The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Mysterious Malaysian Airlines flight MH370 , a Boeing 777-200 aircraft that has gone missing by the time it flew from Kuala Lumpur to Beijing. The Malaysian Prime Minister had also confirmed that the Malaysia Airlines plane had crashed in a remote part of the southern Indian Ocean. Cyber Criminals are known to take advantage of major news stories or events where there is a high level of public interest and now Scammers are also targeting tragedy of MH370 to trap innocent Internet users. Just a few days before we warned you about a Facebook malware campaign claimed that the missing Malaysian Airlines ' MH370 has been spotted in the Bermuda Triangle ' with its passengers still alive and invites users to click a link to view breaking news video footage. This week, Security researchers at FireEye have revealed about various ongoing spear phishing and malware attacks by some advanced persistent threat (APT) attackers. According to the researchers, the Chines...

Defending and Analysis of online threats and malwares   have become more challenging nowadays and especially for larger businesses like the popular social networking site - Facebook. To encounter malware, phishing, and other online threats, Facebook has taken an important step forward. Facebook has unveiled its latest security-focused platform, dubbed as ' ThreatData ', which is a framework that aims to standardize its methods for collecting and analyzing data. The ThreatData framework is implemented to import information about the various online threats, malware, phishing and other internet risks, then storing it proficiently for real-time and long-term analysis as well. It consists of three high level components i.e. Feeds, Data storage, and Real-time response. FEEDS:  Feeds will collect data from a distinct source and implement them via a lightweight interface. " Here are some examples of feeds we have implemented: Malware file hashes from VirusTotal; ...

Zeus Trojan is one of the most popular families of Banking Trojan, which was also used in a targeted malware campaign against a Salesforce.com customer at the end of the last month and researchers found that the new variant of Zeus Trojan has web crawling capabilities that are used to grab sensitive business data from that customer's CRM instance. 'GameOver' Banking Trojan is also a variant of Zeus financial malware that spreads via phishing emails. GameOver Zeus Trojan makes fraudulent transactions from your bank once installed in your system with the capability to conduct Distributed Denial of Service, or DDoS, attack using a botnet , which involves multiple computers flooding the financial institution's server with traffic in an effort to deny legitimate users access to the site. TAREGET - EMPLOYMENT WEBSITES Now, a new variant of GameOver Zeus Trojan has been spotted, targeting users of popular employment websites with social engineering attacks , implemented t...

As we reported earlier, Microsoft will stop supporting the Windows XP operating system after 8th April, apparently 95% of the world's 3 million ATM machines are run on it.  Microsoft's decision to withdraw support for Windows XP  poses critical security threat to the economic infrastructure worldwide. MORE REASONS TO UPGRADE Security researchers at Antivirus firm Symantec claimed that hackers can exploit a weakness in Windows XP based ATMs, that allow them to withdraw cash simply by sending an SMS to compromised ATMs. " What was interesting about this variant of  Ploutus  was that it allowed  cybercriminals  to simply send an SMS to the compromised ATM, then walk up and collect the dispensed cash. It may seem incredible, but this technique is being used in a number of places across the world at this time. " researchers said. HARDWIRED Malware for ATMs According to researchers - In 2013, they detected a malware named Backdoor . Ploutus,  installed o...

Microsoft warned about a zero-day vulnerability in Microsoft Word that is being actively exploited in targeted attacks and discovered by the Google security team. " At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010… " company said. According to Microsoft's security advisory , Microsoft Word is vulnerable to  a remote code execution vulnerability ( CVE-2014-1761 ) that can be exploited by a specially crafted Rich Text Format (RTF). An Attacker can simply infect the victim's system with malware if a user opens a malicious Rich Text Format (RTF), or merely preview the message in Microsoft Outlook. " The issue is caused when Microsoft Word parses specially crafted RTF-formatted data causing system memory to become corrupted in such a way that an attacker could execute arbitrary code. " Microsoft acknowledged that remote code execution flaw also exists in Microsoft Word 2003, 2007, 2013, Word Viewer and Office for Mac ...

The use of unmanned aerial vehicles (UAVS) called Drones is rapidly transforming the way we go to war. Drones were once used for land surveillance, Delivering Pizza's, then equipped with bombs that  changed the way nations conduct war and  now these hovering drones are ready to hack your Smartphones. London-based Sensepoint security researchers have developed a drone called ' Snoopy ' that can intercept data from your Smartphones using spoofed wireless networks, CNN Money reported. The Drone will search for WiFi enabled devices and then using its built-in technology, it will see what networks the phones have accessed in the past and pretends to be one of those old network connections. Spoofing WiFi networks that device has already accessed allows Snoopy Drone to connect with targeted Smartphone without authentication or interaction. In technical terms, The Drone will use ' Wireless Evil Twin Attack ' to hack Smartphones. Once connected...

