The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Apple is investigating yet another security breach in its iTunes app store . A Russian hacker worked out a way that allows people to bypass payment in the App Store and download products for free. The hacker, dubbed ZonD80 , posted a video of the crack on YouTube (Deleted by Youtube now ) and claims that the technique makes it possible to beat Apple's payment systems by installing a couple of certificates and assigning a specific IP address to the device. The new service, which has already been subject to attempts at shutting it down, requires no jailbreaking and only minimal configuration changes. It works by funneling purchase requests through a server operated by the hacker, rather than the legitimate one offered by Apple. As a result, charges that normally would be applied to a user's account are bypassed. Below are the steps to the hack: Install two certificates: CA and in-appstore.com. Connect via Wi-Fi network and change the DNS to 62.76.189.117. Press the Like but...

Nvidia shut down its Developer Zone online forum today after hackers gained access to members' account details.A statement Nvidia posted on the forum reads , " Nvidia suspended operations today of the Nvidia Developer Zone. We did this in response to attacks on the site by unauthorised third parties who may have gained access to hashed passwords. " Users are also warned not to provide any personal, financial or sensitive information in response to any email purporting to be sent by an NVIDIA employee or representative. All user passwords will be reset when the system comes back online, though it wasn't mentioned when that was going to be. NVIDIA insists it is "continuing to investigate this matter. Nvidia forum hack follows the recent LinkedIn and Yahoo! hacks . Earlier 6.5 million LinkedIn hashed passwords were stolen and subsequently published on unauthorized websites.

Nikhil Kolbekar, aka HellsAngel, was arrested on July 11 in Mumbai, India. Eric Bogle, known as Swat Runs Train, and Justin Mills, or xTGxKAKAROT, were taken into custody in Canada, respectively Colorado, US.  HellsAngel and  Bogle is suspected of selling complete credit card details, including names, addresses, social security numbers, birth dates, and bank account information. He also sold remote desktop protocol (RDP) access data that could be utilized to breach computers in countries such as Turkey, India, Czech Republic, Brazil, Germany, France, Italy, Spain, Sweden, and others. The suspect, Nikhil Kolbekar, was produced before the Esplanade Court on Thursday and has been remanded in judicial custody. He will be produced before the Patiala House court in Delhi on July 25, with the US pressing for his extradition through the Interpol. Carding refers to various criminal activities associated with stealing personal identification information and financial informatio...

Phandroid's Android Forums Web site is hacked and user account details stolen, according to a notice posted online. The data includes the user names, e-mail addresses, hashed passwords, and registration IP addresses of the forums' more than 1 million users. If you are one of them, you should change your password: go to your UserCP or use the Forgot your password? . Furthermore, if you use the same e-mail address and password combination elsewhere, you should change it there as well. " I have some unfortunate news to pass along ," the post reads. " Yesterday I was informed by our sever/developer team that the server hosting Androidforums.com was compromised and the website's database was accessed. While the breach is most likely harmless, there are important and potential pitfalls, and we want to provide as much helpful information to our users as possible (without getting too technical). " Phandroid will continue to investigate what happened. The ex...

Security researchers working for F-Secure have found a web exploit that detects the operating system of the computer and drops a different trojan to match.The attack was first seen on a Columbian transport website which had been hacked by a third party. This malware is known as GetShell.A and requires users to approve a Java applet installation. It detects if you're running Windows, Mac OS X, or Linux, and then downloads the corresponding malware for your platform. The malicious files developed for each type of OS connect to the same Command & Control server that F-Secure has localized at IP address 186.87.69.249. Karmina Aquino, a senior analyst with F-Secure said " All three files for the three different platforms behave the same way. They all connect to 186.87.69.249 to get additional code to execute. The ports are 8080, 8081, and 8082 for OSX, Linux and Windows, respectively ." On upcoming 29th July 2012 Security Researchers  Sina Hatef Matbue and Arash Shirk...

A list of over 450,000 email addresses and plain-text passwords, in a document marked " Owned and Exposed " apparently from users of a Yahoo! service, is in circulation on the internet. The affected accounts appeared to belong to a voice-over-Internet-protocol, or VOIP, service called Yahoo Voices, which runs on Yahoo's instant messenger. The Voices service is powered by Jajah, a VOIP platform that was bought by Telefonica Europe BV in 2010. The dump, posted on a public website by a hacking collective known as D33Ds Company , said it penetrated the Yahoo subdomain using what's known as a union-based SQL injection. By injecting powerful database commands into them, attackers can trick back-end servers into dumping huge amounts of sensitive information. Since all the accounts are in plain-text, anyone with an account present in the leak which also has the same password on other sites (e-mail, Facebook, Twitter, etc), should assume that someone has accessed their accoun...

