The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Researcher Charlie Miller kicked out from iOS dev program for Exploiting iOS security flaw A major security flaw in Apple's iOS operating system that could allow hackers to remotely gain unauthorized access to an iPhone, iPod touch or iPad has been uncovered by a security expert "Charlie Miller ". Charlie Miller gets a kick of out defeating Apple's security mechanisms, using his hacking skills to break into Macbooks and iPhones. Now, Apple has kicked the security researcher out of its iOS developer program after word got out that he built a proof-of-concept iPhone app to showcase a bypass of the code signing mechanism. Hours before, a YouTube video that Miller released went viral. In it, he demonstrated how he hijacked an iPhone to run malicious code after installing his Instastock app, which was admitted into the App Store in September. According to the report, Miller plans to reveal the issue in a presentation at the SysCan security conference in Taiwan next week. As...

The Hacker News arrived on Google+ Pages Google has finally added Google+ Pages feature in their social network which allow brands, products, companies, businesses, places, groups, and everyone else to establish a presence on the service. We've gone ahead and set up our very own ' The Hacker News ' Google+ page for all of our Readers . How you can help us to Grow Us ? Use " Share This Page " button available below the profile picture to share THN page with your friends and Family.  Add THN in your Circle Now  ! Find Us on: Twitter Facebook Page

International Foreign Government  E-Mails Hacked by TeaMp0isoN TeaMp0isoN group of hackers claim to hack more than 150 Email Id's of International Foreign Governments. They Release the Email List with Password on Pastebin note . Hex000101 Hacker, A member of TeaMp0isoN team got these Login credentials from various Government sites after hacking their databases such as armynet.mod.uk and website of Parliament of Australia (aph.gov.au) .

China is the birth place for most of malicious Android apps Mobile malware is rising, and there have been explosions in the world of viruses and Trojans. Virus makers are now targeting mobile platforms- thanks to their growing popularity. If we take the statistics from last 6 months, the chances of Android smart phones to be infected have doubled. A new report by TrendMicro says that " China is the birth place for most of malicious Android applications " . Even Android OS is also becoming more and more popular in China. This growth of Android users in China, however, seems to do little for the rocky relationship between Google and the Chinese government. It has been reported that access to the Google Android Market has been intermittent since 2009. According to a Report by TrendMicro, The inconvenience in accessing the Android Market, one not experienced by users from other countries, can be considered a big factor in the Chinese users' preference in terms of where to dow...

Brazil ISP servers under Massive DNS poisoning attacks Kaspersky Lab expert Fabio Assolini Report that A massive DNS cache poisoning attack attempting to infect users trying to access popular websites is currently under way in Brazil. Several large ISPs in the highly connected country have been affected by the attack, and police have made at least one arrest in connection with the operation. Attackers have been able to poison the DNS cache records for several major Web sites at some large ISPs. Last week Brazil's web forums were alive with desperate cries for help from users who faced malicious redirections when trying to access websites such as YouTube, Gmail and Hotmail, as well as local market leaders including Uol, Terra and Globo. In all cases, users were asked to run a malicious file as soon as the website opened. It asks the customer to download and install the so-called " Google Defence " software required to use the search engine. In reality, though, this ...

Sqlninja 0.2.6 is now available Sqlninja's goal is to exploit SQL injection vulnerabilities on web applications that use Microsoft SQL Server as back end. It is released under the GPLv3.There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on getting an interactive shell on the remote DB server and using it as a foothold in the target network.  Here's what it does: Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode) Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental) Privilege escalation to sysadmin group if 'sa' password has been found Creation of a custom xp_cmdshell if the original one has been removed Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed) TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port th...

Anonymous attack on Israeli government  & security services websites Several Israeli government websites crashed on Sunday in what appeared to be a cyber-attack by Anonymous hackers. The websites of the IDF, Mossad and the Shin Bet security services were among the sites that went down, as well as several government portals and ministries.The Israeli army and intelligence agencies' websites were offline. In a video that was uploaded to YouTube, Anonymous warns that if the siege on Gaza is maintained, it will have no choice but to go on the attack.. " Your actions are illegal, against democracy, human rights, international, and maritime laws ," the statement addressed to the government of Israel and posted on Youtube and Anonymous-affiliated sites said. " Justifying war, murder, illegal interception, and pirate-like activities under an illegal cover of defense will not go unnoticed by us or the people of the world. " " If you continue blocking human...

