The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Using a new attack on most popular Android phones platform, a team of researchers in Germany managed to grab stored cryptographic keys if the device is frozen state for an hour. The method which able to bypasses Google’s data scrambling encryption system introduced in Android 4.0 Ice Cream Sandwich to reveal the phone’s hidden data, when leaving Android phones in a freezer until they fell below -10 degrees Celsius, which revealed previously scrambled data, including contact lists, browsing histories, and photos. The team developed software called FROST , Forensic Recovery of Scrambled Telephones, which lets them copy data from the phone for analysis on a computer. Abstract   explains ," We present FROST, a tool set that supports the forensic recovery of scrambled telephones. To this end we perform cold boot attacks against Android smartphones and retrieve disk encryption keys from RAM. We show that cold boot attacks against Android phones are general...

Another phishing campaign come in action recently targeting Facebook accounts and company pages with millions of followers. Phishers continue to devise new fake apps for the purpose of harvesting confidential information. Not a new method, but very creative phishing example in Facebook hacking scene, where hacker host a phishing page on Facebook app sub domain itself. Designed very similar to Facebook Security team with title ' Facebook Page Verification ' and using Facebook Security Logo as shown in the screenshot posted above. Phishing app URL: https://apps.facebook.com/verify-pages/ Application hosted on:   https://talksms.co.uk/ The phishing page asking users to enter Page URL and Page Name that victim own and his Facebook login email ID with password. Once victim trapped in hacker web, the phisher records your information. Another interesting fact is that, the phishing domain https://talksms.co.uk/ is a HTTPS site with with verifi...

As the popularity of Android has boomed, more and more malware is targeting the platform. Digital miscreants are using fraudulent developer accounts on Google's Play marketplace to spread malware. According to latest  Mobile Threat report from F-Secure , Android malware continued to gain in share in 2012 and was responsible for 79 percent of all threats for the year, up from 66 percent in 2011, but Google developer responded with," F-Secure can say that anything is malware ". F-secure report said, In the fourth quarter alone, 96 new families and variants of Android threats were discovered, which almost doubles the number recorded in the previous quarter.  According to official Google figures, there are over 700,000 apps and games in the Play marketplace and malware on Android jumped 850 percent between 2012 and this year. Whereas an Google Android developer reply to TechCrunch technology generalist ," They say they detected...

During the first day of Pwn2Own competition at the CanSecWest conference in Vancouver , latest versions of all major browsers were exploited by hackers.  Chrome, Firefox and Internet Explorer 10 on Windows 8 were successfully pwned by various competitors, bringing them tens of thousands of dollars in prizes.  French vulnerability research and bug selling firm ' Vupen ' brought down IE10 running on a Windows 8 powered Surface Pro tablet by exploiting a pair of flaws. Researchers Jon Butler and Nils from MWR Labs managed to exploit Google Chrome on Windows 7 and also used a kernel bug to bypass the sandbox. " By visiting a malicious webpage, it was possible to exploit a vulnerability which allowed us to gain code execution in the context of the sandboxed renderer process. We also used a kernel vulnerability in the underlying operating system in order to gain elevated privileges and to execute arbitrary commands outside of the sandbox with s...

Anonymous, the Internet hacktivist hacked into ' Anglo American ' and dump their complete database online. The dump includes the Personal details of 122 investors, and more than 400 registered share holders details and other database also. Anglo American is a British multinational mining company headquartered in London, United Kingdom. They are the world's largest primary producer of platinum and mine many other things like diamonds, copper, nickel, iron ore and metallurgical and thermal coal. The attack against  Anglo American  is part of a larger Anonymous operation - Operation Green Rights . In a statement hackers said ," Anglo American, you destroy nature and pursue and kill indigenous people. We say enough to all of this ," " In the name of tribal leaders, whom you have offended, and the natives you have deported, in the name of the miners killed during a strike against your dirty company, in the name of nature that you consider as a s...

Twitter continues to implement new security features. But really, who thinks social media will ever be unhackable? The official twitter account of Saudi Aramco , the world's biggest oil producer hacked by hacker with name ' Mister Rero '. The background on Saudi Aramco’s official Twitter page and the name has been changed by hacker. So far, no tweets posted by hacker. Last year in August about 30,000 workstations inside internal computer networks of Saudi Aramco was infected by a virus. Last month Burger King’s and Jeep’s official Twitter accounts was compromised.

