The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Soon in December this year, India's new surveillance program - Centralized Monitoring System (CMS) will be able to analyze all telecommunications and Internet communications in India by the government and its agencies.  This means that everything we say or text over the phone, write, post or browse over the Internet will be centrally monitored by Indian authorities. Law enforcement and government agencies intercept, monitor, and analyze communications in order to uncover leads and build the evidence needed to neutralize terrorism and crime. Few days back, BlackBerry has given the necessary permissions for the Indian government to intercept messages sent from BlackBerry devices . According to latest reports - Verint Systems , Israel's cyber intelligence solutions provider , are soon to get a contract from the Indian government to track encrypted communication services such as Gmail, Yahoo . mail, BlackBerry services, Skype and so on. " Ver...

Last week, we exclusively reported that the popular messenger Viber was hacked by the Syrian Electronic Army, and Support page was defaced with the message, " The Israeli-based - Viber is spying and tracking you. " Today we found that Viber's Apple App Store description has been defaced as well. The new modified description read " We created this app to spy on you, PLEASE DOWNLOAD IT! ", It's not clear at this point if this new hack is also performed by  Syrian Electronic Army or not, but it is possible that the hackers have gained access to the other various developer-facing functions. Viber later responded after a previous attack that one of its employee's fell victim to a phishing attach and attackers could gain access to a customer support panel and support administration system, insisting that no sensitive user data was exposed. Last week, SEA was able to access the Popular messaging app Tango's website and also a World's biggest...

Computer geeks already knew it was possible to hack into a car's computerized systems and finally, two U.S. hackers - Charlie Miller and Chris Valasek, sponsored by the Pentagon's research facility DARPA recently demonstrated just how easy it is for malicious hackers to physically hijack a modern car using a laptop. Feeling exiting ... ? You should worry too..It's all very concerning. Because you may never drive your car again after you see how a couple of government funded tech guys were able to hack into, and take control of car's steering, dashboard, and even its brakes. Forget hacking accounts, computers or mobile devices, this new threat to our vehicles is thanks to the evolution of electronic control units being installed in most new cars. Charlie Miller , a security engineer at Twitter, and Chris Valasek, the Director of Security Intelligence at IOActive received an $80,000 grant from the US government in order to research these new vulnerabilities . ...

The GPS expert Todd Humphreys , professors at the University of Texas, demonstrated that just using a cheap apparatus composed by a small antenna, an electronic GPS " spoofer " built in $3,000 and with a laptop, it is possible to exploit GPS vulnerability to obtain control of sophisticated navigation system aboard a 210-foot super-yacht in the Mediterranean Sea.  Humphreys demonstrated the exploit of a GPS vulnerability aboard the yacht " White Rose of Drachs " commanded by Capt. Andrew Schofield, the official and his crew were stunned by the effect of the attack. Humphreys is a famous GPS experts, we met him last year when we discussed about drones hacking . The Assistant Professor of the University of Texas with his team has created the world's most powerful GPS spoofer that was tested on GPS-based timing devices used in mobile phone transmitters. Humphreys reported the results of his experiment to the Foxnews explaining how his team exploited the GPS system ...

The passport control system at Istanbul Ataturk Airport International departure terminal was under cyber attack on Friday, while another airport in the Turkish largest city was also affected. Passengers stood in lines for hours and plane departures were delayed, because cyberattack shutdown passport control systems at two facilities. Later Authorities has restored the systems. Few local media said that the passport control system at the Sabiha Gokcen International Airport in Istanbul also broke down due to the malfunction of the Istanbul provincial security directorate's Polnet data system. They believe that systems were infected using some malwares, But Authorities also investigating if the malware yielded user details from the infected machines or not. No claim of responsibility or blame was attributed to the alleged cyberattack. However, this is another malware attacks been reported, targeting vital infrastructure so far. Cybersecurity has emerged as ...

