The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

QinetiQ , a UK-based defense contractor  suffers humiliation as intelligence officials confirmed that China was able to steal the U.S. classified documents and pertinent technological information all this because of QinetiQ's faulty decision-making. QinetiQ North America (QQ) a world leading defense technology and security company providing satellites, drones and software services to the U.S. Special Forces deployed in Afghanistan and Middle East. The hacking was so extensive that external consultants ended up more or less working permanently inside the firm to root out malicious software and compromises on an ongoing basis. In one of the attacks, that took place in 2009, the hackers raided at least 151 machines of the firm's Technology Solutions Group (TSG) over a 251-day period, stealing 20 gigabytes of data before being blocked.  As the White House moves to confront China over its theft of U.S. technology through hacking, policy makers are faced with ...

' Nir Goldshlager ' known as Facebook hacker and founder of Break Security  , who reported many critical bugs in Facebook OAuth mechanism in past few months, today disclose a critical  vulnerability in Instagram Oauth that allow an attacker to hack any account. Succesful hack allows attacker to access private photos, ability to delete victim's photos and to edit comments and also the ability to post new photos. Hacker explained that there are two ways to hack Instagram accounts using OAuth, first via Hijack Instagram accounts using the Instagram OAuth or Hijack Instagram accounts using the Facebook OAuth Dialog. During his bug hunting Nir found loopholes in Instagram's security parameters i.e redirect_uri , that allows  attacker to pass the access token to his own domain with mx as suffix i.e code straight to breaksec.com.mx . POC :  https://instagram.com/oauth/authorize/?client_id=33221863eec546659f2564dd71a8a38d&redirec...

U.S. intelligence agencies traced a recent cyber intrusion into U.S. Army database that holds sensitive information about vulnerabilities in U.S. dams.  The U.S. Army Corps of Engineers National Inventory of Dams contains information about 79,000 dams throughout the country and tracks such information as the number of estimated deaths that could occur if a specific dam failed. The database also holds sensitive information, including vulnerabilities, of every major dam throughout the country. Michelle Van Cleave, a former consultant to the CIA, told the Beacon that the data breach appeared to be part of a greater effort to collect vulnerability and targeting data for future cyber or military attacks. The Corps of Engineers National Inventory of Dams was hacked by an unauthorized user believed to be from Chinese government or military cyber warriors, beginning in January and uncovered earlier this month. " In the wrong hands, the Army Corps of Engineers...

The Bitcoin mining rig is becoming a popular alternative to people who want an easy way to earn the digital currency. All you have to do is plug the hardware that specializes in Bitcoin mining and run its customized software. After that, you can sit back and relax as it mines the digital currency for you. A popular eSports league has admitted that one of its employees harnessed the power of member's computers without their knowledge in order to mine Bitcoins. For a period of 2 weeks, gamers noticed that their computers were generating unusually high GPU loads and frequent BSOD errors. Some gamers stated that their GPUs were damaged due to them reaching temperatures above 90 degrees Celsius. The mining began on April 13th and affected thousands of gamers, who unwittingly mined over $3,700 worth of the currency. Eric Thunberg, co-owner of ESEA, stated that the Bitcoin miner was meant to be part of an April Fools joke, however, they weren't able to finish it in time. Th...

Early 2012 ESET company a mysterious malware, dubbed the Avatar rootkit (Win32/Rootkit.Avatar), advertised in the underground forums by Russian cyber crime . " We present you here previously announced product. In connection with work on other projects, we moved the release date for the public from May to February 2013th 2012go.Now nuclear rootkit AVATAR is available for rental. " Despite the malware was described months ago it was not found and published until now, in March ESET researchers detected two droppers with different C&C servers and having different compilation time stamps as showed in the following pictures: The Avatar rootkit appears very sophisticated, it uses two different infection techniques, the first in the dropper so as to bypass detections by HIPS, and the second one in the rootkit driver to allow the malware to be alive after system reboot, the instance detected works only on x86 systems. The 2 level dropper for Avatar rootkit works in conjunct...