While the rest of the world engaged in cyber security conferences and Anonymous operations, an Indian patriotic hacker used the time to attack Unofficial Pakistan Intelligence agency ISI. Hacker going by name " Godzilla " today claimed to hack into one of the server belongs to ISI website ( http://isi.org.pk ) and claimed steal possible information from website database. According to the information shared by hacker with ' The Hacker News ', he claims to have access to Remote Desktop Protocol (RDP) of the server located at 173.193.110.72. He disclose that System installed with Windows 2008 server standard edition and having three derives i.e C,D,E with operating system in C and Hostname ' AHCORP ' He also claimed to hack into MSSQL server containing 3 databases, with 9 users and located at http://mssql.isi.org.pk, as shown in screenshot taken by him. Some partial tables of the database ' msdb ' as listed below: bakupfile bakup...

Chinese search engine Baidu has just launched a security product called Baidu Antivirus 2013 . Described as a ultra light weight, easy to use, extremely fast anti-virus program that promises to protect your system from malware, viruses, spyware, adware and other malicious programs. Most interesting thing is that Baidu Antivirus comes only in English. Back in January, Baidu launched Baidu PC Faster, a software suite designed to fix speed and performance issues. The program combines the Baidu Antivirus Engine and Baidu Cloud Security Engine with the Avira Antivirus engine to provide you with complete protection against all online threats. " Baidu Antivirus offers an easy to use interface with several advanced configuration options as well as quarantine of infected files. It also has an extremely small memory footprint, so you can actually do other things while it is running on your computer. Other features include automatic updates, Host Intrusion Prevention System (HIPS), sc...

iOS was in the news lately for a series of security mishaps, but this time android back in scene. A security flaw discovered by Terence Eden on the Galaxy Note II with Android 4.1.2 that allows hackers to briefly bypass the phone's lock screen without needing a password. By hitting " emergency call " then " emergency contacts " then holding the home button, the main home screen becomes visible for around a second just enough time to load an app, before reverting back to the lock screen. Not all apps will open in this manner, a demo video shows that Google Play does not respond. Reportedly, Eden contacted Samsung roughly five days ago but has yet to hear back. He said that he has not tested any other Samsung devices to see if they are also affected. The flaw appears to be similar to a screen lock vulnerability in newer Apple devices, including the iPhone 5. Steps to follow: Lock the device with a "secure" pattern, PIN...

Old habits seem to die hard for a hacker, a cyber criminal who masterminded a £15 million fraud was allowed to join a prison IT class and hacked into the jail’s computer system. Nicholas Webber , serving five years in prison for running an internet crime forum Ghost Market , Which allowed those interested in creating computer viruses, partaking of stolen IDs and enjoying private credit card data to congregate. Webber had been arrested for using fraudulent credit card details to pay for a penthouse suite at the Hilton Hotel in Park Lane, Central London. The incident occurred back in 2011, but it only came to light recently " At the time of this incident in 2011 the educational computer system at HMP Isis was a closed network. No access to personal information or wider access to the internet or other prison systems would have been possible, " A spokesman fοr prison tοƖԁ the Daily Mail reported . His IT teacher, Michael Fox ,who was employed by Kensing...

A series of websites defacement has been conducted between Philippines and Malaysia over the dispute in the land of Sabah. Hackers claiming to be part of Anonymous group from Malaysian and Filipino and attacking websites of each other. It was believed that the first online attacks were made by Malaysians and defaced the government-owned site of the municipality Moal Boal, Cebu, hours after a skirmish erupted between police and Sulu gunmen on Friday. Meanwhile the online shop of Philippine mobile services provider Globe Telecom was defaced by hackers claiming to be from the " MALAYSIA Cyb3r 4rmy ". A series of websites defacement has been conducted between Philippines and Malaysia over the dispute in the land of Sabah #security — The Hacker News™ (@TheHackersNews) March 2, 2013 On other side  Philippine Cyber Army hackers claiming to have attacked 175 Malaysia-based sites,“ Greetings Malaysia! Greetings Government! Stop attacking over our cyberspace...

