The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Botnets, DDoS attacks as weapon against financial sector DDOS attacks against the financial sector almost tripled during the first quarter of this year, according to DDoS mitigation specialist Prolexic. The firm also reported a 3,000 per cent quarter-on-quarter increase in malicious packet traffic targeted at the financial services sector, compared with the final quarter of 2011. China leads the way as the country from where DDoS attacks originate, followed by the U.S., Russia, then India. Prolexic says " more than 10 of the worlds largest banks due to market capitalization ," and " an almost threefold increase in the number of attacks against its financial services ". A distributed denial-of-service attack is one in which several compromised systems attack a single target, causing denial of service for legitimate users. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service. The average attack bandwidth...

Ransomware replaces Windows MBR and asking users for Money Security researchers from TrendMicro, F-Secure and Dr. Web have intercepted two new ransomware variants currently circulating in the wild. This new ransomware variant prevents infected computers from loading Windows by replacing their master boot record (MBR) and displays a message asking users for money. Cris Pantanilla, a threat response engineer at Trend Micro said, " Based on our analysis, this malware copies the original MBR and overwrites it with its own malicious code ," " Right after performing this routine, it automatically restarts the system for the infection take effect ." The MBR is a piece of code that resides in the first sectors of the hard drive and starts the boot loader. The boot loader then loads the OS. Instead of starting the Windows boot loader, the rogue MBR installed by the new ransomware displays a message that asks users to deposit a sum of money into a particular account via...

This month Microsoft released a total of six new security bulletins, but one in particular deals with a zero-day vulnerability impacting virtually every Microsoft user, which is already being exploited in the wild. Four of the six security bulletins are rated as Critical by Microsoft, with the remaining two ranked as Important. The Critical security bulletins include a fix for Windows and the .NET framework, as well as the perennial favorite the cumulative update for Internet Explorer. The biggest deal, though, is MS12-027, which addresses a critical flaw in Windows Common Controls. One of the fixes is gaining the most attention though, even from Microsoft. " We list MS12-027 as our highest priority security update to deploy this month because we are aware of very limited, targeted attacks taking advantage of the CVE-2012-0158 vulnerability using specially crafted Office documents as an exploit vector ," said the firm in an apparently hastily written blog post. ...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

Two from Team Poison arrested in MI6 hotline phone hack Police in the UK have arrested two teens as part of an investigation into illegal recordings of conversations on Scotland Yard’s anti-terror hotline, which were later posted on Youtube . Two teenage boys aged 16 and 17 years have been arrested in the West Midlands in connection with an investigation into reports that hackers accessed Scotland Yard's anti-terror hotline. The hackers claimed to have carried out the cyber-attack in response to the alleged detention of innocent people on terrorism charges and the recent ruling to deport a number of terror suspects to the United States.  In the recording of the conversation, two people are heard discussing an earlier alleged attack in which a group calling themselves TeamPoison ( TeaMp0isoN ) apparently jammed the hotline by bombarding it with calls from computers . " We are confident the communication systems have not been breached and remain, as they always have been, s...

Samba remote code execution vulnerability, Patch Released ! Samba is an award-winning free software file, print and authentication server suite for Windows clients. The project was begun by Australian Andrew Tridgell. There is a serious remotely exploitable vulnerability in the Samba open-source software that could enable an attacker to gain root privileges without any authentication. The bug is in all versions of Samba from 3.0.x to 3.6.3, but has been fixed in Samba 3.6.4, which is the current stable release. The vulnerability was discovered by security researcher Brian Gorenc and an unnamed colleague, working for the Zero Day Initiative. The flaw, which is located in the code generator for Samba's remote procedure call (RPC) interface, makes it possible for clients on the network to force the Samba server to execute arbitrary code. Three new security releases (Samba 3.4.16, Samba 3.5.14, Samba 3.6.4) for currently supported versions have been issued over at samba.org/samb...

