The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cyber Criminals took over billion dollar of Brazilian companies PricewaterhouseCoopers has revealed in a report that cyber criminals are now shifting their attacks towards emerging markets, especially those engaging with carbon emission trades which promote low carbon technologies but whose security measures have not yet grown to combat online attacks. In Brazil, 8% of the companies under attack of Cyber Criminals and had losses above $ 1 billion of Brazilian companies. A recent survey by PricewaterhouseCoopers (PwC) finding that over one third of Brazilian companies (32%) was the victim of cybercrime last year. The world average is lower, 23% of companies have been targets of cyber attacks in 2011. More than half of Brazilian executives (51%) explained that one of the biggest problems related to awareness and combat electronic crime is the fact that management of their companies adopted only informally or on an ad hoc solutions and security processes. Cyber criminal...

The Killswitch : They can remotely modify your Window 8 Last year,a Finnish software developer, was cruising Google's Android Market for smartphone apps last year when he noticed something strange. Dozens of best-selling applications suddenly listed the same wrong publisher. Google uses a little known kill switch, to forcibly removing the malicious code from more than 250,000 infected Android smartphones. It's a powerful way to stop threats that spread quickly, but it's also a privacy and security land mine. With the rollout of the Windows 8 operating system expected later this year, millions of desktop and laptop PCs will get kill switches for the first time. Microsoft has confirmed that they have remote kill switch installed in to Windows 8 apps. using this access, they can disable and even remove an app entirely from a user's device. This piece of information was released along with other details of the upcoming Windows Store for Windows 8. Anyone worried about Microso...

Interpol  #TangoDown , Suspected 25 Anonymous arrested Interpol's Web site (www.interpol.int) went down Tuesday just hours after the international police agency announced the arrest of 25 suspected members of the hacking collective Anonymous in Argentina, Chile, Colombia and Spain. The authorities in Argentina, Chile, Colombia and Spain carried out the arrests and seized 250 items of IT equipment and mobile phones, Interpol says.Those arrested are aged between 17 and 40. A National Police statement said two servers used by the group in Bulgaria and the Czech Republic had been blocked.It said the four included the alleged manager of Anonymous' computer operations in Spain and Latin America, who was identified only by his initials and the aliases " Thunder " and " Pacotron ". Authorities in Europe, North America and elsewhere have made dozens of arrests, and Anonymous has increasingly attacked law enforcement, military and intelligence-linked targets in retal...

$60000 for Exploiting Google Chrome, Hackers at Pwnium  work... Google has offered prizes, totalling $1 million, to those who successfully hack the Google Chrome browser at the Pwn2Own hacker contest taking place next week i.e 7 March 2012. Chrome is the only browser in the contest's six year history to not be exploited like at all.  Therefore Google will hand out prizes of $60,000, $40,000, and $20,000 for contestants able to remotely commandeer a fully-patched browser running on Windows 7. Finding a "Full Chrome Exploit," obtaining user account persistence using only bugs in the browser itself will net the $60k prize. Using webkits, flash, or a driver-based exploit can only earn the lesser amounts. Prizes will be awarded on a first-come-first-serve basis, until the entire $1 million has been claimed. " While we're proud of Chrome's leading track record in past competitions, the fact is that not receiving exploits means that it's harder to learn and imp...

Secunia PSI 3.0 : Automatic Patching Of Insecure Applications Secunia Personal Software Inspector (PSI) is a free program that scans the system for programs that are installed in an outdated version.The developers have just released the first beta version of Secunia PSI 3.0 for Windows. A new version of the Personal Software Inspector (PSI) tool from vulnerability management firm Secunia automates the updating of third-party programs that don't already have auto-updaters built-in. When you start the program for the first time after installation, you are asked to run a scan on the system. Secunia compares the list of installed software with the latest versions stored in their database. A list of outdated programs are then displayed in the program interface. Though most software vendors release patches, its tedious for users to find these updates and download them, where Secunia inspector tool identifies vulnerable programs and plug-ins in your Computer, download and installs all t...

