The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

I hope you all still remember the famous and powerful Remote Administration Tool (RAT) called ' Dark Comet ', developed by a French computer geek ' Jean-Pierre Lesueur ', also known as ' DarkCoderSc '. However, He had closed the Dark Comet project, when the Syrian government found to be using it to track down and to spy on their people. After that  DarkCoderSc  started working under a new banner ' Phrozen Software ' to develop many new security softwares and penetration testing tools. Just yesterday, Jean-Pierre and his team-mate Fabio Pinto  from French University, have released a new tool called ' Rakabulle ', a file binder with some cool features for penetration testers and malware researchers. File binder is an application that allows a user to bind multiple files together, resulting in a single executable file. When you execute that single application, all previous merged files will be extracted to a temporary location, and will be exe...

Like Bitcoin, There are numerous other cryptocurrency similar in nature, including  MasterCoin , ProtoShares, Litecoin, Peercoin, BitBar and many more. One of them is  Primecoin  (sign: Ψ; code: XPM),  a peer-to-peer open source cryptocurrency that implements a scientific computing proof-of-work system. Unlike Bitcoin or other virtual currencies, only Primecoin provides a proof of work that has intrinsic value. It generates a special form of prime number chains, known as ' Cunningham chains & bi-twin chains ' and has a real world importance in mathematical research. Worldwide famous RSA Encryption basically uses two prime numbers for generating a RSA key pair. If you are able to factorize the public key and find these prime numbers, you will then be able to find the private key. Thus, the whole Security of RSA encryption is based on the length of prime numbers. So, Primecoin plays a great role for crypto researchers to get large... and a ve...

In this Internet savvy generation, we want all of our data to be secured at some place. Having backups of your data is always a good idea, whether that data is stored in the Cloud or on your computer. But everyone who is following the Edward Snowden leaks of the NSA 's PRISM program now pushed to hardening their Mobile devices and computers for security, privacy, and anonymity. There are many Free Cloud storage providers including  Google Drive ,  Dropbox, Box, RapidShare, Amazon Cloud Drive, Microsoft SkyDrive  and many more. These services have a limitation that all data is unencrypted, or even if it is encrypted, the encryption keys are still generated by the company's software, meaning the company still has an access to your data. So as an end user, we must think about the security and privacy of our data. We should first encrypt our files on the system level and then upload a copy of it on the cloud storage. For this a robust and highly user friendly tool called...

Mobile security may not be secure as you think. In September we have reported that the National Security Agency has the ability to access data on iOS, Android and even BlackBerry devices. Everyday a new revelation of NSA Surveillance Program makes Security and Privacy a major concern for all of us. Today we feel the need of highly secured Networks and Encrypted Devices to safeguard our privacy from Cyber Criminals as well as Government. Phil Zimmerman , Inventor of the email encryption tool PGP and Silent Circle's Co-founder (company specializes in mobile privacy and peer-to-peer encryption ) has announced ' BLACKPHONE ', a Smartphone that's been designed to enable secure, encrypted communications, private browsing and secure file-sharing. The company will launch BLACKPHONE in the ' Mobile World Congress ', Spain next month, offers ' PrivatOS ', an Android based operating system which will allow users to make and receive secure phone calls, exchange secure te...

More than 15.2% of the Algerian population use Internet service which is provided by around 30 Internet Service Providers and one of the largest shares is served by Algerie Telecom .  Algerie Telecom provides  TP-LINK TD-W8951ND  Router to most of their home customers who Opt-In for Internet services and each of which has ZYXEL embedded firmware installed in it. ABDELLI Nassereddine, penetration tester and Algerian Computer Science Student has reported highly critical unauthorized access and password disclosure vulnerabilities in the Routers provided by Algerie Telecom. He told ' The Hacker News ' that the vulnerabilities can be exploited by any remote hacker just by exploiting a very simple loophole in the firmware. First, he found that an unauthorized access is available to ' Firmware/Romfile Upgrade'  Section on the Router's panel that can be accessed without any login password i.e. https://IP//rpFWUpload.html This page actually allows a user to upgr...

Oops.. Hackers got Hacked! The Syrian Electronic Army , who has hacked hundreds of High Profile targets in 2013-14, today they got hacked by a Turkish hacker. Turkguvenligi , a Turkish hacker told The Hacker News that he hacked and defaced the official website of the hacking group SEA ( sea . sy  and  leaks . sea . sy ). SEA Group has taken down many serious targets like Microsoft, Obama & New York Times' twitter accounts & websites in the past, but today their own server got breached. The most common hacking technique used by the SEA Group is Phishing , but the Turkguvenligi hacked then using an exploit known for vulnerabilities in the server or website. At the time of writing this news, the whole website of SEA was down, but our readers can see the defacement mirror on Zone-H . Turkguvenligi tagged SEA in a  tweet , says " hi guys, you have been hacked ": The Syrian Electronic Army group has not commented anything about the hack, b...

