The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

RiskRanker : A New malware detection technique For many years, mobile security experts have been fighting an uphill battle against malware, which has been steadily and dramatically increasing in both volume and sophistication. Well, NQ Mobile's Mobile Security Research Center, in collaboration with North Carolina State University disclosed a new way to detect mobile threats without relying on known malware samples and their signatures.  " In the current scenario malicious software is present in the market place, ready to create havoc as soon as it is downloaded onto a device. Malware is discovered only after it has done irreversible damage. Existing mobile anti-virus software are inadequate in their reactive nature by relying on known malware samples for signature extraction. RiskRanker crushes the mean motives of the culprit by detecting any malicious content while it is still in the app market ." RiskRanker  is a unique analysis system that can automatically detect...

Zemra Botnet Leaked, Cyber Criminals performing DDoS Attacks The Zemra DDoS Bot is currently sold in various forums for about 100 € and detected by Symantec as Backdoor.Zemra . Zemra first appeared on underground forums in May 2012. This crimeware pack is similar to other crime packs, such as Zeus and SpyEye, in that is has a command-and-control panel hosted on a remote server. Zemra uses a simple panel with an overview of all statistics is needed.With the help of two graphs can be seen operating machinery and the region location.In addition, statistics on online and for more information. You have a chance to see everything online Socks5 and export them to the list.Traffic is encrypted and protected using the algorithm AES, each client communicates with a unique generated key. Note : In " Tools Yard " we have Posted Zemra Source Code , Only for Educational Purpose. A brief functional: • Intuitive control panel • DDos (HTTP / SYN Flood / UDP) • Loader (Load and ru...

Anonymous Hacks Japanese Government Websites against  Anti-Piracy Laws in Japan Japan's legislature has approved a bill revising the nation's copyright law to add criminal penalties for downloading copyrighted material or backing up content from a DVD. The penalties will come into effect in October.The Upper House of the Japanese Diet approved the bill by a vote of 221-12, less than a week after the measure cleared the lower house with almost no opposition. Violators risk up to two years in prison or fines up to two million yen (about $25,000). Hacker activist group Anonymous has attacked Japanese government websites, and is threatening further action in protest at new stiffer penalties for illegal downloading that were passed in a copyright law amendment. A Twitter feed, @op_japan, associated with hacking collective Anonymous claimed responsibility, reacting to the country's new anti-piracy bill.The new law outlines jail terms for those who download copyrighted content. The ...

Operation Card Shop : FBI Arrested 24 Credit Card Cyber Criminals The FBI has arrested 24 cybercriminals part of an international law enforcement operation aiming to arrest and prosecute the users of a sting operation called "Carder Profit". The suspects, collared after a two-year investigation dubbed "Operation Card Shop," allegedly stole credit card and banking data and exchanged it with each other online. " We put a major dent in cybercrime ," she said. " This is an unprecedented operation. "In the sting, which they called Operation Card Shop, undercover investigators created an online bazaar to catch buyers and sellers of credit card data and other private financial information. They also aimed at people who clone and produce the physical credit cards that are then used to buy merchandise. Some CarderProfit users apparently learned of the involvement of the feds months ago. A Twitter user with the name @JoshTheGod wrote that "has informants and most likly to be belie...

Hacker made calls worth £10,000 from public phone Computer expert Dariusz Ganski, of Sunny Bank, Kingswood, used a router to tap into BT phone boxes and made hours of calls to expensive numbers. He make calls worth £10,000 of premium-line bills and he has been jailed for 18 months. Prosecutor David Maunder commented: " Police located the vehicle and they found Mr Ganski with two laptop computers and numerous mobile telephones." Bristol Crown Court heard that the 27-year-old committed his crimes to get electronic credits for music and on-line games, while still on licence from prison for almost identical offences. Ganski made 648 calls, totalling nearly 43 hours, from a phone box in Kelston, North East Somerset. BT was alerted to unpaid calls costing them about £7,700 on that box. He said: " Your counsel says you're intelligent. What a waste that what you really do is go round defrauding companies in this way. "