Legacy Native Malware in Angry Birds Space to pwn your Android A new malware threatens phones and tablets running Google's OS by hiding inside a copy of the popular game. Researchers at the mobile security firm Lookout identified the reworked malware as Legacy Native (LeNa), which poses as a legitimate app to gain unauthorized privileges on Android phones.  Under the appearance of a legitimate application, LeNa tricked users into allowing it access to information. " By employing an exploit, this new variant of LeNa does not depend on user interaction to gain root access to a device. This extends its impact to users of devices not patched against this vulnerability (versions prior to 2.3.4 that do not otherwise have a back-ported patch), " Lookout said in a blog post. In March, another Trojan appeared pretending to be legitimate Chinese game, The Roar of the Pharaoh . The malicious app appeared on the Google Play store, stealing users' data and money by sending S...

Phone based denial-of-service (DoS) attack on MI6 Anti-terrorism Agency The Hacking group, ' TeaMp0isoN ' said they targeted counter-terrorism officers at MI6 with a barrage of phone calls for a period of 24 hours, which meant nobody else could get through. By using a cleverly developed script, the hackers were able to make calls to the agency's offices for 24 hours non-stop, basically launching a phone-based denial-of-service (DOS) attack. " The script is based on the Asterisk software and uses a SIP protocol to phone ," TriCk told us. " Everytime they picked up the phone the server would play a robot voice which said 'teamp0ison' ." It said the attacks were motivated by the recent decision at the European Court of Human Rights that said Babar Ahmad, Adel Abdel and other suspected terrorists could be extradited to the United States, Huffingtonpost Reported . Trick also released what he claimed was the audio of the moment called the number and spoke to MI6 officers perso...

Extreme GPU Bruteforcer - Crack passwords with 450 Million passwords/Sec Speed Extreme GPU Bruteforcer , developed by InsidePro is a program meant for the recovery of passwords from hashes of different types, utilizing the power of GPU which enables reaching truly extreme attack speed of approx 450 Millions passwords/Second . The software supports hashes of the following types: MySQL, DES, MD4, MD5, MD5(Unix), MD5(phpBB3), MD5(Wordpress), NTLM, Domain Cached Credentials, SHA-1, SHA-256, SHA-384, SHA-512 and many others. The software implements several unique attacks, including mask and hybrid dictionary attacks, which allow recovering even the strongest passwords incredibly fast. Utilizing the power of multiple graphics cards running simultaneously (supports up to 32 GPU), the software allows reaching incredible search speeds of billions of passwords per second! Type hashes average speed (Using NVIDIA GTS250): MD5 420 000 000 n / a MySQL 1.08 billion n / a MD4 605 000 000 n / ...

Iran replacing Google, Hotmail with its own internal search engines and email services Iran has denied the report that it plans to cut itself off from the Internet. In a statement, the ministry said " The report is in no way confirmed by the ministry ". It added that it was " completely baseless ," and that it served only, " the propaganda wing of the West and providing its hostile media with a pretext emanating from a baseless claim ". Iranian minister for Information and Communications Technology Reza Taghipour was reported to have said that Iran plans to disconnect itself from the Internet and replace popular services like Google, Yahoo, and Hotmail with homegrown, Iranian services. They also claim that a system is in beta testing which includes a search engine called " Ya-Haq ", which directly translates as "calling God". The government is already accepting applications for Iran Web Mail accounts , which require you to enter a first and last name, postal add...

Homeland Security hacking into gaming consoles to obtain user data The U.S. government has hired a California-based company to hack into video game consoles, such as Xbox 360 and PlayStation 3, to watch criminals, especially child predators, and learn how to collect evidence against them. The U.S. government has awarded a $177,000 contract to Obscure Technologies to develop tools that can be used to extract data from video games systems. The $177,000 contract with Obscure Technologies of San Rafael, Calif., is being executed by the U.S. Navy on behalf of the Department of Homeland Security because of the Navy's expertise in the field, officials said. Anyone who has ever played a few games of Call of Duty or Halo online knows that communities like Xbox Live aren't exactly models of good behavior. But the federal government believes the occasional bursts of profanity may not be the worst of what's going on according with consoles, and it wants a way to dig deeper. In explaining t...

