The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

CA security finds Android Trojan which records phone calls A new Android Trojan is capable of recording phone conversations, according to a CA security researcher . The trojan is triggered when the Android device places or receives a phone call. It saves the audio file and related information to the phone's microSD card, and includes a configuration file with information on a remote server and settings used by the trojan. The malware also " drops a 'configuration' file that contains key information about the remote server and the parameters ," CA security researcher Dinesh Venkatesan writes in a blog, perhaps suggesting that the recorded calls can be uploaded to a server maintained by an attacker. According to the post, the trojan presents itself as an " Android System Message " that requires users to press an "Install" button for it to insert itself in the phone. Once installed, the trojan records all incoming and outgoing calls to a di...

Sun website 1000's users data stolen Britain's Rupert Murdoch-owned tabloid The Sun has sent a message to readers warning them that computer hackers may have published their data online after an attack on the paper's website last month. News International, News Group's parent company, issued a statement that said: " We take customer data extremely seriously and are working with the relevant authorities to resolve this matter.We are directly contacting any customer affected by this. " Hacking group LulzSec claimed responsibility for the cyber attack, which forced Murdoch's British papers to pull their websites and culminated in The Sun's site being replaced with a hoax story reporting the mogul had died. The company said it had reported the matter to the police and the Information Commissioner. The stolen information is believed to include names, addresses, dates of birth, email addresses and phone numbers. No financial or password data was comprom...

Italian Intelligence Agency CNAIPIC steals sensitive data from Indian Embassy Sensitive defence information appears to have been stolen from the Indian embassy here by an Italian intelligence agency during the past two years. If the documents released by Anonymous Hackers are to be believed, the Italian cyber police - National Anti-Crime Computer Centre for Critical Infrastructure Protection (CNAIPIC) - was widely hacking Indian embassy's letters with Russian defence firms. Leaked Data which include the letters between the Indian embassy's Air Wing and a local company supplying spares for military aircraft. Izvestia said Italian cyber police had hacked on June 22, 2010 Deputy Air Attache D S Shekhavat's correspondence with Aviazapchast, a company specialising in the supply of aviation spares, complaining about delays in the shipment of 15 helicopter engines. A reply from the Aviazapchast representative in India written on the same day was also hacked by the CNAIPIC...

On 4th August SAP systems will be hacked on internet in BlackHat USA 2011 On the 4th of august at the world largest technical security conference - BlackHat USA 2011, which will take place in Las Vegas, SAP security expert and CTO of ERPScan Alexander Polyakov will show how any malicious attacker can get access to the systems running on SAP via Internet using new critical vulnerability. SAP systems are used in more than 100 000 world companies to handle business-critical data and processes. Almost in each company from Forbes 500 system data are set for the handling of any process beginning from purchasing, human resources and financial reporting and ending with communication with other business systems. Thus receiving an access by the malicious attacker leads to complete control over the financial flow of the company, which can be used for espionage, sabotage and fraudful actions against hacked company. The given attack is possible due to dangerous vulnerability of the new type, ...

30 China Government Sites Hacked By Hitcher Pakistani Hacker with code name " Hitcher " today hit 30 China Government websites as listed below : Hacker deface all these domains and Mirror of every defacement is available  here .  In past,  LUMS University Database was also Hacked By Hitcher.

Anonymous and Lulzsec stand for Jake Davis with #FreeTopiary Operation Two Days before Accused LulzSec hacker "Topiary" was got arrested and today he released on bail . Jake Davis, an 18-year-old from the Shetland Islands, was released on bail after being charged with five offences relating to computer attacks and break-ins by the LulzSec and Anonymous hacking groups. In his support today all Anonymous and Lulzsec hackers stand together once again with a new operation #FreeTopiary on Twitter. Anonymous Call everyone for Show their support to @atopiary  on IRC Chat . Anonymous also call for Anonymous Legal Help also. Quotes from Various Supporters : 1.) FreeTopiary an idea is the seed of human kind. 2.) Make no mistake, Topiary is a political prisoner. 3.) I love how kids are the ones showing multimillion/billion security companies how insecure they are... 4.) You cannot arrest an idea. UPDATE : Press Release for Opearation #FreeTopiary...

Another Government contractor - PCS Consultants (USA) got Hacked Another Government contractor - PCS Consultants (USA) got hacked by Anonymous Hackers & #Antisec operation Hackers. Database of website has been extracted and leaked on internet via tweeter on Pastebin .The leaked Data extracted Includes Admin's and 110 users emails, passwords in encrypted hashes. According to PCS website " PCS Consultants, Inc is a full-service Human Resources and Risk Management Compliance Company, offering support in recruitment and internal placement, position classification, employee relations, OSHA compliance programs, worker's compensation administration, and training for a variety of HR/Safety and EEO-related subjects.Providing support to all levels of government, our team of consultants are carefully selected to ensure they have the necessary knowledge and understanding of relevant Public Sector Acts and Standards and high level oral and written communication skills, excell...

