The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

LulzSec hacker pleads guilty in Sony breach Accused LulzSec hacker Cody Kretsinger pleaded guilty today in a federal court in Los Angeles, California, to felony charges associated with the breach of Sony Pictures Entertainment that occurred in mid-2011. The hacker had previously pleaded not guilty.Kretsinger was arrested last September, months before the recent raid on the "leaders" of the group. The hacker had been charged with conspiracy and the unauthorized impairment of a protected computer and pleaded not guilty at the time for both counts. The indictment accused Kretsinger and co-conspirators of stealing confidential information from Sony Pictures' computer systems and distributing the material on LulzSec's website before trumpeting the attack on Twitter. The breach caused more than $600,000 in damages, according to court papers. He and other LulzSec hackers, including those known as "Sabu" and "Topiary," stole the personal information...

British Paypal hacker jailed for stealing millions Identities A UK cybercrook has been jailed for 26 months following his conviction for stealing millions of banking and PayPal identities. According to Report, Southwark Crown Court heard how Edward Pearson, 23, could have made about £834,000 if he chose to use the information he hacked out of people's Paypal accounts. Pearson, an 'incredibly talented' boarding school student who carried out the crime for an 'intellectual challenge', has been jailed for two years and two months. "One of his programs scanned through 200,000 accounts registered to online payment service PayPal - identifying names, passwords and current balances." according to the Daily Mail. Pearson might have been able to cash out the compromised accounts and make hundreds of thousands in ill-gotten gains. But in the event he actually only made £2,400 before his 21-year-old student girlfriend, Cassandra Mennim, used stolen credit cards to book...

Al-Qaeda websites hacked and remains down for past 12 days Al-Qaeda's main internet forums have been offline for the past 12 days in the longest sustained outages of the sites since they began operating. Several online forums frequently visited by al-Qaeda operatives were downed over the course of the last few weeks, including two of the terrorist organization's top sites, al-Fida and Shamukh al-Islam. No one has claimed responsibility for disabling the sites but the breadth and duration of the outages have prompted speculation the forums have been taken down in a cyber attack launched perhaps by a government or hacking group. The digital sabotage could have been carried out by any number of governments or private hackers, said James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies. Some analysts have speculated that the administrators of the sites might have taken them down if they suspected that the forums had...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

" Reboot " - Upcoming latest Hacker Movie you should watch Rosa Entertainment and Jan-Ken-Po Pictures just announced that their cyberpunk thriller short film " Reboot " will launch with a Sneak Preview at DEFCON. Written and Directed by Joe Kawasaki, and Produced by Sidney Sherman, the film stars a bevy of hot up-and-coming actors including Emily Somers (Gabriele Muccino's upcoming "Playing the Field"), Travis Aaron Wade ("War of the Worlds"), Martin Copping (Australian series "Neighbours"), Sonalii Castillo ("NCIS"), and Janna Bossier (Slipnot's "Vermilion"). Set within a dystopian world that is a collision between technology and humanity, "Reboot" touches upon many of the current social and political concerns that arise from becoming more and more intertwined with the virtual. In contemporary Los Angeles, a young female hacker (Stat) awakens from unconsciousness to find an iPhone glued to her hand and a mysterious countdown ticking away on the display. Suffering fr...

More than 600000 Macs system infected with Flashback Botnet The computer security industry is buzzing with warnings that more than half a million Macintosh computers may have been infected with a virus targeting Apple machines. Dr. Web originally reported Wednesday that 550,000 Macintosh computers were infected by the growing Mac botnet. But later in the day, Dr. Web malware analyst Sorokin Ivan announced on Twitter that the number of Macs infected with Flashback had increased to 600,000, with 274 of those based in Cupertino, Calif. Dr. Web explained that a system gets infected with the Mac Flashback trojan " after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system ." A specific JavaScript code on the site that contains the virus is then used to load a Java applet, which is how the malware makes its way onto a user's computer. This Trojan spreads via infected web pages and exploits Java vulnerabilities that have be...