Irongeek 's Shared hosting MD5 Change Detection Script Adrian Crenshaw aka  Irongeek  just release another great tool for web admins that will monitor the files on a website, and report any changed via email. Actually " irongeek.com " was hacked few days back which is hosted on a shared hosting. There is an awesome article posted by him on his blog " How I Got Pwned: Lessons in Ghetto Incident Response ". I think after that  Adrian decide to make a handy tool/script to help web admins so that they can easily monitoring there files on a shared server. This simple shell Script user can run on a shared server. Let suppose once hackers get into your website either by exploiting known vulnerabilities in any of the installed programs OR by getting FTP access to your server, the first thing they usually do is to plant backdoor scripts to log them in again at a later date. They need some executable script on the server to gain access to MySQL passwords, installatio...

r00tw0rm leak United Nations Environment Programme database r00tw0rm group of Hackers hack and leak the complete 82.8 MB database from The united nations environment programme ( UNEP ), which is the voice for the environment in the united nations system. Via a tweet, r00tw0rm shout ," United nations environment programme https://pastebin.com/pXXNv2rH @inj3ct0r @AntiSecOp @sanjar_satsura @Oblivi0u5 @AnonymousIRC @OpCensorThis_ " Hackers leaks data on various file hosting sites such as rapidshare . According to leak, 5 databases and 100's of tables with admin logins and users data.  The united nations environment programme ( UNEP ) website is currently down while writing this post. Other Hacks by r00tw0rm can be seen here .

Occupy Obama's Google+ ,Chinese Internet Users Flood G+ Page Many Chinese have taken up a call to " Occupy Obama's Google+ " over the weekend in the style of Occupy Wall Street in order to feel "close" to the popular world leader as well as air some of their views. Hundreds of Chinese have flooded US President Barack Obama's Google+ page, apparently taking advantage of a glitch in China's censorship system to post about human rights and green cards. At first glance, it looks like the official Google+ page is being spammed, but taking a look at some of the comments left in English, you'll realise that it's Chinese citizens who have taken to the social network to decry their government's appalling human rights track record. Some netizens urged Obama to help free activists such as blind lawyer Chen Guangcheng, who is currently under house arrest, or Liu Xiaobo, the jailed Nobel Peace Prize winner. Some comments left by the Chinese called for free speech and human rights. Other...

Ascend D quad : World's fastest Android by Huawei Huawei has introduced what it calls the world's fastest quad-core smartphone, the Huawei Ascend D quad. Powered by Huawei's K3V2 quad-core 1.2GHz/1.5GHz processor the beast comes with Android 4.0. In an aggressive presentation at the Mobile World Congress Show in Barcelona, Huawei repeatedly compared its new product to Samsung's Galaxy Nexus and Apple's latest iPhone. Huawei also unveiled the Ascend D quad XL and Ascend D1. Both devices include 32-bit true color graphic processors, an 8-megapixel rear-facing camera with 1080p full HD video capture and a 1.3-megapixel front-facing camera with 720p video capture. The phone also has Dolby 5.1 Surround Sound and Audience earSmart voice technology and an 8-megapixel BSI rear-facing camera, 1.3 megapixel front-facing camera, and 1080p full HD video-capture and playback capabilities. Ascend D Quad is much faster, too- 20 percent to 30 percent faster, in fact, than one running...

WikiLeaks suspect Bradley Manning nominated for Nobel Peace Prize 2012 A spokesman for the Nobel Peace Prize jury says 231 nominations have been submitted for this year's award, with publicly disclosed candidates including WikiLeaks whistle-blower Bradley Manning may be among the hundreds of nominees for the 2012 Nobel Peace Prize, rights activists say. Bradley Manning, a 23-year-old Army intelligence analyst, is accused of leaking a video showing the killing of civilians, including two Reuters journalists, by a US Apache helicopter crew in Iraq. He is also charged with sharing the documents known as the Afghan War Diary, the Iraq War Logs, and embarrassing US diplomatic cables, with the anti-secrecy website WikiLeaks. The video and documents have illuminated such issues as the true number and cause of civilian casualties in Iraq, human rights abuses by U.S.-funded contractors and foreign militaries, and the role that spying and bribes play in international diplomacy. Among th...