Accused LulzSec hacker Topiary released on bail Jake Davis, an 18-year-old from the Shetland Islands, was released on bail after being charged with five offences relating to computer attacks and break-ins by the LulzSec and Anonymous hacking groups. Davis was granted bail to stay with his mother at their new home in Spalding, Lincolnshire, on condition that he does not access the internet either directly or through anyone else. He also has to wear a tag to ensure a 10pm to 7am curfew. Davis, whom police believe used the online nickname " Topiary " and was a member of the LulzSec and Anonymous hacking groups, was arrested at 2.10pm last Wednesday in Mid Yell, an northern island of the Shetlands. Jake Davis allegedly had the login passwords of 750,000 people on his computer. He was charged on Sunday night with offences under the Computer Misuse Act, the Serious Crime Act, and the Criminal Law Act. Davis is accused of gathering data from National Health Service co...

Vimeo (Brazil) Video Sharing site got hacked by Terminal_pk Today a hacker with codename "Terminal_pk" Hack and Deface the Brazilian Domain of Famous Video Sharing site " Vimeo ". Mirror of Defacement Can be seen here .

7000 law enforcement officers details leaked by Anonymous Hackers AntiSec and Anonymous Hackers announced via Twitter that they absconded with up to 10 Giga Bytes of confidential information, including protected witnesses. They have posted more than 7,000 law enforcement officials' private information online including: their social security numbers; email accounts and passwords; phone numbers and home addresses on Pastebin . Also Today  77 Law Enforcement websites hit in mass attack by #Antisec Anonymous.

ZCompany Pakistani Hackers deface big Indian Websites Pakistani Hackers - ZCompany Hacking Crew again hit some big Indian Websites and Deface them. Hacked Sites: Indian Testing Board (ITB) is the International Software Testing Qualifications Board (ISTQB) : https://www.istqb.in/ https://payment.istqb.in/ Alpha Capital provides Multi Family Office ,Management , Private Wealth Management , Family Office , Private Banking , Financial Advisor https://alphacapital.in/ Asia's Largest Collection of Antique Carpets in Delhi and India. https://antiquecarpet.in/ https://www.bookswagon.com/ Indian National Science Academy, INSA, National Science, Indian Science, Fellowship, FNA, international Science https://insaindia.org/index.php https://www.indiapedia.org/ CPAI endeavors to put forth new & innovative ideas for smooth functioning and the growth of the commodity market operations https://commoindia.com/ Department of Financial Studies : University of Delhi, South Camp...

77 Law Enforcement websites hit in mass attack by #Antisec Anonymous Because of FBI's actions against Anonymous and Lulzsec including several arrests, Now AntiSec supporters have targeted 77 law enforcement domains and walked away with everything on them. 77 domains were hosted on the same server. Few weeks before AntiSec targeted Arizona police departments, leaking personal information and other sensitive data, in response to immigration laws passed by the state. This time however, the latest law enforcement raid by AntiSec is in response to actions taken by the FBI. 77 US law enforcement institutions were attacked including : 20jdpa.com, adamscosheriff.org, admin.mostwantedwebsites.net,alabamasheriffs.com, arkansassheriffsassociation.com,bakercountysheriffoffice.org, barrycountysheriff.com, baxtercountysheriff.com,baxtercountysherifffoundation.org, boonecountyar.com, boonesheriff.com,cameronso.org, capecountysheriff.org, cherokeecountyalsheriff.com,cityofgassville.org, ...

Italy's Police IT network vitrociset.it Database Hacked and Leaked by #Antisec After Hack of  Italy's Police IT network, Anonymous Hackers Just now Release the Database of  vitrociset.it  via a pastebin link on Twitter. The Leak include the Administrator's Password and 100's of other users Login Details.

#RefRef - Denial of Service ( DDoS ) Tool Developed by Anonymous Anonymous is developing a new DDoS tool which is said to exploit SQL vulnerabilities to support the group's future campaigns. So far, what they have is something that is platform neutral, leveraging JavaScript and vulnerabilities within SQL to create a devastating impact on the targeted website. Previously, Low Orbit Ion Canon (LOIC) was the go to weapon for Anonymous supporters during various Operations .However, LOIC is also the reason scores of people have been arrested in the last year, so many feel its time is at an end. According to Developer " RefRef is a revolutionary DoS java site. Basically, by using an SQL and .js vulnerability, you can send a page request packet from your home computer with embedded .js file, because of the vulnerability in the SQL/Javascript engine on MOST websites, the site actually TEMPs the .js file on its own server. So now the .js is in place on the host of the site. Next s...