A spokesman for President Vladimir Putin says, " Russia has never extradited anyone, and will not extradite ,". Moscow security agency FSB is in talks with the FBI over Snowden , but the whistleblower will not be extradited to the US. The Russian immigration ministry granted Snowden a document this week that would allow him to leave the transit area of the Moscow airport, where he has been confined for a month, and live in Russia for up to a year. Russian President Vladimir Putin has said that if Snowden releases any more of the materials, Russia will not grant him temporary asylum . " Snowden has information enough to cause more damage to the U.S. government in a single minute than any other person has ever had in the history of the United States ," The Guardian reporter said. Russian President is not handling the case of the former CIA employee Edward Snowden, " Snowden has not filed any requests that would need to be considered by the head of stat...

Famous poker player 'Masaaki Kagawa' who won about $1.5 million in poker tournaments has been arrested by Japanese authorities for allegedly distributing Android malware. According to Symantec , He is just one of nine men arrested for distributing spam that included emails with links to Android malware ' Android.Enesoluty ', used to collect contact details stored on the owner's device. Security researchers discovered Android.Enesoluty first time in September 2012, it steals information and sends it to computers run by hackers. The operation began around September, 2012 and ended in April, 2013 when authorities raided the company office. Around 150 domains were registered to host the malicious apps and the group was able to collect approximately 37 million email addresses from around 810,000 Android devices. The company earned over 3.9 million US dollars by running a fake online dating service called Sakura site. " His passion for taking chances ...

A Group of Hackers, Four Russians and a Ukrainian allegedly broke computer networks of more than a dozen major American and international corporations and stole 160 million credit card numbers over the course of seven years, the largest data theft case ever prosecuted in the U.S.  They are accused of stealing usernames and passwords, personal identification information, and credit and debit card numbers. After stealing data, they sold it to resellers, who then sold it through online forums or to individuals and organizations. Since at least 2007, officials said the hackers have been infiltrating computer networks across the globe, including firms in New Jersey, where the first breach was detected. The group would then allegedly install " sniffers " within the networks to automatically obtain electronic data from tens of thousands of credit cards. The network allegedly charged $10 for American credit card information, $50 for European information and $15 for Ca...

Security Information & Event Management (SIEM) has evolved over the years to become one of the most trusted and reliable solutions for log management, security, and compliance. The demand for SIEM tools is constantly increasing within network and IT security teams. This is due particularly to the colossal surge of security breaches and cyber-attacks that impact corporations and cause financial loss and damaged reputations. When conducting research for an SIEM solution, it's important to be able to identify features that will enable effective detection, prevention, and response to security threats. Below, we'll discuss a number of critical topics to consider when selecting an SIEM solution. Log Correlation – The Heart of SIEM SIEM software works with the principle of log collection and correlation, therefore, it's important to ensure that log correlation happens effectively, in real time, and provides centralized visibility into potentially insecure and non-co...

Security expert Ebrahim Hegazy has found a Password disclosure vulnerability in Barracuda update servers which allows to gain access to employee credentials. The Egyptian information security advisor Ebrahim Hegazy( @Zigoo0 ) has found a Password disclosure vulnerability in one of Barracuda update servers which allows the attackers to gain access to all its employee data. When the system administrator needs to protect a directory with a second authentication layer (basic authentication ) besides the back-end authentication, he can do it with multiple methods, one of that methods is through the configuration of .htaccess and .htpasswd files. A proper configuration could prevent a visitor to surf reserved area (e.g /Cpanel or /admin), in this scenario a popup proposes to the user asking to enter authentication credentials, that credentials are saved inside .htpasswd file as: Username:Password In normal scenarios the .htpasswd file should be stored outside the we...

One of the most popular free calling App " Viber " for smartphones got hacked and defaced their one of the subdomain i.e https://support.viber.com/ by  Pro-Assad hacker group the   Syrian Electronic Army . According claimed to take backup of their partial database , as shown, " We weren't able to hack all Viber systems " hacker said. SEA hackers also suggested Viber (an instant-messaging and VoIP service) users to uninstall the application because company is spying and tracking each user, recording IP address of each user in database as shown above, " Warning: If you have "Viber" app installed we advise you to delete it " they tweeted . Earlier this year, Viber announced that it had over 200 million mobile users. Just today same hackers also managed to hacked into  Daily Dot News website and deleted an article against them and last weekend Millions of Phone Book records were stolen from Truecaller Database by SE...

