The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The hardware qualification is a very important issue, recent vulnerabilities discovered in network appliances of various manufacturer have alerted security community once again on the necessity to validate the hardware especially for large consume product. The last news is related to a vulnerability related to the Intel's 82574L Ethernet controller that expose equipment to risk of "packet of death." Attack. Star2Star 's chief technology officer Kristian Kielhofner identified the cause of the problems after customers experienced random crashes. Researchers at Star2Star after the analysis of lot traffic identified the cause of the problem in the format of a packet managed by a particular VoIP manufacturer. But as yet it is unclear how widespread the problem is or how other Intel hardware is affected. Kielhofner, wrote : " The system and Ethernet interfaces would appear fine," "and then after a random amount of traffic the interface woul...

A hacker 'Cahya Fitrianta' sentenced to eight years in prison by the West Jakarta District Court judges for hacking into many economic websites to steal money and funding that money to terrorist groups. He is also ordered to pay a Rp 500 million ($51,000) fine. He is charged with breaking into many sites, for running online fraud of billions of dollars and fund that money to terrorist training in Poso, Central Sulawesi. Cahya was arrested in May last year in a Bandung hotel. The defendant, along with another man, Rizki Gunawan. Police in May arrested Rizki, accusing him of hacking a marketing firm’s website to steal money in order to fund militant training. They both accused of channeling money to terrorism suspect Umar Patek , who was sentenced this year to 20 years for his role in the 2002 Bali bombing. “ Aside from engaging in a vicious conspiracy, the defendant was also found guilty of laundering money, which he obtained from hacking the www.speedline.c...

Syrian Electronic Army strike again! This time hacking group hijack Twitter accounts and a Facebook page of Sky News Arabia and also hack their Emails. The accounts affected were the channel’s main twitter handle @skynewsarabia and the @skynewsarabia account used for cultural and entertainment news, as well as the Facebook page facebook/skynewsarabia . Sky News regained control of the hacked accounts some how later. During an Interview with hackers at Syrian Electronic Army, hackers said that they first target Sky News's Email panel which is using Outlook Web App. Below is the screenshot of hacked inbox: Then it was too easy for hackers to reset the password of Twitter accounts and Facebook pages attached to that mail using Password forget option. Hackers said, they attack because of the bias that the foreign media has against Syria's President Bashar al-Assad and their support for the rebels in the Syrian conflict.

Microsoft teamed up with Symantec to take down a nasty malware affecting thousands upon thousands of PCs. Bamital botnet  hijacked people’s search experiences and redirected victims to potentially dangerous sites that could leave them vulnerable to other online threats and steal their personal information. Experts from the organizations obtained a court order and shut down servers at a data center in New Jersey and convinced operators in Virginia to shut down a server they control in the Netherlands on Wednesday. The Bamital botnet threatened the US$12.7 billion online advertising industry by generating fraudulent clicks on Internet ads. Microsoft’s research shows that Bamital hijacked more than 8 million computers over the past two years. Microsoft says that the botnet affected many major search engines and browsers including Bing, Yahoo, and Google offerings. Bamital's organizers also had the ability to take control of infected PCs, installing other types o...

Hacking group 'today hack and deface Hostgator Indian domain  Hostgator.in  , which handles the Indian Operations of Hostgator.com with locally available servers and localized currency billing as well as support. Rather than editing homepage or other pages of site, hacker just added new file at on ftp with defacement purpose. At the time of writing, the page has been removed by firm but we had taken a screenshot this morning as shown below: The defacement page ends with message," We Are Anonymous ". No doubt that group have nothing to do with Hacktivist group Anonymous, but may be they use this term just for fun. Mirror of hacker is also uploaded to  Legend-h .

John Arquilla, a professor at the U.S. Naval Academy and former military adviser has urged President Barack Obama to pardon the British computer hacker Gary McKinnon and to recruit master hackers to US Cyber Command. Gary McKinnon faced extradition for hacking into Pentagon and Nasa systems, and but they believe that he could encourage other hackers to become government cyber warriors. ' If the notion of trying to attract master hackers to our cause is ever to take hold, this might be just the right case in which President Obama should consider using his power to pardon, ' says Arquilla. China is widely thought to employ hackers, so the Pentagon aims to expand its cyber security personnel from 900 to 4,900 in the next few years and Hackers are frequently employed by security firms after serving sentences and Arquilla suggest Obama to do so. ' Today's masters of cyberspace are not unlike the German rocket scientists who, after World War II, were so...

