The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A College 19-year-old college student and Hacker from Temecula, California has been arrested for hacking the webcams of Miss Teen USA ' Cassidy Wolf ' and other women to extort nude photos and videos from them. Earlier this year Cassidy Wolf received an anonymous email in which the sender claimed to have stolen images from the camera on her home computer. According to the complaint, he threatened to turn her " dream of being a model ... into a ..... " Jared James Abrahams , 19 years-old man forced several women to strip. Based on an investigation launched in March the FBI raided THE suspect's home in June, seizing computers, cell phones and hacking software. Abrahams is accused of hacking the computers of several young women and charged with extortion, that could send him to federal prison for up to two years. Abrahams used malicious software to disguise his identity in order to capture nude photos or videos of victims through remote operat...

An illegal service that sells personal data of US citizens online, which can then be used for identity theft hacked into the networks of three major data brokers and Hacker stole their databases. Cyber attack has given them access to Social Security Numbers , dates of birth, and other personal details that could put all our finances at risk. Krebs's blog revealed that the service, known as SSNDOB ( ssndob.ms)  (Social Security Number Date of Birth) used malware to obtain secret access to the databases of LexisNexis, Dun & Bradstreet and Kroll Background America. Hackers are charging from 50 cents to $2.50 per record and from $5 to $15 for credit and background checks. It was discovered in March that another website, exposed.su was using data collected by SSNDOB to sell to its customers.  Through the use of a botnet Malware, ID thieves the ID thieves gained access to the networks of LexisNexis, that it provides coverage of more than 5...

Italian Researcher Michele Spagnuolo recently revealed a serious vulnerability in the popular Mailbox iPhone app . Mailbox is a tidy iOS the email app recently purchased by Dropbox , has a pretty wide-open hole that could allow bad actors to hijack your device. The flaw occurs in the latest version of Mailbox (1.6.2) currently available from the App Store, that  executes any Javascript which is present in the body of HTML emails. With exploitation of this vulnerability, users could be subject to account hijacking, spam and phishing attacks by simply opening an HTML email containing embedded javascript. You can see a video demonstration below: The good news is that the problem is probably not as bad as it looks, because iOS is tightly sandboxed, its security features are built with this functionality in mind and normally do not allow any potentially harmful operation to take place without the user's permission. Mailbox's statement on this issue,...

Last week a 21-year-old chartered accountant student from Hyderabad was arrested for hacking into E-taxation Account of Industrialist Anil Ambani. During the probe Mumbai Police's crime branch has emerged that Anil Ambani's account was also fraudulently accessed from Noida. After investigation, Police were able to track another CA student who not only accessed Ambani's account,  but also of popular cricketers and film stars including Sachin Tendulkar, MS Dhoni, Shah Rukh Khan and Salman Khan. 22 years-old CA student named, Sanchit Katiyal -- who is doing his articleship at  Vishal Kaushal Company, an accountancy firm in Noida,  had hacked into Ambani's account on 26th June.  His computer and hard disks were seized by Cyber Crime Cell. He first accessed the accounts of Shah Rukh and Salman on 22nd June, Dhoni's account on 24th June and then broke into Ambani's account.  He again accessed Dhoni's account on June 28, and Tendulkar's on July ...

There is currently a Mega cyber attack campaign being launched on a large number of WordPress websites across the Internet.  In April, 2012 we reported about a large distributed brute force attack against millions of WordPress sites were occurring, out of that hackers are successful to compromise 90,000 servers to create a large Botnet  of Wordpress hosts. According to the DDOS attack logs report  received from a ' The Hacker News ' reader ' Steven Veldkamp ', victim's website was under under heavy DDOS attack recently, coming from various compromised Wordpress based websites. Possibly using the brute force attack on WordPress administrative portals with the a world list of the most commonly used username and password combinations, attackers are taking control of many poorly secured WordPress Hosts. After analyzing the piece of a DDOS attack Log file from timing 23/Sep/2013:13:03:13 +0200 to 23/Sep/2013:13:02:47 +0200, we found that in 26 second att...

