The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Saudi Arabia and Israel's Mossad intelligence division are reportedly collaborating to develop a computer worm more destructive than the Stuxnet malware to spy on and destroy the software structure of Iran's nuclear program. The Iranian Fars news agency has reported : " Saudi spy chief Prince Bandar bin Sultan bin Abdulaziz Al Saud and director of Israel's Mossad intelligence agency Tamir Bardo sent their representatives to a meeting in Vienna on November 24 to increase the two sides' cooperation in intelligence and sabotage operations against Iran's nuclear program. "  " One of the proposals raised in the meeting was the production of a malware worse than the Stuxnet to spy on and destroy the software structure of Iran's nuclear program ," But Why ? The report claims that Saudi Arabia and Israel were not particularly happy with the deal between between Iran and the Group 5+1 (the US, Russia, China, France and Britain plus Germany) and Israel has dubbed the deal as " historic m...

Sheep Marketplace , one of the leading anonymous websites, after Silk Road 's closure by U.S. Prosecutors, allegedly selling drugs, has gone offline claiming it was robbed of $6 million worth of Bitcoins . Like Silk Road , Sheep Marketplace was a Deep Web site accessible via the Tor network and quickly grew into a replacement of other popular underground Bazaars. Weeks ago, the Administrator of the Sheep Marketplace announced that withdrawals  from online Wallet would be closed for a few hours as a new feature was being implemented, however deposits were still allowed. Recently, The market's administration left a short message for users, which reads: We are sorry to say, but we were robbed on Saturday 11/21/2013 by vendor EBOOK101. This vendor found a bug in the system and stole 5400 BTC – your money, our provisions, all was stolen. We were trying to resolve this problem, but we were not successful. We are sorry for your problems and inconvenience, all of the current BTC w...

In September, Google added the remote Device locking Capability to its Android Device Manager , allowing users to lock their phone if it's stolen or lost. The mechanism allows user to override the existing device lock scheme and set password scheme for better security. But Recently, Curesec Research Team  from Germany has discovered an interesting vulnerability ( CVE-2013-6271 ) in   Android 4.3 that allows a rogue app to remove all existing device locks activated by a user. ' The bug exists on the "com.android.settings.ChooseLockGeneric class". This class is used to allow the user to modify the type of lock mechanism the device should have. ' CRT team says in a blog post Android OS has several device lock mechanisms like PIN, Password, Gesture and even faces recognition to lock and unlock a device. For modification in password settings, the device asks the user for confirmation of the previous lock. But if some malicious application is installed on the...

In October, A Security researcher ' Craig Heffner ' discovered a backdoor vulnerability ( CVE-2013-6027 ) with certain D-Link routers that allow cyber criminals to alter a router setting without a username or password. Last week, D-Link has released new version of Firmware for various vulnerable router models, that patches the unauthorized administrator access backdoor. Heffner  found that the web interface for some D-Link routers could be accessed if the browser's user agent string is set to xmlset_roodkcableoj28840ybtide . From last month, D-Link was working with Heffner and other security researchers, to find out more about the backdoor and now the Company has released the updates for the following models: DIR-100 DIR-120 DI-524 DI-524UP DI-604UP DI-604+ DI-624S TM-G5240 The company advised users to do not enable the Remote Management feature, since this will allow malicious users to use this exploit from the internet and also warned t...

The increasing public attention of Bitcoin did not go unnoticed by Cyber Criminals who have begun unleashing Bitcoin Mining malware. Security researchers at Malwarebytes warned about a new malware threat, in which Bitcoin Miners are bundled with third party potentially unwanted programs (PUPs) that come bundled with legitimate applications. Malware allow cybercriminals to utilize systems' computing resources for their own gain. " This type of system hijacking is just another way for advertising based software to exploit a user into getting even more cash. " The malware is found to be using ' jhProtominer ' a popular mining software that runs via the command line, to abuse the CPUs and GPUs of infected computers to generate Bitcoins. Upon further investigation Malwarebytes found that the parent of the Bitcoin miner was " monitor.exe ", a part of YourFreeProxy application, which " beacons out constantly, waiting for commands from a remote server, eventually downlo...

Today Vodafone Iceland was hacked by the Turkish group of hackers Maxn3y (@AgentCoOfficial) who in the past has stolen data from airports' systems, electronic giants and fast food company. The hackers announced via Twitter  that he has successfully compromised Vodafone Iceland server and defaced the official website ( Vodafone . is ), including various other sub-domains including the company mobile site. The hackers disclosed a compressed 61.7MB rar file which is locked with password TURKISH and that contains a collection of files including one titled users.sql that appears to contain the 77,000 user accounts.  The file includes user names, social security numbers, encrypted passwords as many other encrypted information. The portal CyberWarNews posted the list of files disclosed and provided information on their content. Following the complete list of files leaked: v2.sql Multimedia database, nothing critical, 400K of user tracking and logging with user agents, refers ...

