The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The National Security Agency , part of the U.S. military reportedly has a direct line into the systems of some of the world's biggest Web and tech companies, i.e Microsoft, Google, Facebook, Skype. The NSA access is part of a previously undisclosed program called PRISM , 6-year-old program which allows officials to collect real-time information and as well as stored material including search history, the content of emails, file transfers and live chats, according to reports in the Washington Post . Project PRISM may be the first of its kind and also  GCHQ , Britain's equivalent of the NSA, also has been secretly gathering intelligence from the same internet companies through an operation set up by the NSA. Later confirmed by the White House and members of Congress as saying that the government routinely seeks information in its fight to thwart domestic and international terrorism. Other services that are reportedly part of PRISM include PalTa...

A new piece of sophisticated Android malware has been discovered by security researchers at Kaspersky Labs . Dubbed as Backdoor . AndroidOS . Obad . a , it is the most sophisticated piece of Android malware ever seen. It exploits multiple vulnerabilities , blocks uninstall attempts, attempts to gain root access, and can execute a host of remote commands. It include complex obfuscation techniques that complicated analysis of the code, and the use of a previously unknown vulnerability in Android that allowed it to take control of and maintain a foothold on infected Android devices . There are two previously unknown Android vulnerabilities exploited by Obad . It can gain administrator privileges, making it virtually impossible for a user to delete it off a device. Another flaw in the Android OS relates to the processing of the AndroidManifest.xml file. This file exists in every Android application and is used to describe the application's structure, define its laun...

Microsoft and the FBI have taken down a botnet that controlled millions of infected PCs, which was responsible for massive bank fraud.  Botnets are networks of computers infected with viruses that let them be controlled by hackers. The outfit runs the Citadel Botnets and is believed to have stolen more than $500 million from bank accounts over the past 18 months. Citadel is one of the biggest botnets in operation today. Citadel is a banking Trojan that has been in existence since 2011. As with most banking Trojans, Citadel is a full crimeware kit, providing the attackers with payload builders, a command and control (C&C) server infrastructure, and configuration scripts to target various banks. Citadel infected as many as 5 million PCs around the world including here in Australia and according to Microsoft, was used to steal from dozens of financial institutions, including American Express, Bank of America, Citigroup, Credit Suisse, eBay's PayPal, HSBC...

A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News Sites (BNS)—to deceive users into online investment fraud across 50 countries. These BNS pages are made to look like real news outlets: CNN, BBC, CNBC, or regional media. They publish fake stories that feature public figures, central banks, or financial brands, all claiming to back new ways to earn passive income. The goal? Build trust quickly and steer readers toward professional-looking scam platforms like Trap10, Solara Vynex, or Eclipse Earn. Scammers use sponsored ads on Google, Meta, and blog networks to push traffic to these sites. Ads often carry clickbait headlines—"You won't believe what a prominent public figure just revealed"—paired with official photos or national flags to make them feel legit. Clicking the ad directs users to a fake article, which then redirects them to a fraudulent trading platform. Many of these scams follow a...

The National Security Agency is collecting telephone records for millions of Americans without informing the individuals involved. The shocking news has been revealed by ' Guardian ' whose journalists had access to a " Top Secret " court order, signed by Judge Roger Vinson, issued in April against Verizon . A copy of a secret order to obtain phone records for all Verizon customers was obtained, showing that the NSA was monitoring all incoming and outgoing calls made on that network.  The order obliges the Verizon Company to deliver the daily list of calls, " both within the Member States and between the United States and other countries ." The order was issued by the U.S. The Foreign Intelligence Surveillance Court directs Verizon's Business Network Services Inc and Verizon Business Services units to hand over electronic data including all calling records on an " ongoing, daily basis " until the order expires on July 19, 2013. ...

The infamous Zeus malware has once again resurfaced as per Symantec and is capable of draining your bank accounts. Zeus propagates through phishing messages that originate from an account that has been phished. Such a phished account will then start automatically sending messages to friends with links to ads telling them to check out a video or product.  Of course, you should not click as doing so will get your account phished as well. The program is sophisticated enough that it can replace a bank's Web site with a mimicked page of its very own. The fake page can then ask for social security number information and other data that is then sold on the black market.  According to Trend Micro the pages are being hosted by the Russian criminal gang known as the Russian Business Network. Zeus was first detected in 2007 and it is spreading online. If you click on the Zeus virus, it is designed to steal your password and drain your bank account. Facebook is aware o...

