The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Sabpab - Another Mac os Backdoor Trojan Discovered Security firm Sophos has discovered more malware for the Mac OS X platform called Sabpab . It uses the same Java vulnerability as Flashback to install itself as a "drive-by download." Users of older versions of Java now have still more malware to worry about. It also doesn't require any user interaction to infect a system either just like Flashback all that needs to happen is for you to visit an infected webpage. Sabpab, according to Sophos, installs a backdoor that allows the hackers to capture screen snapshots, upload or download files and execute commands on infected Macs remotely. The Trojan creates the files /Users/ /Library/Preferences/com.apple.PubSabAgent.pfile /Users/ /Library/LaunchAgents/com.apple.PubSabAGent.plist Encrypted logs are sent back to the control server, so the hackers can monitor activity. Although one variant of Flashback installed a file in the LaunchAgents folder, not all tools for detectin...

Stuxnet was planted by Iranian double agent using memory stick The Stuxnet computer worm used to sabotage Iran's nuclear program was planted by a double agent working for Israel. The agent used a booby-trapped memory stick to infect machines deep inside the Natanz nuclear facility, according to a report published  on Wednesday. The worm is believed to have been placed on a specially crafted USB memory stick and handed over to a Natanz worker who, by all accounts, was an Iranian national belonging to a dissident group named Mujahideen-e Khalq (MEK). "The MEK has been listed as a 'foreign terrorist organization' since 1997 because of deadly attacks on Americans abroad, but members of the group have been trained at a secret site in Nevada. U.S. officials consider them 'the assassination arm of Israel's Mossad intelligence service' as they have been connected to the killing of five Iranian nuclear scientists since 2007. The incident with Stuxnet is not the fir...

FBI track Anonymous hacker using his girlfriend's boobs The FBI swooped on Higinio O Ochoa III after he posted the snap, which included a gloating message to his online victims.He took the picture on his iPhone and posted it on Twitter without realising it contained GPS data pointing directly to his house. Researching the username "w0rmer", investigators also found a reference online which included Ochoa's full name. Ochoa, is an alleged member of CabinCr3w, an offshoot of the hacktivist collective Anonymous. A criminal complaint filed in connection with the case reveals that pictures of a amply proportioned young woman taken in an outer-Melbourne suburb played a key role in the case. The snap posted by 30-year-old Ochoa shows a girl in a bikini top from the neck down, with a printed message pinned to her skirt reading: " PwNd by w0rmer & CabinCr3w " This GPS location allowed local police to easily track down the presumed residence of the woman pictured in the photo, ...

Python supply chain attacks are surging in 2025. Join our webinar to learn how to secure your code, dependencies, and runtime with modern tools and strategies.

[ Call for Articles ] The Hacker News Magazine - Hacktivism Special Edition - May 2012 A big shout out to all you cowboys and cowgirls who want to stir up some thoughtful reading and discussions by submitting to The Hacker News Magazine articles regarding Hacktivism . As you know, Hacktivism is the use of computers and computer networks as a means of protest to promote political ends. Given that, we'd love to have your articles to print in our May 2012 magazine . So, get to writing and wrangling.. CYBER WARFARE [ Download Here ] -  Last Month (April) The Hacker News turns over every leaf of the newest way world citizens are fighting wars and using their keyboards to destroy planet earth.  Join us as we explore this new frontier and let us know how you feel and what you have learned! If you enjoy our monthly publication, please spread the word! By sharing our free magazine with your family, friends, co-workers and other security experts, you're helping t...

Botnets, DDoS attacks as weapon against financial sector DDOS attacks against the financial sector almost tripled during the first quarter of this year, according to DDoS mitigation specialist Prolexic. The firm also reported a 3,000 per cent quarter-on-quarter increase in malicious packet traffic targeted at the financial services sector, compared with the final quarter of 2011. China leads the way as the country from where DDoS attacks originate, followed by the U.S., Russia, then India. Prolexic says " more than 10 of the worlds largest banks due to market capitalization ," and " an almost threefold increase in the number of attacks against its financial services ". A distributed denial-of-service attack is one in which several compromised systems attack a single target, causing denial of service for legitimate users. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service. The average attack bandwidth...

Ransomware replaces Windows MBR and asking users for Money Security researchers from TrendMicro, F-Secure and Dr. Web have intercepted two new ransomware variants currently circulating in the wild. This new ransomware variant prevents infected computers from loading Windows by replacing their master boot record (MBR) and displays a message asking users for money. Cris Pantanilla, a threat response engineer at Trend Micro said, " Based on our analysis, this malware copies the original MBR and overwrites it with its own malicious code ," " Right after performing this routine, it automatically restarts the system for the infection take effect ." The MBR is a piece of code that resides in the first sectors of the hard drive and starts the boot loader. The boot loader then loads the OS. Instead of starting the Windows boot loader, the rogue MBR installed by the new ransomware displays a message that asks users to deposit a sum of money into a particular account via...

