The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Zeus continues to strike online bank accounts and users, and technology designed to thwart these Trojan attacks continually fails to keep up. Symantec recently came across a new Zeus file targeting five major banks in Japan. The malware, which has caused serious problems to banking customers in Europe and the U.S, now having maximum concentration on Japanese banks. Target information was reveled by Symantec after decryption of configuration file from new sample. The attacker uses Blackhole exploit kit in order to install Zeus. Zeus, a financially aimed malware, comes in many different forms and flavors. It can be tweaked to hijack personal PCs, or come in the form of a keylogger that tracks keystrokes as users enter them. But once installation over, Zeus malware aims to steal online-banking credentials, and phishing schemes and drive-by downloads are most often the avenues hackers use to spread this increasingly sophisticated and evo...

Apple has faced a number challenges over the last year related to software errors and flaws on its flagship iPhone. According to a latest video posted on YouTube  iPhone and iPad users running the latest iOS 6.1 platform can bypass the lock screen, even when a password is set. Basically, he found that by attempting and canceling an emergency call on the iPhone, holding the lock button and then taking a screenshot took him past the stage where he should have had to enter a password to access the phone. The flaw is relatively easy to exploit and this lets you bypass the security code and use the full Phone app. From there you have access to the address book, and the pictures app by trying to change a contacts picture. Apple promised to fix the iOS 6.1 iOS Exchange bug in a forthcoming software update so perhaps they’ll fix this annoying glitch as well. Steps to follow: First part: -Go to emergency call, push down the power button and tap cancel. -D...

An old vulnerability in Word for OS X is being used in increasing levels of attacks,  probably government-sponsored hacking programs  against Uyghur group, including Tibetans, NGOs and human rights organizations. A number of attacks have been seen directed at the World Uyghur Congress, a Munich-based organization that promotes human rights. Potential victims are often tricked by so-called spear phishing attacks, the targets receive an e-mail with a subject relevant to their interests, and a Word document attached.  When they open the document, TinySHell exploits a vulnerability and then infects the computer. Exploit allows long-term monitoring or even control of the compromised system though a backdoor it installs. The malware is configured to connect to command and control servers that have been used for years in APT attacks. All the attacks use exploits for the CVE-2009-0563 (Microsoft Office) vulnerability and The backdoor also includes hard...

Police in Spain have arrested a gang of 11 cyber criminals who used ransomware to demand money from thousands of victims in 30 countries using malware known as Reveton . Police arrested six Russians, two Ukrainians and two Georgians in the Costa del Sol. The gang leader, a 27-year-old Russian, was arrested in Dubai in the United Arab Emirates in December 2012 on an international arrest warrant. Spanish authorities are seeking his extradition. According to researchers from Trend Micro who worked with the Spanish to track down the group, estimate that this ransomware operation netted the group more than 1 million euros a year. The Trojan was distributed using drive by download techniques, in conjunction with the Black Hole exploit kit and initially the malware was focused on German individuals, but in later months began to target other countries, primarily the USA. Trend Micro, said there were 48 different variations of the virus in use and the malware has bee...

A Cross platform back door ' Frutas ' remote access tool (RAT) is available for download on many forums from January 2013. This Trojan builder is completely written in Java. Recently, Symantec experts analyse that Frutas RAT allows attackers to create a connect-back client JAR file to run on a compromised computer. The back door builder provides some minor obfuscation, which allows the attacker to use a custom encryption key for some of the embedded back door functionality. Once a backdoor connection is established, the RAT server alerts the attacker and allows them to perform various back door functions on the compromised computer i.e Browse file systems, Download and execute arbitrary files, Perform denial of service attacks, Open a specified website in a browser. According to Symantec only 2 out of the 46 vendors from Virus Total are detecting it as a threat.

FireEye researchers recently came across a zero-day security flaw in Adobe Reader that's being actively exploited in the wild. The zero-day vulnerability is in Adobe PDF Reader 9.5.3, 10.1.5, 11.0.1 and earlier versions. According to researchers, once malware takes advantage of the flaw, its payload drops two dynamic-link libraries, or DLLs, which are application extensions used by executable files to perform a task. In this case, they allow the infected computer to communicate with a hacker-owned server. No additional details about the zero-day vulnerabilities have been publicly released, and but researchers with antivirus provider Kaspersky Lab have confirmed the exploit can successfully escape the Adobe sandbox. " We have already submitted the sample to the Adobe security team. Before we get confirmation from Adobe and a mitigation plan is available, we suggest that you not open any unknown PDF files ," said FireEye team. But until the vulnerability gets patched,...