Anonymous Plans 7 April Attack on British government UK hackers linked to the Anonymous group are encouraging supporters to attack the Home Office website this Saturday (7 April) in protest at the extradition of three UK citizens to the US. Called #OpTrialAtHome , the hacktivist group @AnonOpUK posted a warning on its Twitter page that an attack on the Home Office was planned for Saturday, 7 April. An associated photo/poster shows images of Gary McKinnon, Richard O'Dwyer and Christopher Tappin. McKinnon and O'Dwyer are awaiting extradition from the UK to the US. Tappin's extradition was effected on 24 February when he was flown to El Paso, Texas. Supporters have been encouraged to launch denial-of-service attacks on the Home Office's IP address, which Anonymous has revealed. Those not savvy enough to launch automated attacks on the site could contribute to the effect by simply visiting the site in large numbers. Julian Assange, the editor-in-chief and founder of WikiLeaks, ...

Anonymous hacks 500  Chinese websites Messages by the international hacking group Anonymous went up on a number of Chinese government websites on Thursday to protest internet restrictions. " Dear Chinese Government, you are not infallible, today websites are hacked, tomorrow it will be your vile regime that will fall, " the message read in English. " So expect us because we do not forgive, never. What you are doing today to your Great People, tomorrow will be inflicted to you. With no mercy. Nothing will stop us, nor your anger nor your weapons. You do not scare us, because you cannot afraid an idea. " Some of the messages were directed at the Chinese people while others addressed the government. Some websites that Anonymous said it attacked were working Thursday, and government officials denied the sites were ever hacked. China's National Computer Network Emergency Response Technical Team was not available for immediate comment. The hacks were announced on...

Internet #Censorship : CISPA - Newest Cyber Security Bill If you download and distribute copyrighted material on the Internet, or share any information that governments or corporations find inconvenient, you could soon be labeled a threat to national security in the United States. That's the aim of a bill in Congress called the Cyber Intelligence Sharing and Protection Act (CISPA). The good news is that SOPA and PIPA haven't come to pass, but the bad news is that they could be followed by a bill that is even more invasive and could violate even more of your civil liberties. According to a press release issued last week, the bill already has over a 100 congressional co-sponsors. Yet the bill is only now beginning to appear on the public radar. CISPA would let companies spy on users and share private information with the federal government and other companies with near-total immunity from civil and criminal liability. It effectively creates a 'cybersecurity' exemption to all ex...

Anonymous Exposes data of 10,000 Civic Democrats from Czech Last week, Hackers posted on the internet the private data of Czech Prime Minister Petr Necas, including the numbers of his three mobile telephones, after a series of cyber attacks on government web sites. Hacker groups Anonymous and TrollSec claimed responsibility for the cyber attacks and for posting private data of the prime minister, saying they were protesting the Czech authorities, who are ignoring public sentiment and want to ratify the controversial agreement. The cyber attacks on the Czech government web sites, including on the Cabinet's website, come in the wake of worldwide protests against the ratification of the Anti-Counterfeiting Trade Agreement (ACTA). Today Anonymous Hackers claim to released personal details about members of the largest of the three parties in the ruling Czech coalition, the Civic Democrats (ODS). Details including mobile telephone numbers and personal ID card numbers were made publ...

Adobe releases open source malware classification tool Adobe Systems has released a malware classification tool in order to help security incident first responders, malware analysts and security researchers more easily identify malicious binary files. The ' Adobe Malware Classifier ' tool uses machine learning algorithms to classify Windows executable and dynamic link library (DLL) files as clean, malicious or unknown, Adobe security engineer Karthik Raman said in a recent blog post , Raman originally developed Malware Classifier for in-house use by Adobe's Product Security Incident Response (PSIRT) Team. When run, the tool extracts seven key attributes from every analyzed binary file and compares them to data obtained by running the J48, J48 Graft, PART, and Ridor machine-learning algorithms on a set of 100,000 malicious programs and 16,000 clean ones, Raman said. " Malware classification can be a difficult task for even experienced analysts, especially in the modern ...

