#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Warm up the keyboard, Its time for February The Hacker News Magazine !

Warm up the keyboard, Its time for February The Hacker News Magazine !

Jan 11, 2012
Warm up the keyboard, Its time for February The Hacker News Magazine ! Warm up the keyboard, hack into the internet security of your mind and help us fill the February The Hacker News Magazine with fun, interesting and educational web security info. Our readers love to see what you are up to and what the industry is creating and manufacturing for anyone who turns on their computer and wonders if today is the day they will be hacked into cyber space! Mostly, what they can do about it and how they can protect themselves. Topics of interest include, but are not limited to the following: - New Attack and Defense Techniques - Vulnerability discovery - Small Tactics & Techniques - Big Attacks & Impact - Mobile Hacking - Professional Exploit Development - Security and Hacking Events Around The World - Technical Book Reviews - Security and Hacking Threats - Play with Security Tools - Expert Interview We welcome contributions from readers and hackers like YOU! ...
Stratfor Back Online After Hack with message for Anonymous Hackers

Stratfor Back Online After Hack with message for Anonymous Hackers

Jan 11, 2012
Stratfor Back Online After Hack with message for Anonymous Hacker Security analysis firm Stratfor has relaunched its website after Anonymous hackers brought down its servers and stole thousands of credit card numbers and other personal information belonging to its clients. Hacking collective Anonymous admitted the cyber attack on Christmas Eve and went on to claim that it used the stolen details to make $500,000 in charitable donations to The American Red Cross and Save the Children, as well as other charities.Anonymous eventually released the stolen data to the world, including 75,000 credit card numbers and 860,000 usernames and passwords. Approximately 50,000 of those belong to .mil or .gov email accounts used by the US government. " This was our failure ," Chief Executive George Friedman said in a message to Stratfor's subscribers. " I take responsibility. I deeply regret that this occurred and created hardship for our customers and friends. " Friedma...
US become victim of Indian spy unit, Apple & RIM deny their role !

US become victim of Indian spy unit, Apple & RIM deny their role !

Jan 11, 2012
US become victim of Indian spy unit, Apple & RIM deny their role ! A recently leaked memo reveals that American and Canadian based company's Apple, Research in Motion and Nokia may have helped the government of India spy on U.S. agencies in order to receive larger shares of the overall Indian cell phone market. Last week, an Indian hacker crew successfully broke into a secured Indian military government network. The group, the Lords of Dharmaraja (who posted up outdated Norton security source code last week) posted documents that infer Apple, Nokia, and Research In Motion gave the Indian government backdoor access to their devices in exchange for mobile phone market rights. The US-China Economic and Security Review Commission (USCC) has asked for an investigation after hackers posted. " We are aware of these reports and have contacted relevant authorities to investigate the matter ," said USCC spokesman Jonathan Weston on Monday. " We are unable to make furthe...
cyber security

10 Best Practices for Building a Resilient, Always-On Compliance Program

websiteXM CyberCyber Resilience / Compliance
Download XM Cyber's handbook to learn 10 essential best practices for creating a robust, always-on compliance program.
cyber security

Maximize the Security Tools You Already Have

websitePrelude SecuritySecurity Control Validation
Hone your EDR, identity, vuln, and email platforms against the threats that matter with a 14-day trial.
Homeland Security have eye on Journalists

Homeland Security have eye on Journalists

Jan 11, 2012
Homeland Security have eye on Journalists The Department of Homeland Security has declared its intention to gather personal data on journalists or others who might use " traditional and/or social media in real time to keep their audience situationally aware and informed ". Well, it'll be interesting to see the reaction of Obama's adoring White House press corps when they discover their activities are being tracked by the Department of Homeland Security. Under the National Operations Center (NOC)'s Media Monitoring Initiative that came out of DHS headquarters in November, Washington has the written permission to retain data on users of social media and online networking platforms. Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances. The department says ...
Your Android really needs Antivirus Security ?

Your Android really needs Antivirus Security ?

Jan 09, 2012
Why shouldn't you protect your Android phone? Why to use an Antivirus for your Android? So that users can protect their devices from trojans, viruses, spyware, and other types of malware. Most people carry a lot of sensitive data on their phones. Recently an SMS Trojan horse posing as a media player began infecting Android phones on Russian networks. Once the victim installed the malicious app, it began sending text messages to premium numbers, leaving the user with a huge phone bill. Also Security researchers from Kaspersky Labs have intercepted a scareware variant targeting Android users, distributed as an Opera Virus Scanner. If the user clicks on the link, they'll be asked to download VirusScanner.apk, which is currently detected as Trojan-SMS.AndroidOS.Scavir. If the user is using a non-Android device, they'll be asked to download VirusScanner.jar currently detected as Trojan-SMS.J2ME.Agent.ij. With this in mind we at The Hacker News have list down the top 5 an...
Finnish ISP is blocking the Pirate Bay, Anonymous stand for Freedom of Expression !