After the revelations from NSA internal documents leaked by Edward Snowden, the world knows the NSA as the Real Techie Gangster of this 21st Century, with the ability to brutally infiltrate every kind of electronic device, the Internet, and global communications.  " It is becoming increasingly difficult to trust the privacy properties of software and services we rely on to use the Internet. Governments, companies, groups and individuals may be surveilling us without our knowledge. " The Inventor of JavaScript & current CTO of Mozilla, Mr. Brendan Eich said in a blog post NSA is not just focused on high-tech exploits, but also specialize in inserting secret backdoor to legitimate products. Its Tailored Access Operations (TAO) unit works with the CIA and FBI to intercept shipments of hardware to insert spyware into the devices. This way NSA is able to keep an eye on all levels of our digital lives, from computing centers to individual computers, and from laptops to mobi...

In the first week of this year, we have reported about a critical vulnerability found in more than 2000 Routers that allow attackers to reset the admin panel password to defaults. Recently, Cisco has released a security advisory , detailed about the similar vulnerability affecting their three networking products. Cisco has rated the flaw highly critical and marked it as 10.0 on the Common Vulnerability Scoring System (CVSS). A security researcher found a secret service listening on port 32764 TCP, allowed a remote user to send unauthenticated commands to the device and reset the administrative password. Successful exploitation of the vulnerability allows the hacker to execute arbitrary commands on the device with escalated privileges. Vulnerable Cisco products are: WAP4410N Wireless-N Access Point, Cisco WRVS4400N Wireless-N Gigabit Security Router, and the Cisco RVS4000 4-port Gigabit Security. "This vulnerability is due to an undocumented test interface in t...

The New Year begins with a new form of amplified Distributed Denial of Service (DDoS) Attack, a weapon for attackers to bring down websites and servers. As we have reported two weeks ago that the attackers are abusing the Network Time Protocol (NTP) servers to perform an amplified version of DDoS Attack on various targets across the world. Earlier this week a number of popular Gaming services, including League of Legends, EA.com and Battle.net from Blizzard were taken down by similar DDoS attack . 'Network Time Protocol (NTP)' is a distributed network clock time synchronization protocol that is used to synchronize computer clock times in a network of computers and runs over port 123 UDP. " The attacker sends a small spoofed 8-byte UDP packets are sent to the vulnerable NTP Server that requests a large amount of data (megabytes worth of traffic) be sent to the DDoS's target IP Address.  "Security Researcher, Wang Wai  detailed  in a previous article on 'The ...

In this era of Computers and Smartphones, where we are connected to the Internet every second and use it almost for everything. For an Internet connection, one has to plug a device called Router between the ISP (Internet Service Provider) and device. Some Routers are available with USB option, where you can attach an external Hard Disk that allows files to be stored and retrieved across a computer network. Asus one of the largest IT hardware manufacturer providing these kind of devices by which you can connect to the internet and make your external hard disk available on the Internet as FTP server just by configuring AiDisk utility from the router's administrator panel.  Many ASUS Routers have this feature available, including models: RT-N66U, RT-N56U, RT-N15U, RT-N65U, RT-AC66U, DSL-N55U and RT-N16. Recently a vulnerability has been noticed by some Sweden users in the ASUS Routers, that allows an attacker to access your Hard Disk remotely from any part ...

In my last article, we have learnt that how to encrypt our Emails using Gnu Privacy Guard . Previously we used Microsoft Outlook as a desktop mail client and a GpgOL plugin to handle encryption decryption of our communication. Since Microsoft is a US-based company, that has to follow all the laws of that contingent. Should we trust Microsoft product to save our e-mail password and data? Obviously NO!  This made me write a new article on the same topic is that today we are going to use an open source mail client i.e.  Mozilla Thunderbird , available for Windows, Mac OS X and Linux. Thunderbird Installation: Initially you need to download the Thunderbird mail client, and install it to make your email communication more secure and private. Open Thunderbird tool and configure your mail account, as shown: Installing and Configuring ENIGMAIL:  In the next step you need to install an Add-on in Thunderbird, called  ENIGMAIL . You can search and install add-on using...