The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Computer hackers embody classic Christian virtues, a Vatican publication says, and shouldn't be perceived negatively. In their passionate commitment to creating, and their openness to sharing ideas, hackers see their online exploits as "a form of participation in the 'work' of God in creation," Jesuit priest Father Antonio Spadaro wrote in the Vatican magazine Civilta Cattolica, Network World reported. Citing the "joyful application of intelligence to problem solving" they demonstrate, and their ingrained rejection of competition, profit and authority, Spadaro said hackers are aligned with the teachings of Christianity. "Under fire are control, competition, property," Spadaro said. It's a mindset, he said, that has "a clear theological origin." (However, citing technology writer Eric S. Raymond, Spadaro said hackers shouldn't be confused with "crackers"— the former builds things and the latter breaks them, Raymond wrote.) A small and ironic wrinkle in the godly hacker theory exis...

Hackers have broken into The Hartford insurance company and installed password-stealing programs on several of the company's Windows servers. In a warning letter sent last month to about 300 employees, contractors, and a handful of customers, the company said it discovered the infection in late February. Several servers were hit, including Citrix servers used by employees for remote access to IT systems. A copy of The Hartford's letter was posted earlier this week to the website of the Office of the New Hampshire Attorney General :  https://doj.nh.gov/consumer/pdf/hartford2.pdf "It was a very small incident," said Debora Raymond, a company spokeswoman. The victims were mostly company employees. Less than 10 customers were affected by the malware, the W32-Qakbot Trojan, she said. Qakbot has been around for about two years. Once installed it spreads from computer to computer in the network, taking steps to cover its tracks as it logs sensitive data and opens up back...

Hackers behind what computer security experts believe could be the biggest data theft in US history may be planning to sell the information to cyber criminals for targeted scams. And while the tens of millions of names and email addresses swiped from online marketing firm Epsilon do not appear to have been used yet for cyber crime, the experts said it may just be a matter of time. Major US banks, hotels, retail outlets and other companies have been warning customers to be wary of fraudulent emails after Epsilon acknowledged last week that hackers had gained access to the Texas-based company's email system. Epsilon, which provides email services for some 2,500 companies around the world, has said that customer data for about two per cent of its total clients was exposed in what it called an "unauthorized entry." Epsilon, which sends out over 40 billion emails a year, did not identify the firms whose customers' names and email addresses were taken but dozens of ...

Microsoft is sorry, quite sorry indeed, that so many Windows Phone 7 owners have yet to receive the NoDo update for their handset. In a weekly written update today, the Windows Phone 7 team expressed sympathy to owners frustrated over the lag in receiving the update: "You want the latest technology and you're tired of waiting. Believe me, [we] get it." But the company also took time to warn against using any sort of workaround or hack to get the update ahead of schedule, saying that Microsoft has yet to fully test the 3rd party methods, and that they could lead to problems stretching from minor glitches to voided warranties. The usual, in other words, for phone hacking. But Microsoft was not all frowns and apologies today, it also had promises. In the same post the company stated that Europeans on O2 and SFR were moving along in the update queue, and that users should be patient just a "bit longer" in waiting for the official update to trickle down. Comments on the story have so...

François Dupoux has released an updated version of SystemRescueCd, a Gentoo-based live CD containing a collection of utilities for disk management and data rescue tasks. What's new in version 2.1.0? "Updated standard kernels to 2.6.35.12 (long-term kernel: rescuecd + rescue64); alternative kernels re-based on linux-2.6.38.2 (most recent kernel); patched alternative kernels with loop-aes-3.6b (encrypt disks using AES); updated Testdisk to 6.11.3 (checks and undeletes partitions + PhotoRec); updated hdparm to 9.36 (utility to change hard drive parameters); updated the Xfce desktop environment to new major version 4.8; updated gDisk to 0.7.1 (the package has been renamed gptfdisk); 32-bit kernels (rescuecd + altker32) compiled for i586 instead of i686." Change log.  Updated standard kernels to 2.6.35.12 (long-term kernel: rescuecd + rescue64) Alternative kernels rebased on linux-2.6.38.2 (most recent kernel) Patched alternative kernels with loop-aes-3.6b (encrypt d...