The tale of LulzSec  two admits targeting websites Two British members of the notorious Lulz Security hacking collective have pleaded guilty to a slew of computer crimes, in the latest blow against online troublemakers whose exploits have grabbed headlines and embarrassed governments around the world. LulzSec members Ryan Cleary , 20, and Jake Davis , 19, pleaded guilty in a London court to launching distributed denial of service (DDoS) attacks last year against several targets, including the CIA, the Arizona State Police, PBS, Sony, Nintendo, 20th Century Fox, News International and the U.K.'s Serious Organized Crime Agency and National Health Service Ryan Cleary is from Essex, United Kingdom who was arrested by Metropolitan Police on June 21 2011 and charged with violating the Computer Misuse Act and the Criminal Law Act 1977. He was accused of being a member of LulzSec but was not a member of the said group although he admitted that he did run one of the IRC channels that t...

RSA SecurIDs Get Cracked In 13 Minutes Major corporations, government agencies, and small businesses all hand out RSA SecurID fob keychains to employees so that they can log in to their systems for security reasons and If you're used to seeing a device like this on a daily basis, you probably assume that it's a vital security measure to keep your employer's networks and data secure. A team of computer scientists beg to differ, however, because they've cracked the encryption it uses wide open. In a paper called " Efficient padding oracle attacks on cryptographic hardware ," researchers Romain Bardou, Lorenzo Simionato, Graham Steel, Joe-Kai Tsay, Riccardo Focardi and Yusuke Kawamoto detail the vulnerabilities that expose the imported keys from various cryptographic devices that rely on the PKCS#11 standard. They managed to develop an approach that requires just 13 minutes to crack the device's encryption. RSA Security, a division of the data storage company EMC, is one of the l...

Drones can be hijacked by terrorist , Researchers says Vulnerability Exist Fox News is reporting that researchers say that terrorists or drug gangs, with the right kind of equipment could turn the drones into "suicide" weapons. A University of Texas researcher illustrated that fact in a series of test flights recently, showing that GPS "spoofing" could cause a drone to veer off its course and even purposely crash. This is particularly worrisome, given that the US is looking to grant US airspace to drones for domestic jobs including police surveillance or even FedEx deliveries In other words, with the right equipment, anyone can take control of a GPS-guided drone and make it do anything they want it to. Spoofers are a much more dangerous type of technology because they actually mimic a command by the GPS system and convince the drone it is receiving new coordinates. With his device what Humphreys calls the most advanced spoofer ever built (at a cost of just $1,000) he was...

PayPal will Pay Security Researchers for finding Vulnerabilities Payment services provider PayPal will reward security researchers who discover vulnerabilities in its website with money, if they report their findings to the company in a responsible manner. If you manage to find a security flaw in any of PayPal's products, you may be entitled to a cash reward. " I'm pleased to announce that we have updated our original bug reporting process into a paid 'bug bounty' program, " PayPal's Chief Information Security Officer Michael Barrett said in a  blog post  on Thursday. While Barrett disclosed vulnerability categories, he did not say how much cash the firm will be offering. PayPal plans to categorize reported bugs into one of four categories: XSS (Cross Site Scripting), CSRF (Cross Site Request Forgery), SQL Injection or Authentication Bypass  Researchers need to have a verified PayPal account in order to receive the monetary rewards. " I original...

Apple : 0 | Flashback trojan : 1 , Apple admits malware defeat Apple has quietly removed a statement from its website that the Mac operating system isn't susceptible to viruses. Apple released a patch to a Java vulnerability that lead to the infection of roughly 600,000 Macs with the Flashback Trojan earlier this year, there were claims weeks later from security researchers that hundreds of thousands of Macs were still infected. Apple is one of the single software companies that hasn't really faced the problem of viruses, for years claiming their operating system is the most secure among all. The specific language about the operating system, " It doesn't get PC viruses " was replaced with " It's built to be safe. " But now, Apple may be taking security threats more seriously. Apple is introducing a new app security measure called Gatekeeper in the upcoming release of Mountain Lion, the latest version of Mac OS X. The majority of malware might still be floating around ...

