The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Kaspersky Lab has revealed a new type of malware that can infect your computer when connected smartphone or tablet. Two such application, Super Clean and DroidCleaner found in Google Play android market. These two are actually same application, just released with two different names. These applications apparently disguised as a tool to clean memory for the Android operating system but after installing and running it displays a list of all running some processes and then restart the device. Later, in background, the app downloads three files autorun.inf, folder.ico, and svchosts.exe in phone. When user connect infected android mobile phone to any Windows computer with active Autorun or Autoplay functionality for USB devices, the svchosts.exe file ( Backdoor.MSIL.Ssucl.a ) is automatically executed on computer. A similar situation may arise in case of SD card. Before apps were removed by Google, they may together have been downloaded up to...

As you know, many enthusiasts Android mobile users wishing for alternate of WINE software for Android mobiles or tablet as well, that allow applications designed for Microsoft Windows to run on Unix-like operating systems. Sounds Interesting ? Alexandre Julliard , the original developer behind the Wine software project working on upcoming WINE version that will allow you to run windows apps on Android platform. Wine development talks being held during FOSDEM 2013 . In a Demo Julliard showed lite version of Wine running on Android, was quite slow. Anyway, this Wine port for Android is an active work-in-progress and hasn't received much attention yet. Before this Winulator makes it possible to run some classic Windows games on Android devices. Android devices currently use ARM-based chips and Intel has also been pushing its low power Atom x86 processors for Android phones and tablets, so Wine for Android could also theoretically run on devices with x86 chip...

A new Cyber Crimeware kit arrived in Hacking scenes called 'PiceBOT' just like other Latin American botnets such as vOlk (Mexico) & S.A.P.Z (Peru) and  cost just $140 in underground market for Cyber criminals. Like other amazing exploit kits, the main purpose is the distribution of malware that steals financial information through local pharming attacks. Bad bots perform malicious tasks allowing an attacker to take complete control over an affected computer for the criminal to control remotely. Once infected, these machines may also be referred to as ’zombies’. Kaspersky uncovered that this kit has already been adopted by Latin American cyber criminals to target clients of major banks and so far financial bodies from Chile, Peru, Panama, Costa Rica, Mexico, Colombia, Uruguay, Venezuela, Ecuador, Nicaragua and Argentina under attack. Detected as  Trojan-Dropper.Win32.Injector , the malware having couple of dozen variants. Malware is sti...

Remember the DNS Changer malware that infected at least four million computers in more than 100 countries, including 500,000 in the United States, with malicious software or malware ? Valeri Aleksejev, 32 years old from Estonia, is the first of the seven individuals to enter a plea, admitting his guilt for his role in the global scam that netted approximately $14 million. He faces up to 25 years in prison, deportation and the forfeiture of $7 million. The other six individuals have been named as Anton Ivanov, Vladimir Tsastsin, Timur Gerassimenko, Dmitri Jegorov, Konstantin Poltev, and Andrey Taame.  Alekseev was the first large-scale Internet fraud criminal case came to trial. The scam had several components, including a click-hijacking fraud in which Malware was delivered to victims' PCs when they visited specially crafted websites or when they downloaded phony video codec software. The malware changed the DNS settings of the infected computers, and even in...

DefenseCode researchers have discovered a critical security vulnerability that allows remote unauthenticated attacker to remotely execute arbitrary code under root privileges in the UPnP (Universal Plug and Play) implementation developed by Broadcom and used by many routers with Broadcom chipsets. Routers with vulnerable Broadcom UPnP stack are mostly based on Broadcom chipset. " We have found that, in fact, same vulnerable firmware component is also used in at least two other Cisco Linksys models - WRT54G3G and probably WRT310N. Could be others. " researchers said . The vulnerability is located within the wanipc and wanppp modules of the Broadcom UPnP stack, which is used by manufacturers that deliver routers based on the Broadcom chipset. The UPnP service is intended to be used on local networks, but Rapid7 found that there are over 80 million devices on the Internet that respond to UPnP discovery requests, making them vulnerable to remote attacks. The vul...