Television viewers in Montana, perhaps looking to stay inside from the scary cold outside, got an even scarier surprise when warnings of a zombie apocalypse took over their TV screens. There TV Stations Montana's KRTVMichigan's, WNMU-TV and WBUP-TV were victims of this zombie prank. The channels later said that somebody had hacked into its system. The message warned zombies were attacking the living and warned people not to approach or apprehend these bodies as they are extremely dangerous. Channel said on its website , “ Someone apparently hacked into the Emergency Alert System and announced on KRTV and the CW that was an emergency in several Montana counties. The message did not originate from KRTV, and there is no emergency. Our engineers are investigating to determine what happened and if it affected other media outlets. ” Officials with the stations in Michigan said law enforcement authorities determined the attack originated outside the U.S. The message was quickly...

The hacktivist group Anonymous says it’s planning to block all live streams of President Obama’s State of the Union address Tuesday night, in an operation entitled " Operation SOTU ". “ We reject the State of the Union. We reject the authority of the President to sign arbitrary orders and bring irresponsible and damaging controls to the Internet, ” the statement reads. " The President of the United States of America, and the Joint Session of Congress will face an Army tonight. " Anonymous group is upset with a pending Internet security bill. According to Anonymous and other Internet freedom activists, if the CISPA (Cyber Intelligence Sharing and Information Act) is passed it will infringe on online privacy and freedom. A Twitter account associated with Anonymous also hinted by tweeting ," ADVANCED WARNING: This year's State of the Union Address WILL be cancelled if internet regulation is passed by executive order #opLastResort " ...

What if you could easily host malicious websites, send phishing emails, and manage compromised hosts across diverse internet addresses? This week's Cobalt Strike adds the ability to manage multiple attack servers at once. Here's how it works: When you connect to two or more servers, Cobalt Strike will show a switch bar with buttons for each server at the bottom of your window. Click a button to make that server active. It's a lot like using tabs to switch between pages in a web browser. To make use of multiple servers, designate a role for each one. Assign names to each server's button to easily remember its role. Dumbly connecting to multiple servers isn't very exciting. The fun comes when you seamlessly use Cobalt Strike features between servers. For example: Designate one server for phishing and another for reconnaissance. Go to the reconnaissance server, setup the system profiler website. Use the phishing tool to deliver the reconnaissa...

Systems on your network log data 24/7/365. Simply allowing logs to take up disk space, reviewing them only after something has happened and deleting logs when you run low on disk space are all the strategies of an admin doomed to always being in firefighting mode, reacting to bad things when they happen. Proactive log management can help an admin get into a proactive mode You know that event log monitoring is important, since all your systems and key applications log data. But since no two systems log to the same place, or in the same format, it’s almost impossible to get ahead of the logging and actually pay attention to what is being logged. That’s where event log monitoring comes into play; here’s why: Aggregate your logs in a central location:  With logs spread across dozens or even hundreds of systems, there’s no way you can manage them where they are. Event log monitoring applications can gather up all your logs in a central location, making them easy to analyze, store, a...

A multinational security firm ' Raytheon ' has secretly developed software called ' RIOT ', capable of tracking people's movements and predicting future Behavior by mining data from social networking websites. The multi billion dollar company, didn't want its concept video revealed, but the Guardian posted it anyway. Raytheon has not yet sold RIOT to any clients but has been shared with the US government as part of a joint research project to develop a Big Data system capable of surveilling large parts of the population. The software can also pull metadata from pictures taken to pinpoint a user’s location when the picture was taken. From this and other location data taken from applications i.e Foursquare, the software can predict future movements of users. The video shows how Riot works on a sample Raytheon staff member, tracking his regular visits to Washington Nationals Park and a local gym. RIOT creates unique profiles from publicly available data, inclu...

One week after launching a Bug bounty program by the Kim Dotcom 's new file-storage and sharing service MEGA claims to have fixed seven vulnerabilities. Although Mega hasn't shared how much money and to whom it paid out in the first week. But as promised, it is clear that MEGA paid out thousands of dollars in bug bounties during the first week of its security program. We found bug hunter yesterday (tweeted)- Mr.  Frans Rosén received 1000 Euros in the bug fixing challenge. This tweet was also Re-tweeted by Kim Dotcom later, that confirmed Frans's class III bugs reward. Congratulations @ fransrosen for XSS in #MEGA . Handsome EUR 1000 in Bug Bounty Program twitter.com/fransrosen/sta… — The Hacker News™ (@TheHackersNews) February 10, 2013 In a blog post, Mega explained how it classifies vulnerabilities and their impacts. Vulnerabilities were classified into VI classes, with I being the lowest risk and VI being the highest. Seven qualified bug details are as shown...