#WikiLeaks publishes millions of Hacked Stratfor E-mails #gifiles WikiLeaks today began publishing more than five million confidential e-mails from US-based Intelligence firm Stratfor.  About 5.5m emails obtained from the servers of Stratfor, a US-based intelligence gathering firm with about 300,000 subscribers and has been likened to a shadow CIA. The emails, snatched by hackers, could unmask sensitive sources and throw light on the murky world of intelligence-gathering by the company known as Stratfor, which counts Fortune 500 companies among its subscribers. Stratfor in a statement shortly after midnight said the release of its stolen emails was an attempt to silence and intimidate it. The Online organisation claims to have proof of the firm's confidential links to large corporations, such as Bhopal's Dow Chemical Co and Lockheed Martin and government agencies, including the US Department of Homeland Security, the US Marines and the US Defense Intelligence Agency....

Internet censorship in Pakistan , National Filtering and Blocking System A Pakistan government department has called for proposals for the development, deployment and operation of a national level URL Filtering and Blocking System. The proposal request states that each box of the system " should be able to handle a block list of up to 50 million URLs with a processing delay of not more than 1 millisecond. " According to a request for proposals from the National ICT (Information and Communications and Technologies) R&D Fund, the Pakistani government is struggling to keep a lid on growing Internet and Web use and is looking for a way to filter out undesirable Web sites. The 'indigenous' filtering system would be 'deployed at IP backbones in major cities, i.e., Karachi, Lahore and Islamabad,' the RFP . According to a post on EEF , Ever since the Pakistan Telecommunication Act, passed in 1996, enacted a prohibition on people from transmitting messages that are " fals...

Hackers leak objectionable  Photos from LA cops inbox CabinCrew group of Hackers, that claims to have found, and reported, objectionable photos of children in an officer's private e-mail account, anonymously posted hacked police data to a website. More than 100 local law enforcement officers had their private information pilfered and published on a public website prompting a response from the FBI " Over the past three weeks, we in the cabin have been targeting law enforcement sites across the United States, be it for injustices they have allowed through ignorance or naivety, taken part in, or to point out the fact that their insecurity failed to protect the safety of those they took an oath to serve, " the hacker statement on the Pastebin site said. The hackers posted officers' property records, campaign contributions, biographical information and, in a few cases, the names of family members, including children. Authorities said the current intrusion is different ...

Facebook app spreading Android Malwares Even though Google recently introduced a malware-blocking system called Bouncer to keep the Android Market safe from malicious software, crafty spammers and fraudsters are still managing to find ways around the restrictions to get their software onto users' phones. Security firm, Sophos have reported that there is malware going around via the Facebook application. The malicious software disguises itself as an Android app named "any_name.apk" or "allnew.apk" and is sent to Android phones via Facebook's mobile app.  An Android user may receive a Facebook friend request and if the user goes to the requester's profile to check them out, they could be diverted to another web page instead, where the malicious app will be automatically downloaded. Although Android doesn't by default allow apps to be automatically downloaded, some users choose to turn off this protection in order to have access to apps distributed outside of the Android Market. ...

Millions of pcAnywhere users still Vulnerable to hijacking 3 weeks before we reported that Symantec releases patch to address pcAnywhere source code exposure, because attackers had obtained the remote access software's source code. But According to H.D. Moore, chief security officer at Rapid7, estimated 150,000 to 200,000 PCs are running an as-yet-unpatched copy of the Symantec software. While Symantec said it had patched all the known vulnerabilities in pcAnywhere. Symantec has released new information and a patch to address the recent code exposure incident. According to Computerworld report, PCs connected to the Internet, including as many as 5,000 running point-of-sale programs that collect consumer credit card data, could be hijacked by hackers exploiting bugs in the troubled program. Symantec released a patch that eliminates known vulnerabilities affecting pcAnywhere 12.0 and pcAnywhere 12.1.At this time, Symantec recommends that all customers upgrade to pcAnywh...