A hacker with handle name (~!White!~) today disclose SQL injection vulnerabilities in dozens of Military, United Nation and Pentagon domains. SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. Through a Pastebin note hacker announce more details about his findings in many sensitive websites, including Pentagon Defense Post Office Website, Office of the Deputy Director for Science Programs, Wiesbaden Military Community, NMCI Legacy Applications, Darby Military Community, Department of Economic and Social Affairs at United Nation and many more. SQL Injection is the hacking technique which attempts to pass SQL commands through a web application for execution by the back-end database. If not sanitized properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database or even can wipe it out. Hacker also claimed to hack ...

In recent The Hacker News updates, we have reported about some major hacking events and critical vulnerabilities i.e Cyber attack and spying on The New York Times and Wall Street Journal by Chinese Hackers,  Security Flaws in UPnP protocol , Botnet attack hack 16,000 Facebook accounts, 700,000 accounts hacked in Africa and new android malware that infect more that 620,000 users . Today Twitter also announced that they have recorded some unusual access patterns that is identified as unauthorized access attempts to Twitter user data. Unknown hackers breach Twitter this week and may have gained access to passwords and other information for as many as 250,000 user accounts " the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords " said Bob Lord ,Director of Information Security, at Twitter. For security reasons twitter have reset passwords and revoked session tokens...

In London today, an 18-year-old anonymous hacker received an 18-month youth rehabilitation order and a 60-hour unpaid work requirement for his involvement in " Operation Payback ". One strike against Paypal alone cost the site £3.5 million pounds. But Jake Birchall escaped jail today after the judge ruled he had been affected by special needs. He was an advanced user of the internet and had used it for nine years, since he was eight years old. " He did play a prominent and important part in this and I think he has got to learn to get out of bed in a morning and do unpaid work ." The judge said. Jake Birchall had admitted conspiring to impair the operation of computers in 2010 and 2011. They were convicted for their distributed denial of service attacks, which paralyse computer systems by flooding them with online requests. Ashley Rhodes , 28, of Bolton Crescent, Camberwell, south London, was given seven months , and Peter Gibson , 24, from Castl...

Kim Dotcom is offering a bounty of €10,000 (approx. US$13,580) to the first person who breaks its newly launched file storage service. Mega's launch last month was meet by criticism from multiple security researchers, Kim Dotcom announced a prize to the hackers last week. Kim tweeted," #Mega‘s open source encryption remains unbroken! We’ll offer 10,000 EURO to anyone who can break it. Expect a blog post today ." Dotcom believes the improvements made to his service’s security have made the site close to unbreakable, and Mega staff remain bullish about the site’s privacy qualities. Less than two weeks old, Mega passed 1 million registered users after just one day online, and is storing nearly 50 million files. Mega continues to face claims of illegal filesharing on the site. Dotcom claimed this week that only 0.001 percent of files on Mega have been removed for potential copyright infringement. The company blocked a third-party search engine from accessing publi...

The FBI Tuesday announced the arrest of Karen 'Gary' Kazaryan , a 27-year old man, who is said to have blackmailed more than 350 women after convincing them to strip off in front of their webcams has been arrested in the US. He was arrested in Glendale, California on Tuesday after being indicted on 15 counts of computer intrusion and 15 counts of aggravated identity theft, and faces a possible 105 years in the Big House if convicted. The FBI described the alleged blackmail as " se*tortion ". He is accused of hacking into the victims accounts and changing their passwords, locking them out of their own online accounts. He then searched emails or other files for naked or semi-naked pictures of the victims, as well as other information, such as passwords and the names of their friends.  He then posed online as the women, sent instant messages to their friends and somehow, persuaded those friends to get undressed so that he could view and take pictures of the...

VideoLAN recently published a security advisory warning of a buffer overflow vulnerability in versions 2.0.5 and earlier of VLC Media Player, which might be exploited to execute arbitrary code. This vulnerability was reported by Debasish Mandal. The vulnerability is caused due to an error in the "DemuxPacket()" function (modules/demux/asf/asf.c) when processing ASF files and can be exploited to cause a buffer overflow via a specially crafted ASF file. To exploit the vulnerability, a user must explicitly open a specially crafted ASF movie. Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious file. VideoLAN advises users to refrain from opening files from untrusted locations and to disable the VLC browser plug-ins until the issue is patched. A patch will be included in VLC 2.0.6, the next version of the media player, which is only available for testing purposes at the moment.

