The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

If you own a mobile version for your Wordpress website using the popular WPtouch plugin, then you may expose to a critical vulnerability that could potentially allow any non-administrative logged-in user to upload malicious PHP files or backdoors to the target server without any admin privileges. WordPress is a free and an open source blogging tool as well as a content management system (CMS) with 30,000 plugins, each of which offers custom functions and features enabling users to tailor their sites to their specific needs. That is why, it is easy to setup and used by more than 73 million of websites across the world, and about 5.7 million them uses WPtouch plugin, making it one of the most popular plugins in the WordPress plugin directory. WPtouch is a mobile plugin that automatically enables a user friendly and elegant mobile theme for rendering your WordPress website contents on the mobile devices. User can easily customize many aspects of its appearance by the adm...

The popular home surveillance webcam service DropCam that keep an eye on your house when you aren't there, can be used as a weapon against you by the cybercriminals, claimed a pair of researchers. San Francisco-based DropCam, last month announced it would be acquired by Google's Nest for $555 million in cash, makes home-monitoring cameras for the past five years, which allow users to keep track of what's going on inside their homes using a small surveillance camera. Two researchers named Patrick Wardle and Colby Moore of Synack who discovered the weakness in the Wi-Fi enabled video monitoring system, which they will demonstrate at the DEFCON 22 Hacker Conference in Las Vegas next month. This WiFi-enabled security camera, that comes for $149 or $199, depending on video quality, requires little-to-no-effort to maintain. You plug it in, get it up on your WiFi, and all is set. If you want to check in on your cameras remotely, it cost you nothing, and if you want DropCam...

Just few days ago, we reported about two critical vulnerability in mobile version of the most popular password manager application from a popular Password management company RoboForm , which manages your passwords for different websites. Now, researchers have published a detailed explanation on the security vulnerabilities discovered in five different and popular password managers , including RoboForm, that could allow cybercriminals to grab your credentials. The serious security holes were found and reported by the University of California Berkeley researchers named: Zhiwei Li, Warren He, Devdatta Akhawe and Dawn Song . The critical vulnerabilities were discovered in the popular password managers that includes RoboForm, LastPass, My1Login, PasswordBox and NeedMyPassword . " Our attacks are severe: in four out of the five password managers we studied, an attacker can learn a user's credentials for arbitrary websites, " Researchers wrote in the paper (PDF) tit...

For years, the systems and networks that run our businesses have been secured by the efforts of IT and security practitioners acting on their own. We continue to deploy the latest countermeasures, always trying to keep up with adversaries. Criminal attackers, on the other hand, have shared information quite successfully to facilitate their exploits. Couple this with the "attacker's advantage" of choosing where, when and how to launch attacks, and it is no surprise that collaborative hackers appear to be winning against even the largest companies, despite generous spending on security tools. As an industry, we need a threat-sharing solution that is open and available to everyone for the mutual benefit of all who contribute. With this goal in mind, AlienVault created the Open Threat Exchange™ (OTX) . What is the Open Threat Exchange (OTX)? OTX is an open information sharing and analysis network that provides real-time, actionable threat information submitted by over 8,...

The Norwegian police have arrested and charged a 17-year-old for a massive distributed denial-of-service (DDoS) attack earlier this week that disabled the websites of major financial institutions and other businesses in the country. Distributed Denial of Service (DDoS) attack is designed to sabotage, shut down and overload the targeted website with web traffic more than its capacity in order to make it unavailable to users. The attack targeted five major banks, two telecommunication firms, three airlines and one insurance company, as their websites and online payment systems were disrupted. The unnamed teen claimed to be a part of the hacktivist group Anonymous Norway for what was thought to be the country's biggest ever cyber-attack on businesses. Although, the Anonymous Norway, via a Twitter message, has dismissed any connection to him or the cyber attack. The youngster was a resident of Bergen, on Norway's west coast. He was arrested on Thursday morning and que...

A month after the FBI and Europol took down the GameOver Zeus botnet by seizing servers and disrupting the botnet's operation, security researchers have unearthed a new variant of malware based explicitly on the same Gameover ZeuS that compromised users' computers and collectively formed a massive botnet. GAMEOVER ZEUS TROJAN The massive botnet, essentially a collection of zombie computers, specifically was designed to steal banking passwords with the capability to perform Denial of Service (DoS) attacks on banks and other financial institutions in order to deny legitimate users access to the site, so that the thefts kept hidden from the users. As a result of it, Gameover ZeuS' developers have stolen more than $100 million from banks, businesses and consumers worldwide. NEW GAMEOVER ZEUS TROJAN On Thursday, security researchers at the security firm Malcovery came across a series of new spam campaigns that were distributing a piece of malware based on the Gameover Zeus code which ...