Android -  a widely used Smartphone platform offered by Google is once again suspected to affect its users with malicious software that puts their android devices at risk. This time the vulnerabilities occur in the way Android handle the updates to add new flavors to your device. Researchers from Indiana University and Microsoft have discovered [ Paper PDF ] a new set of Android vulnerabilities that is capable to carry out privilege escalation attacks because of the weakness in its Package Management Service (PMS) that puts more than one billion Android devices at risk. The researchers dubbed the new set of security-critical vulnerabilities as Pileup flaws which is a short for privilege escalation through updating, that waylays inside the Android PMS and intensifies the permissions offered to malicious apps whenever an android update occurs, without informing users. The research was carried out by Indiana University Bloomington researchers, Luyi Xing, Xiaorui Pan...

Twitter , the biggest Social Media platform used for vital communication is now banned in Turkey from the last few days, after Prime Minister Recep Tayyip Erdoğan promised to root out the social media service during an election rally this week with the help of a court order. " Twitter and so on, we will root them out. The international community can say this or that – I don't care. They will see the power of the Turkish Republic ." After the ban imposed on Twitter late on Thursday, millions of Turkey users began using Google's DNS service to bypassing censorship, that briefly helped Turks stay connected to Twitter. Turkey Government is trying to close all the possible loopholes that had allowed users to circumvent the ban and finally today the authorities have also blocked the Google DNS service (8.8.8.8 and 8.8.4.4), However the number of tweets jumped 138% in the last 24 Hours and almost 2.5 million tweets have been posted from the country after the ban imposed...

Facebook just released a new programming language called ' HACK ', designed to build complex websites and other software quickly and without many flaws. The company has already migrated almost all of its PHP-based social networking site to HACK over the last year, but it has nothing to do with Hacking. When Social Networking website Facebook was started 10 years ago, it was coded in PHP by Mark Zuckerberg and team, but as the company grew, PHP Programming platform became difficult to manage and bug-free. Thus, Hack was born!  Facebook Team decides to develop a new programming language that could combine elements of static- type programming languages such as C or C++ with dynamic-type languages like PHP, now called " HACK Programming Language ". " Hack has deep roots in PHP. In fact, most PHP files are already valid Hack files. " Facebook said, " We have also added many new features that we believe will help make developers more productiv...

The US Government was publicly accusing Chinese electronics manufacturer Huawei of espionage from the past few years. Ironically, it has now been revealed that the  National Security Agency conducted a major offensive cyber operations against the  Chinese government and networking company Huawei,  in early 2009. According to reports based on classified documents leaked by Edward Snowden   and viewed by The Times and Der Spiegel , NSA has infiltrated servers in the headquarters of Chinese telecommunications and hacked into the email servers of Huawei five years ago. Code-named as " Operation Shotgiant " was conducted with the involvement of the CIA, White House intelligence coordinator and the FBI; aimed to find a link between  Huawei  and China's People's Liberation Army. NSA accessed the emails of many Huawei employees' for this purpose. NSA STOLE SOURCE CODES NSA also aimed to conduct surveillance through computer ...

As we have reported you earlier that Microsoft is pulling out their Windows XP support after April 8 2014. Since a vast majority of bank ATMs around the world currently runs on Windows XP, but if they'll continue sticking to it after the deadline, then they'll be exposed to all kinds of security threats, as Microsoft will no longer provide the security patches thereafter. Many countries' Banks have got a way out, many banks have arranged or are in the process of arranging extended support for Windows XP for which they are ready to pay Microsoft millions of dollars, but may be not in the case of India. Yes, India will never feed Microsoft for providing extra support to the older version; rather they could switch over to the Linux operating system. India has around 115,000 ATMs across the country at present and the counts will go up in coming days, but the end of life for XP will not affect banks and functioning of ATMs as the financial institutions across the ...

Earlier this week, Microsoft admitted that they have accessed a French Blogger's private Hotmail account to identify a former Microsoft employee who had leaked the company's trade secrets in 2012. Microsoft defined this private investigation as part of " Protecting our customers and the security and integrity of our products ", mentioned in the Microsoft's terms of service, which says that the action was within the boundaries of the Electronic Communications Privacy Act. U.S. Authorities arrest Alex Kibkalo , ex-Microsoft employee. The indictment states , Kibkalo " uploaded proprietary software and pre-release software updates for Windows 8 RT as well as the Microsoft Activation Server Software Development Kit (SDK) to his personal SkyDrive account in August 2012. " Kibkalo not only leaked the secret screenshots of Windows 8 , but also provided the information about ' activation of Windows ' that helped the crackers to create a keygen for ...