zAnti Pentester's Worldcup tournament open for Hackers Today is a great day to be a security enthusiastic since Zimperium kicked off the first ever penetration testing tournament. — Welcome to the Pentester's Worldcup ! Zimperium , a mobile security software start-up was founded by Itzhak " Zuk " Avraham, a world-renowned white-hat hacker, in 2011. The Pentester's World Cup is part of Zimperium's efforts to increase awareness about mobile security, and simultaneously enhance the security of its range of award-winning products. You may recall Anti, The first comprehensive Penetration Testing software offered on Smartphones, Zimperium created a killer mobile app that is so simple to use, any technical person is able to perform pentest on his network to get status of which devices that are attached to the network are vulnerable, what ports are opened and additional information that is a must have for anyone who cares about the safety on his network. Last year at DEFCON, Avraham, also ...

Anonymous Hackers shut down website of Colombia Justice Ministry Anonymous hackers shut down the websites of Colombia's Justice Ministry website on Friday evening. The website was back online Saturday morning. Also, The website of Cambio Radical, the political party of Interior Minister German Vargas Lleras, was hacked later Friday evening and was still showing a message saying " You have been hacked ". Anonymous said on its facebook page the Ministry's website was shut down to protest "impunity" granted to corrupt politicians by a justice reform that had been approved by Congress but was sent back to the legislative branch by President Juan Manuel Santos on Thursday because of its unconstitutionality and inconsistencies that " do not favor justice and transparency ." Last Year, Anonymous and Colombian Hackers were behind the shut down of the websites of Colombia's president , the interior and justice ministry, the intelligence service DAS and the g...

A virus specialized for AutoCAD , a perfect cyber espionage tool In recent years we are assisting to a profoundly change in the nature of malware, it is increased the development for spy purposes, for its spread in both private and government sectors. The recent case of Flame malware has demonstrated the efficiency of a malicious agent as a gathering tool in a typical context of state-sponsored attack for cyber espionage. Event like this represent the tip of the iceberg, every day millions of malware instances infect pc in every place in the world causing serious damages related to the leak of sensible information. Specific viruses are developed to address particular sectors and information, that is the case for example of "ACAD/Medre.A", a malware specialized in the theft of AutoCAD files. The virus has been developed to steal blueprints from private companies mostly based in Peru according the expert of the security firm ESET. The virus is able to locate AutoCAD file on in...

Department of Homeland Security and U.S Navy hacked Department of Homeland Security and U.S Navy websites once again at Major Risk. This time hacking group called " Digital-corruption " hacked into subdomains of both sites and leak database info on pastebin . In its announcement on the pastebin.com website, the group said it has leaked database from  https://www.smartwebmove.navsup.navy.mil/ and twicinformation.tsa.dhs.gov using Blind SQL-Injection method. The Database include Usernames, Passwords, Email ID's, Security Questions - Answers of all users. Hackers shout: say("#FreeTriCk #FreeMLT #FreePhantom"); say("Knowledge is power!"); say("NAVY.MIL, care to share some of your staff information?"); Department of Homeland Security and U.S Navy websites are hacked lots of times in past one year by Different hackers from all over world.

Russian Botnet Hacker arrested for hacking into six million computers Police have detained a 22-year-old hacker who created a system of networked computers that was used to steal more than 150 million rubles ($4.47 million) from people's bank accounts and already one of the most wanted hacker in the world. But now, "Hermes" is, has been tapped over six million computers and earns around 5 million francs, was caught in Russia. The network infected around six million computers with a Trojan virus, which helped get access to users' bank accounts.  A bout the Trojans secretly installed, he had arranged illegal money transfers, said the interior ministry in Moscow on Friday. Police from Division K, the cybercrime branch of the Interior Ministry, searched the hacker's place of residence, confiscating computers and arresting the suspect. The statement did not specify when the arrest was made.The botnet built by the hacker included around 6 million computers from reg...