Mozilla’s Firefox OS, the mobile operating system from the company that makes the Firefox browser build entirely on open web standards and having ability to beat Android or iOS.  Firefox OS is Mozilla's ambitious attempt to build an operating system that brings more openness to the walled gardens of Apple's iOS and Google's Android. New Operating Systems for Smartphones Its a new mobile operating system built entirely using open web standards and with codename  Boot to Gecko , means a Linux distro that automatically loads Gecko or in more simple words apps for Firefox OS are basically just websites written in HTML, JavaScript, and CSS. The Web is the Platform, which means not only taking down barriers, but also a lighter system that makes your apps run smoothly and an optimal battery life. Firefox OS written with basic HTML, CSS, and JavaScript Mozilla has also added some extra hooks to Firefox OS that allow developers to access a phone’s hardware v...

Several Myanmar journalists have recently received warnings from Google that their Gmail accounts may have been targets of state-sponsored attacks. After they login to their Gmail accounts, warning message,“ We believe state-sponsored attackers may be attempting to compromise your account or computer ” was displayed on top as shown. Google had begun the policy of notifying users of suspicious activity in June. " We are constantly on the lookout for malicious activity on our systems, in particular attempts by third parties to log into users’ accounts unauthorized. " Google said in a blog post . " If you see this warning it does not necessarily mean that your account has been hijacked. It just means that we believe you may be a target, of phishing or malware for example, and that you should take immediate steps to secure your account ." The Voice Weekly Journal’s editor Aung Soe, Aye Aye Win, a Myanmar correspondent for the Associated Press, and Myat Thura, a Mya...

The Cyber Intelligence Sharing and Protection act (CISPA) will be reintroduced by House Intelligence Committee Chairman Mike Rogers (R-Mich.) and ranking member Rep. Dutch Ruppersberger (D-Md.) before the US House next week . CISPA would've allowed any company to give away all the data its collected on you if asked by the government and The bill that plan to introduce next week will be identical to the version of CISPA that passed the House last spring. May be the recent reports of cyber espionage against The New York Times and The Wall Street Journal,  along with attacks on the Federal Reserve 's Web site and on several U.S. banks have brought the issue back to the fore. " This is clearly not a theoretical threat - the recent spike in advanced cyber attacks against the banks and newspapers makes that crystal clear, " Rogers said in a statement. If implemented, An independent Intelligence Community Inspector General would review the government's use of any...

Malwares are getting updated during the age of social networking. FortiGuard Labs researchers have discovered a new malware called ' Rodpicom Botnet ' that spreads via messaging applications such as Skype and MSN Messenger. Dubbed W32/Rodpicom.A - Rodpicom Botnet sends a message to the victim with a link to a malicious site that leads to downloadable content. When the user clicks the link, the attack downloads another strain of malware, known as Dorkbot . Once the target machine is infected, it checks to see if the victim is using any messaging applications such as Skype or MSN Messenger.  It is revealed that, the malware employs new stealth tactics, including an exception handling technique that generates its own error to dodge analysis and relies on an anti-emulator that attacks the heuristic-scanning capabilities in antivirus software and enables its code to jump around several hundred times. The malware is enough smart to checks the language of the installed operating...

Microsoft next updates are fully loaded with 57 different security vulnerabilities through 12 separate updates. It will roll out fixes as it always does on Patch Tuesday, the second Tuesday of every month. Anyone who uses Windows as their primary operating system will be quite familiar with Patch Tuesday. According to Microsoft's advisory , The 12 security update including two for Internet Explorer (IE), that will patch a near-record 57 vulnerabilities in the browser, Windows, Office and the enterprise-critical Exchange Server email software. Part of this update will be security patches for every single version of Internet Explorer. Apparently, this is to address a security hole that leaves users open to being exploited through drive-by attacks. Out of the 12 updates, five are considered “ critical, ” and others are labeled “ important, ”. As always, the critical patches will automatically install for any Windows users with automatic updates enabled. Two of...

Bit9 disclosed Friday that hackers had stolen digital code signing certificates from its network and have utilized it to sign malware. Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms. " As a result, a malicious third party was able to illegally gain temporary access to one of our digital code-signing certificates that they then used to illegitimately sign malware ," Bit9 Chief Executive Patrick Morley said in a blog post . The attackers then sent signed malware to at least three of Bit9's customers, although Bit9 isn't saying which customers were affected or to what extent. " Since we discovered this issue, we have been working closely with all of our customers to ensure they are no longer vulnerable to malware associated with the affected certificate ." and company said it has resolved the issue. It is not the first time that hackers have breached a security firm as part of a ...