A Chinese malware campaign called ' Beebus ' specifically targeting the aerospace and defense industries has been uncovered by FireEye security researchers. Beebus is designed to steal information, and begins its infiltration, as so many attacks do, with spear-phishing emails. Operation Beebus very related to Operation Shady RAT and was first detected in April 2011. The attacks carried out by  spear phishing attack and drive-by downloads as a means of infecting end users. malicious Whitepapers or PDFs were mailed to targets and by using known flaws, malware was able install Trojan backdoors on vulnerable systems. The malware communicates with a remote command and control (CnC) server. FireEye discovered the attacks on some of its customers in the aerospace and defence last March and the Vulnerability in the Windows OS known as DLL search order hijacking was used to drops a DLL called ntshrui.DLL in the C:\Windows directory.  It has modules ...

A Trojan that attacks Russian Internet users using a new trick to spread itself. Known as " Bicololo " was first discovered in October 2012 and specially designed to steal login credentials from users.  For this, the malware modify the system Hosts file (i.e etc/hosts) to host perfect phishing sites via DNS poisoning to collect social networking and email credentials. In a recent post from Avast antivirus,  Bicololo  continued to evolve and spread even further. Because it is difficult for a user to determine that he is redirected to a phishing site the attack going smoothly. In Oct, They found that all these phishing sites were resolving via servers located at 69.197.136.99, 94.249.188.224 and 178.63.214.97, 94.249.189.21 , which originally were hosted on afraid.org servers. But now this malware spreading via standard 404 Error webpage error of hacked sites. The most frequent phishing clones of vk.com , odnokl...

A Dutch hacker was sentenced to 12 years in a US prison on Friday for trafficking over 100,000 credit card numbers stolen in a computer hacking conspiracy. David Benjamin Schrooten , 22,  known as “Fortezza” in the hacker world, pleaded guilty in November to criminal charges related to hacking, bank fraud, and identity theft, according to Western District of Washington US Attorney Jenny Durkan. At sentencing U.S. District Judge Ricardo S. Martinez asked him, “ I don’t think you would ever consider walking into someone’s home, pulling out a gun and robbing them… Did it ever occur to you that you were doing that to all your victims? ” Investigators estimate that tens of thousands of people were affected. The damage amounted to more than 63 million dollars. He is Sentenced to 12 years in prison for a computer hacking and credit card fraud scheme that victimized people around the world. A California man is set to go on trial by the middle of the year for his purp...

The Computer networks of Energy Department were attacked by unknown hackers in a major cyber attack two weeks ago and personal information on several hundred employees was compromised. The Washington Free Beacon reports that, FBI agents are investigating the attacks and 14 computer servers and 20 workstations reportedly were penetrated during the attack. Officials are working to determine the exact nature of the attack and the extent of potential damage. " They believe the sophisticated penetration attack was not limited to stealing personal information. There are indications the attackers had other motives, possibly including plans to gain future access to classified and other sensitive information ." The security breach resulted in the unauthorized disclosure of employee and contractor Personally Identifiable Information (PII) of several hundred people. Department is in the process of notifying employees whose information was stolen. However, Chinese ...

PKNIC, The Pakistan domain registrar of .com.pk, .pk, org.pk and others domains has been reportedly hacked again yesterday. A hackers group named PakBugs has claimed that they have successfully penetrated PKNIC servers and gained control of around 23,000 domains which included some of the most popular pakistani media websites also. This is not the first time that PKNIC servers have been compromised. Earlier a Turkish hacker successfully managed to penetrate PKNIC servers and redirected 284 .pk domains. Hacker redirect / deface many websites by changing the DNS records (DNS spoofing) of the websites which are maintained by PKNIC. However, it took the hacker 5 hour to submit all his defacement’s on zone-h to make mirror’s.

Kaspersky Lab has revealed a new type of malware that can infect your computer when connected smartphone or tablet. Two such application, Super Clean and DroidCleaner found in Google Play android market. These two are actually same application, just released with two different names. These applications apparently disguised as a tool to clean memory for the Android operating system but after installing and running it displays a list of all running some processes and then restart the device. Later, in background, the app downloads three files autorun.inf, folder.ico, and svchosts.exe in phone. When user connect infected android mobile phone to any Windows computer with active Autorun or Autoplay functionality for USB devices, the svchosts.exe file ( Backdoor.MSIL.Ssucl.a ) is automatically executed on computer. A similar situation may arise in case of SD card. Before apps were removed by Google, they may together have been downloaded up to...

