The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

DUQU – Another Stuxnet in the Making ? Article by :   Nidhi Rastogi is a Cyber security professional based in New York. Article shared from THE HACKER NEWS magazine - November Edition. You can download Complete Magazine here . Barely a year into discovering Stuxnet, the world recently saw its powerful variant in the form of Duqu. It is believed that a Hungarian blogger was the first to have a tryst with the virus in early September at an ISP hosting service. Why it is important: Duqu has gained a lot of attention because of striking similarities with its famous predecessor, Stuxnet. Several Security researchers have concluded that 99 percent of Duqu software rules are same as Stuxnet including source code and keys for encryption. There is reasonable evidence by now that the damage caused by Stuxnet was real. Hence, Duqu is of concern to every security professional at the moment. How it functions: Duqu camouflages its own data behind normal web traffic to avoid suspicion fr...

Insider Threats vs Hackers - by Emmett Jorgensen Emmett Jorgensen has worked in IT and Infosec for over 10 years. He works for Kanguru Solutions (www.kanguru.com), a manufacturer of secure portable storage solutions. Article taken from 'The Hacker News' Magazine - October Edition. You can Download it from Here . News about cyber security, Anonymous, and Lulzsec are constantly making headlines these days, as well they should. It seems that Anonymous is hacking into confidential information on an almost weekly basis. Yet, despite this talk of external risks, the real threat to businesses often comes from within, in the form of insider threats. Although the intent of a hacker is generally more insidious, the insider threat is more prevalent simply due to an employee's access to company data. Insiders often have access to sensitive data without having to circumvent security measures designed to keep out external threats. But which is really a bigger threat to your orga...

VanishCrypt – Virtual Encryption Tool by SecurityLabs SecurityLabs Experts from India release a new Virtual Encryption Tool called " VanishCrypt ". A Freeware Utility to Secure Your Data. It creates a virtual disk that contains your secret files. Data is protected with a Encrypted Password. The files are completely inaccessible without the correct password. Stored files are encrypted with strong CryptoAPI. Additional Features: It have "Advanced Mode" with you can create a real virtual drive accessible in Explorer that contains your files stored in the vdisk image. It uses Win32 API for I/O operations for a great speed improvements Video Demonstration: Download VanishCrypt [ Source ]

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

Duqu malware was created to spy on Iran's nuclear program A Report by Kaspersky Lab Expert, Ryan Naraine says that the DUQU malware was created to spy on Iran's nuclear program. IrCERT (Iran's Computer Emergency Response Team) Duqu is an upgraded version of "Stars".  Back in April this year, The Iranian government says it is being targeted by a new piece of malware aimed at its federal computers. Also its confirm that some of the targets of Duqu were hit on April 21, using the same method involving CVE-2011-3402, a kernel level exploit in win32k.sys via embedded True Type Font (TTF) file. In both cases a malware similar to Stuxnet found in systems and stealing information. Do you think these relate to each other ? If we are to believe these reports, then it means that Duqu was created in order to spy on Iran's nuclear program. Another interesting part of information is that more than 10 nations have supplied intelligence suggesting Iran ...

Hacker selling compromised websites gets hacked by d33ds A hacking group called d33ds broke into the online shop of a rival hacker who sells unauthorized access to high-profile websites and data. A hacker calling himself Srblche , also offered information stolen from websites belonging to the U.S. Army, the U.S. Department of Defense, the South Carolina National Guard and other institution. Srblche is believed to be Kuwaiti. d33ds  target  Srblche,  " Anyone willing to pay for this service must be as stupid as he is, " d33ds wrote in its announcement of Srblche's online catalogue being hacked. D33ds is the same group that hacked RankMyHack.com . RankMyHack is a website that awards points for Web compromises depending on how big or important the target was. Hackers compete for a higher position on the leaderboard. [ Source ]

Duqu Analysis and Detection Tool by NSS Labs NSS Labs has built a new, free tool that detects known and newly created Duqu drivers that have infiltrated systems, thus allowing security experts to further analyze the " functionality, capabilities and ultimate purpose of DuQu. ". The Tool is available free. Duqu is notorious worm that exploit Windows Zero-day Vulnerability. Microsoft released temporary fix yesterday for this vulnerability . According to the test, NSS tool Success rate is 100%, zero false positivies. Developers said it is using advanced pattern recognition techniques, it is also capable of detecting new drivers as they are discovered.Two new drivers were discovered after the tool was completed, and both were detected by the NSS tool with no updates required. It seems that Duqu contains similar code and utilizes similar techniques to Stuxnet. More precisely, it seems to make use of digital certificates that appear as legitimate, but it's far too early to descri...