The hacker, known as Guccifer , targeted several e-mail accounts and exposed personal photos and sensitive correspondence from members of the former US President Bush family, including both former U.S. presidents. Hacked Emails includes the AOL account of his daughter Dorothy Bush Koch; family friends Willard Hemingway and Jim Nantz; former First Lady Barbara Bush's brother; and George H W Bush's sister-in-law. Some of the e-mails contain catty comments about another former president, Bill Clinton. The photos and e-mails were uploaded yesterday to an online account that appears to have been hacked for the purpose of hosting the material including confidential October 2012 list of home addresses, cell phone numbers, and e-mails for dozens of Bush family members, including both former presidents, their siblings, and their children. The hacker also intercepted photos that George W. Bush e-mailed two months ago to his sister showing paintings that he was working o...

The hardware qualification is a very important issue, recent vulnerabilities discovered in network appliances of various manufacturer have alerted security community once again on the necessity to validate the hardware especially for large consume product. The last news is related to a vulnerability related to the Intel's 82574L Ethernet controller that expose equipment to risk of "packet of death." Attack. Star2Star 's chief technology officer Kristian Kielhofner identified the cause of the problems after customers experienced random crashes. Researchers at Star2Star after the analysis of lot traffic identified the cause of the problem in the format of a packet managed by a particular VoIP manufacturer. But as yet it is unclear how widespread the problem is or how other Intel hardware is affected. Kielhofner, wrote : " The system and Ethernet interfaces would appear fine," "and then after a random amount of traffic the interface woul...

A hacker 'Cahya Fitrianta' sentenced to eight years in prison by the West Jakarta District Court judges for hacking into many economic websites to steal money and funding that money to terrorist groups. He is also ordered to pay a Rp 500 million ($51,000) fine. He is charged with breaking into many sites, for running online fraud of billions of dollars and fund that money to terrorist training in Poso, Central Sulawesi. Cahya was arrested in May last year in a Bandung hotel. The defendant, along with another man, Rizki Gunawan. Police in May arrested Rizki, accusing him of hacking a marketing firm’s website to steal money in order to fund militant training. They both accused of channeling money to terrorism suspect Umar Patek , who was sentenced this year to 20 years for his role in the 2002 Bali bombing. “ Aside from engaging in a vicious conspiracy, the defendant was also found guilty of laundering money, which he obtained from hacking the www.speedline.c...

Syrian Electronic Army strike again! This time hacking group hijack Twitter accounts and a Facebook page of Sky News Arabia and also hack their Emails. The accounts affected were the channel’s main twitter handle @skynewsarabia and the @skynewsarabia account used for cultural and entertainment news, as well as the Facebook page facebook/skynewsarabia . Sky News regained control of the hacked accounts some how later. During an Interview with hackers at Syrian Electronic Army, hackers said that they first target Sky News's Email panel which is using Outlook Web App. Below is the screenshot of hacked inbox: Then it was too easy for hackers to reset the password of Twitter accounts and Facebook pages attached to that mail using Password forget option. Hackers said, they attack because of the bias that the foreign media has against Syria's President Bashar al-Assad and their support for the rebels in the Syrian conflict.

Microsoft teamed up with Symantec to take down a nasty malware affecting thousands upon thousands of PCs. Bamital botnet  hijacked people’s search experiences and redirected victims to potentially dangerous sites that could leave them vulnerable to other online threats and steal their personal information. Experts from the organizations obtained a court order and shut down servers at a data center in New Jersey and convinced operators in Virginia to shut down a server they control in the Netherlands on Wednesday. The Bamital botnet threatened the US$12.7 billion online advertising industry by generating fraudulent clicks on Internet ads. Microsoft’s research shows that Bamital hijacked more than 8 million computers over the past two years. Microsoft says that the botnet affected many major search engines and browsers including Bing, Yahoo, and Google offerings. Bamital's organizers also had the ability to take control of infected PCs, installing other types o...

Hacking group 'today hack and deface Hostgator Indian domain  Hostgator.in  , which handles the Indian Operations of Hostgator.com with locally available servers and localized currency billing as well as support. Rather than editing homepage or other pages of site, hacker just added new file at on ftp with defacement purpose. At the time of writing, the page has been removed by firm but we had taken a screenshot this morning as shown below: The defacement page ends with message," We Are Anonymous ". No doubt that group have nothing to do with Hacktivist group Anonymous, but may be they use this term just for fun. Mirror of hacker is also uploaded to  Legend-h .