Zero-day Smartphone Vulnerability exposes location and User Data Smartphones are increasingly becoming the preferred device for both personal and professional computing, which has also attracted hackers to increase their focus on creating malware and other security vulnerabilities for these devices. A former McAfee researcher " Dmitri Alperovitch " has used a previously unknown hole in smartphone browsers to plant China-based malware that can record calls, pinpoint locations and access user texts and emails. He conducted the experiment on a phone running Android operating system, although he saysApple Inc.'s iPhones are equally vulnerable. Android is particularly vulnerable because it has become the main operating system for mobile devices. Today most smartphones are android-based therefore there is a huge dividend for hackers to write Android-targeted malware compared to other operating systems. Alperovitch, who has consulted with the U.S. intelligence community, is...

Another #FuckFBIFriday , Anonymous hack FBI partner Infragard As Anonymous has promised that it will attack government, corporate and law enforcement web sites every Friday, So Anonymous has attacked the FBI affiliate Infragard for the second time, this time taking over and defacing the web site of its Dayton, Ohio chapter. Hackers give message " Greetings Pirates! Another #FuckFBIFriday is here and once again we emerge from the hacker underground to wreak havoc upon the 1%'s institutions of repression " . InfraGard is a private non-profit organization serving as a public-private partnership between the U.S. businesses and the FBI. However, Anonymous has its own definition - " the sinister alliance between law enforcement, corporations, and white hat wannabees, " the group wrote in a note it posted onto the homepage of InfraGard Dayton, Ohio. Mirror link of hack is here .

Spain Police under Anonymous attacks after another Arrests in Spain Anonymous attacks Official Site of the National Police ( https://policia.es/ ) after the arrests of suspected Anonymous hacktivists . The Spanish branch of the group has reported that six hacktivists have been arrested in Spain over the past few days. The police did not confirm the identity of the suspects, but claimed the force's technological investigation brigade is conducting a large operation. Anonymous Tweet : " @AnonOps 6 #Anonymous were caught by the police in spain. They're talking about a big anti-hack operation" We know. Expect uspolicia.es DOWN | #Anonymous #Spain " . Last week, Following the arrest of three young Anonymous hackers in Greece, the collective carried out a second assault on the ministry of justice's website, defacing its homepage. Last June Anonymous launched #OpPolicia, a successful DDoS attack against the Spanish National Police website. The attack was a direc...

Metasploit Framework 4.2.0 : IPv6, VMware, and Tons of Modules! Since last release in October, Metasploit added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads.  Metasploit 4.2 now ships with thirteen brand new payloads, all added to support opening command sessions and shells on IPv6 networks. In addition, Metasploit's existing arsenal of payloads has been updated to support IPv6 as well. With this release comes a pile of new modules targeting VMware vSphere/ESX SOAP interface, as well as a pair of new brute force modules to audit password strength for both vmauthd and Virtual Web Services. Metasploit 4.2 now ships with fourteen new resource scripts, nearly all of which were provided by open source community contributors. These scripts demonstrate the power of Metasploit's extensible architecture, allowing programmatic Metasploit module usage through the powerful Ruby scripting language. Download Metasploit Framework 4.2....

PacketFence 3.2.0 released The PacketFence development team has published version 3.2.0 of its open source network access control (NAC) system. PacketFence allows organisations to increase control over their network by enforcing authentication and registration for newly connected devices. It also enables abnormal network activity detection and the isolation of troublesome devices. New features in 3.2.0 OpenVAS Vulnerability Assessment integration for client-side policy compliance Bandwidth violations based on RADIUS accounting information Billing engine integration for allowing the use of a payment gateway to gain network access. PacketFence 3.2.0  fix Reflected Cross-site scripting (XSS) in Web Admin printing system. Further information about the update, including a full list of changes, can be found in the official release announcement and in the change log . PacketFence 3.2.0 Download