The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Sentencing for former LulzSec leader Hector Xavier Monsegur , better known as " Sabu " , has again been delayed. Monsegur pleaded guilty to a dozen criminal counts two years prior and stands to face more a maximum sentence of more than 124 years. Another Lulzsec Hacker Jeremy Hammond has claimed that the FBI used Sabu to coordinate attacks against foreign governments, by  Anonymous hackers and Others. The delays indicate that the FBI is not extracting information from Monsegur and this could mean that the hacker may be helping FBI with other covert operations as Jeremy Hammond claims. Jeremy Hammond, released a statement on Thursday accusing the US government of asking Monsegur to encourage fellow hacktivists to infiltrate foreign government entities. " What many do not know is that Sabu was also used by his handlers to facilitate the hacking of the targets of the government's choosing including numerous websites belonging to foreign governments" ,...

During the weekend China's Internet was taken down by a powerful distributed denial of service (DDoS) attack on the .cn domain slowed and blocked Internet access inaccessibility for hours. Security expert clarified that China could have been perpetrated by sophisticated hackers or by a single individual. The China Internet Network Information Center [ CINIC ] reported that the attack began at 02:00 local time on Sunday with a peek at 04:00 that made it the largest DDoS attack the country's networks have ever faced. The CCINIC is responsible for registering sites in the .cn domain. Before malicious coders can launch a DDoS attack, they must infect the computers of unsuspecting users, often by tricking people into installing malware on their computers. The China Internet Network Information Center confirmed the attack with an official statement informing internet users that it is gradually restoring web services and that will operate to improve the sec...

Google has local domains for almost every country in the world. Just now some hackers from Palestine hacked into Google's Palestine domain ( https://google.ps/ ) and defaced it The message appearing on the defaced page says, " uncle google we say hi from Palestine to remember you that the country in google map not called Israel. Its called Palestine # Question : what would happen if we changed the country title of Isreal to Palestine in google maps !!! It would be a revolution .. So Listen to rihanna and be cool :P " The most likely scenario is that Google itself hasn't been breached. Instead, it appears as the hacker forwarded/ redirected the DNS to a new page. The virtual names of the hackers behind the hack are ," Cold z3ro - Haml3t - Sas - Dr@g " from Palestine. Currently, the website is defaced while writing this update. Reported by The Hacker News reader 'Hanamichi Kurotsuchi'.

Security researcher Dan Melamed has found a serious Pinterest Exploit that exposed user's information of over 70 Million accounts. The security researcher Dan Melamed has found a Critical Pinterest Exploit that compromised the privacy of over 70 Million Users, the flaw allows hackers to view the email address of any user on Pinterest. Pinterest is a very popular social media, over 70 million users including high profile figures and brands that ordinary use it, such a flaw could have a serious impact on their privacy. Dan has found the way to access to the information belonging to the owner of the Access token, as the researcher has shown it is possible to display them visiting the following URL. https://api.pinterest.com/v3/users/me/?access_token= MTQzMTYwMjozNTcxOTE5NTE2MDQyNjcxNzc6MnwxMzc3MDY4ODMyOjAtLTE2 ZWJjNDg4NzYxYTFmZWIwZmU0ODcxYzc3ZWUyN2E2YTdhOWNlN2I= Substituting the " /me/ " part of the link with the username of another Pinterest user it...

The cyber Security Analyst  ' Ebrahim Hegazy ' (@Zigoo0) Consultant at Q-CERT has found an " Unvalidated Redirection Vulnerability " in the website of the giant security solutions vendor "Kaspersky". Ebrahim, who found a SQL Injection in " Avira " website last month, this time he found a Unvalidated Redirection Vulnerability that could be exploited for various purposes such as: Cloned websites ( Phishing pages) It could also be used by Black Hats for Malware spreading In the specific case what is very striking is that the link usable for the attacks is originated by a security firm like Kaspersky with serious consequences. Would you trust a link from your security vendor? Absolutely Yes! But imagine your security vendor is asking you to download a malware! To explain how dangerous the situation is when your security vendor is vulnerable, Ebrahim Hegazy sent me a video explaining the malware spreading scenario to simulate...