Pro-Assad hacker group the Syrian Electronic Army claims to have breached the online news portal " Daily Dot " and deleted an article with a caricature of Syrian President Bashar al-Assad. SEA hackers gave an advance warning to Daily Dot editorial team via twitter , said " Dear @dailydot, please remove the attached picture in this article: https://www.dailydot.com/news/syrian-electronic-army-tango-me/ … or we will do something you will not like it. " But Daily Dot refused to comply, and hackers broke into the Gmail account of one of its staff, then into the site's administration panel and removed the article in question altogether, as challenged ! The attackers have published several pictures, including ones of emails sent out to Daily Dot staff about the Syrian Electronic Army's threat. Staff have been warned that the hackers use phishing emails to trick them into handing over their account credentials. " The stupid @dailydot administra...

A vulnerability in the latest firmware of the network-enabled Samsung TV models allows potential attackers to crash the vulnerable devices using Denial of Service ( DoS ) Attack, according to security researcher Malik Mesellem . According to Malik, The web server (DMCRUIS/0.1) installed on Smart TVs on port TCP/5600 can be crashed to reboot the device, if attacker will send a long HTTP GET request on TV's ip address. Malik successfully tested the exploit on his Samsung PS50C7700 plasma TV, as shown in the video demonstration below: In the Demo, The TV is connected by ethernet cable to a home network, and after running the exploit against TV's ip address - A few seconds later, the TV would restart and repeat the process. This means that a potential attacker only needs to obtain access to the LAN that the TV has joined, in order to attack it. This can be done either by breaking into a wireless access point or by infecting a computer on the same network with...

Spammers have now leveraged the popularity of Harry Potter's star Emma Watson in a Facebook scam that offering tape of popular Hollywood movie star Emma Watson with a malicious link, actually spreading the malicious links and Porn images on infected user's profiles. This isn't the first time Emma Watson has been used as the bait in a scam and it surely won't be the last. The worm hitting Facebook Profiles and Groups with post of malicious porn link and tagging others too in same  post. Spammers are abusing Google Translate and Short url services to keep their links unblocked by Facebook's automated malware scanner. Click that link will redirect user to a webpage asking for "Age Verification" , as shown below: Website will ask user to follow some step, before offering the video. In Step one asking them to Click a link, that will be used in Step two and three for generating an activation code. Once user will click "Activate", he wil...

SIM cards are among the most widely-deployed computing platforms with over 7 billion cards in active use. Cracking SIM cards has long been the Holy Grail of hackers because the tiny devices are located in phones and allow operators to identify and authenticate subscribers as they use networks. A German cryptographer Karsten Nohl, the founder of Security Research Labs claims to have found encryption and software flaws that could affect millions of SIM cards, and allows hackers to remotely gain control of and also clone certain mobile SIM cards. This is the first hack of its kind in a decade. Nohl will be presenting his findings at the Black Hat security conference this year. He and his team tested close to 1,000 SIM cards for vulnerabilities, exploited by simply sending a hidden SMS. According to him, Hackers could use compromised SIMs to commit financial crimes or engage in espionage. Once a hacker copies a SIM, it can be used to make calls and send text messages imper...

It's been over a day now since Apple 's online Dev Center went offline, and latest message can be seen in the screenshot, which explains that the current maintenance has took a lot longer than they expected. " We apologize that maintenance is taking longer than expected. If your program membership was set to expire during this period, it has been extended and your app will remain on the App Store. If you have any other concerns about your account, please contact us. Thank you for your patience. " message said. Since that time, developers have been unable to access the site and cannot visit the forums or download Mac or iOS SDKs, the iOS 7 beta, or the Mavericks beta. It was first seemed like Apple having some backend issues but according to tweets from many developers, they have received a message from Apple that an attempt was made to reset their user ID's password . Such notices pointing that Apple's Developer Center website may have been compromised. But if it is a sec...