The New York Times says Chinese hackers probably working for the military or Chinese government have carried out sustained attacks on its computer systems, breaking in and stealing the passwords of high-profile reporters and other staff members. For the last four months, Chinese hackers have persistently attacked The New York Times . On Thursday, The Wall Street Journal announced that it too had been hacked by Chinese hackers who were trying to monitor the company’s coverage of China. It said hackers had broken into its network through computers in its Beijing bureau. " The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them " " Evidence shows that infiltration efforts target the monitoring of the Journal's coverage of China, and are not an attempt to gain commercial advantage or to misappropriate customer information, " the statement rea...

Incapsula announced this week that they’re offering an intriguing Backdoor Protection feature for sites using their cloud-based website security and performance services. What’s a Backdoor? A backdoor is a malicious function that enables hackers to remotely operate a site or server, even after whatever exploit they used for initial access has been patched. Installing a backdoor is often the first thing a hacker will do after gaining access to your site - so if you’ve been hacked before, there’s a good chance you’ve already got one. Hackers love backdoors because they provide easy return access to the site. Once installed, backdoors can used to distribute spam and malware, launch distributed denial of service (DDoS) attacks, or to help steal valuable data like credit card numbers. Recently, Incapsula reported how during the ongoing DDoS attacks against United States banks, a backdoor was used to turn a compromised site into a unwilling foot-soldier in the hackers Zombie Bo...

A Security Flaw in Universal Plug & Play (UPnP) are exposing more than 50 millions of computers, printers and storage drives to attack by hackers remotely. Rapid7 said Tuesday in a research paper , that problem lies in routers and other networking equipment that use a commonly employed standard known as Universal Plug and Play or UPnP. UPnP allows networked devices to discover each other and automatically establish working configurations that enable data sharing, media streaming, media playback control and other services. In one common scenario a file-sharing application running on a computer can tell a router via UPnP to open a specific port and map it to the computer's local network address in order to open its file-sharing service to Internet users. Over 80 million unique IPs were identified that responded to UPnP discovery requests from the internet and around 40-50 million network-enabled devices are at risk due to vulnerabilities found in th...

PokerAgent botnet was discovered in 2012 by ESET Security Research Lab, which is a Trojan horse designed to harvest Facebook log-on credentials, also collecting information on credit card details linked to the Facebook account and Zynga Poker player stats. According to  latest report , the botnet is still active mostly in Israel and 800 computers were infected, where over 16194 Facebook credentials stolen. The Trojan is active with many variants and belongs to MSIL/Agent.NKY family. ESET reveal that, the Trojan is coded in C# language and easy to decompile. After deep analyse, team found that the bot connects to the C&C server. On command, Trojan access the Facebook account of victim and collects the Zynga Poker stats and number of payment methods (i.e. credit cards) saved in the Facebook account. Once collected, information sent back to the C&C server. The Trojan is downloaded onto the system by another downloader componen...

The Vulnerability-Laboratory Research Team discovered persistent and client side POST Injection web vulnerability in the nCircle PureCloud (cloud-based) Vulnerability Scanner Application. The vulnerability allows an attacker to inject own malicious script code in the vulnerable module on application side. Benjamin K.M. from Vulnerability-Laboratory provide more technical details about these flaws, the first vulnerability is located in the Scan Now > Scan Type > Perimeter Scan > Scan section when processing to request via the ` Scan Specific Devices - [Add Devices] ` module and the bound vulnerable formErrorContent exception-handling application parameters. The persistent injected script code will be executed out of the `invalid networks` web application exception-handling. To bypass the standard validation of the application filter the attacker need to provoke the specific invalid networks exception-handling error. In the second ste...

The Hacktivist group  Team GhostShell today exposes data including 700,000 accounts / records from African universities and businesses during a campaign named ProjectSunRise . Hacker mention, " GhostShell's new project focuses on Africa, mainly, for the time being, South Africa and to some extent other countries from the continent, such as Algeria, Nigeria, Kenya and Angola. " In this new campaign hackers have targeted a many companies and universities i.e Angola's National Diamond Corporation, Ornico Marketing, Moolmans Africa Mining Corporation, South African Express Petroleum, State University, Kenyan Business Directory, PostNet Internet Services and also PressOffice linked to BidOrBuy which is South Africa's largest online store. Hacker release Mysql databases dumps of all these sites via pastebin notes . Hackers said, " Companies like Anglo American have decimated our vast natural resources and have paid our local workers next to nothing. In a resul...