As you know, many enthusiasts Android mobile users wishing for alternate of WINE software for Android mobiles or tablet as well, that allow applications designed for Microsoft Windows to run on Unix-like operating systems. Sounds Interesting ? Alexandre Julliard , the original developer behind the Wine software project working on upcoming WINE version that will allow you to run windows apps on Android platform. Wine development talks being held during FOSDEM 2013 . In a Demo Julliard showed lite version of Wine running on Android, was quite slow. Anyway, this Wine port for Android is an active work-in-progress and hasn't received much attention yet. Before this Winulator makes it possible to run some classic Windows games on Android devices. Android devices currently use ARM-based chips and Intel has also been pushing its low power Atom x86 processors for Android phones and tablets, so Wine for Android could also theoretically run on devices with x86 chip...

A new Cyber Crimeware kit arrived in Hacking scenes called 'PiceBOT' just like other Latin American botnets such as vOlk (Mexico) & S.A.P.Z (Peru) and  cost just $140 in underground market for Cyber criminals. Like other amazing exploit kits, the main purpose is the distribution of malware that steals financial information through local pharming attacks. Bad bots perform malicious tasks allowing an attacker to take complete control over an affected computer for the criminal to control remotely. Once infected, these machines may also be referred to as ’zombies’. Kaspersky uncovered that this kit has already been adopted by Latin American cyber criminals to target clients of major banks and so far financial bodies from Chile, Peru, Panama, Costa Rica, Mexico, Colombia, Uruguay, Venezuela, Ecuador, Nicaragua and Argentina under attack. Detected as  Trojan-Dropper.Win32.Injector , the malware having couple of dozen variants. Malware is sti...

Remember the DNS Changer malware that infected at least four million computers in more than 100 countries, including 500,000 in the United States, with malicious software or malware ? Valeri Aleksejev, 32 years old from Estonia, is the first of the seven individuals to enter a plea, admitting his guilt for his role in the global scam that netted approximately $14 million. He faces up to 25 years in prison, deportation and the forfeiture of $7 million. The other six individuals have been named as Anton Ivanov, Vladimir Tsastsin, Timur Gerassimenko, Dmitri Jegorov, Konstantin Poltev, and Andrey Taame.  Alekseev was the first large-scale Internet fraud criminal case came to trial. The scam had several components, including a click-hijacking fraud in which Malware was delivered to victims' PCs when they visited specially crafted websites or when they downloaded phony video codec software. The malware changed the DNS settings of the infected computers, and even in...

DefenseCode researchers have discovered a critical security vulnerability that allows remote unauthenticated attacker to remotely execute arbitrary code under root privileges in the UPnP (Universal Plug and Play) implementation developed by Broadcom and used by many routers with Broadcom chipsets. Routers with vulnerable Broadcom UPnP stack are mostly based on Broadcom chipset. " We have found that, in fact, same vulnerable firmware component is also used in at least two other Cisco Linksys models - WRT54G3G and probably WRT310N. Could be others. " researchers said . The vulnerability is located within the wanipc and wanppp modules of the Broadcom UPnP stack, which is used by manufacturers that deliver routers based on the Broadcom chipset. The UPnP service is intended to be used on local networks, but Rapid7 found that there are over 80 million devices on the Internet that respond to UPnP discovery requests, making them vulnerable to remote attacks. The vul...

A hacker with handle name (~!White!~) today disclose SQL injection vulnerabilities in dozens of Military, United Nation and Pentagon domains. SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. Through a Pastebin note hacker announce more details about his findings in many sensitive websites, including Pentagon Defense Post Office Website, Office of the Deputy Director for Science Programs, Wiesbaden Military Community, NMCI Legacy Applications, Darby Military Community, Department of Economic and Social Affairs at United Nation and many more. SQL Injection is the hacking technique which attempts to pass SQL commands through a web application for execution by the back-end database. If not sanitized properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database or even can wipe it out. Hacker also claimed to hack ...