Feross Aboukhadijeh , 22-year-old Web developer from Stanford has discovered  HTML5 browser exploit can flood your Hard Drive with Cat and Dogs i.e junk data. Many times a website needs to leave a little data i.e 5-10KB on your computer like a cookie, but HTML5 allow sites to store larger amounts of data (like 5-10 MB). In a proof-of-concept he was able to full up 1 GB of HDD space every 16 seconds. He created FillDisk.com in order to demonstrate the exploit in HTML5. Once user will visit the website the Web Storage standard allows website to place large amounts of data on your drive. Please note that, It's not a hack and this exploit won't allow attackers to access your computer. However, Web browsers have the ability to limit just how much space websites can dump onto your hard drive. Firefox's implementation of HTML5 local storage is not vulnerable to this exploit. Whereas Chrome, Safari (iOS and desktop), and IE vulnerable to this. ...

Kaspersky Lab's team of experts recently published a new research report that analyzed that Cyber criminals have targeted government officials in more than 20 countries, including Ireland and Romania with a new piece of malware called ' MiniDuke '. In a recent attack, malware has infected government computers this week in an attempt to steal geopolitical intelligence. The computers were infected via a modified Adobe PDF email attachment, and the perpetrators were operating from servers based in Panama and Turkey. According to Kaspersky Lab CEO Eugene Kaspersky," I remember this style of malicious programming from the end of the 1990s and the beginning of the 2000s. I wonder if these types of malware writers, who have been in hibernation for more than a decade, have suddenly awoken and joined the sophisticated group of threat actors active in the cyber world. " Last week Adobe released an update that patches the Adobe PDF bug (CVE-2013-6040) used in the atta...

Do you still have Java installed? There is a bad news for you ! FireEye has detected yet another Java zero-day vulnerability being exploited in attacks in the wild. The vulnerability targets browsers that have the latest version of the Java plugin installed Java v1.6 Update 41 and Java v1.7 Update 15 and  FireEye warned that the   vulnerability is being exploited to install a remote-access trojan dubbed McRat , researchers from security firm. " Not like other popular Java vulnerabilities in which security manager can be disabled easily, this vulnerability leads to arbitrary memory read and write in JVM process," "After triggering the vulnerability, exploit is looking for the memory which holds JVM internal data structure like if security manager is enabled or not, and then overwrites the chunk of memory as zero. " The exploit is reportedly different from the one used to attack Facebook, Twitter, Apple, and several other companies last mont...

Cloud note-taking service Evernote has been hacked and now you have to reset your password  imminently . A ccording to  a post on the official Evernote blog , an  unidentified attacker compromise the servers and extracted usernames, email addresses, and passwords. " Evernote’s Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service. " But those passwords were encrypted, so  all users must change their password before they can log back into their account. " In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. " Evernote also said that they h ave no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed. There are also several important steps that you can t...

The UK High Court has ordered  BSkyB , BT , Virgin Media and three other UK broadband providers to block access to three music and movie file-sharing websites  Kickass Torrents , H33T and Fenopy. Judge Richard Arnold said   that t hese websites  infringed 10 music companies copyrights on an industrial scale. He  granted an order to 10 record labels including EMI, Sony and Universal against six UK internet service providers requiring them to take measures to block or at least impede access by their customers to these three file-sharing websites. " The orders are necessary and appropriate to protect the intellectual property rights of the claimants and other copyright owners. "  Judge said.  The ISPs have been given 15 working days to block access to the sites.  Each ISP will decide how to warn customers and subsequently attempt to curb alleged illegal file sharing activity. Verizon decided to send a series of warni...

The Australian Broadcasting Corporation (ABC) is investigating data breach after Lateline interviewed Dutch anti-Islam politician Geert Wilders. A hacker going by the handle " Phr0zenMyst " has claimed to have hacked a web site associated with the ABC television program Making Australia Happy, leaking the details of its users online. The files contain the personal email addresses, locations and genders of almost 50,000 of registered users of ABC websites, including encrypted versions of their login passwords. The data was posted in 10 separate pastebin's which can be accessed online.  There were some indications on social media sites that the attack was in retaliation for some of the ABC's recent editorial decisions. The hacker, believed to be associated with the online activist group Anonymous, wrote on Twitter, " ABC hacked for giving a platform to Geert Wilders to spread hatred #OpWilders - database leaked! " " This breach originated ...

