The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Apple has discontinued its own Java plugin, issuing an 'update' that removes it from MacOS and encourages users to instead download Oracle's version of the software. Its another step by Apple towards making OS X safer on the web. Mac users may have noticed that Java-based websites are displaying a " Missing Plug-in " notification. The Apple Support page states that this update is for OS X 10.7 and later. Apart from stripping browsers of the Java plug-in, it also removes the Java Preferences application, since it is no longer required for applet setting configuration. Just to be clear, the update does not remove Java from your system if its installed, just the Java plugin from your web browsers. In August, Java was blasted as an unsafe plug-in that should only be used when absolutely necessary after a zero-day exploit was discovered, rolled into the user-friendly Blackhole exploit kit and used for nearly a week before Oracle issued a patch. That patch, however,...

The Internet has created many new global business opportunities for enterprises conducting online commerce. However, the many security risks associated with conducting e-commerce have resulted in security becoming a major factor for online success or failure. Whether you are an individual or a company, you should approach online security in the same way that you would approach physical security for your home or business. Not only does it make you feel safer but it also protects people who visit your home, place of business, or website. It is important to understand the potential risks and then make sure you are fully protected against them. In the fast-paced world of technology, it is not always easy to stay abreast of the latest advancements. For this reason it is wise to partner with a reputable Internet security company. Here we have a very cool guide from  Symantec , This guide will de-mystify the technology involved and give you the information you need to ...

Eugene Kaspersky is working with his engineers at Russian security firm Kaspersky Lab to create a secure-by-design OS for ICS. In an interview Kaspersky said " It's true no one else ever tried to make a secure operating system. This may sound weird because of the many efforts Microsoft, Apple and the open source community have made to make their platforms as secure as possible. With all respect, we should admit they were developing a universal solution for a wide range of application and various kinds of users. And security and usability is always a matter of compromise! With a universal OS a developer inevitably sacrifices security for usability ." Companies that maintain ICS are forced to try to patch them on the fly in the event of a malware attack, a process usually easier said than done. Instead, Kaspersky suggests that the solution lies in a secure operating system, one in which ICS can be installed. Such an OS could help ensure that industrial systems stay healthy ...

Yesterday I have reported about a huge mysterious hack in wordpress servers, that cause compromise of 15000 wordpress account and hacker managed to post same spam article of " Money making sites " with title - " Im getting paid! " on each blog. We explained how hacker was earning in thousands of dollars by just sharing his Referral link on all these hacked sites. The campaign include some malicious domains where hacker is redirecting all readers and service from a well known email marketing company - Getresponse . Using the same dork -- site:wordpress.com "Im getting paid!" , today we tried to find out number of hacked accounts and once again another shocking number - its 59300 blogs in compromised list on 2nd day of hacking campaign. So many blogs have been compromised without any known method and wordpress team still not in action. As mentioned in last article, yesterday I tried to contact with Getresponse response team whose ...

Official Twitter account of Rock band ' Garbage ' has been compromised and hacker is posting Spam tweets and links using adf.ly, which is a url shortener service that pays on clicks. Hacked twitter account hack around 55,563 Followers. Hacker can post malicious links also, but in this case we can see that purpose is not to infect other, instead hacker want to make some money by spreading links. Even he has mention this in a tweet, " All you people saying I'm dumb. I've made over 19 dollars by spamming ad.fly links. I hack twitters and spam them great money ," How hacker got access to twitter account is not yet clear, may be phishing, social engineering or can be a  password guess, but once readers should learn the importance of strong password. Yesterday we have posted another Exclusive report that, how 15000 wordpress blogs hacked and hacker is making money from referral system by posting spam articles on each...

Hacker group Anonymous may have tracked down the sex-obsessed cyberbully who drove a 15-year-old girl to kill herself last week. Today Anonymous posted a video on YouTube naming a 32-year-old man from British Columbia, as the person responsible for the October 10th suicide of 15-year-old Amanda Todd. Anonymous has started #OpRIP to hunt down those who bullied Todd. " This is the pedophile that social engineered Amanda Todd into supplying him nude pictures ," Anonymous said in a Pastebin post before identifying a 30-year-old man living in New Westminster, B.C. Todd committed suicide after years of online abuse by a man who blackmailed her, posted her topless photo online and sent it to her peers. In Todd's video, on handwritten note cards, she detailed the story of a man she said threatened to send photos of her breasts to friends and relatives unless she put on a sexual show for him. She apparently refused and he later made good on that promise, polic...