20-year-old Anonymous Hacker arrested by Bulgarian Police Bulgarian police authorities have arrested an alleged member of the loosely associated Anonymous hacktivist group. The 20-year-old suspect has allegedly attacked the website of Prophon, a Bulgarian music licensing company. The reason - Mitko was against paying for music and movies, like to draw at will from the network. The attack he made on February 5, 2012 as able to penetrate into account the site administrator. Following the intervention of Mitko, entering the address www.prophon.org is appeared a message that "Anonymous" seize the site. " PROPHON Hello, We are Anonymous. We learned that you are greedy and another 12 organizations have signed an open letter in support of the so-called. Agreement ACTA. This is unacceptable and this angered us. You are first, not last. This should be a lesson to all who support ACTA. We are Anonymous. We are legion. We do not forgive. We will not forget. Expect us , "the...

Windows 8 will be challenge for Malware writers Microsoft™s security researcher believe that upcoming operating system, Windows 8 is a step forward in security and Windows 8 will be far better at protecting against malware than it's predecessors. Chris Valasek, a senior security research scientist at development testing firm Coverity, began examining the security features of Windows 8 last autumn, before the consumer previews of the upcoming revamp of the new Microsoft OS came out. " There are always going to be vulnerabilities but you can make it difficult to leverage vulnerabilities to write exploits ." One major change between Windows 7 and 8 is the addition of more exploit-mitigation technologies, however. Windows Memory Managers (specifically the Windows Heap Manager and Windows Kernel Pool Allocator) are designed to make it far harder for attackers to exploit buffer-overflow vulnerabilities and the like to push malware onto vulnerable systems. The "security...

Hackers Exploit Unpatched Windows XML vulnerability An unpatched vulnerability in the Microsoft XML Core Services (MSXML) is being exploited in attacks launched from compromised websites to infect computers with malware. This zero-day exploit that potentially affects all supported versions of Microsoft Windows, and which has been tied to a warning by Google about state-sponsored attacks, has been identified carrying out attacks in Europe. Microsoft security bulletin MS12-037 was this month's cumulative update for Internet Explorer. It is rated as Critical, and addresses 14 separate vulnerabilities that affect every supported version of Internet Explorer in some way.One vulnerability in particular is more urgent than the rest, though. There are multiple attacks circulating online that target CVE-2012-1875 .The name of the vulnerability is " Same ID Property Remote Code Execution Vulnerability ", which doesn't really explain much. Until a patch is released, the Microsoft workaround...

Scamming site taken down by Hackers When hundreds of kids were duped into taking courses to improve their grades with a promise of an ipod if they succeeded, many pressured their parents to help find the company called Advantage Point Academy (https://www.advantagepoint.org/) a place to administer the lessons. Advantage point got parents in many schools through California, Oregon, and Washington to rent rooms and give their kids lessons that supposedly made them smarter........with a prize of an ipod when they finished. Advantage Point got their money for enrolling the kids but the kids got lessons and no ipods. Kids and parents have been calling, writing, reporting to the States and posting complaints on the companies Facebook page to no avail. In stepped xL3gi0n , who felt that if nothing else, a little web removal would bring solace to a disappointed and scammed group of parents and kids. On June 21st in the wee hours of the morning the site was taken down and all files remove...

Trojan.Milicenso - Printer Trojan cause massive printing A Trojan that sends printers crazy, making them print pages of garbled nonsense until all the paper has been used up, has seen a spike in activity.Symantec detected the Trojan.Milicenso across various countries, but the worst hit regions were the US and India followed by regions in South America and Europe, including the UK. According to a blog post published Thursday by researchers from antivirus provider Symantec, Dubbed " Trojan.Milicenso " it has been described by security researchers as a malware delivery vehicle "for hire" through its repeated use since it was first discovered in 2010. The Milicenso Trojan is actually a backdoor that is used to deliver other malware on the affected machines. The infection vectors are links and malicious attachments in unsolicited emails, as well as websites hosting malicious scripts that trigger the download of the Trojan. " Depending on the configuration, any files, including binary...