The source code for the smallest but sophisticated banking Trojan Tinba has been leaked through an online post in an underground forum, which make it available for anyone who knows where to look for free malware generation tools. The files posted on the closed russian underground forum turned out to be the source code of Tinba version1 , which was discovered around mid-2012 and they say it is the original, privately sold version of the crimeware kit that infected thousands of computers in Turkey. Tinba , also known as Zusy, is a tiny but deadly banking Trojan that comprises just 20 Kilobytes of code that gives it ability to slip past detection by some antivirus engines and uses a number of well-word man-in-the-browser tricks in an attempt to defeat two-factor authentication. It infects systems without any advanced encryption or packing and has capability to hook into browsers and steal login data and sniff on network traffic. Last week, researchers at CSIS in Denmark...

Google has failed to provide a very important security measure in its Gmail application for iOS that left millions of its Apple device users to Man-in-the-Middle (MitM) attacks capable of monitoring encrypted email communications. Researcher at mobile security firm Lacoon has discovered that Google's Gmail iOS application, run on Macintosh mobile devices, does not perform what's known as "certificate pinning" when establishing a trusted connection between the mobile applications and back-end web services, which means an attacker can view plaintext emails and steal credentials in MitM attack. WHAT IS CERTIFICATE PINNING Certificate Pinning is a process designed to prevent user of the application from being a victim of an attack made by spoofing the SSL certificate . Certificate pinning automatically rejects the whole connection from sites that offer bogus SSL certificates and allow only SSL connections to hosts signed with certificates stored inside the application, whic...

Today, Microsoft has issued an emergency update for almost all versions of Windows and also for Microsoft devices running Windows Phone 8 and 8.1 to secure users from attacks that abuse the latest issued rogue SSL certificates, which could be used to impersonate Google and Yahoo! websites. A week after the search engine giant Google spotted and blocked unauthorized digital certificates for a number of its domains that could result in a potentially serious security and privacy threat, Microsoft has responded back to block the bogus certificates from being used on its software as well. " Today, we are updating the Certificate Trust List (CTL) for all supported releases of Microsoft Windows to remove the trust of mis-issued third-party digital certificates, " said Dustin Childs, group manager of response communications. The fake digital certificates , issued by the National Informatics Centre (NIC) of India - a unit of India's Ministry of Communications and Infor...

Chinese hackers broke into the computer systems of United States government agency that keeps the personal information of all federal employees, according to the paper published in the New York Times. The attack occurred on the Office of Personnel Management and Senior American officials believe that the attackers successfully gained access to some of the agency's databases in March before the federal authorities detected the threat and blocked them from the network. The hackers targeted the files of tens of thousands of federal employees who have applied for top-secret security clearances, the newspaper reported. " The intrusion at the Office of Personnel Management was particularly disturbing because it oversees a system called e-QIP, in which federal employees applying for security clearances enter their most personal information, including financial data. Federal employees who have had security clearances for some time are often required to update their personal inf...

Cyber criminals are infecting thousands of computers around the world with malware and are utilizing those compromised machines to break into Point-of-Sale (PoS) terminals using brute-force techniques, and the attackers have already compromised 60 PoS terminals by brute-force attacks against poorly-secured connections to guess remote administration credentials, says researchers from FireEye. The new botnet campaign, dubbed as BrutPOS , aims to steal payment card information from the POS systems and and other places where payment data is stored, by targeting Microsoft Remote Desktop Protocol (RDP) servers that were disgracefully using poorly secured and simple passwords. Due to the better track inventory and accuracy of records, the Point-of-sale (POS) machine is used worldwide and it can be easily set-up, depending on the nature of the business. But, Point-of-sale (POS) systems are critical components in any retail environment and the users are not aware of the emerging ...

Another privacy issue has been discovered in Google Drive which could have led sensitive and personal information stored on the cloud service exposed to unauthorized parties. The security flaw has now patched by Google, but its discovery indicates that the vulnerability of cloud data when accessed via a link can allow " anyone who has the link " to access your private data without any further authentication. HOW THE SECURITY FLAW WORKS The security hole addressed a risk to files that included a clickable URL on your cloud file sharing service. When someone opens the file and clicks on an embedded hyperlink, then they get sent to the website of a third-party website owner. Upon accessing this URL, unfortunately the external Internet user - an unauthorized party - could potentially access your sensitive information by accessing the original documents that included the URL. GOOGLE EXPLANATION Google explained the actual nature of the security flaw in a blog p...