The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Hacker known as " Pinkie Pie " produced the first Chrome vulnerability at the Hack In the Box conference on Wednesday, just ahead of the deadline for the competition this afternoon. The exploit, if later confirmed by Google’s US headquarters, will have earned the teenage hacker known as Pinkie Pie the top US$60,000 cash reward. In March, Pinkie Pie and Sergey Glazunov both won $60,000 for their exploits at the first Pwnium competition. Google established the Pwnium competition as an alternative to the Pwn2own contest in order to add the requirement that participants provide details of their exploit. Google will give away up to a total of US$2 million during the event. $60,000 - “Full Chrome exploit”: Chrome / Win7 local OS user account persistence using only bugs in Chrome itself. $40,000 - “Partial Chrome exploit”: Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows ...

Capital One Financial Corp. said it’s the latest target in a new round of coordinated cyber attacks aimed at disrupting the websites of major U.S. banks, and SunTrust Banks Inc. and Regions Financial Corp. said they expect to be next. The so-called “Izz ad-Din al-Qassam Cyber Fighters” posted a specific timetable for its attack program on PasteBin.com, a website commonly used by hackers to brag about exploits. Izz ad-Din al-Qassam also threatened to pursue more cyber attacks next week and has long said it will not stop until the video is removed from the Internet. American banks will reportedly face a massive cyberattack in coming weeks. A Russian-speaking hacker is organizing a massive trojan attack based around fraudulent wire transfers--and American banks appear to be at the center of the raid. In the past, such attacks have sometimes caused websites to slow to a crawl or become inaccessible for some users; however, the impact cannot be gauged in advance. The sam...

Citrix and the Apache Software Foundation have alerted users to a critical vulnerability in the CloudStack open source cloud infrastructure management software. The vulnerability affects all versions of Cloudstack prior to October 7, including the Citrix commercial version. Vulnerability could allow an attacker to take a number of unwanted actions, including deleting all of the virtual machines on a system. There are no known exploits at this time, Details of the issue were disclosed on Sunday. Cloudstack is one of the largest open source cloud infrastructure management systems together with OpenStack and Eucalyptus. Mitigation against the vulnerability is possible by logging into the Cloudstack MySQL database, disabling the system user and setting a random password. " The CloudStack PPMC was notified of a configuration vulnerability that exists in development versions of the Apache Incubated CloudStack project. This vulnerability allows a malicious user to execut...

New privacy threats have been uncovered by security researchers that could allow every device operating on 3G networks to be tracked, according to research from the University of Birmingham with collaboration from the Technical University of Berlin. Researchers said that standard off-the-shelf equipment, such as femtocells, could be used to exploit the flaw, allowing the physical location of devices to be revealed. The 3G standard was designed to protect a user’s identity when on a given network. A device’s permanent identity, known as International Mobile Subscriber Identity (IMSI) is protected on a network by being assigned a temporary identity called a Temporary Mobile Subscriber Identity TMSI. The TMSI is updated regularly while the 3G networks are supposed to make it impossible for someone to track a device even if they are eavesdropping on the radio link. Researchers have discovered that these methods can easily be sidestepped by spoofing an IMSI paging reques...

Antivirus company Symantec has detected a malicious campaign in which hackers managed to deceive thousands of people allegedly signed by a paid proxy service. They expose that hundreds of thousands of users signing up for a cheap and supposedly legitimate proxy service have ended up downloading malware and being ensnared into a botnet. Three months ago, Symantec researchers started an investigation into a piece of malware called Backdoor.Proxybox that has been known since 2010, but has shown increasing activity recently. " The malware is Backdoor.Proxybox, and our investigation has revealed an entire black hat operation, giving us interesting information on the operation and size of this botnet, and leading us to information that may identify the actual malware author ," Symantec. The service - ProxyBox - supposedly provides access to its entire list of thousands of proxies for only $40 a month, which is obviously too cheap a price for the provider to break eve...

Anonymous Group taken down several Greek government websites, on the eve of a visit by German Chancellor Angela Merkel. Hackers Hack several sites including those of the Citizens Protection Ministry, the police and the Ministry of Justice. A message appeared saying: " The page cannot be found ". In a message posted on YouTube, Anonymous criticized the huge security operation that police plan for Tuesday to contain protests against Merkel, comparing the government to the military junta that ruled Greece from 1967 to 1974. Police could not confirm who was responsible for the attack, which Anonymous claimed in a series of Tweets on the social media site Twitter. Trade unions and opposition political parties have called for mass protests to greet the German chancellor, whom many Greeks accuse of unfairly forcing them down the path of painful austerity and driving the country even deeper into recession.