Kosova Hacker's Security group today release very sensitive server info of " The National Weather Service ", which was gathered due to a " Local file inclusion " Vulnerability in weather.gov . By definition, Local File Inclusion (also known as LFI) is the process of including files on a server through the web browser. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injected. Hackers publish complete data in a pastebin file uploaded today, but the hack was performed two day back and in meantime, server administrator fix the vulnerability. We just talk with the hacking crew to know the reason of hack and data exposure, one of them explain that they are against US policies, who are targeting muslim countries. " They hack our nuclear plants using STUXNET and FLAME like malwares , they are bombing us 24*7, we can't sit silent - hack to payback them " ...

Wordpress Security Team is sending out warning messages to thousands of wordpress users that their account has been compromised recently. Warning message include " We recently detected suspicious activity on your WordPress.com account. To protect your identity and keep your site safe, we've reset your password. " Message continue " To reset your password and get access to your account and blog, please visit WordPress.com. Click on "Forgot password?" in the Login toolbar to get started. It is very important that your password be unique because using the same password across different web applications increases the risk of your account being hacked. " Note: Wordpress officially has not announce yet any security breach news on their website, but these warning mails are silently received by compromised account holders. Method of hack is still not confirmed. But hacking 15000 blogs from wordpress server and posting same article on all sites most ...

Italian security Researchers Luigi Auriemma and Donato Ferrante from ' ReVuln ' reported the flaw in Steam Browser Protocol. Stream the popular online distribution platform with 54 million users. The flaw allow the attacker to write arbitrary text to file and direct victims to external payloads and even the computer can take over. The popular gaming platform uses the steam:// URL protocol in order to run, install and uninstall games, backup files, connect to servers and reach various sections dedicated to customers. It is possible to Safari, Maxthon and Firefox and other browsers based on the Mozilla engine, this quietly Steam URLs to invoke. In report they said that browsers including Firefox and software clients including RealPlayer would execute the external URL handler without warnings and were "a perfect vector to perform silent Steam browser protocol calls". The researchers demonstrated how users on the massive Source game engine, which hosts games...

Gary McKinnon has had his extradition blocked by the UK government. He has finally won his 10-year fight against extradition after Home Secretary Theresa May today halted proceedings on human rights grounds. The Home Secretary said medical reports warning the computer hacker would kill himself if sent to the US were sufficient grounds to bring the decade-long battle to an end. It is 10 years since he was first arrested, and his case has come to symbolise a purported imbalance in the extradition arrangements between the UK and the US. McKinnon was accused by US prosecutors of " the biggest military computer hack of all time ", but he claims he was simply looking for evidence of UFOs.  According to a report, Mr Burrowes increased the pressure on the Prime Minister last night by telling friends he will resign as a member of the Government if Mr McKinnon, who has Asperger's syndrome, is deported. There was no doubt McKinnon is seriously ill and the extradition warra...

Over 2011-2012 we've seen an increase in distributed denial-of-service (DDoS) attacks and other web attacks on SME's websites. Incapsula is one of the companies whose service is useful to protect your website from all threats and mitigate DDoS attacks which affect your websites, servers, databases, and other essential infrastructure. Incapsula is a cloud-based website security and performance service, including a PCI-certified cloud web application firewall and a content delivery network (CDN) for small and medium-sized businesses. We at ' The Hacker News ' got the chance to review the service using an Enterprise plan account. Really it takes I think 1-2 minutes to join the service and add this extra layer of virtual shield around your Website. You have to make a simple DNS settings change in your domain panel. Your site traffic is then routed through Incapsula's global network of high-powered servers. Incoming traffic is analyzed and a security layer is a...

The new zero day exploit has been discovered and being exploited in the wild. This can be used to load malicious application on victim machines running fully patched Windows XP SP3 along with the latest editions of the IE 7 and IE 8 browser and Adobe's Flash software. Eric Romang  was  examining one of the servers used to launch attacks on vulnerable Java installations in past, and he says that he has found a new zero day exploit for Microsoft's Internet Explorer web browser. He said, " I can confirm, the zero-day season is really not over yet ." AlienVault Labs researcher Jaime Blasco reported that, " the gang behind the Java attacks in August and September may be moving on: with domains used in that attack located at new IP addresses and serving up the new and more potent attacks ." As shown in above image example, the file exploit.html creates the initial vector to exploit the vulnerability and loads the flash file Moh2010.swf, which ...