Here's an interesting way to get noticed for a job (or fine) by Microsoft.. A hacker known as "Predator" has been able to phish information from Xbox Live's Director of Policy and Enforcement, Stephen Toulouse (aka "Stepto"), gaining email and address information via his personal website server and was then able to alter the Chief's details online. This latest hacker attack on Xbox Live accounts follows a leak of info belonging to Director of Programming Larry Hryb (aka "Major Nelson") around this time last year. On the outset no serious harm was done by the little scam, but it's a scam "Predator" hopes will make a statement to Microsoft in regards to their security policies. He states "I'm simply letting them know I'm willing to help them secure accounts from future hackers" – an innovative method of self-promotion! In a boastful video uploaded to YouTube "Predator" claims to be "Xbox Live's greatest account jacker" and is raking in the cash from causing trouble for Xbox online...

ZeuS Source Code Leaked, Available for Sale ! The source is C++ and supposedly contains everything. The seller is asking for 5500 WebMoney/LibertyReserve for the full source code of version 2.0.8.9. The source code has been leaked but the archive is password-protected. Now there's a race to see who can crack the password. In addition, someone has even given out an MD5 hash of the password. Dunno if it's legit but it's certainly making this an interesting race indeed.

Toyota 4x4 - Toyota Land Cruiser Hacked by The 077 Hacked site :  https://4x4-toyota.fr/

The Internet System Consortium's (ISC) open source DHCP client (dhclient) allows DHCP servers to inject commands which could allow an attacker to obtain root privileges. The problem is caused by incorrect filtering of metadata in server response fields. By using crafted host names, and depending on the operating system and what further processing is performed by dhclient-script, it can allow commands to be passed to the shell and executed. A successful attack does, however, require there to be an unauthorised or compromised DHCP server on the local network. Dhclient versions 3.0.x to 4.2.x are affected. The ISC has released an update. Alternatively, users can deactivate host name evaluation or add an additional line to dhclient-script. Instructions for doing so can be found in the ISC's advisory. Alongside dhclient-script, X.org's 'X server resource database utility' (xrdb) is also affected, as it also evaluates host names transferred via DHCP. Crafted host name...

Govt of Orissa website Owned by ZHC XtreMist [ZHC] Hacked site :  https://zssmayurbhanj.gov.in/ Mirror:- https://zone-h.org/mirror/id/13421065

Against the backdrop of the attack on its website by " Pakistan Cyber Army ", the CBI is considering to send its team to the US and Europe to trace hackers involved in the defacement. Sources said the agency officials have pin-pointed three Internet Protocol (IP) address -- a unique numerical label borne by each computer in a network that use worldwide web for communications -- two originated from Seattle, Pennsylvania in the US and other in Daugavpils, Latvia in northern Europe. They said the agency has moved a local court here seeking permission to access authorities in the US and Latvia for collecting information on the IP addresses. The CBI had on December 4 last year registered a case against unknown persons of " Pakistani Cyber Army " for hacking and defacement of its website under various Sections of Information Technology Act.

A new rootkit that uses the master boot record (MBR) to hide itself has been discovered in China and is being used to install an online game password stealer. The bootkit is installed on the computer by a trojan downloader distributed from a Chinese adult site and is detected by Kaspersky as Rookit.Win32.Fisp.a. Once executed, the rootkit makes a copy of the old MBR and replaces the sectors with its own code which includes an encrypted driver. When the computer boots, the malicious code executes and restores the original MBR so that Windows can load normally. It then uses hooks to replace the fips.sys system driver with a malicious one. "It should be noted that the driver fips.sys is not required for the operating system to run correctly, so the system won't crash when it is replaced," says Kaspersky Lab expert Vyacheslav Zakorzhevsky. The driver scans loaded processes to determine if they belong to one of over a dozen antivirus programs and prevent them from running...

MumbaiITPro User Group Hacked by TriCk [TeaMp0isoN] MumbaiITPro User Group is an online technical community initiative for the IT Professionals. They are supported by Global IT Community Association (GITCA) and Microsoft Corporation. Hacked site :  https://mumbaiitpro.org/ Mirror :  https://mirror.sec-t.net/defacements/?id=7039