Today social media are spreading a shocking news, authors of Stuxnet virus that hit Iranian nuclear program in 2010 according a new research proposed by Symantec security company started in 2005 and contrary to successive instance of the malware he was designed to manipulate the nuclear facility’s gas valves. The attacker strategy was to destroy the nuclear plant causing an explosion due the sabotage of gas valves, hackers purpose was physical destruction of the targets, due this reason the press and security community labeled Stuxnet as first cyber weapon of the history.  Francis deSouza, Symantec’s president of products and services, during an interview with Bloomberg revealed that the version detected was a sort of beta version of the final weapon and that in the period between 2005 and 2009 the authors were testing its capabilities. “ It looks like now the weapon tried a few things before it hit on what would actually work ,”‘ “ It is clear that this has been a ...

Duo Security found a loophole in Google's authentication system that allowed them to Google's two factor authentication and gain full control over a user's Gmail account by abusing the unique passwords used to connect individual applications to Google accounts. Duo Security itself a two-factor authentication provider and the flaw is located in the auto-login mechanism implemented in Chrome in the latest versions of Android, that allowed them to use an ASP to gain access to a Google account's recovery and 2-step verification settings.  Auto-login allowed users who linked their mobile devices or Chromebooks to their Google accounts to automatically access all Google-related pages over the Web without ever seeing another login page. " Generally, once you turn on 2-step verification, Google asks you to create a separate Application-Specific Password for each application you use (hence “Application-Specific”) that doesn’t support logins using 2-step verif...

After a series of security issues, it appears that Apple still has not been able to resolve all the issue in iOS . Last week, Apple rolled out its iOS 6.1.2 update to owners of the iPhone, iPad and iPod touch in an effort to fixing the 3G connectivity and an Exchange calendar bugs. Hackers found an iOS 6 bug two weeks ago that allowed thieves into your phone, but only the Phone app and the features contained within could be accessed. Just after that, recently another screen lock bypass vulnerability  reported  in iOS 6.1 by Vulnerability Lab . This vulnerability allows users to bypass the lock screen pass code and access the phones photos and contacts. Researchers say the vulnerable device can be plugged into a computer via USB and access data like voice mails, pictures, contacts, etc.  This particular vulnerability was shared in detail over in a YouTube video for the masses, you can see the video tutorial as shown below: Steps to Follow: ...

A Polish security firm ' Security Explorations' reported two new Java zero-day vulnerabilities , as “ issue 54 ” and “issue 55 ,” with proof of concept code to Oracle. Oracle's security team is currently investigating the issue, but the status flaws not yet confirmed by Oracle. Less than a week after Oracle released its latest Java critical patch update, Researcher and Security Explorations's CEO Adam Gowdiak  have found two previously unknown security issues affecting Java 7. Security experts generally advise users to disable the Java browser plugin, which was exploited in recent targeted attacks on developers at Facebook , Apple and Microsoft. Java has faced an increasing number of zero-day vulnerabilities, bugs that are exploited by criminals before those flaws are patched, or even known by the vendor. Gowdiak confirmed that these newest vulnerabilities can be combined to circumvent Java's anti-exploit sandbox technology and used to attack...

More than 18 million smartphones and other mobile devices made by HTC are at risk vulnerable to many security and privacy issue. The Federal Trade Commission charged HTC with customizing the software on its Android- and Windows based phones in ways that let third-party applications install software that could steal personal information. The vulnerabilities placed sensitive information about millions of consumers at risk and potentially permitted malicious applications to send text messages, record audio and install additional malware without a user’s knowledge or consent.  FTC identify many vulnerabilities including, insecure implementation of two logging applications i.e Carrier IQ and HTC Loggers . The agency also found programming flaws that let third-party apps bypass Android's permission-based security model. Flaws in the security system could also give third-party apps access to phone numbers, contents of text messages, browsing history a...

Security tools company Pwnie Express is making a network hacking focused Android device called the Pwn Pad . The device is based on the Google Nexus 7 specs, with USB-based Bluetooth, Ethernet and WiFi to gauge the security of a network beyond what Google's tablet can manage on its own. Pwn Pad  will be introduced at the RSA security conference in San Francisco next week and Pwnie Express is also releasing the Pwn Pad source code. This will allow hackers to download the software and get it up and running on other types of Android phones and tablets. “ Every pen tester we know has a phone and a tablet and a laptop, but none of them has been able to do pen-testing from the tablet ,” says Dave Porcello, Pwnie Express’s CEO said to  wired . Most interesting part is that, first time the most popular wireless hacking tools like Aircrack-ng and Kismet introduced on an Android device.  The complete list of the tool available  in this...