Cloudworm - Candidate MS12-020 - POC How secure are cloud servers? In technical circles, people are aware of the cloud variables and that cloud service providers offload the virtual machine security onto the customer as much as possible. Technical people know this. Not all cloud customers fall into this category and not all clouds are created equally. There are more casual and also very (too busy) customers as well. It is highly probably that many Windows cloud images may be vulnerable to a MS12-020 RDP exploit by default. New research using the nmap nse script " rdp-ms12-020.nse " developed by @ea_foundation shows that all Rackspace Windows cloud images are vulnerable by default. And on AWS EC2 any existing, unpatched Windows AMIs or EBS images (pre 2012.03.13) that are booted with the AWS Management Console default firewall ruleset are vulnerable as well. A Cloudworm Although cloud service providers have taken some steps to mitigate MS12-020, it is nowhere near enough...

Johnny - GUI for John the Ripper Johnny is a GUI for John the Ripper. It was proposed by Shinnok. s release includes all things from development release plus nice tabbed panel for mode selection and some additional clean-ups. Basic functionality is supposed to work: password could be loaded from file and cracked with different options. The reasoning behind Johnny is simple but at the same time profound: Complexity through simplicity and non-intrusive expert and non-expert availability. Johnny is a GUI concept to John the Ripper written in C++ using the Qt framework, making it cross-platform on both Unix/Linux and Windows operating systems. It was programmed as a part of the Google Summer of Code 2012 and supports bother 32-bit and 64-bit architectures. The interface also leaves room for lots of new options, either future John options, as well as GUI specific options like, hash detection, dictionary editing and generation or interactive bruteforce charsets or rules creation and many ...

POC Android botnet - Command and Control Channel over SMS To avoid detection, this proof-of-concept code utilizes the Short Messaging Service (SMS) as a command & control channel. This adds fault tolerance because, if a smartphone is not available on the GSM network due to being powered off or out of service range, when an SMS message arrives for delivery, the message is queued and delivered by the network. Download the POC code from Here. Compiling instructions are simple and straight forward. Please follow these: Compile with arm-gcc with the -static flag set Copy to anywhere on the underlying OS that is writable (/data/ is good). Rename /dev/smd0/ to /dev/smd0real/ Start the bot application Kill the radio application (ps | grep rild) The radio will automatically respawn and now the bot proxy will be working The PoC code for smartphone botnet C&C over SMS was presented at the Shmoocon held in January 2011. It seems that the author also has it working for the ...

Cyber Warfare - The Hacker News Magazine April 2012 Edition Call it Cyber Warfare, Terrorism, Computer Mania this month The Hacker News turns over every leaf of the newest way world citizens are fighting wars and using their keyboards to destroy planet earth. Most call it Cyber Warfare and we are once again proud to have some fantastic writers like Pierluigi Paganini , Mourad Ben Lakhoua , Lee Ives , Paul F. Renda and Ahmed Sherif back with us to help educate all our readers about the impending cyber war crisis and what we can do about it. Pierluigi Paganini gives us a step by step technical understanding of the issue and Ahmed Sherif gives a fantastic look at SCADA, the workings and the take downs. Join us as we explore this new frontier and let us know how you feel and what you have learned! Download   (Cyber Warfare)   April Edition [7.05 Mb PDF] Want to Download All other Editions ? [ Click Here ]

The Pirate Bay Buys Greek Airspace for Launching Low Orbit Server Drones Few days back we reported that , One of the world's largest BitTorrent sites " The Pirate Bay " is going to put servers on GPS-controlled aircraft drones in order to evade authorities who are looking to shut the site down. Most of the people from World didn't take it serious, well but The Pirate Bay is apparently deadly serious about investing in drone servers that it will fly in international airspace to make it incredibly difficult for governments to stop its expansion. A blog posting on the Pirate Bay site said the service had gone offline for a few hours on 18th March to move its front machines (which redirect a user's traffic to a masked location). " We have now decided to try to build something extraordinary ," it said. If actually happening, it is part of a wider move to stay several steps ahead of the law, with The Pirate Bay gleefully thumbing its nose at the legislative attempts...

