Mac users by exploiting a known Java vulnerability CVE-2012-0507. The trojan is apparently being delivered through a website (gyalwarinpoche.com) dedicated to the Dalai Lama and once installed can collect user keystrokes and other personal information. Mac in Danger ?  Earlier this spring, a Russian security firm discovered a trojan piece of malware which took advantage of a Java vulnerability on many computers, Macs and PCs alike. This trojan, known as "Flashback," was used to enlist some 600,000 infected computers into a botnet. Malware also provides an interface that allows attackers to download and execute additional malware. Dockster has been found to use the same exploit code as the previous SabPab virus to gain access through a backdoor. Dockster is also said to launch an agent called mac.dockset.deman, which restarts each time a user logs in to their Mac. Dockster is only the latest Mac-bas...

Even if you are considered to be a white hat hacker, you are always still walking a fine line between being a bad guy and a good guy in many people eyes. There are a lot of people out there who believe that there should be no hacking at all being done and everyone who does it should be considered a criminal. Of course that is a very small myopic view of how being a white hat hacker really works but there is always going to be an element of that kind of thought out there. There are just a lot of people out there who believe that if you ban hacking outright that it will never be done. And that is simply just not true and is a pure fantasy. But if you really want to be a good and effective white hat hacker, then there are some elements about the other side that you should really get to know. If you want to be able to beat your enemies then you should be able to figure out how they operate. It is not enough for you to be able to take a look at their attacks and try to study their patterns...

It's known, drones are privileged vehicles for reconnaissance and attacks, technology has achieved level of excellence and their use is largely diffused, that's why defense companies are providing new solution to make them increasingly effective. But the incredible amount of technological components could be itself a point of weakness, last year in fact an U.S. stealthy RQ-170 Sentinel drone was captured by Iranian military near the city of Kashmar. The vehicle was used in reconnaissance mission, it took off from near Afghanistan, exactly from Kandahar airfield. In this hours government of Teheran has announced to have captured a new drone, Iran's Islamic Revolution Guards Corps (IRGC) Navy Commander Rear Admiral Ali Fadavi reported that on Dec. 5th Iranian defense has captured a Scan Eagle drone that violated the fly zone over the Persian Gulf, around Kharg Island, in southern Iran. The zone is a strategic area, the place provides a sea port for the export o...

Instagram - Facebook's popular photo sharing app for iOS, is currently has a vulnerability that could make your account susceptible to hackers. A security researcher Carlos Reventlov  published on Friday another attack on Facebook's Instagram photo-sharing service that could allow a hacker to seize control of a victim's account. " The Instagram app communicates with the Instagram API via HTTP and HTTPs connections. Highly sensitive activities, such as login and editing profile data, are sent through a secure channel. However, some other request are sent through plain HTTP without a signature, those request could be exploited by an attacker connected to the same LAN of the victim's iPhone. " Vulnerability Details --   The vulnerability is in the 3.1.2 version of Instagram's application, which is  susceptible to "eavesdropping and man in the middle attacks that could lead an evil user to delete photos and download private media without the victim's con...

A notorious group of Internet trolls says it has unleashed a worm that has littered Tumblr blogs with inflammatory and racist posts. A massive bug affecting some 8,600 unique Tumblr users.  Gay Nigger Association of America , took responsibility for the attack. The infected post begins: " Dearest 'Tumblr' users  , This is in response to the seemingly pandemic growth and world-wide propagation of the most fucking worthless, contrived, bourgeoisie, self-congratulating and decadent bullshit the internet ever had the fortune of faciliating ." How worm work ?  Worm took advantage of Tumblr's reblogging feature, meaning that anyone who was logged into Tumblr would automatically reblog the infectious post if they visited one of the offending pages. Naked Security said . In a message posted to the company's official Twitter account, the blogging site said, " We are aware that there is a viral post circulating on Tumblr. We are working to resolve the issue as sw...

After five months NMAP team release latest version of open source utility for network exploration or security auditing - NMAP 6.25 . It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Updates: integration of over 3,000 IPv4 new OS fingerprint submissions, over 1,500 service/version detection fingerprints, and of the latest IPv6 OS submi...