The Palestinian hacker ' Khalil Shreateh ', who broke into the Mark Zuckerberg's Facebook Timeline  to expose a security lapse will be awarded nearly $12,000 but not from Facebook, it will come from an online crowdsourced campaign. The hacker initially used Facebook's whitehat disclosure program, a service that rewards bug hunters for reporting vulnerabilities, to inform the company about the issue. Facebook refused to pay him for finding the bug since he used it to post on Mark Zuckerberg's wall, because Facebook had ignored his earlier warnings. The exploit allows users to post to other Facebook user's timeline while they are not in friend list. Marc Maiffret, CTO of BeyondTrust, has kicked off a crowd-sourced funding to come up with a reward for Khalil Shreateh, and the results have already been impressive. ' Khalil Shreateh found a vulnerability in Facebook.com and, due to miscommunication , was not awarded a bounty for his work,'...

Yesterday we received a vulnerability report in web applications from some unknown Indian Hacker, who explained that how Hackers are hijacking Mobile recharge and Free SMS service related websites.  He detailed the loophole in password reset process, that could allow attackers to brute force many high profile websites that are actually not protected by the image CAPTCHA verification system, during the password reset process. The hacker used a Firefox Browser equipped with the Fireforce add-on , a very simple a Firefox extension designed to perform brute-force attacks on GET and POST forms. The technique proposed by him targets the unsecure password reset process used by many websites, where the web application used to send a code to the user's mobile or email for authenticity verification. Around 40% websites adopts password reset code composed of numbers and of some fixed length, typically having a length less than 5 digits. This information could advan...

A Palestinian Web Developer and Hacker, ' Khalil Shreateh ' found an interesting  vulnerability in Facebook, that allows hacker to bypass the Privacy settings to make a post on anyone's Timeline / Wall. He was forced to post vulnerability details on Mark Zuckerberg (Facebook Founder) Timeline to prove his point, after the Facebook Security Team failed to recognize his critical vulnerability three times. The flaw even working for those victims, who is not included in the attacker friend list.  According to Facebook's Bug Bounty program, a researcher has to submit the flaw details via email to Facebook Security Team without disclosing the details in Public. In order to get the minimum reward of US$500, the flaw should be valid. The reported vulnerability is in " composer.php " file on Facebook mechanism. First Khalil made a post on the timeline of a girl, " Sarah Gooden " who studied at the same college as Facebook CEO Mark Zuckerbe...

The recent "disconcerting" reports that India was being spied upon by American intelligence agencies has opened an all new chapter in the cyber security space. The revelation that the Indian embassy in the US was among the list of 38 diplomatic missions which were being spied upon by American intelligence agencies, as per the latest top secret US National Security Agency documents leaked by the whistleblower Edward Snowden has raised questions like How much of liberty should the cyber space grant to maintain national security and at what cost?  So far, legality is the main rationale US officials have used to defend the government's PRISM spying program. It's all perfectly legal, approved by govt. and the courts, but a more potent argument might be just because something is legal doesn't necessarily make it a good thing. In the context of the recent findings and the debate that it has just drawn, The Hackers Conference 2013 will raise important questions on the th...

A USB Internet Modems or Data card, is a type of modem that allows your computer to receive Internet access using USB Port and connect to a GSM/CDMA network there by creating a PPPoE  ( Point to Point protocol over Ethernet) interface to your computer. Indian Security Researcher ' Rahul Sasi ' found a new Innovative critical flaw in these USB Internet Modems that allows an attacker to execute malicious code remotely, just via sending an SMS. While talking to ' The Hacker News ' , he claimed that the reported vulnerability  allows him to even hack computers remotely to gain the Meterpreter shell or  full access to the victim's PC. Vulnerability can be used by a malicious attacker for Mass exploitation, since these modems have a phone number which lies in a particular series, so all the phone numbers starting with xxxxxx1000 to xxxxxx2000 would be running a particular version of the USB modem software. USB Internet Modems are supplied with d...

More than 9000+ participants enter the Guinness book of World Records for the largest congregation for information Security. E-Hack, world largest Ethical Hacking workshop was organized by InfySEC at SRM University on July 27 and 28,2013 . The expected participant count was 4500+ but on the day of the event the participant count were as high as 9637 students participated to be a part of E-HACK making it the LARGEST IT SECURITY AWARENESS MARATHON GLOBALLY , which made the organizing team to facilitate other two mini auditorium available in the same venue with speakers like Mr. Karthikeyan,founder of Zazvik Solutions, Mr.Santhosh Srinivasan, director of Symantec,Mr.Patrick Martinent, a Google developer Expert, Mr. Vinod Senthil,Director of Infysec, Mr.Ashish Chandra Mishra,Chief Information Security Officer at Tesco HSC, Mr. Rishi Narang,lead consultant with Aujas Networks , VT Gopal - Professor, Anna University and Dr.Prateep V.Philip IPS,AGDP, Tamil Nadu Crime Division. ...