Hello my Princes of Peace, Warriors of the Revolution, Princesses of the cause, I want you to take two minutes and watch this video: This video is the epitome of the ignorance and arrogance of governments all over the world in response to our cyber war revolution. As you will see, the power people all gathered to warn themselves and the world of the “threat” of the hackers gangs of teenagers running wild on the internet hacking into governments and threatening our safety. EXCUSE ME?? Just who is threatening who here? The most important thing I want you to know is that this type of whining is happening all over the world, and how it is translating is into cybercrime laws and in the case of the United States, Executive Orders that give the government and law enforcement the right to suppress and deny your right to public information, the right to free speech and the right to protest against the corruption and destruction of government secrecy and shenanigans. Why do you think they ha...

A group of computer hackers  Anonymous  goes by the name  xPsych0path  has accuse Masonichip for unwillingness to accept the forced chipping of children they are working toward mitigating it by disrupting the chipping operation. They have built their own operation, in opposition to this issue. In  #OpMasonChip  is designed to express publicly their anger. He had the following to say about this operation; “ We are fighting against putting RFID chips inside children by masons they have plan to put chips in all of us and those who don't want it won't be able to buy and sell. So I down all those site's for them ” on   pastebin . " But In actual there is no "chip" in Masonichip as it stands for Masonic Child Identification Program and includes Abduction Awareness and "Safe Kids" Education benefits to all children and parents attend events and participate ." Masonichip explained on   their site . They DDOSing following site...

As part of an investigation launched by Başsavcıvekilliği in Ankara on March 20 arrested seven people, including college students. 13 of the indictment prepared by the prosecutor's office in Ankara Was adopted by the High Criminal Court.  Court has accepted an indictment against RedHack, a Turkish hacker group, seeking prison sentences of 8.5 to 24 years for its members as “ members of a terrorist group .”  The suspects include three held under arrest  - Duygu Kerimoğlu, Alaattin Karagenç and Uğur Cihan Oktulmuş, under arrest for the past seven months. The suspects stand accused of membership in an armed terrorist organization, illegally obtaining confidential documents and personal information and accessing information systems without permission. Scope of the assessment: " Hierarchical and structured in order to be organized as a terrorist organization, titling, and posting bills realized by events, actions, photographs published on the internet, attacked and seized a...

Harvard's Carr Center for Human Rights Policy website ( www.hks.harvard.edu/cchrp/ ) was hacked last week  and then silently fixed by the administrator without giving Reply/Credit to the Whitehat Hacker who reported the vulnerability. The Hack incident was performed in 3 Phases as described below: Phase 1: A Hacker , with nickname " FastFive" posted a few sql injection vulnerable Educational sites on a famous Hacking Forum last week which included the SQLi vulnerable link for the Harvard Carr Center for Human Rights Policy website, as you can see in the list in the above screenshot taken by me. Phase 2 : Almost 100's of Hackers have seen the post from " FastFive " and they got some juicy information for their next targets. One of them named, " Vansh " successfully exploit the Harvard's site and  extracted the database onto his computer. He Found the username and Password from the table and tried to login on the Admin access panel location...

Security firm Trend Micro discovered a new worm targeting Skype users with spam messages designed to infect machines with the Dorkbot ransomware has been discovered. A malicious worm is taking advantage of the Skype API to spam out messages that link to a ZIP files ie. skype_06102012_image.zip or skype_08102012_image.zip, which is actually detected as Troj/Agent-YCW or Troj/Agent-YDC by Antivirus. According to definition -  Ransomware is a form of malware in which rogue software code effectively holds a user's computer hostage until a "ransom" fee is paid. Ransomware often infiltrates a PC as a computer worm or Trojan horse that takes advantage of open security vulnerabilities. Most ransomware attacks are the result of clicking on an infected e-mail attachment or visiting a hacked website. The message contains the question: “lol is this your new profile pic? h__p://goo.gl/{BLOCKED}5q1sx?img=username” or “moin, kaum zu glauben was für schöne foto...