A dangerous variant of the Ramnit malware has been discovered targeting the UK's financial sector. Trusteer claims to have discovered an interesting trojan based attack technique that injects highly convincing and interactive real-time messages into the user Web stream that they encounter when logging into a UK online banking session. The Ramnit worm was discovered in 2010, but in 2011 researchers spotted a new strain that had incorporated source code from the notorious Zeus banking trojan. Cyber criminals are stepping up their use of social engineering techniques to bypass increasingly security-aware users of online banking and e-commerce sites.   The malware reportedly avoids detection by going into an idle sleep mode until its intended victim logs into their online bank account, at which point it activates and presents them with a fraudulent phishing message. Ramnit circumvented the OTP feature at the target bank using a 'Man in the Browser' attack ...

Distributed Denial of Service attacks have increased in scale, intensity and frequency. The wide range of motives for these attacks political , criminal, or social makes every merchant or organization with an online presence a potential target. Over the weekend Incapsula mitigated a unique DDoS attack against a large gaming website, in which they have discovered a DDoS attack using thousands of legitimate WordPress blogs without the need for them to be compromised. Incapsula released the list of approximately 2,500 WordPress sites from where the attack was originated, including some very large sites like Trendmicro.com, Gizmodo.it and Zendesk.com . In a recent report , we posted about another method for DDoS attacks using DNS amplification , where a DNS request is made to an open DNS resolver with the source IP address forged so that it is the IP address of the targeted site to which the response is thus sent, but this new method uses HTTP rather tha...

Privacy conscious phone users are being offered a new app that claims to be the world's first totally secure messaging service. A London-based iPhone messaging app claims to be unhackable and is offering reward to anyone who can intercept a message sent by it.  Redact believes that messages sent via the app are completely secure, and to prove it a reward of £10,000 has been offered. The application creates a secure and encrypted peer-to-peer network between two iPhones, with messages sent directly from one phone to another and not through the company's servers.  The company has already offered its Secure Messenger service for free to MPs and submitted the technology to CESG, the Government's National Technical Authority for Information Assurance, which provides advice on the security of communications and electronic data. With Redact there are no user names, phone numbers or email addresses. Instead, new users are automatically assigned a unique PIN, simi...

Google has fixed a series of serious vulnerabilities in its Chrome OS , including three high-risk bugs that could be used for code execution on vulnerable machines. Bug bounties is the cash prizes offered by open source communities to anyone who finds key software bugs have been steadily on the rise for several years now. As part of its reward program, Google paid out $31,336 to a researcher who found three of the vulnerabilities . Google's post notes : " We're pleased to reward Ralf-Philipp Weinmann $31,336 under the Chromium Vulnerability Rewards Program for a chain of three bugs, including demo exploit code and very detailed write-up. We are grateful to Ralf for his work to help keep our users safe. " The three-bug chain credited to Weinmann exploited O3D, a JavaScript API (application programming interface) designed for crafting interactive 3-D graphics-based Web applications. The API and supporting browser plug-in were created by Google, with a preliminary ve...

The Guardian's Twitter accounts have been taken over by pro-Syrian government hackers ' Syrian Electronic Army ' , who previously targeted the Associated Press BBC , al-Jazeera, the Qatari government and National Public Radio in the United States, as well as France 24 TV. " We are aware that a number of Guardian Twitter accounts have been compromised and we are working actively to resolve this ," a Guardian spokesperson said. Nine bogus tweets were broadcast in an hour, including some with anti-Israeli sentiments, and others saying " Long Live Syria " and " Syrian Electronic Army Was Here ".  Cyber-security experts believe the SEA have targeted a series of western media organisations in an apparent attempt to cause disruption and spread support for President Bashar al-Assad's regime, which has been under increasing Western pressure to end an ongoing bloody civil war in Syria. The group's domain names were apparently registered by the Syr...

McAfee said it has found a vulnerability in Adobe Systems' Reader program that reveals when and where a PDF document is opened. The issue emerges when some users launch a link to another file path, which calls on a JavaScript application programming interface (API), while Reader alerts a user when they are going to call on a resource from another place. The issue is not a serious problem and does not allow for remote code execution, but McAfee does consider it a security problem and has notified Adobe. It affects every version of Adobe Reader, including the latest version, 11.0.2. " We have detected some PDF samples in the wild that are exploiting this issue. Our investigation shows that the samples were made and delivered by an 'email tracking service' provider. We don't know whether the issue has been abused for illegal or APT attacks ," wrote McAfee's Haifei Li. McAfee declined to reveal the details of the vulnerability as Adobe i...