The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Japanese police arrested five mobile applications developers for creating and embedding a virus into smartphone applications. According to The Metropolitan Police Department, Intial reports said that about 90,000 smartphones  users were infected with a virus lurking in applications they downloaded, But later they found that developers stole more than 10 million pieces of personal information from users mobile. These guys runs an IT-related company, they created a video applications for Android smartphones containing a virus that extracts personal information stored on the phone. The man released the apps on Google Inc.'s official store for free in late March and was downloaded 270,000 times. The free apps were marketed to customers by affixing the phrase " The Movie " to existing popular game titles. When the apps are downloaded and activated, they can automatically transmit personal data. The stolen information found on the server has not been used by the malware ...

FBI have arrested 14 people over the theft of $1 million from Citibank using cash advance kiosks at casinos located in Southern California and Nevada. Authorities say the suspects would open accounts at Citibank, then go to casinos in California and Nevada and withdraw the money from cash-advance kiosks as many times as they could in a 60-second span. Someone had figured out that a glitch prevented Citibank from recording the extra withdrawals. FBI agents assisted by the Glendale Police Department and the Los Angeles Police Department arrested 13 of the defendants in the Los Angeles area Wednesday and Thursday. The suspects used the money to gamble and were given comped hotel rooms because of the amount they were spending, according to the FBI. Withdrawals were kept under $10,000 to avoid federal transaction reporting requirements, the FBI release read. FBI Special Agent in Charge Daphne Hearn commented, " While advancements in technology have created a world of...

An obscure group identifying itself as the Izz ad-din al-Qassam Cyber Fighters claimed responsibility for the first wave of attacks as retaliation for the amateurish Innocence of Muslims film that mocked the Islamic prophet Mohammed and sparked protests throughout the Middle East.  Who's really responsible for a recent series of cyberattacks on American banks? A few days back US Defense Secretary Leon Panetta said Iran is responsible for cyberattacks launched against Saudi Aramco and RasGas and US banks. While Panetta did not directly link Iran to the Persian Gulf attacks, he later noted that Iran has " undertaken a concerted effort to use cyberspace to its advantage. " Today, Iran's defense minister said, The United States is the source of cyber terrorism. " and intends to pave the way for increasing its activities in relation to cyber terrorism through diverting attention and leveling accusation, " Defense Minister Ahmad Vahidi. The Iranian defens...

In march 2011 CERT-Georgia has Discovered Cyber Espionage Attack Incident on country of Georgia.  Advanced Malicious Software was Collecting Sensitive, Confidential Information about Georgian and American Security Documents and then uploading it to some of Command and Control Servers. After a challenging investigating by CERT-Georgia researchers they found that this attack was linked Russian Official Security Agencies, Moreover investigators was able to turn on the webcam of mastermind behind the malware and they caught him on camera. Hacker hack some Georgian news sites and inject " Georbot Botnet " behind that, after visiting that page most of the readers get infected and malware take control of their systems. Malware was able to send any file from the local hard drive to the remote server, Steal certificates, Record audio using the microphone and web cams,  Scan the local network to identify other hosts on the same network. Malware was...

Last month we reported a worm targeting Skype users with spam messages designed to infect machines with the Dorkbot ransomware has been discovered. This malware is spreading through a question/ phrase sent to the users by someone and the question is: " lol is this your new profile pic? " Same spam now targeting most of the Indian skype users, Indian CERT (Computer Emergency Response Team) issue a warning about this ongoing spam attack via advisory. A number of Indians use 'Skype' to communicate with their friends, relatives and other contacts within and outside the country. " A malicious spam campaign is on the rise targeting Skype users by sending instant message which appears to come from friends in the Skype contact list ," the advisory reads. Security researchers from Avast had intercepted this Darkbot malware campaign, and they estimate that this affecting millions of Skype users. " The worm is reported as stealing user credentials, engaging in click fr...