On Wednesday, Chief of National Security Agency (NSA) , General Keith Alexander defended US surveillance programs as part of a Noble Mission to protect the nation. He said that the collection of bulk phone records by U.S. Intelligence agencies are essential to preventing terrorist attacks. He referenced the criticism thrown at the intelligence services in late 2001 for not connecting the dots that led up to the Sept. 11 attacks. " We need our nation to understand why we need these tools, and what those tools mean for civil liberties and privacy and what they mean to defend this country, " General Keith Alexander said during a keynote speech at the Billington Cyber Security Summit in Washington. In recent months NSA has been targeted for severe criticism from privacy advocates, members of Congress and foreign allies of America, whose citizens may have been targets of this surveillance. Alexander pleaded for support of NSA programs during his speech at ...

If you lose your device, Google lets you secure it instantly from afar through Android Device Manager, that let you locate and remotely wipe your phones and tablets. The latest update to Android Device Manager enables remote password locking, overrides the built-in Pattern, PIN code, Face unlock or password-based security, making sure your data doesn't fall into wrong hands. To get started, go to google.com/android/devicemanager on your computer and go through your list of devices that are connected to your Google account. I tried the process with my Samsung Galaxy S4, and it worked like a charm. Google's new feature is a very useful one for those who don't have a lock on their phone and want to make sure their data is protected. A lock request will immediately secure any device connected to Wi-Fi or a cellular network, even if it's actively being used. If a thief has turned off a phone or enabled Airplane Mode, the lock will take effect as soon as a data co...

Last week Apple releases the iPhone 5S  with Touch ID , a fingerprint-scanning feature, promoted by the company as " Your fingerprint is one of the best passwords in the world ". Just after the launch of iOS7 , Hackers around the world come up with a series of security issues and privacy concerns. One of the most embarrassing hack released yesterday, when a group of German Hackers fooled the iPhone 's biometric fingerprint security by just using a high resolution photo of someone's fingerprint. Now, We all are aware about many secret surveillance projects of NSA like PRISM , where U.S. government is collecting data from these Internet companies including - Apple. Apple claimed that, iPhone will never upload fingerprints to their server, but can we believe them anymore ? It is already proven that, During Surveillance operations and for Backup purpose, Smartphone applications can upload anything from your device to their online servers without any...

A new Mac OS Malware has been discovered called OSX/Leverage . A , which appears to be yet another targeted command-and-control Trojan horse, that creates a backdoor on an affected user's machine. The Trojan named ' Leverage ' because the Trojan horse is distributed as an application disguised as a picture of two people kissing, possibly a scene from the television show " Leverage ". The attack launched via a Java applet from a compromised website and which drops a Java archive with the backdoor to the visitor's computer and launches it without a user intercation. To perform the attack, Malware uses two recently disclosed Java vulnerabilies  known as CVE-2013-2465 and CVE-2013-2471. Once it's installed, the Trojan connects to the C&C server on port 7777. Security vendor Intego said that Malware linked to Syrian Electronic Army (SEA) , because after installation Malware attempt to download an image associated with the Syrian Electronic...

Attackers exploiting a zero-day vulnerability CVE-2013-3893 in Microsoft's Internet Explorer browser and served them on compromised popular Japanese news websites. According to FireEye , at least three major Japanese media websites were compromised in watering hole attacks, dubbed Operation DeputyDog , appears to target manufacturers, government entities and media organizations in Japan. The compromised sites recorded more than 75,000 page views before the exploits were discovered. The zero-day vulnerability in IE 8 and 9 allows the stealthy installation of software in the users' computers which then can be remotely accessed by the hackers. The hackers typically use Trojans designed specifically for a pay-to-order attack to steal intellectual property. Researchers saw a payload executable file used against a Japanese target posing as an image file hosted on a Hong Kong server. The attack in Japan was discovered two days after Microsoft disclosed the ...

Android malware is continuing to cause problems for end users with huge amounts of fraud and Malware campaigns going on. A lot of fake apps are currently on Google Play Store fooling thousands of consumers. Grand Theft Auto 5 , which hit stores last Tuesday and is shaping up to be the most lucrative video game release ever. Now, Rockstar Game do plan to bring their Grand Theft Auto V iFruit app for Android devices, but before official released, it's fake malicious versions are out in Google Play Market. Rockstar have confirmed that they haven't released the Android version yet, only the iOS version is available right now and Android owners are warned not to download them, because some could contain malicious malware . There are at least two fake apps have surfaced on the Google Play Store that use the same icon as iFruit in an attempt to mimic the real thing. The deceptive part about these apps is that the developer publicly listed appears as "...