The capillary diffusion of mobile devices, the lack of security systems on these platforms and low level of awareness on principal cyber threats made them a privileged target for cybercrime. We have assisted in the recent year to an explosion of malware designed to hit principal mobile OSs, in a recent report Sophos security firm revealed that in Australia and the U.S. Android threat exposure rates exceeding those of PCs showing the urgency to implement proper countermeasures. The situation appears really critical that why I asked to the expert of Group-IB Forensics Lab to show me how these agents work with a really case study. Several month ago Group-IB Forensics Lab detected mobile-banking malware through Google Play by Sberbank request (Russian leading national bank).  The File associated to the malware was named sber.apk , it was an Android Package having size of 225,905 bytes and digest md5: F27D43DFEEDFFAC2EC7E4A069B3C9516 . Analyzing the functionality of th...

The mastermind Russian Hackers who coded and distributed the Gozi malware,  Nikita Vladimirovich Kuzmin , 25 was charged along with Deniss Calovskis, 27, and Mihai Ionut Paunescu, 28 for infecting more than a million computers worldwide in order to steal banking and other credentials from tens of thousands of victims. They may face a maximum penalty of 95, 60 and 67 years in prison, respectively. Kuzmin allegedly created the Gozi program in 2005, hiring a programmer to write the source code and then leasing it to other criminal customers. According to latest reports , Nikita has agreed to cooperate with the United States. As potential evidence, the feds have been able to retrieve 51 servers in Romania as well as laptops, desktops and external hard drives. The data seized amounts to 250 terabytes. Paunescu, a Romanian national who went by the name “ Virus ” operated a bulletproof hosting service that provided criminal customers with servers and...

Firewall, VPN and spam filtering products from Barracuda Networks contains hidden hard coded backdoor ed SSH accounts, that allow any hacker to remotely log in and root access sensitive information. According to an advisory published by Stefan Viehböck of SEC Consult Vulnerability Lab reported the vulnerabilities in default firewall configuration and default user accounts on the unit. Barracuda were informed of the vulnerabilities at the end of November. All Barracuda Networks appliances with the exception of the Barracuda Backup Server, Barracuda Firewall, and Barracuda NG Firewall are potentially affected i.e Barracuda Spam and Virus Firewall, Barracuda Web Filter, Barracuda Message Archiver, Barracuda Web Application Firewall, Barracuda Link Balancer, Barracuda Load Balancer, Barracuda SSL VPN, CudaTel. Barracuda recommended that all customers immediately update their Barracuda security definitions to v2.0.5, ensure the products' security definitions ar...

Anonymous hackers deface the official website of U.S. Sentencing Commission website (ussc.gov) on Friday under a new campaign called " Operation Last Resort " in memory of  Reddit co-founder Aaron Swartz and also threatening to release a massive WikiLeaks-style exposure of sensitive U.S. government secrets. “ The time has come to show the United States Department of Justice and its affiliates the true meaning of infiltration. The time has come to give this system a taste of its own medicine. ” hackers said. The hack was performed in opposition to alleged unjust policies of the United States Department of Justice (DOJ) with the late Aaron Swartz. They also had distributed encrypted government files and claimed to give away decryption keys publicly as soon as possible. Where as this is not specified exactly what files they have obtained. Swartz was facing up to 50+ years in prison and a $4 million fine after releasing pay-walled academic articles from t...

Iranian hackers deface multiple big companies Turkmenistan domains (.tm) yesterday using DNS poisoning attack. All hacked domains are registered by NIC at Turkmenistan. Hacker managed to find and exploit a SQL Injection vulnerability in NIC website in order to get database of the site. Because the passwords was stored in plain text, that make more easy for those hacker to access the domain panels of each domain and changing the DNS entries to shift websites on a rouge server with defaced page. The defaced message as shown below: Defaced domains : www.youtube.tm www.gmail.tm www.msdn.tm www.intel.tm www.officexp.tm www.xbox.tm www.windowsvista.tm www.orkut.tm www.google.tm Mirror of hacks are available at Zone-H .