John Arquilla, a professor at the U.S. Naval Academy and former military adviser has urged President Barack Obama to pardon the British computer hacker Gary McKinnon and to recruit master hackers to US Cyber Command. Gary McKinnon faced extradition for hacking into Pentagon and Nasa systems, and but they believe that he could encourage other hackers to become government cyber warriors. ' If the notion of trying to attract master hackers to our cause is ever to take hold, this might be just the right case in which President Obama should consider using his power to pardon, ' says Arquilla. China is widely thought to employ hackers, so the Pentagon aims to expand its cyber security personnel from 900 to 4,900 in the next few years and Hackers are frequently employed by security firms after serving sentences and Arquilla suggest Obama to do so. ' Today's masters of cyberspace are not unlike the German rocket scientists who, after World War II, were so...

A Chinese malware campaign called ' Beebus ' specifically targeting the aerospace and defense industries has been uncovered by FireEye security researchers. Beebus is designed to steal information, and begins its infiltration, as so many attacks do, with spear-phishing emails. Operation Beebus very related to Operation Shady RAT and was first detected in April 2011. The attacks carried out by  spear phishing attack and drive-by downloads as a means of infecting end users. malicious Whitepapers or PDFs were mailed to targets and by using known flaws, malware was able install Trojan backdoors on vulnerable systems. The malware communicates with a remote command and control (CnC) server. FireEye discovered the attacks on some of its customers in the aerospace and defence last March and the Vulnerability in the Windows OS known as DLL search order hijacking was used to drops a DLL called ntshrui.DLL in the C:\Windows directory.  It has modules ...

A Trojan that attacks Russian Internet users using a new trick to spread itself. Known as " Bicololo " was first discovered in October 2012 and specially designed to steal login credentials from users.  For this, the malware modify the system Hosts file (i.e etc/hosts) to host perfect phishing sites via DNS poisoning to collect social networking and email credentials. In a recent post from Avast antivirus,  Bicololo  continued to evolve and spread even further. Because it is difficult for a user to determine that he is redirected to a phishing site the attack going smoothly. In Oct, They found that all these phishing sites were resolving via servers located at 69.197.136.99, 94.249.188.224 and 178.63.214.97, 94.249.189.21 , which originally were hosted on afraid.org servers. But now this malware spreading via standard 404 Error webpage error of hacked sites. The most frequent phishing clones of vk.com , odnokl...

A Dutch hacker was sentenced to 12 years in a US prison on Friday for trafficking over 100,000 credit card numbers stolen in a computer hacking conspiracy. David Benjamin Schrooten , 22,  known as “Fortezza” in the hacker world, pleaded guilty in November to criminal charges related to hacking, bank fraud, and identity theft, according to Western District of Washington US Attorney Jenny Durkan. At sentencing U.S. District Judge Ricardo S. Martinez asked him, “ I don’t think you would ever consider walking into someone’s home, pulling out a gun and robbing them… Did it ever occur to you that you were doing that to all your victims? ” Investigators estimate that tens of thousands of people were affected. The damage amounted to more than 63 million dollars. He is Sentenced to 12 years in prison for a computer hacking and credit card fraud scheme that victimized people around the world. A California man is set to go on trial by the middle of the year for his purp...

The Computer networks of Energy Department were attacked by unknown hackers in a major cyber attack two weeks ago and personal information on several hundred employees was compromised. The Washington Free Beacon reports that, FBI agents are investigating the attacks and 14 computer servers and 20 workstations reportedly were penetrated during the attack. Officials are working to determine the exact nature of the attack and the extent of potential damage. " They believe the sophisticated penetration attack was not limited to stealing personal information. There are indications the attackers had other motives, possibly including plans to gain future access to classified and other sensitive information ." The security breach resulted in the unauthorized disclosure of employee and contractor Personally Identifiable Information (PII) of several hundred people. Department is in the process of notifying employees whose information was stolen. However, Chinese ...

PKNIC, The Pakistan domain registrar of .com.pk, .pk, org.pk and others domains has been reportedly hacked again yesterday. A hackers group named PakBugs has claimed that they have successfully penetrated PKNIC servers and gained control of around 23,000 domains which included some of the most popular pakistani media websites also. This is not the first time that PKNIC servers have been compromised. Earlier a Turkish hacker successfully managed to penetrate PKNIC servers and redirected 284 .pk domains. Hacker redirect / deface many websites by changing the DNS records (DNS spoofing) of the websites which are maintained by PKNIC. However, it took the hacker 5 hour to submit all his defacement’s on zone-h to make mirror’s.