Finnish ISP is blocking the Pirate Bay, Anonymous stand for Freedom of Expression !

Jan 09, 2012
Finnish ISP is blocking the Pirate Bay, Anonymous stand for Freedom of Expression ! Anonymous has urged its followers to target Finnish anti-piracy body the Copyright Information and Anti-Piracy Centre (CIAPC) after it persuaded the Helsinki District Court to force one of the country's biggest ISPs to block access to The Pirate Bay. One of the largest internet service providers in Finland, has been forced to block access to The PirateBay for its customers. Elisa issued a press release  on the matter moments ago. The decision was given by a local district court in Helsinki. Elisa has stated that they will seek correction to the decision in supreme court. " The Helsinki District Court ordered the Elisa 26.10.2011 temporarily suspend a penalty of copyright infringing material available to the public via the Pirate Bay ," it said in a statement. Numerous Twitter accounts linked with the Anonymous collective erupted with messages of discontent and - at times - threats of ...
FBI warning about Banking trojan "Gameover"

FBI warning about Banking trojan "Gameover"

Jan 09, 2012
FBI warning about Banking trojan " Gameover " Organized crooks have begun launching debilitating cyber attacks against banks and their customers as part of a smoke screen to prevent victims from noticing simultaneous high-dollar cyber heists. On Friday the FBI issued a warning about a banking trojan named Gameover. It's a new variant of Zeus, a user credential stealing malware that targets online bank users. Zeus has been around for years, and every now and then a new version with a new twist pops up. Gameover has also been implicated in Distributed-Denial-of-Service attacks that temporarily-disable bank websites to draw attention away from fraudulent transactions. Like another Zeus variant, Troj/BredoZp-GY, Gameover uses e-mail spam to propagate, and the safest way to keep Gameover away from your PC is to avoid links and file attachments that are contained in unfamiliar e-mail messages. Experts warn that any interaction with this fake NACHA link can infect your PC with...
Smart Hacking For Privacy : What TV shows you watch ?

Smart Hacking For Privacy : What TV shows you watch ?

Jan 09, 2012
Smart Hacking For Privacy : What TV shows you watch ? White-hat hackers have exposed the privacy shortcomings of smart meter technology. At the Chaos Communication Congress in Germany, 28C3, researchers presented " Smart Hacking For Privacy " After analyzing data collected by a smart meter, these gentlemen were able to determine devices like how many PCs or LCD TVs in a home, what TV program was being watched, and if a DVD movie being played had copyright-protected material. Dario Carluccio and Stephan Brinkhaus demonstrated the flaws. Advanced metering devices (aka smart meters) are nowadays being installed throughout electric networks in Germany, in other parts of Europe and in the United States. Due to a recent amendment especially in Germany they become more and more popular and are obligatory for new and refurbished buildings. DarrellIssa The researchers, also customers, learnt that energy consumption data was sent unencrypted because SSL was malfunctioning.They int...
Hey @BarackObama ! Please don't extradite Gary McKinnon, CC : @Number10gov

Hey @BarackObama ! Please don't extradite Gary McKinnon, CC : @Number10gov

Jan 08, 2012
Hey @BarackObama ! Please don't extradite Gary McKinnon Gary McKinnon,  a Scottish systems administrator and hacker who has been accused of what one U.S. prosecutor claims is the " biggest military computer hack of all time " by hacking into the Pentagon, faces an ordeal of terrifying brutality if he is extradited to the United States. America wants to put him on trial, and if tried there he could face 60 years behind bars. Note : Request to Every Reader ! Please Re-Tweet/Share this article if you want to Support Gary McKinnon in the fight for justice. The mother Gary McKinnon has called for her son to stand trial in Britain claiming attempts to extradite him to the US have destroyed his life. He claims his motivation, drawn from a statement made before the Washington Press Club on 9 May 2001 by " The Disclosure Project ", was to find evidence of UFOs, antigravity technology, and the suppression of " free energy ", all of which he claims to have ...
Anonymous expose email addresses of British military staff & Nato officials

Anonymous expose email addresses of British military staff & Nato officials

Jan 08, 2012
Anonymous expose email addresses of British military staff & Nato officials Anonymous Hackers expose email addresses of 221 British military staff with encrypted passwords, including those of defence, intelligence and police officials as well as politicians and 242 Nato advisers. " Civil servants working at the heart of the UK government including several in the Cabinet Office as well as advisers to the Joint Intelligence Organisation, which acts as the prime minister's eyes and ears on sensitive information have also been exposed ." from  Guardian  .
XSS vulnerability reported in Yahoo subdomain website