FlashBack Checker - Tool Detects Flashback Mac Malware A Mac developer has posted a tool that detects a Flashback malware infection on Apple's computers. Last week we posted about,  More than 600000 Macs system infected with Flashback Botnet . That's slightly more than 1 percent of all 45 million Macs in the world still a relatively small number, but a worrisome one for Mac users, as the tally of infected machines continues to grow. FlashBack Checker - 38KB tool was created by Juan Leon , a software engineer at Garmin International, the Kansas-based company best known for its GPS devices. When Flashback Checker is run, it displays "No signs of infection were found" or provides additional information if it does detect changes the malware has made to the Mac. According to Dr. Web, the Russian security company that was the first firm to quantify Flashback infections, nearly 2% of all Macs have been hit by the malware.  Dr. Web used a different technique to detect...

Anonymous target USTelecom and TechAmerica for supporting Cybersecurity Bill Two technology trade associations said they were targeted by the hacker-activist group Anonymous as it singled out supporters of proposed legislation to improve U.S. cybersecurity. The hacker group Anonymous claimed responsibility for taking down the websites of USTelecom and Tech America, which both back the Cyber Intelligence Sharing and Protection Act of 2011. Both sites remained unreachable as of Monday afternoon. The attacks began yesterday when users were unable to log onto the sites. USTelecom represents telecom companies, including AT&T, Verizon, and CenturyLink; and TechAmerica's members include tech companies such as IBM, Microsoft, and Apple. A Twitter account called @Anon_Central yesterday called the Rogers bill " draconian " and posted a link to groups and companies supporting the legislation.[ See List here ] Anonymous posted a YouTube video showing USTelecom's site down S...

Anonymous plans to take down Great Firewall of China Anonymous plans to launch more attacks on Chinese government Web sites in an effort to highlight corruption and push for human rights improvements. While they managed to deface well over 500 sites we are now hearing they aren't finished yet and have even more plans for the Chinese government coming soon, and bigger targets. The group used the Twitter account " Anonymous China " to publicise the attacks, posting links to data files that contained passwords and other personal information from the hacked websites. This comes just days after all the attacks last week that even had messages warning of the downfall of the Chinese government. The attacks are part of a bigger plan according to Anonymous hacker " f0ws3r " who told Reuters that the group is hoping to take down the " Great Firewall of China " A recent tweet from the Anonymous China Twitter feed confirms the group's plans. They claim to have hundreds of translat...

TigerBot - SMS Controlled Android Malware Stealing Information A new form of Android malware controlled via SMS messages has been discovered and the malware can record phone calls, upload the device's GPS location, and reboot the phone, among other things. Researchers at NQ Mobile, working alongside researchers at North Carolina State University, have discovered this Android malware called "TigerBot", differs from "traditional" malware in that it is controlled via SMS rather than from a command & control (C&C) server on the Internet. A common aspect of Android malware is the use of a command and control server that tells the malware what to do next and acts as a repository for any captured passwords or banking information. The current information about this malware show that it can execute a range of commands including uploading the phone's current location, sending SMS messages, and even recording phone calls. It works by intercepting SMS messages sent to the...

181000 records compromised in Utah Security Breach Utah health officials said that hackers who broke into state computers last weekend stole far more medical records than originally thought, and the data likely includes Social Security numbers of children who have received public assistance. The Utah Department of Health has been hacked. 181,604 Medicaid/CHIP recipients have had their personal information stolen. 25,096 have had their Social Security numbers (SSNs) compromised. What is particularly threatening about this attack is the fact that the stolen records included personal information including client names, addresses, birth dates, SSNs, physician's names, national provider identifiers, addresses, tax identification numbers, and procedure codes designed for billing purposes. " We understand clients are worried about who may have accessed their personal information, and that many of them feel violated by having their information compromised ," said Michael Hales, deputy dir...