CapitalOne Bank taken down by Anonymous hackers Anonymous Hackers claim to taken down the official website of CapitalOne Bank . Currently Site is showing message on Homepage that " Site under maintenance ". In a pastebin release Anonymous Hacker wrote " ya know.. every guy Fawkes day companies go hire the best white hat hackers to protect them against attackers like us lol.. so dont beat your self's up if nothen was defaced or taken down by ddos.. we still doxed a bunch of people lol! congratulate your self's! Anonymous dident fail we succeeded and we will never fail.. " Hacker also claim to do DDOS attack on CapitalOne website for taken it down. There is another statement by same hacker " Many ddos attacks were taken place today and we all hoped to see at least fox going down ". Its not clear that that either the site is really under  maintenance  after attack by Anonymous Hackers or its any regular  maintenance for backup only. Hackers al...

Mobile Security and Lack thereof Nidhi Rastogi ,A Security Consultant with Logic Technology Inc, New York share her Views about the Mobile Security and Lack thereof . The Article is taken from our September Month Magazine Edition  .Here we go.. Mobile technology, particularly smartphones, has come of age and is increasingly replacing PCs for internet surfing, emails, gaming and social networking. As per a recent survey by Neilson Media Research, smartphones now comprise over 38% of the U.S. Cellphone Market and will become the majority by end of the year. To meet this growing demand, cellphone companies are fast churning out new models with killer features, latest and greatest in technology. With this growth it has also come to attention that security of these devices cannot be left behind. Every day a new data breach is making headlines suggesting hackers have gone into overdrive. However, what is of particular interest is that a bulk of them is being attributed to cellph...

We had an Interesting Article by " Paul F Renda " in our The Hacker News Magazine 's November Edition. We would Like to share this article with our website readers also. You can Download November Issue Here . This is a theoretical prima to bring out a discussion about whether an Internet doomsday worm can be created that is so intractable that it cannot be eradicated. This worm could also have the ability to carry multiple weaponized payloads. Can a doomsday worm shut down the Internet? I don't think anyone could shut down the Internet but I believe a worm can definitely create access problems. An intractable type of malware agent is not an abstract concept or science fiction. A doomsday like virus has been plaguing the U.S.Drone fleet. They keep trying to disinfect their hard drives but it keeps coming back. The Pentagon has been plagued by the worm agent.btz; they are still trying to remove it after 3 years. Some analyst think agent.btz was created by China....

Persistent XSS Vulnerability in White House Website Alexander Fuchs , A German Security Researcher Discover Persistent XSS Vulnerability in Official website of White House . He said " The petition system is vulnerable. Every Petition i start or join will execute my code. I could join all petitions and my code will be executed on all users who visit the petition system. " The XSS Demo is here: https://wwws.whitehouse.gov/petitions/!/petition/security/WxgwM7DS Advisory: https://vulnerability-lab.com/get_content.php?id=308

Fraud communities owned and exposed by Happy Ninja The  Happy Ninjas Hackers Release a Ezine " Owned and Exposed - ISSUE no 3 " on Exploit-Db . They claim to hack various German and International fraud scenes and Publish there all details online in Ezine.  They said " Operation Antisec : The original Antisec Movement was brought to life by actualhackers and targeted full disclosure and the corporate securityindustry. Publishing gigantic amounts of (corporate) data on theinternet does exactly the opposite: It provides the security industrywith the attention they need and hence new customers. " " Money is the root of allevil" as the proverb has it; and it's why fraud communities do comeback after we have owned and exposed them " He added. Most the famous fraud sites got hacked by them , such as: St0re.cc El-Basar.biz Swissfaking.net Vpn24.org Unique-Crew.net Undercover.su Secure-Host.in Hackbase.cc Zion-Network.net Most of the IP add...

Call for Articles - The Hacker News Magazine | December Edition THN Magazine is a free monthly magazine designed to spread awareness and knowledge about cyber security. Our goal is to provide the most up-to-date information on a wide variety of topics that relate to hackers and security experts worldwide. We welcome contributions from readers and hackers like YOU! Simply submit your idea or article to thehackernews@gmail.com or  admin@thehackernews.com  and your submission could be featured in our next edition. Some topics of interest include, but are not limited to: New attack and defense techniques Related to Anonymous ,Activist and Hacktivists Vulnerability discovery Small tactics and techniques; Big attacks and impact Mobile hacking Professional exploit development Security and hacking events around the world Technical book reviews Security and hacking threats Security tools Expert interviews If you enjoy our monthly publication, please spread the word...

XSS Vulnerability on AOL Energy website A non-persistent Cross Site Scripting (XSS) vulnerability discovered on AOL Energy website. The similar Vulnerability is claimed by few other guys on some forums too. No clue that who found it first, But THN got update from Vansh & Vaibhuv from India.