XSS vulnerability reported in Yahoo subdomain website

Jan 08, 2012
XSS vulnerability reported in Yahoo subdomain website Vansh Sharma & Vaibhuv Sharma from India Reported another important Cross site scripting XSS vulnerability in Yahoo subdomain as shown. Vulnerable Link :  https://au.tv.yahoo.com/plus7/royal-pains/ Cross-site scripting ( XSS ) is a type of computer security vulnerability typically found in Web applications that enables attackers to inject client-side script into Web pages viewed by other users.
International Conference on Cyber Security (ICCS) 2012 : Protecting the Cyber World

International Conference on Cyber Security (ICCS) 2012 : Protecting the Cyber World

Jan 08, 2012
International Conference on Cyber Security (ICCS)  2012 : Protecting the Cyber World The FBI is teaming up with Fordham University for the International Conference on Cyber Security. It's an effort to identify emerging cyber threats and develop ways to mitigate those threats. The ZeuS Trojan has infected almost 4 million computers in the United States alone. Financial losses due to the ZeuS Trojan are estimated at up to $60 million. The third annual International Conference on Cyber Security: A White Hat Summit (ICCS 2012), a joint effort between the Federal Bureau of Investigation and Fordham University, brings together global leaders from law enforcement, industry and academia at Fordham's Lincoln Center campus from January 9 through 12, 2012. The conference will include three days of lectures, panel discussions, sponsor presentations, exhibitions, and exceptional networking opportunities. ICCS 2012, a four-day event features more than 65 unique lectures from keynote...
Wireless Penetration Testing Series Part 1: Getting Started with Monitoring and Injection

Wireless Penetration Testing Series Part 1: Getting Started with Monitoring and Injection

Jan 07, 2012
Wireless Penetration Testing Series Part 1 : Getting Started with Monitoring and Injection We had promised a while back that we would start a Wireless Security and Penetration testing series based on the SecurityTube Wi-Fi Security Expert (SWSE) course! This course is based on the popular and much appreciated book – " Backtrack 5 Wireless Penetration Testing ", So here we go . In the first two videos, the instructor gets us up and running with our lab setup – access points, victim and attacker machines, wireless cards etc. We then learn that there are 2 essential concepts which one needs to be aware of when dealing with security – ability to monitor and ability to actively prevent attacks. For monitoring, we need to be able to put our wireless cards into "promiscuous mode" so that it can gather all the packets in the air. This is called monitor mode in wireless and we can do this by using a utility called airmon-ng. For active prevention, we need the ability to inject arbitrary pac...
M86 Security detected Web exploitation attacks using AJAX

M86 Security detected Web exploitation attacks using AJAX

Jan 07, 2012
M86 Security detected Web exploitation attacks using AJAX Security researchers from Web filtering vendor M86 Security have detected Web exploitation attacks that use AJAX to fragment the payload into small pieces of code that are harder to detect by antivirus programs and intrusion prevention systems. The attack starts on a page that contains an unsuspicious piece of JavaScript code that is similar to that commonly found on legitimate AJAX-using websites. This code is responsible for fetching the payload in multiple chunks and assembling it back together on the client before executing it. Different pages found by M86 on the attack server exploited vulnerabilities in unpatched versions of Flash Player and Internet Explorer. Bogdan Botezatu, an e-threats analyst at antivirus vendor BitDefender said " This attack scenario definitely has its advantages: by passing the payload in several distinct chunks, the offending packets would likely avoid interception as they pass throug...
Hackers selling cheap BOTNETs and DDOS on forums

Hackers selling cheap BOTNETs and DDOS on forums

Jan 06, 2012
Hackers selling cheap BOTNETs and DDOS on forums The Internet has revolutionized shopping around the world. Security researchers F-Secure reported recently in a post that hackers are Selling Cheap DDOS services on Various Forums. Hackers are offering services like distributed denial of service attacks (DDoS), which can be used to knock website offline in just 1 - 2 hours / 2$ per hour. They Posted a Youtube Video in which a young woman advertises DDoS services. " We are here to provide you a cheap professional ddos service.We can hit most large websites/forums game servers.We will test the website/server before accepting your money.Due to the nature of the business we dont offer refunds. " Offer said . There is another Interesting Hacker's Shop ! Moreover, for their assaults, the hackers chiefly utilize botnets, while ignorant operators of computers remain unaware that they've gotten contaminated with malware as also being controlled remotely. " Do you wan...
Next Microsoft Patch Tuesday include BEAST SSL fix

