The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

WikiLeaks' release of secret government communications should serve as a warning to the nation's biggest companies: You're next. Computer experts have warned for years about the threat posed by disgruntled insiders and poorly crafted security policies that give too much access to confidential data. WikiLeaks' release of U.S. diplomatic documents shows that the group can—and likely will—use the same methods to reveal the secrets of powerful corporations. As WikiLeaks claims it has incriminating documents from a major U.S. bank, possibly Bank of America, there's new urgency to address information security inside corporations. This situation also highlights the limitations of security measures when confronted with a determined insider. At risk are companies' innermost secrets—emails, documents, databases, and internal websites thought to be locked from the outside world. Companies create records of every decision they make, whether it's rolling out new produ...

In a major embarrassment, the website of India's premier investigating agency, the Central Bureau of Investigation (CBI), was hacked tonight by a group identifying themselves as the "Pakistani Cyber Army." The CBI homepage displayed a message from the Pakistani Cyber Army, warning the Indian Cyber Army not to attack their websites. The hackers have exposed a significant vulnerability in India's cybersecurity by infiltrating one of the most secure websites. The CBI is linked to the command center of the world police organization, Interpol, 24/7. The hackers' message also criticized the National Informatics Centre (NIC), responsible for managing computer servers across India, and their filtering controls. Intelligence agencies have repeatedly warned the government that proper cybersecurity measures are lacking in government offices, and that no security audits are being conducted. The Pakistani Cyber Army further threatened to conduct "mass defacement"...

You can get a ZeuS infection through a drive-by download from a malicious website or a hacked legitimate site. Clicking a link in an innocent-looking email can also open your system to attack. This past week, there was a surge of fake LinkedIn connection requests linked to ZeuS. While savvy users avoid clicking links from strangers, even links from friends can be dangerous, as a virus might have infected their system. But being cautious isn't enough. You might think a Trojan or virus attack affects only your computer, but this is far from the truth. The threat known as ZeuS or ZBot is a tool used by an international cybercrime ring with a single goal: to steal your money. While several criminals were charged recently, many remain free, and the malicious code continues to spread. To protect against all potential infection sources, you must install a security suite on any internet-connected computer. Because cybercriminals frequently release new ZeuS variants, you need a suite with...

When you see a post on a Facebook friend's wall that seems out of character, don't be too quick to click. Posts labeled "Pictures of girls in bikinis" or "All boys can stare at it but girls cannot" might be clickjacking attacks. These attacks typically don't carry malicious payloads, but they can certainly annoy any friends who fall for them. Here's how to avoid that scenario. Usually, the post itself uses a short, provocative phrase to spark your curiosity. If you fall for the attack currently making the rounds, you'll see a warning that the content might be inappropriate and a request to confirm that you're 18 or older. Once you click the button to confirm your age, you'll encounter another embedded dialog box. This one claims a need to verify that you're human, supposedly to avoid spam bots that are "putting an extra load on our servers." The box requests that you click numbered buttons in a specific order. Clicking th...

According to a report from Sky News, the Stuxnet worm has already been traded on the black market. The report does not specify whether this refers to the source code or binary samples. British security specialists now fear that terrorists could use the worm to attack critical infrastructure. The report quotes an IT security consultant to the UK government as saying, "You could shut down power stations, you could shut down the transport network across the United Kingdom." There is hard evidence that Stuxnet is in the hands of highly motivated, well-trained, and well-financed criminals. Sky News' source declined to provide more precise information. Audun Lødemel, VP of Marketing and Business Development at German IT service provider Norman, believes that "It was just a matter of time before the Stuxnet code was made available for anyone, with even the most basic knowledge of coding, to alter and potentially wreak havoc on the UK infrastructure. This is serious stuff,...

Two former University of Central Missouri students have been charged with hacking university databases, stealing confidential information, and attempting to sell it for profit. Joseph Camp and Daniel Fowler were indicted by a federal grand jury. They allegedly created a computer virus and spread it through email attachments and USB flash drives. They breached the personal data of about 90,000 UCM students, faculty, staff, and alumni. Camp and Fowler then tried to sell the information for $35,000. The seven-count indictment also charges them with attempting to steal university funds and using Facebook accounts to threaten potential witnesses. The charges could result in prison sentences of between two and ten years. According to a Computerworld report, "The duo used Fowler's room as their base and, over a three-month period between October and December 2009, broke into numerous university databases and computers, including one belonging to a university administrator." ...