In recent The Hacker News updates, we have reported about some major hacking events and critical vulnerabilities i.e Cyber attack and spying on The New York Times and Wall Street Journal by Chinese Hackers,  Security Flaws in UPnP protocol , Botnet attack hack 16,000 Facebook accounts, 700,000 accounts hacked in Africa and new android malware that infect more that 620,000 users . Today Twitter also announced that they have recorded some unusual access patterns that is identified as unauthorized access attempts to Twitter user data. Unknown hackers breach Twitter this week and may have gained access to passwords and other information for as many as 250,000 user accounts " the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords " said Bob Lord ,Director of Information Security, at Twitter. For security reasons twitter have reset passwords and revoked session tokens...

In London today, an 18-year-old anonymous hacker received an 18-month youth rehabilitation order and a 60-hour unpaid work requirement for his involvement in " Operation Payback ". One strike against Paypal alone cost the site £3.5 million pounds. But Jake Birchall escaped jail today after the judge ruled he had been affected by special needs. He was an advanced user of the internet and had used it for nine years, since he was eight years old. " He did play a prominent and important part in this and I think he has got to learn to get out of bed in a morning and do unpaid work ." The judge said. Jake Birchall had admitted conspiring to impair the operation of computers in 2010 and 2011. They were convicted for their distributed denial of service attacks, which paralyse computer systems by flooding them with online requests. Ashley Rhodes , 28, of Bolton Crescent, Camberwell, south London, was given seven months , and Peter Gibson , 24, from Castl...

Kim Dotcom is offering a bounty of €10,000 (approx. US$13,580) to the first person who breaks its newly launched file storage service. Mega's launch last month was meet by criticism from multiple security researchers, Kim Dotcom announced a prize to the hackers last week. Kim tweeted," #Mega‘s open source encryption remains unbroken! We’ll offer 10,000 EURO to anyone who can break it. Expect a blog post today ." Dotcom believes the improvements made to his service’s security have made the site close to unbreakable, and Mega staff remain bullish about the site’s privacy qualities. Less than two weeks old, Mega passed 1 million registered users after just one day online, and is storing nearly 50 million files. Mega continues to face claims of illegal filesharing on the site. Dotcom claimed this week that only 0.001 percent of files on Mega have been removed for potential copyright infringement. The company blocked a third-party search engine from accessing publi...

The FBI Tuesday announced the arrest of Karen 'Gary' Kazaryan , a 27-year old man, who is said to have blackmailed more than 350 women after convincing them to strip off in front of their webcams has been arrested in the US. He was arrested in Glendale, California on Tuesday after being indicted on 15 counts of computer intrusion and 15 counts of aggravated identity theft, and faces a possible 105 years in the Big House if convicted. The FBI described the alleged blackmail as " se*tortion ". He is accused of hacking into the victims accounts and changing their passwords, locking them out of their own online accounts. He then searched emails or other files for naked or semi-naked pictures of the victims, as well as other information, such as passwords and the names of their friends.  He then posed online as the women, sent instant messages to their friends and somehow, persuaded those friends to get undressed so that he could view and take pictures of the...

VideoLAN recently published a security advisory warning of a buffer overflow vulnerability in versions 2.0.5 and earlier of VLC Media Player, which might be exploited to execute arbitrary code. This vulnerability was reported by Debasish Mandal. The vulnerability is caused due to an error in the "DemuxPacket()" function (modules/demux/asf/asf.c) when processing ASF files and can be exploited to cause a buffer overflow via a specially crafted ASF file. To exploit the vulnerability, a user must explicitly open a specially crafted ASF movie. Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious file. VideoLAN advises users to refrain from opening files from untrusted locations and to disable the VLC browser plug-ins until the issue is patched. A patch will be included in VLC 2.0.6, the next version of the media player, which is only available for testing purposes at the moment.

The New York Times says Chinese hackers probably working for the military or Chinese government have carried out sustained attacks on its computer systems, breaking in and stealing the passwords of high-profile reporters and other staff members. For the last four months, Chinese hackers have persistently attacked The New York Times . On Thursday, The Wall Street Journal announced that it too had been hacked by Chinese hackers who were trying to monitor the company’s coverage of China. It said hackers had broken into its network through computers in its Beijing bureau. " The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them " " Evidence shows that infiltration efforts target the monitoring of the Journal's coverage of China, and are not an attempt to gain commercial advantage or to misappropriate customer information, " the statement rea...