Next Microsoft Patch Tuesday include BEAST SSL fix

Jan 06, 2012
Next Microsoft Patch Tuesday include BEAST SSL fix Microsoft's first batch of patches for 2012 will include fixes for security vulnerabilities in the Windows operating system and Microsoft Developer Tools and Software. The patches will be released next Tuesday (Jan 10, 2012) at approximately 1:00 PM EST. The solitary critical bulletin in the batch fixes a remote code execution issue in Media Player. The remaining six important bulletins due next Tuesday handle the BEAST SSL issue and various information disclosure bugs, escalation of privilege issues and an update to Microsoft's SEHOP (Structured Exception Handler Overwrite Protection) technology to enhance the defence-in-depth capability that it can offers to legacy applications.  The BEAST/SSL patch was supposed to have been included in December's Patch Tuesday release but had been pulled at the last minute due to some testing problems involving a third-party vendor, according to Microsoft. Henry noted that despite all ...
Ramgen-Janelle Scandal video posted on deface page of Philippines Premiere Bank

Ramgen-Janelle Scandal video posted on deface page of Philippines Premiere Bank

Jan 06, 2012
Ramgen-Janelle Scandal video posted on deface page of Philippines  Premiere Bank A defaced linked of the website of the Premiere Bank Philippines which contains a video of Ramgen-Janelle Sex Video Scandal is the talk of the town and widely spread in the IRC and Facebook today. The defacer who uploaded the video claims to be kenjie miranda of h4ckz0n3.The defacer who uploaded the video claims to be kenjie miranda of h4ckz0n3 . Regarding with the case of this video which violates the ANTI- VOYEURISM LAW OF 2009, Senator Revilla Jr. already asked the National Bureau of Investigation to investigate the spread of Ramgen-Janelle intimate video. The video is already viral in torrent sites and forums sites. [ Source ]
Ping.fm vulnerable to Clickjacking (Video Demonstration)

Ping.fm vulnerable to Clickjacking (Video Demonstration)

Jan 06, 2012
Ping.fm vulnerable to Clickjacking (Video Demonstration)  Two Indian Hackers Aditya Gupta(@adi1391) and Subho Halder (@sunnyrockzzs) have discovered Clickjacking vulnerability in one of the famous website " Ping.FM ". Clickjacking is a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. This is based on a technique known as clickjacking ( or UI Redressing ) where an attacker could perform actions on the behalf of user by tricking the user to click on a button or perform some other action. This vulnerability was earlier seen in Twitter where it allows the status to be loaded through the GET method, and an attacker could frame the twitter webpage and trick the user to click on the tweet button, with the user thinking that its a part of the attacker's webpage. This can be disabled by setting the X-FRAME-ORIGIN method to SAME ORIG...
Hackers leak the Source Code for Symantec Product

Hackers leak the Source Code for Symantec Product

Jan 06, 2012
Hackers leak the Source Code for Symantec Product A group calling itself the Lords of Dharmaraja posted an Adobe document online Wednesday that it claimed was a glimpse of the source code for the internet security software. But Symantec spokesman Cris Paden said "no source code was disclosed" in the post, which was a 12-year-old document describing how the software worked, but not the code. Paden said Symantec continues to investigate the hackers' claim that they have source code. But now Symantec, the makers of Norton AntiVirus, has confirmed that a hacking group has gained access to some of the security product's source code. " Symantec can confirm that a segment of its source code has been accessed. Symantec's own network was not breached, but rather that of a third party entity.We are still gathering information on the details and are not in a position to provide specifics on the third party involved.Presently, we have no indication that the code disclosure...
FreeDOS 1.1 released after being in development for several years

FreeDOS 1.1 released after being in development for several years

Jan 06, 2012
FreeDOS 1.1 released after being in development for several years FreeDOS 1.1 has been released after being in development for several years. FreeDOS is an opensource operating system aiming to provide the same (or better) functionality as Microsoft'sold MS-DOS. Right now the main use is running old games and software, but you might encounter it on somefreshly sold computers, motherboard setup CDs, BIOS flashing diskettes, embedded hardware and other uses. Bernd Blaauw has been hard at work, updating FreeDOS distribution to include the latest packages. Bernd writes: " In its current form this new distribution is best suited as a CD-ROM disk to install FreeDOS from onto harddisk. Sources are included. It might be considered as replacement for the current 'base-only' 1.0 distributions as created by Blair and Jeremy, however it's less functional as it's missing the Live Environment part (\FDOS directory on CD). " New Version include the FreeDOS 2040 ke...
Expert Insights Articles Videos
Cybersecurity Resources