Since 2010, foreign state sponsored organizations have repeatedly compromised an unencrypted database maintained by the Veterans Affairs Department that contains personally identifiable information on roughly 26 million veterans. Including at least eight foreign-sponsored organizations, mostly connected to the Chinese military had successfully compromised VA networks and data.  Other than this, possibly Russia were identified as likely culprits in the attempts to steal VA data. Details regarding exactly what information has been compromised are sparse, but unencrypted data included names, dates of birth and Social Security numbers of veterans that could be used to commit credit and identity fraud. Lack of basic security controls, such as encryption of data, make VA an easy target. The 2006 breach was caused by the theft of a VA employee's laptop, which contained personal information on about 26 million veterans and military personnel. From another report,...

Judge Susan Illston of the U.S. District Court for the Northern District of California on Friday has ordered the Google to hand over customer details to FBI without a warrant. FBI counter terrorism agents began issuing the secret letters, which don't require a judge's approval, after Congress passed the Patriot Act in the wake of the September 11 attacks. The letters are used to collect unlimited kinds of sensitive, private information, such as financial and phone records and have prompted complaints of government privacy violations in the name of national security. Google had previously refused to give the agency access to personal data such as the search history of its users, claiming such demands were illegal without a warrant. Electronic Frontier Foundation has challenged the letters in court, said: " We are disappointed that the same judge who declared these letters unconstitutional is now requiring compliance with them ." The decision came...

A Russian hacker who goes by the handle " Barabus " on the GameDev.ru forums illegally crack Xbox Live Arcade game The Dishwasher: Vampire Smile , developed by Ska Studios and port it on PC. He claimed that he was justified in illegal cracking: " This is not piracy, this is restoration of justice. The authors are not very nice to publish the game exclusively for the Xbox 360, making it impossible for PC gamers to play in such a great game ."  The port is currently in beta and has no permissions from Ska Studios to even exist. But this isn't a problem, according to the developer, as they say they're not stealing anything from Ska Studios. In the same forum post, the game's creator Ska Studios founder James Silva said: " I guess you could say my reaction is mixed. I'm flattered that there's this much interest in Vampire Smile on PC. I'm not mad about the crack itself, in fact, I'm actually pretty impressed. But I'm bewildered by the cracker's attempt to jus...

Recently Twitter has rolled out Vine app for Android, A new way to share video on twitter. The free app, which enables people to record and share clips of up to six seconds with other Vine users as well as on Twitter and Facebook. But on the very next day, Twitter's video-sharing application Vine was hacked by 16-year-old Will Smidlein , who uploaded the three-and-a-half minute video of Rick Astley's song " Never Gonna Give You Up ." This video violated Vine's usual code that only six second videos are posted. " I think I broke Vine ," Will Smidlein tweeted Monday night , where he described himself as a Web developer. What he did exactly? Smidlein decompile the app's code into a readable format, then modify few parts of the program that actually validate user to upload only 6 sec video. " Sorry, Twitter/Vine engineers, " he wrote. " I tried to keep it quiet, but the internet never forgets." ,  it could potentially embarrass a few of...

Syrian Electronic army appears to be taking part in ongoing operation against Turkey government website. Hackers collectively called Anonymous and SEA breached into Turkish Ministry of Interior website and the private information of staffers in PM Tayyip Erdogan's office. Hackers claimed that they gained access to staff email addresses, passwords and phone numbers. As exposed on internet, database include emails and plain text passwords of 90 users. In addition , Hackers also managed to take down the Turkey's Prime Minister (basbakanlik.gov.tr) website. Many other sites belongs to Turkish govt was defaced last night by various hackers around the world including the country's ruling party as operation #OpTurkey. The team also defaced the  dosya.icisleri.gov.tr/Dosyalar/  and placed their logo on site. " Rise against the injustice of Erdogan's Tyranny. Rise against the policies of hypocrisy perpetrated by the Erdogan Regime ." The defacement message read...

Two Factor Authentication is becoming a standard in the enterprise security space in an attempt to dually secure end users against malicious attacks.  Following Dropbox, Google and virtually everyone else, LinkedIn added two-factor authentication to its login process today. LinkedIn will provide temporary codes for two-factor authentication  through SMS messages. The extra step is designed to lessen the chances of computer hackers breaking into user accounts. To turn on two-step verification on LinkedIn, hit the icon in the top-right corner of the site, click on "Privacy & Settings," and then on "Manage security settings" at the bottom. The site has provided instructions to its 225 million users on how to turn on the optional service. On other side, today @The_Pr0ph3t, whitehat Hacker from Spain reported a Cross Site Scripting Vulnerability in LinkedIn Developer site (developer.linkedin.com).  Flaw still exists on website a...