Google's Nexus Smartphones are vulnerable to SMS-based DOS attack , where an attacker can force it to restart, freeze, or lose network connection by sending a large number of special SMS messages to them. The vulnerability, discovered by Bogdan Alecu , a system administrator at Dutch IT services company Levi9, and affects all Android 4.x firmware versions on Google Galaxy Nexus, Nexus 4 and Nexus 5. The problem is with how the phones handle a special type of text message, known as a flash SMS. By sending around 30 Flash SMS ( Flash SMS is a type of message that normally is not stored by the system and does not trigger any audio alerts ) messages to Nexus phone an attacker can cause the phone to malfunction. He presented the vulnerability on Friday at the DefCamp security conference in Bucharest, Romania. In an email exchange with me, he said ' I was testing different message types and for the class 0 messages I noticed that the popup being displayed al...

A Symantec researcher has discovered a new Linux worm, targeting machine-to-machine devices, and exploits a PHP vulnerability ( CVE-2012-1823 ) to propagate that has been patched as far back as May 2012. Linux worm, which has been dubbed Linux.Darlloz , poses a threat to devices such as home routers and set-top boxes, Security Cameras, and even industrial control systems. It is based on proof-of-concept code released in late October and it helps spread malware by exploiting a vulnerability in php-cgi . " Upon execution, the worm generates IP addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability. If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target. " the Symantec researchers explained. The malware does not appear to perform any malicious activity other than silently spreading itself and wiping a load of sy...

Just now, The hacktivist group Syrian Electronic Army (SEA) briefly took over the Twitter account of the TIME Magazine. The Hacker group  tweeted from the TIME's official account, " Syrian Electronic Army Was Here via  @Official_SEA16..Next time write a better word about the Syrian president #SEA " with their logo, as shown above. TIME Magazine is currently hosting polls for Who Should Be TIME's Person of the Year?  and on their website  the Syrian President  Bashar al-Assad is described as, " Syria's ruler presided over a bloody year, shrugging off international concerns over the use of chemical weapons as the death toll of his country's civil war eclipsed 100,000. " How they have hacked into TIME's account is not yet clear, but the group is famous for using advanced phishing attacks to conduct high profile hacks. The TIME's tweet was deleted by TIME's staff just after 10 minutes of the hack. In a separate tweet on their ...

Skype has been targeted by cyber criminals again this week. Users are receiving a new Spam Email with subject " You received a new message from the Skype voice mail service. ", that actually leads to Zeus Malware . Zeus is a Trojan horse that attempts to steal confidential information from the compromised computer. It specifically targets system information, online credentials, and banking details, but can be customized through the toolkit to gather any sort of information. The email is sent from the spoofed address " Skype Communications " and seems to be genuine, it has similar body content and the official Skype logo that usually comes with a legitimate Skype voice mail alerts. " This is an automated email, please don't reply. Voice Message Notification. You received a new message from the Skype voice mail service. " the email reads. The fraudsters have also tried to make the emails look genuine by adding real links back to the Skype website. According to MX Lab , ...

Researchers at FireEye have discovered a new privilege escalation vulnerability  in Windows XP and Windows Server 2003. CVE-2013-5065, Local privilege escalation vulnerability is used in-the-wild in conjunction with an Adobe Reader exploit ( CVE-2013-3346 ) that appears to target a patched vulnerability. Microsoft has issued an advisory and warned that discovered bug in Windows XP's  NDPROXY.SYS driver could allow hackers to run code in the system's kernel from a standard user account. The exploit could allow a standard user account to execute code in the kernel, which may allow an attacker to gain privileges that would enable him to do various activities, including deleting or viewing data, installing programs, or creating accounts with administrative privileges. "Our investigation of this vulnerability has verified that it does not affect customers who are using operating systems newer than Windows XP and Windows Server 2003 ," Microsoft advised. Last Apri...

Ruby on Rails contains a flaw in its design that may allow attackers to more easily access applications. Websites that rely on Ruby on Rails's default cookie storage mechanism   CookieStore  are at risk. The vulnerability was actually reported two months ago, but still thousands of website are running a vulnerable version of Ruby on Rails that allows a malicious attacker to gain unauthorized access again and again without password, if someone manages to steal users' cookies via via cross site scripting or session sidejacking or with physical access.  More than 10,000 websites are vulnerable to Ruby on Rails's cookie storage mechanism flaw, but this vulnerability requires your user's session cookies to be compromised in the first place. Security researcher G.S. McNamara provided the details of the vulnerability in a blog post , he analyzed nearly 90,000 sites running specialized scripts and discovered 1,897 sites based on old versions of Ruby on Rails ( versi...