Windows 8 launched in 37 languages and 140 worldwide markets, as the tech giant unveiled the new version of its computer operating system. The OS is now available in over 30 certified devices, and a broad selection of local apps are already available in the onboard Windows Store. It is also available for download onto PCs and other devices running previous iterations of Microsoft's Windows OS. Microsoft is currently running a special promotion upto 31st of January 2013, under which you can upgrade to Windows 8 Pro Edition for a very small amount. If you have purchased / are going to purchase a Personal Computer which is pre-loaded with genuine version of Windows 7 (any edition), then you are eligible to get Windows 8 Upgrade (Pro Edition) for $14.99 (US Dollar) or £14.99 (British Pounds) or €14,99 (Euros) or INR 699 (Indian Rupees). But because of a flaw in website providing promo code, now anyone is able to get the promo code, using which user can updrade his windows with...

78% of vulnerabilities are found in third-party programs. Security teams cannot monitor all of them manually or determine which ones are critical to their organization. Secunia, the leading provider of IT security solutions that enables businesses and private individuals to manage and control vulnerability threats, today announced the general availability of the new version of Secunia's Vulnerability Intelligence Manager, the VIM 4.0. The Secunia VIM 4.0 is the latest evolutionary step in the technology Secunia has developed to help organizations handle vulnerabilities and protect business critical information and assets against potential attacks. Because it covers more than 40,000 software systems and applications, the VIM 4.0 solution provides the most comprehensive intelligence about software vulnerabilities available to organizations, ensuring that all security threats can be dealt with before the IT infrastructure is compromised by cybercriminals . "  We're v...

Recently we reported about that  Symantec provide overview and analysis of the year in global threat activity via its Internet Security Threat Report (ISTR) , with a exclusive details that 400 million new variants of malware were created in 2011, which is an average of 33 million new variants of malware a month, or an average of one million new variants a day. In order to develop malware that evades detection by the security companies malware writers come up with some clever, yet quite simple techniques. If malware stops itself when it detects that it is running in a virtual environment, it may trick an automated threat analysis system into thinking that it is a clean program. So malware may not only fool automated threat analysis systems, but also a corporate system administrator who is searching for computers compromised by malware. Malware authors have recently attempted to use other approaches to fool automated threat analysis systems as well. Latest example of su...

Matthew Higgins, now 20 and a university student, hacked into his school computer system to obtain a girl's details and then boasted on a hackers' forum. Matthew is son of a police inspector. Caernarfon Crown Court heard it was the case of a clever young man caught red-handed. The defendant says there is a conspiracy to fabricate evidence against him. Matthew first hacked the girl's file and then did a fake mail. In mail he claimed to be a constituent suggesting there was an insecure internet system at the school. " Mr Higgins denies securing unauthorised access to computer data at Eirias High School in March last year and attempting to do so again two months later ." BBC said. The prosecution accused Mr Higgins of having "played a game of bluff and smoke screens" and trying to portray himself as a victim. The trial is continuing.

FBI's Cyber Division has a new and sharper focus on cyber-intrusion ," You are one click from compromising your network " FBI said. Giving priority to the labeling of suspects follows claims by the Pentagon that the military now has the capability to single out and retaliate against hackers. FBI over the past year has put in place an initiative to uncover and investigate web-based intrusion attacks and develop a cadre of specially trained computer scientists able to extract hackers digital signatures from mountains of malicious code. " A key aim of the Next Generation Cyber Initiative has been to expand our ability to quickly define the attribution piece of a cyber attack to help determine an appropriate response ", said Richard McFeely , executive assistant director of the Bureau's Criminal, Cyber, Response, and Services Branch. Investigators can send findings to the FBI Cyber Division's Cyber Watch command, a 24-hour station at headquarters, where sp...

16.0.2 Firefox is now available for anyone who wants to try before anyone else. Mozilla address one serious vulnerability. According to the information security of Mozilla, they has fixed a number of issues related to the Location object in order to enhance overall security. The Location object is supported by all major browsers and contains information about the URL being requested. Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users. Another issue centers on the CheckURL function, which if exploited could be used during an XSS attack or to execute malicious code. On Oct. 9, Mozilla released Firefox 16, but quickly pulled it back after a serious vulnerability was discovered. It was quickly addressed, but not before exploit code was made available. Generally Firefox of...