A hacker who infected over 2,300 computers with a virus capable of stealing banking details did not have serious criminal intentions, a court has heard. Today, lawyers for Anthony Scott Harrison argued that his "youthful curiosity" led him to hack into other people's computers to steal money. Harrison's lawyer, John Edwards, explained, "Using the Google search engine, he learned all he could about hacking." "He did not start hacking with serious criminal intentions. Because he was unemployed, he then used his hacking skills to provide money," Edwards continued. "Underlying his initial attraction to hacking was not theft or greed, but youthful curiosity." Harrison, 21, of Blackforest, pleaded guilty to one count of modifying computer data to cause harm or inconvenience, two counts of possession or control of data to commit serious computer offenses, and one count of dishonestly manipulating a machine. The court heard that State and Fed...

An Adelaide hacker infected over 2,000 computers in Australia and overseas with a program designed to capture banking details, a court has heard. Anthony Scott Harrison, 20, learned hacking and programming skills online and launched his attack in 2009. He was caught when suspicious web activity was detected and tracked by federal police. Harrison also modified and sold software, allowing others to infect computers. His actions stemmed from his obsession with the world of cyber fantasy. Harrison pleaded guilty to seven charges, including four counts of modifying computer data to cause harm. Defense counsel John Edwards told the South Australian District Court that from the age of 14, Harrison had become obsessed with online computer games and was "immersed in the world of cyber fantasy." At one point, he played online for up to 15 hours a day, often using a simulated hacking game called Slave Hack. Mr. Edwards explained that Harrison became quite skilled at computer program...

WikiLeaks faced another distributed denial of service (DDoS) attack on Tuesday morning, as reported by Fast Company. This attack was more intense than the one on Sunday, but it still didn't come close to shutting down the site. A computer hacker known as "The Jester" shocked officials by claiming responsibility for the cyber attack that disabled the WikiLeaks website on Sunday morning. This incident occurred just before WikiLeaks released hundreds of thousands of classified U.S. embassy cables to the public. The Jester, an ex-soldier, justified his hacking by accusing the website of “attempting to endanger the lives of our troops, 'other assets,' and foreign relations.” The self-proclaimed "hacktivist for good" turned to the web to combat terrorism and organizations that seem to support Islamic extremism after his military service. Cybersecurity expert Mikko Hypponen of F-Secure told CNN he believed The Jester was indeed behind the attack. WikiLeaks ...

A hacker who posed as a university graduate to access the emails of hundreds of students has been given a suspended prison sentence and ordered to pay more than £20,000 in costs and compensation. Daniel Woo, a 23-year-old Bulgarian national, was sentenced for offenses under the Misuse of Computers Act on November 25. Woo was arrested in November 2006 at the University of London's School of Oriental and African Studies after IT staff noticed anomalies in the computer network's operation. He used various hacking techniques to break into students' accounts by obtaining their passwords. Woo then installed software called 'Cain and Able' on several machines, which allowed him to collect additional student passwords and monitor traffic on the university's computer network. It was later confirmed that fraud had occurred on several compromised payment accounts. Additionally, Woo has been banned from entering any university, college, or place of higher education witho...

6 Indian websites Hacked By PAK COBRA'S Websites : http://theindianstylist.com/ http://nsskunnathoor.org/ http://luvkid.co.in/index.php http://cryptel.co.in/ http://adjacen.com/ http://actsinfo.biz/

Social networking sites and search engines are expected to face increased cybercriminal activity this holiday season. However, the FBI is also warning consumers about two other significant threats: “smishing” and “vishing” scams. Both smishing and vishing are forms of phishing. Smishing involves using SMS texts to initiate scams, while vishing uses automated phone calls. These scams have been reported since at least 2006. The FBI's Internet Crime Complaint Center (IC3) recently issued an advisory warning that these scams will be prevalent during the holiday season. In these attacks, users receive a text message or automated phone call stating there is a problem with their bank account. They are then given a phone number to call or a website to log onto to provide account credentials to resolve the issue. “While most cyberscams target your computer, smishing and vishing scams target your mobile phone, and they're becoming a growing threat as more American...