Anonymous Leaks Tunisia Prime Minister 's Emails Anonymous Hackers says it has hacked 2,725 emails belonging to Tunisia's ruling Ennahda party, including those of the prime minister, in the latest challenge to the Islamist-led government. The email addresses of the president, head of the Constituent Assembly, Ennahdha party officials, and other party leaders were disclosed as well as documents from the electoral campaigns. In a video posted on a Facebook page belonging to Anonymous TN, a hacker wearing the trademark activist "Guy Fawkes" mask, said the emails were released in protest against Ennahda's alleged failure to protect the unemployed and artists who were attacked by Salafi Islamists during a recent protest. The activist said the emails include phone numbers, bank transactions and invoices paid during Tunisia's election campaign in October, in which Ennahda won more than 40 percent of parliament seats, going on to lead the government. The Tunisian g...

Your Facebook credentials at risk on Android - iOS jailbroken devices Facebook allows its authentication credentials to be stored in plain text within the Apple iOS version of its mobile app, allowing an attacker complete control over your Facebook account if he knows where to look. Security researcher Gareth Wright noted the vulnerability and alerted Facebook. Wright wrote on his blog that he discovered the issue while exploring the application directories in his iPhone with a free tool and came across a Facebook access token in the Draw Something game on his phone. The simple 'hack' allows a user to copy a plain text file off of the device and onto another one. This effectively gives another user access to your account, profile and all on that iOS device. Facebook's native apps for the two platforms not encrypting your login credentials, meaning they can be easily swiped over a USB connection, or more likely, via malicious apps. Facebook has responded that this issue only ...

Indian government get access to BlackBerry messages After a battle lasting almost two years, BlackBerry maker Research In Motion has knuckled under to the Indian government, giving security forces in that country access to private instant messages. RIM decided to set up Blackberry servers that were stationed in Mumbai, India. If you were thinking that this move could only lead to the Indian government seeking more control over what goes in and out of RIM's Blackberry servers, you would be right on the money. Not only has the Indian government gotten their way with the Blackberry servers, but they will now be able to tap into BBM messages. This was confirmed by Indian security agencies who revealed that the process to decrypt the 256-bit encrypted data used by BBM is underway and would be up and running soon, claiming that the interception of BBM messages will be used in case where the government suspects that crimes or terror plots are being hatched. It should also be noted t...

Anonymous vs Britain's Home Office - Operation Trial At Home As announced during last days Anonymous has launched a Distributed Denial of Service (DDoS) against several UK government websites. A massive recruiting campaign is started on social media, a call to arm to protest the extradition of U.K. citizens to the United States. The Operation named " Operation Trial At Home ," fight the European Arrest Warrant (EAW) that could lead to the extradition of three accused criminals by the U.K.'s Home Office, the government department responsible for domestic security. Anonymous has provided Home Office's IP address in its announcement to the supporters, Scheduling for April 7 the a DDoS ( with denial-of-service) attacks against the Home Office's website. During the week I wrote and article on the intent of the famous group of hacktivist and on the possible reasons of the action. The attacks have mainly two motives: to protest against the extradition of Gary McKinnon, Christopher H...

Joomscan 4.4.2012 Security Scanner - 623 Vulnerabilities Added Security Team Web-Center just released an updated for Joomscan Security Scanner. The new database Have vulnarbilities 623. Joomla! is probably the most widely-used CMS out there due to its flexibility, user friendlinesss, extensibility to name a few.So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity.It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites. Check for new updates with command: ./joomscan.pl or check ./joomscan.pl update . A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site. Download for Windows (141 KB) Download for Linux (150 KB)