Researcher discovered Multiple Zero-day vulnerabilities in MySQL database software including Stack based buffer overrun, Heap Based Overrun, Privilege Elevation, Denial of Service and  Remote Preauth User Enumeration. Common Vulnerabilities and Exposures (CVE) assigned as : CVE-2012-5611 — MySQL (Linux) Stack based buffer overrun PoC Zeroday CVE-2012-5612 — MySQL (Linux) Heap Based Overrun PoC Zeroday CVE-2012-5613 — MySQL (Linux) Database Privilege Elevation Zeroday Exploit CVE-2012-5614 — MySQL Denial of Service Zeroday PoC CVE-2012-5615 — MySQL Remote Preauth User Enumeration Zeroday Currently, all reported bugs are under review and most of the researchers believed that some of these can be duplicate of an existing bugs. CVE-2012-5612 and CVE-2012-5614 could cause the SQL instance to crash, according to researchers. Where as another interesting bug CVE-2012-5615 allow attacker to find out that either any username exist ...

Nationwide Insurance was breached last week and Sensitive information of about 1 Million people is at risk. The FBI is investigating a breach, including policy and non-policy holders. Nationwide mailed notices to all affected individuals last Friday. Insurance Commissioner Ralph Hudgens issued the following statement Monday concerning the unauthorized access of Nationwide Insurance's website. Spokeswoman Elizabeth Giannetti confirmed a statement by the California Department of Insurance earlier in the day which said "names, social security numbers, and other identifying information" of one million policyholders and non-policy holders were exposed. No credit card details were revealed. About 30,000 people in Georgia were affected, as well as more than 12,000 in South Carolina. Are you affected ? call  The Nationwide at number 800-760-1125.  Affected members and applicants free credit monitoring and identity theft protection services from Equifax fo...

Hacker @kingcope discovered critical vulnerability in Tectia SSH Server. Exploit working on SSH-2.0-6.1.9.95 SSH Tectia Server (Latest available version from www.tectia.com) that allow attacker to bypass Authentication remotely. Description :  An attacker in the possession of a valid username of an SSH Tectia installation running on UNIX (verified on AIX/Linux) can login without a password. The bug is in the "SSH USERAUTH CHANGE REQUEST" routines which are there to allow a user to change their password. A bug in the code allows an attacker to login without a password by forcing a password change request prior to authentication. Download Exploit Code : Click Here A default installation on Linux (version 6.1.9.95 of Tectia) is vulnerable to the attack. Eric Romang posted a Demo video on Youtube, hope you will like it :) Command Source : https://goo.gl/BHqWd

Security researchers have discovered what appears to be an experimental Linux rootkit designed to infect its highly select victims during a classic drive-by website attack. The malware allows hackers to inject code directly in any infected web page. The new malware, discovered on November 13 of this year, was written especially for servers that run Debian Squeeze and NGINX, on 64 bits. About Rootkit :  Rootkit.Linux.Snakso.a is designed to infect the Linux kernel version 2.6.32-5-amd64 and adds an iframe to all served web pages by the infected Linux server via the nginx proxy.  Based on research, the rootkit may have been created by a Russia-based attacker. The recently discovered malware is very dangerous because it does not infect a specific website. It infects the entire server and this can endanger all websites hosted on that server. Drive-by-downloads expose web surfers to malicious code that attempt to exploit unpatched software vulnerabilities in the...

While Exploring Zone-H , today we found that Turkish Ajan Hacker Group hacked into few Acer Indian domains and Deface the sites.  Hacker also dump the complete data of 20,000 users and upload the file on a file sharing website . 6 sub domains are reported to be hacked 24 hours before and having deface page their at the time of writing. Deface Page shows that, Hacker performed the hack to show their protest against bombing by Israel on Gaza. Hacked Sites https://acn.acer.co.in/index.html https://adn.acer.co.in/index.html https://aln.acer.co.in/index.html https://asn.acer.co.in/index.html https://humanet.acer.co.in/index.html https://select.acer.co.in/index.html Mirrors of Hacks: https://www.zone-h.org/mirror/id/18681361 https://www.zone-h.org/mirror/id/18681333 https://www.zone-h.org/mirror/id/18681316 https://www.zone-h.org/mirror/id/18681313 https://www.zone-h.org/mirror/id/18681314 https://www.zone-h.org/mirror/id/18681315

The Syrian government is almost certainly responsible for a blackout Thursday that shut down virtually all Internet service in the country. However, The Syrian government blamed the outage in internet service and mobile coverage in some areas on the armed groups' sabotage acts against cellular broadcast centers. Hacker with name Teamr00t has hacked and defaced Syrian government and showed their support for the people of Syria against President Bashaar Al-Assad's latest actions in shutting down the internet. Deface message President Bashaar Al-Assad You have taken a step too far in shutting down the internet so the outside world cannot see the horrific crimes you are committing upon your own people and this will not be tolerated by the world watching! The Syrian people have the right to freedom of speech, the right to live a normal happy life and the right to have access to the internet to connect with the rest of the world. By shutting down the internet you have denied you...