This month Microsoft released a total of six new security bulletins, but one in particular deals with a zero-day vulnerability impacting virtually every Microsoft user, which is already being exploited in the wild. Four of the six security bulletins are rated as Critical by Microsoft, with the remaining two ranked as Important. The Critical security bulletins include a fix for Windows and the .NET framework, as well as the perennial favorite the cumulative update for Internet Explorer. The biggest deal, though, is MS12-027, which addresses a critical flaw in Windows Common Controls. One of the fixes is gaining the most attention though, even from Microsoft. " We list MS12-027 as our highest priority security update to deploy this month because we are aware of very limited, targeted attacks taking advantage of the CVE-2012-0158 vulnerability using specially crafted Office documents as an exploit vector ," said the firm in an apparently hastily written blog post. ...

Two from Team Poison arrested in MI6 hotline phone hack Police in the UK have arrested two teens as part of an investigation into illegal recordings of conversations on Scotland Yard’s anti-terror hotline, which were later posted on Youtube . Two teenage boys aged 16 and 17 years have been arrested in the West Midlands in connection with an investigation into reports that hackers accessed Scotland Yard's anti-terror hotline. The hackers claimed to have carried out the cyber-attack in response to the alleged detention of innocent people on terrorism charges and the recent ruling to deport a number of terror suspects to the United States.  In the recording of the conversation, two people are heard discussing an earlier alleged attack in which a group calling themselves TeamPoison ( TeaMp0isoN ) apparently jammed the hotline by bombarding it with calls from computers . " We are confident the communication systems have not been breached and remain, as they always have been, s...

Samba remote code execution vulnerability, Patch Released ! Samba is an award-winning free software file, print and authentication server suite for Windows clients. The project was begun by Australian Andrew Tridgell. There is a serious remotely exploitable vulnerability in the Samba open-source software that could enable an attacker to gain root privileges without any authentication. The bug is in all versions of Samba from 3.0.x to 3.6.3, but has been fixed in Samba 3.6.4, which is the current stable release. The vulnerability was discovered by security researcher Brian Gorenc and an unnamed colleague, working for the Zero Day Initiative. The flaw, which is located in the code generator for Samba's remote procedure call (RPC) interface, makes it possible for clients on the network to force the Samba server to execute arbitrary code. Three new security releases (Samba 3.4.16, Samba 3.5.14, Samba 3.6.4) for currently supported versions have been issued over at samba.org/samb...

Legacy Native Malware in Angry Birds Space to pwn your Android A new malware threatens phones and tablets running Google's OS by hiding inside a copy of the popular game. Researchers at the mobile security firm Lookout identified the reworked malware as Legacy Native (LeNa), which poses as a legitimate app to gain unauthorized privileges on Android phones.  Under the appearance of a legitimate application, LeNa tricked users into allowing it access to information. " By employing an exploit, this new variant of LeNa does not depend on user interaction to gain root access to a device. This extends its impact to users of devices not patched against this vulnerability (versions prior to 2.3.4 that do not otherwise have a back-ported patch), " Lookout said in a blog post. In March, another Trojan appeared pretending to be legitimate Chinese game, The Roar of the Pharaoh . The malicious app appeared on the Google Play store, stealing users' data and money by sending S...

Phone based denial-of-service (DoS) attack on MI6 Anti-terrorism Agency The Hacking group, ' TeaMp0isoN ' said they targeted counter-terrorism officers at MI6 with a barrage of phone calls for a period of 24 hours, which meant nobody else could get through. By using a cleverly developed script, the hackers were able to make calls to the agency's offices for 24 hours non-stop, basically launching a phone-based denial-of-service (DOS) attack. " The script is based on the Asterisk software and uses a SIP protocol to phone ," TriCk told us. " Everytime they picked up the phone the server would play a robot voice which said 'teamp0ison' ." It said the attacks were motivated by the recent decision at the European Court of Human Rights that said Babar Ahmad, Adel Abdel and other suspected terrorists could be extradited to the United States, Huffingtonpost Reported . Trick also released what he claimed was the audio of the moment called the number and spoke to MI6 officers perso...

Extreme GPU Bruteforcer - Crack passwords with 450 Million passwords/Sec Speed Extreme GPU Bruteforcer , developed by InsidePro is a program meant for the recovery of passwords from hashes of different types, utilizing the power of GPU which enables reaching truly extreme attack speed of approx 450 Millions passwords/Second . The software supports hashes of the following types: MySQL, DES, MD4, MD5, MD5(Unix), MD5(phpBB3), MD5(Wordpress), NTLM, Domain Cached Credentials, SHA-1, SHA-256, SHA-384, SHA-512 and many others. The software implements several unique attacks, including mask and hybrid dictionary attacks, which allow recovering even the strongest passwords incredibly fast. Utilizing the power of multiple graphics cards running simultaneously (supports up to 32 GPU), the software allows reaching incredible search speeds of billions of passwords per second! Type hashes average speed (Using NVIDIA GTS250): MD5 420 000 000 n / a MySQL 1.08 billion n / a MD4 605 000 000 n / ...