Incapsula announced this week that they’re offering an intriguing Backdoor Protection feature for sites using their cloud-based website security and performance services. What’s a Backdoor? A backdoor is a malicious function that enables hackers to remotely operate a site or server, even after whatever exploit they used for initial access has been patched. Installing a backdoor is often the first thing a hacker will do after gaining access to your site - so if you’ve been hacked before, there’s a good chance you’ve already got one. Hackers love backdoors because they provide easy return access to the site. Once installed, backdoors can used to distribute spam and malware, launch distributed denial of service (DDoS) attacks, or to help steal valuable data like credit card numbers. Recently, Incapsula reported how during the ongoing DDoS attacks against United States banks, a backdoor was used to turn a compromised site into a unwilling foot-soldier in the hackers Zombie Bo...

A Security Flaw in Universal Plug & Play (UPnP) are exposing more than 50 millions of computers, printers and storage drives to attack by hackers remotely. Rapid7 said Tuesday in a research paper , that problem lies in routers and other networking equipment that use a commonly employed standard known as Universal Plug and Play or UPnP. UPnP allows networked devices to discover each other and automatically establish working configurations that enable data sharing, media streaming, media playback control and other services. In one common scenario a file-sharing application running on a computer can tell a router via UPnP to open a specific port and map it to the computer's local network address in order to open its file-sharing service to Internet users. Over 80 million unique IPs were identified that responded to UPnP discovery requests from the internet and around 40-50 million network-enabled devices are at risk due to vulnerabilities found in th...

PokerAgent botnet was discovered in 2012 by ESET Security Research Lab, which is a Trojan horse designed to harvest Facebook log-on credentials, also collecting information on credit card details linked to the Facebook account and Zynga Poker player stats. According to  latest report , the botnet is still active mostly in Israel and 800 computers were infected, where over 16194 Facebook credentials stolen. The Trojan is active with many variants and belongs to MSIL/Agent.NKY family. ESET reveal that, the Trojan is coded in C# language and easy to decompile. After deep analyse, team found that the bot connects to the C&C server. On command, Trojan access the Facebook account of victim and collects the Zynga Poker stats and number of payment methods (i.e. credit cards) saved in the Facebook account. Once collected, information sent back to the C&C server. The Trojan is downloaded onto the system by another downloader componen...

The Vulnerability-Laboratory Research Team discovered persistent and client side POST Injection web vulnerability in the nCircle PureCloud (cloud-based) Vulnerability Scanner Application. The vulnerability allows an attacker to inject own malicious script code in the vulnerable module on application side. Benjamin K.M. from Vulnerability-Laboratory provide more technical details about these flaws, the first vulnerability is located in the Scan Now > Scan Type > Perimeter Scan > Scan section when processing to request via the ` Scan Specific Devices - [Add Devices] ` module and the bound vulnerable formErrorContent exception-handling application parameters. The persistent injected script code will be executed out of the `invalid networks` web application exception-handling. To bypass the standard validation of the application filter the attacker need to provoke the specific invalid networks exception-handling error. In the second ste...

The Hacktivist group  Team GhostShell today exposes data including 700,000 accounts / records from African universities and businesses during a campaign named ProjectSunRise . Hacker mention, " GhostShell's new project focuses on Africa, mainly, for the time being, South Africa and to some extent other countries from the continent, such as Algeria, Nigeria, Kenya and Angola. " In this new campaign hackers have targeted a many companies and universities i.e Angola's National Diamond Corporation, Ornico Marketing, Moolmans Africa Mining Corporation, South African Express Petroleum, State University, Kenyan Business Directory, PostNet Internet Services and also PressOffice linked to BidOrBuy which is South Africa's largest online store. Hacker release Mysql databases dumps of all these sites via pastebin notes . Hackers said, " Companies like Anglo American have decimated our vast natural resources and have paid our local workers next to nothing. In a resul...

The capillary diffusion of mobile devices, the lack of security systems on these platforms and low level of awareness on principal cyber threats made them a privileged target for cybercrime. We have assisted in the recent year to an explosion of malware designed to hit principal mobile OSs, in a recent report Sophos security firm revealed that in Australia and the U.S. Android threat exposure rates exceeding those of PCs showing the urgency to implement proper countermeasures. The situation appears really critical that why I asked to the expert of Group-IB Forensics Lab to show me how these agents work with a really case study. Several month ago Group-IB Forensics Lab detected mobile-banking malware through Google Play by Sberbank request (Russian leading national bank).  The File associated to the malware was named sber.apk , it was an Android Package having size of 225,905 bytes and digest md5: F27D43DFEEDFFAC2EC7E4A069B3C9516 . Analyzing the functionality of th...