FBI agents this week raided the home of a Australian hacker who recently leaked a slew of details about Microsoft's next release of Xbox console. “ They just took all my computers my hard drives, all of my technology, they took my bank cards, credit cards, bank statements ,” he said. He had claimed to know about the next Xbox and PlayStation, claimed to really have two prototype versions of the next Xbox. The suspect, identified as  Dan Henry a.k.a SuperDaE  and he tweeted about the raid on his twitter and  uploaded a warrant copy. Last year he reportedly sold a next-gen Xbox development kit on eBay for $20,100. A development kit is what Microsoft sends to companies so they can develop Xbox games. The warrant revealed that there are many companies behind the charges filed, including Microsoft, eBay, and Paypal. The photo was removed after it was thought to be a hoax but developers later confirmed that the pictures were in fact accurate of ...

Microsoft has become the latest victim of to Cyber attack and confirm that small number of its computers, including some in its Mac software business unit, were infected with malware . Microsoft added , malicious software used in a cyber attack is very similar to those experienced by Facebook and Apple recently. Microsoft gave few other details about the break-in, " We have no evidence of customer data being affected and our investigation is ongoing. " “ During our investigation, we found a small number of computers, including some in our Mac business unit that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing, ” Microsoft said. " This type of cyber attack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries ," the company said. Last week, Apple said its...

Recently we published an article on the attacks against Japanese banks using a new variant of the popular Zeus , one of the most prolific malware of recent history, security experts in fact have detected various versions of the popular malicious code that hit also mobile and social networking platforms . Due its flexibility the malware has been re-engineered several times by cyber criminals that adapted its structure to specific purposes and context, leaving unchanged its core capabilities of stealing banking credentials of victims. Zeus has been a huge success in the criminal circles especially for the sales model, as malware as service, implemented by its authors on many underground sites, let’s remind for example the Citadel Trojan one of the most popular on the crimeware market. Fortunately its author, known as Aquabox , has been banned from a large online forum that sells malware and other services to cyber criminals, but many security firms consider Citadel Trojan still very ...

Remember Hector Xavier Monsegur a.k.a Lulzsec hacker  Sabu ?  That  undercover   double agent working for the FBI. Once again Authorities abruptly postponed his sentencing due to his continued cooperation with the feds. All told, he faced a maximum time behind bars of 124 years associated with his guilty plea on ten counts of bank fraud and one count of identity theft. When he was a active member of LulzSec , the group hacked into sites belonging to the CIA, Serious Organised Crime Agency, Sony Pictures Europe and News International. " It's widely believed that Monsegur will receive a reduced sentence for signing a plea agreement and serving as an  informant " cnet said . Monsegur, an unemployed father of two, led the loosely organized group of hackers from his apartment in a public housing project in New York.

Customer service software provider Zendesk announced a security breach, that affected three major Zendesk clients i.e Tumblr, Pinterest and Twitter and allowed hackers into their systems. The hacks come just days after Apple , Twitter and Facebook revealed that their employees computers fell victim to unauthorized access. The company believes the hacker downloaded the email addresses of Tumblr, Twitter, and Pinterest customers who attempted to get support from the companies.  Stolen information might be exploited via social-engineering attacks. " Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines. We notified our affected customers immediately and are working with them to assist in their response. " Zendesk discov...

Twitter announced via its blog today that it has begun using a new method called Domain-based Message Authentication, Reporting and Conformance (DMARC) to help prevent email phishing. DMARC is actually a standard for preventing email spoofing, in order to make it harder for attackers to send phishing emails that appear to come from twitter.com addresses. Sometimes it’s not easy to figure out if an email is legitimate or not. It implementing the SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) email message validation and authentication systems. Twitter says it started using the DMARC earlier this month. While the DMARC specification does need support from e-mail services, outfits including AOL, Gmail, Hotmail or Outlook and Yahoo already make use of it. It has also been implemented by services like Facebook, PayPal, Amazon and now Twitter. If you don’t use Gmail or one of the other email providers listed above, you may not be protected. It ...