Ubuntuforums.org , The popular Ubuntu Forums site, has posted a message on its index page, informing its near 2 million users that it has suffered a serious security breach. " There has been a security breach on the Ubuntu Forums, " reads the page. The site was defaced by hacker with Twitter handle " Sputn1k_ " and Unfortunately the attacker have gotten every user's local username, encrypted password, and email address from the Ubuntu Forums database. " The Canonical IS team is working hard as we speak to restore normal operations ." page said. Canonical advises users who have used their same forum password on other sites to change it immediately. " Ubuntu One, Launchpad and other Ubuntu/Canonical services are not affected by the breach, " company stated.

Last week we explained a critical vulnerability in Facebook that discloses the primary email address of facebook user. Later the bug was patched by Facebook Security Team. Today another similar interesting Facebook hack disclosed by another bug hunter, Roy Castillo. On his blog he explained a new facebook hack method that allows anyone to grab primary emails addresses of billions of Facebook users easily. Facebook Provides a App Dashboard for creating and managing your Facebook apps, with a range of tools to help you configure, build and debug your Facebook apps. The flaw exists in App settings, where application admin can add developer's profile also, but if the user is not a verified user, a error messages on page will disclose his primary email address. Using following mentioned steps, one was able to grab email addresses of all facebook users: Collect profile links of all facebook users from Facebook People Directory i.e https://www.facebook.com/directo...

Syrian Electronic Army (SEA), hacking group known for cyber attacks against the anti-Syrian websites, has claimed that it has hacked the website of messaging application, Tango (tango.me), that includes hundreds of millions of electronic and voice data over the Internet. Hacker group tweeted a message on Twitter. " Sorry @TangoMe, We needed your database too, thank you for it! https://tango.me #SEA #SyrianElectronicArmy ". In a post on their website , hackers mentioned ," The databases content a of millions of the app user's phone numbers, contacts and their emails. More than 1.5 TB of the daily-backups of the servers network has been downloaded successfully " Screenshot of the backups folder of the servers network of Tango App as shown below: Screenshot of the Tango App log : The outdated version of wordpress CMS allowed them to gain unauthorized access to the database server. At the time of reporting, administrators redirect the website t...

The secret Foreign Intelligence Surveillance Court (FISA) gave the green light to the Obama administration by r enewing the government's authority Friday to continue the collection of millions of Americans' telephone records. The order by the Foreign Intelligence Surveillance Court has been in place for years but must be renewed every three months and this month it was  expired on July 19.  The Obama administration maintains Congress shouldn't be surprised by the programs. NSA surveillance programs were  exposed in the month of June,  by former National Security Agency contractor Edward Snowden .  He has been charged with espionage and remains in diplomatic limbo at the Moscow airport after seeking temporary asylum. President Barack Obama says the government is not listening in on calls, and  Intelligence officials say they have helped disrupt dozens of terrorist attacks, and target only foreign suspects outside the United Stat...

A cookie is a piece of data that is issued by a server in an HTTP response and stored for future use by the HTTP client. Quite simply, a cookie is a small text file that is stored by a browser on the user's machine. Cookies are plain text; they contain no executable code. The client then re-supplies the cookie value in subsequent requests to the same server. This mechanism allows the server to store user preferences and identity individual users. One of the biggest issues in cookie mechanism is how to handle them. In short, the server had no way of knowing if two requests came from the same browser, called Cookie Handling vulnerability. ' Piero Tedeschi ' reported a similar issue in ' Telecom Italia ' ( https://www.telecomitalia.it/ ), the largest Italian telecommunications company, also active in the media and manufacturing industries. This vulnerability allow a malicious user to hijack multiples accounts, just by exporting and importing the cookies from...