The role of hacker is recognized as crucial today in cyber security, these specialists are the nightmare of security experts but their knowledge is fundamental to understand the vulnerabilities of our infrastructures … think like a hacker if you want really protect your system . But hacking is a culture, a way of life that is hard to match ago with the business logic, true hackers don’t do this for money, money are fundamental but not all, the must for them is always to put into question their capabilities, try to consistently exceed their limits. Fortunately industry, private business and governments have understood it and have re-evaluated the importance of hackers, these specialists were once seen as shady individuals to avoid, today they are highly sought professionals in both private business and government sectors. Discover vulnerabilities before attackers could exploit them is essential, millions of people and devices are connected to the network, a unique oppo...

GitHub is a source code repository which lets developers work on programs together as a team, even when they are in different locations. Each repository on the site is a public folder designed to hold the software code that a developer is working on. This Tuesday GitHub announced a major upgrades to the site's search engine, " Finding great code on GitHub just got a whole lot easier, ". Yesterday few twitter users pointed out that there is no shortage of embedded private SSH keys and passwords that can easily be found via GitHub new feature. If you upload security information (keys/passwords etc) to a public repository, new search feature will allow anyone to find them. Today, GitHub's search function stopped working , though the site didn't acknowledge the cause. Updated message is " Search remains unavailable. The cluster is recovering slowly and we continue to monitor its progress. We'll provide further updates as they become available...

NASK the domain registrar that operates the “ .pl ” Polish top-level domain registry has seized multiple domains used for cyber crime activities by spreading Waledac malware distributed by the Virut botnet. According to Poland’s Computer Emergency Response Team, Virut was first detected in 2006 and became a serious threat with an estimated size of more than 300,000 compromised computers. NASK said that on Thursday it began assuming control over 23 .pl domains that were being used to operate the Virut network. Virut was responsible for 5.5% of infections in Q3 2012, making it the fifth most widespread threat of the time. They determined that botnet consists of more than 308,000 uniquely compromised machines and that its primary function is to pump out spam and other malicious emails. The most recent take down effort was in December 2012. Unfortunately, the Virut botnet gang managed to get the malicious botnet domain names moved to a new registrar ca...

The banking Trojan known as Shylock has been updated with new functionality, including the ability to spread over Skype. The program was discovered in 2011 that steals online banking credentials and other financial information from infected computers. Shylock, named after a character from Shakespeare's "The Merchant of Venice". Shylock is one of the most advanced Trojans  currently being used in attacks against home banking systems. The code is constantly being updated and new features are added regularly. According to security researchers from CSIS Security Group , the Skype infection is based on a malicious plugin called msg.gsm and allows the malware to send messages and transfer files, clean messages and transfers from Skype history and even bypass the Skype warning for connecting to servers. Beside the new ability to spread through Skype, Shylock can also spread through local shares and removable drives. Infection by the Trojan a...

Today I decided to remove Microsoft Security Essentials Antivirus from my system because Security Essentials failed another certification test by independent testing lab, AV-Test Institute. Microsoft's Security Essentials antivirus for Windows XP, Vista, and Windows 7 is a free add-on to Windows Defender, which blocks adware and spyware on Windows. In its review , AV-Test revealed that 22 of the 25 programs that were tested passed the test, but Security Essentials came up short. The lab tested all programs across three areas: protection, repair ability and usability of the whole computer based on the impact of the software. " We always used the most current publicly-available version of all products for the testing. They were allowed to update themselves at any time and query their in-the-cloud services. We focused on realistic test scenarios and challenged the products against real-world threats. Products had to demonstrate their capabilities using all ...

We continues to recommend users disable the Java program in their Web browsers, because it remains vulnerable to attacks that could result in identity theft and other cyber crimes and less than 24 hours after Oracle Sunday released a security update that addresses two critical zero-day vulnerabilities in Java that are being actively exploited by attackers, an online vulnerability seller began offering a brand-new Java bug for sale. According to a report , a Java exploits was being advertised for $5,000 a piece in an underground Internet forum and the new zero-day vulnerability was apparently already in at least one attacker's hands. The thread has since been deleted from the forum indicating a sale has been made, something sure to bring more concern to Oracle.Oracle can’t predict the future, and its engineers obviously can’t predict what exploits are going to be found in its software. The most recent hold Java fixed allowed hackers to enter a computer by using compro...