Department of Homeland Security (DHS) Emails leaked by #Antisec Anonymous One of the Anonymous - @AnonWorldUnite today leaked the DHS emails on internet. He tweeted " A Wild Leak Has Appeared! : https://wp.me/p1JyTn-f #AntiSec #AnonOps #Leak #LulzSec #Anonymous https://wp.me/p1JyTn-f " The link given in the Twitter post is a link to a WordPress blog . The blog post said : You Asked – And You Shall Recieve #DHS Emails – *all emails and files were obtained legally. - https://www.mediafire.com/?zidv26ppown4u0s <3″ The article shows a Mediafire link download link with a PDF file ogc ap redacted foia process 301 350.pdf (8.04 MB) , in which the e-mails are capsuled in. UPDATE: As Anonymous Said that, They got this File in Legal Way, We try to find out and Get that this PDF is available on the DHS site at  https://www.dhs.gov/xlibrary/assets/foia/ogc_ap_redacted_foia_process_301-350.pdf  and  https://www.dhs.gov/xlibrary/assets/foia/ogc_ap_redacted_foia_p...

Nicolas Sarkozy 's official Elysee Palace website Hacked for ' Get Him Out ' Game Hackers have attacked Nicolas Sarkozy's official Elysee Palace website to create a game video game called ' Get Him Out '. Under the formal banner introducing the site, a cartoon image of the French president was pictured on a go-kart heading towards the gates of the palace. For each click on a Facebook 'like' button beside the game, the French leader moved one step closer out into the street. The instructions to the game read: " The more you click, the faster we can get little Nicolas out! ". The Elysee palace confirmed a hacking attack had taken place on Tuesday night, but that the 'problem' had been fixed by 7am on Wednesday. A spokesman added: " The hackers took advantage of an old software system to temporarily re-route the welcome page. " [ Source ]

South Korean social network hacked, 35 million users Data at risk 35 million users Personal information of a South Korean social network site may have been exposed. Local authorities were quick to blame hack attacks against the Cyworld social networking website and the Nate web portal – both of which are run by SK Telecom – on Chinese hackers. Names, phone numbers, email addresses, and other details may have been exposed through the Cyworld hack, which follows previous attacks against South Korean government sites and financial service firms. North Korea has been implicated in some of these hacks. South Korean police are reportedly investigating the cyberattack against Cyworld – a social network with a SIMS-like environment featuring avatars and virtual apartments – and Nate, which offers webmail. Mark Darvill, director at security appliance firm AEP Networks, commented: " By any standard this is a massive attack and one of many in recent months where the finger...

Anonymous hacks Defense contractor ManTech for #Antisec In a tweet posted by Anonymous claimed to have hack the defense contractor, ManTech International. Hackers promise to Release the Data within 24 Hours. This is the latest hack in the group's AntiSec Operation, and in particular its series of "F*ck FBI Friday" attacks. Previous attacks have targeted defense contractors and, in particular, companies who have worked with the FBI. These attacks have included attacks on the Atlanta chapter of InfraGard and the firms IRC Federal, Unveillance, and Booz Allen Hamilton, all of which provide cybersecurity services and solutions to the U.S. Government. According to Anonymous " We're legal, we're illegal. But most importantly we are legitimate. We fight for you, the citizen. We are not scared anymore ". Anonymous identifies ManTech's work for the FBI and the National Security Agency as its motivation for targeting the company and Leave message for FBI " You ...

SQueRT 0.9.0 - New version released CHANGELOG: * tabbed interface * date ribbon * CSS/JS fixes and cleanup * Bunch of new stuff Download SQueRT 0.9.0

Window AutoPwn (WINAUTOPWN) - Auto Hacking/shell Gaining Tool Autohack your targets with least possible interaction. winAUTOPWN Features : - Above 500 vulnerability exploits for softwares applications. - Custom-compiled executables of famous and effective exploits alongwith a few original exploits. - Exploits available in the form of PE-exe, ELF, php, perl, python. - A smart multi-threaded PortScanner. - A exploit loading framework to test effectiveness of IDS/IPS winAUTOPWN is a set of exploits wich are publicly available. The source of these exploits is modified only when required to enable a missing feature or to remove hard-coded limitations. winAUTOPWN would otherwise maintain the original exploit writer's source code intact just as it was and uses it. winAUTOPWN preserves the exploit writer's credits and originality in the source, keeps the Names, Website/Blogs, emails, other contact details intact. Binaries of perl, php, python and cygwin DLLs (included) ...