New Java Exploits boosts BlackHole exploit kit A widely disseminated exploit kit popular with hackers has been updated to take advantage of a recently discovered Java vulnerability. Researchers at Microsoft reported last week that it had observed this vulnerability being exploited in the wild. The Java exploit allows attackers to bypass the Java Runtime Environment's sandbox platform to install malicious code remotely. The malicious Java applet is loaded from an obfuscated HTML file. The Java applet contains two Java class files one Java class file triggers the vulnerability and the other one is a loader class used for loading. Named CVE-20120-0507, the flaw essentially allows hackers to bypass the Java sandbox, which is a mechanism designed to blunt attacks from malicious code. For its part, the BlackHole exploit kit, available underground, allows users armed with only basic computer knowledge to set up malicious websites to target vulnerable computers through the web browser...

Lulzsec Ryan Cleary Again in Jail for breaking his bail conditions The lawyer for a 19-year-old Briton Ryan Cleary suspected of links to the hacking group Lulz Security says her client's back behind bars for breaching his bail conditions. Mr Cleary, is accused of being a member of the hacktivist group LulzSec as it carried out a series of attacks on targets including the UK's Serious Organised Crime Agency, the CIA and News International. Cleary, who was never an official LulzSec member but ran an Internet Relay Chat that the group used to communicate, had apparently been trading e-mails with Hector Xavier Monsegur, a.k.a. Sabu, the recently outed LulzSec mastermind turned FBI informant. That was a direct violation of his bail agreement, which dictated that Cleary was to have no access to the Internet whatsoever. The Metropolitan Police said Cleary was rearrested on March 5, a day before the FBI disclosed that Monsegur, better known as Sabu, had been secretly working as...

Chinese hacker targeting Indian government and Tibetan activists Sites Websites of Indian government and Tibetan activists in the country are under attack in a cyber attack campaign engineered by a Chinese hacker, working with one of the world's largest e-tailers Tencent. The cyber criminal in question is Gu Kaiyuan, once a graduate student at a Chinese university that receives government financial support for its computer security program and currently an employee at Chinese portal Tencent. Before Kaiyuan initiated the exploits, collectively called the Luckycat campaign , he was involved in recruiting students for his school's computer security and defense research. The Luckycat cyber campaign, has been linked to 90 attacks in recent past against targets in India and Japan, as well as against Tibetan activists, said the report released by the Japanese network security firm. 'Luckycat' has been able to compromise about 233 computers many of which are in India. A report...

Android Malware as Chinese game " The Roar of the Pharaoh " Security researchers have spotted a bogus Chinese game, that's actually a trojan horse gathering sensitive information from infected devices, next to sending premium-rate SMS messages. It is Chinese game that is original with its rights but on Android it is a fake application that inherits malware Trojan to steal important information from your cell phone. The malware works after an unknowing Android handset owner installs the app, allowing the malware to collect data, such as phone number, IMEI number, phone model, screen size and platform, and recording the OS version and platform used for sending via SMS to the Trojan's authors. But it also noted the new Trojan is unusual as it does not ask for any specific permissions during installation, which is often an indicator an application is up to no good.It added the malware masquerades as a service called " GameUpdateService " a very plausible name for a ...

U.S. Ambassador claim to be hacked by Russians Michael McFaul, the U.S. ambassador to Russia, took to Twitter Thursday night to accuse Russian media organization NTV of hacking his cell phone and email account. " I respect the right of the press to go anywhere & ask any question. But do they have a right to read my email and listen to my phone? " he tweeted this afternoon. when McFaul arrived for a meeting with the group For Human Rights today, reporters from state-owned NTV began peppering him with questions that kept him on the freezing street without a coat." Everywhere I go NTV is there. Wonder who gives them my calendar? They wouldn't tell me. Wonder what the laws are here for such things? " McFaul tweeted. Russian news agencies said NTV dismissed McFaul's complaint, and officials at the station, which is owned by Gazprom, the state-controlled monopoly, said they have a network of informants who provide them with information. Mr McFaul suggested the television reporters ...