DUQU – Another Stuxnet in the Making ? Article by :   Nidhi Rastogi is a Cyber security professional based in New York. Article shared from THE HACKER NEWS magazine - November Edition. You can download Complete Magazine here . Barely a year into discovering Stuxnet, the world recently saw its powerful variant in the form of Duqu. It is believed that a Hungarian blogger was the first to have a tryst with the virus in early September at an ISP hosting service. Why it is important: Duqu has gained a lot of attention because of striking similarities with its famous predecessor, Stuxnet. Several Security researchers have concluded that 99 percent of Duqu software rules are same as Stuxnet including source code and keys for encryption. There is reasonable evidence by now that the damage caused by Stuxnet was real. Hence, Duqu is of concern to every security professional at the moment. How it functions: Duqu camouflages its own data behind normal web traffic to avoid suspicion fr...

Insider Threats vs Hackers - by Emmett Jorgensen Emmett Jorgensen has worked in IT and Infosec for over 10 years. He works for Kanguru Solutions (www.kanguru.com), a manufacturer of secure portable storage solutions. Article taken from 'The Hacker News' Magazine - October Edition. You can Download it from Here . News about cyber security, Anonymous, and Lulzsec are constantly making headlines these days, as well they should. It seems that Anonymous is hacking into confidential information on an almost weekly basis. Yet, despite this talk of external risks, the real threat to businesses often comes from within, in the form of insider threats. Although the intent of a hacker is generally more insidious, the insider threat is more prevalent simply due to an employee's access to company data. Insiders often have access to sensitive data without having to circumvent security measures designed to keep out external threats. But which is really a bigger threat to your orga...

VanishCrypt – Virtual Encryption Tool by SecurityLabs SecurityLabs Experts from India release a new Virtual Encryption Tool called " VanishCrypt ". A Freeware Utility to Secure Your Data. It creates a virtual disk that contains your secret files. Data is protected with a Encrypted Password. The files are completely inaccessible without the correct password. Stored files are encrypted with strong CryptoAPI. Additional Features: It have "Advanced Mode" with you can create a real virtual drive accessible in Explorer that contains your files stored in the vdisk image. It uses Win32 API for I/O operations for a great speed improvements Video Demonstration: Download VanishCrypt [ Source ]

Duqu malware was created to spy on Iran's nuclear program A Report by Kaspersky Lab Expert, Ryan Naraine says that the DUQU malware was created to spy on Iran's nuclear program. IrCERT (Iran's Computer Emergency Response Team) Duqu is an upgraded version of "Stars".  Back in April this year, The Iranian government says it is being targeted by a new piece of malware aimed at its federal computers. Also its confirm that some of the targets of Duqu were hit on April 21, using the same method involving CVE-2011-3402, a kernel level exploit in win32k.sys via embedded True Type Font (TTF) file. In both cases a malware similar to Stuxnet found in systems and stealing information. Do you think these relate to each other ? If we are to believe these reports, then it means that Duqu was created in order to spy on Iran's nuclear program. Another interesting part of information is that more than 10 nations have supplied intelligence suggesting Iran ...

Hacker selling compromised websites gets hacked by d33ds A hacking group called d33ds broke into the online shop of a rival hacker who sells unauthorized access to high-profile websites and data. A hacker calling himself Srblche , also offered information stolen from websites belonging to the U.S. Army, the U.S. Department of Defense, the South Carolina National Guard and other institution. Srblche is believed to be Kuwaiti. d33ds  target  Srblche,  " Anyone willing to pay for this service must be as stupid as he is, " d33ds wrote in its announcement of Srblche's online catalogue being hacked. D33ds is the same group that hacked RankMyHack.com . RankMyHack is a website that awards points for Web compromises depending on how big or important the target was. Hackers compete for a higher position on the leaderboard. [ Source ]