Two Argentina-based cyber security experts -   Chris Russo  and Fernando Viacanel , who claimed to have cracked the security code of IT systems involved in the discovery of 'God Particle', today conducted training sessions for Indian government officials. Both the hackers are partners of IT security firm E2 Labs and their company in arrangement with industry chamber Assocham has plans to conduct series of technology exchange programmes on cyber security. Russo said that three times he has been able to find vulnerability in IT system of European Organisation for Nuclear Research (CERN) that has been involved in discovery of 'God Particle' or Higgs Boson. Programme was attended by officials from Cabinet secretariat, National Technical Research Organisation, Airforce, C-DAC, Income Tax Department, Assam's AMTRON along with representatives from private sector entities, Aircel and Cisco. "Talents required to be cyber security experts are mostly available in peo...

Formspring, a social Q&A website popular with teenagers,this week disabled its users' passwords after discovering a security breach. Formspring founder and CEO Ade Olonoh apologized to users for the inconvenience, and advised them to change their passwords when they log back into Formspring. A blog entry posted by Formspring's CEO and founder Ade Olonoh explains that the passwords of all 28 million users have been disabled and the company was notified that 420,000 password hashes that seem to belong to its users have been posted to a security forum, and immediately began an internal investigation. Usernames and other identifying information were not posted with the passwords, but Formspring found that someone had broken into one of its development servers and stolen data from a production database. Encrypted passwords aren't immediately useable, although they can sometimes be decoded by a savvy attacker. Formspring launched in 2009 as a crowd-powered question-and-a...

Sucuri Malware Labs notify that some zero-day exploits are available to Hackers which are being used to Hack into Parallels' Plesk Panel (Port Number 8443). These attacks was keep on raising from last few months as you can see in the Graph: At least 4000 new websites were infected each day, Sucuri malware researcher Daniel Cid. On other News Portals , there was a news recently that Some 50,000 websites have been compromised as part of a sustained iframe injection attack campaign. Security analyst found that, The majority of the sites being targeted are running Plesk Panel version 10.4.4 or older versions. Brian Krebs on his blog report that Hackers in the criminal underground are selling an exploit that extracts the master password needed to control Parallels' Plesk Panel. This zero-day exploit for Plesk is being sold on the black market for around $8,000 per purchase. Many of the queries probed for web hosting software Plesk, a finding backed by the Sans Interne...

Just after WikiLeaks began releasing the data from the Syria Files, Anonymous hacktivists claimed responsibility for accessing the information and passing it on to the whistleblower organization. Anonymous supplies WikiLeaks with over two million e-mails from Syrian political figures, ministries and companies. According to Report, Anonymous Syria, Antisec and Peoples Liberation Front breached domains and servers in Syria since February, downloaded data over weeks and handed them to WikiLeaks. In February, the hacker team had "worked day and night" to create a massive breach of multiple domains and dozens of servers inside Syria, the statement claimed. In its intro to the e-mail cache, WikiLeaks indicated that they came from 678,000 individual e-mail addresses and 680 domains, including ones belonging to Syria's Ministries of Presidential Affairs, Foreign Affairs, Finance, Information, Transport and Culture. At least 400,000 of the e-mails are in Arabic and 68,000 are in ...

zSecure team has recently discovered a critical SQL Injection Vulnerability in the web portal of 4XP, a leading online forex broker having more than 1 lakh customer base. Financial transactions are carried on the broker's paltform on daily basis including but not limited to Credit Card Transactions. The critical vulnerability allows to get complete access to brokers database which can be misused to access their customers confidential information including their login id's, passwords, home address, email-id's, mobile no's, credit card details etc. This critical vulnerbility could prove devastating to the company if they doesn't fix it asap. Below are the details about the company & discovered vulnerability.   About the Company 4XP is an online forex broker that specializes in providing an all-inclusive trading package backed by a caring and devoted support team. 4XP was founded by a group of retail-ended entrepreneurs and capital market dealers sharing a vis...

In January 2012, Microsoft confirmed to PC manufacturers that they must enable Secure Boot by default on PCs to be "Certified for Windows 8". The purpose of Secure Boot is to put an end to computer viruses that sneak between the hardware and the operating system. These viruses, also known as bootkits, work by getting themselves loaded before the operating system, then they make changes to the operating system while it lies defenseless on disk, and then they load the now defenseless operating system and have their way with it. Secure Boot counters the bootkit by ensuring the hardware verifies the identity and authenticity of the software that sits between the hardware and the operating system - the bootloader, and also the software embedded in hardware devices like network and graphics adapters. Secure Boot sounds like a smart solution to the bootkit problem doesn't it? Who wouldn't want a secure boot? Proponents of alternative operating syst...

Bulgarian Hackers Group arrested Bulgarian authorities say that after months of investigation they have busted the "most powerful hacker group" in the country, the Cyber Warrior Invasion. The operation was conducted by Bulgaria's Sector for Computer Crimes, Intellectual Property and Gambling and the territorial units of the Chief Directorate for Fight with Organized Crime in the municipalities of Pleven, Shumen, Plovdiv, Burgas, Haskovo, Stara Zagora and Kyustendil. Using cyber "terrorist" methods, the group had attacked more than 500 websites worldwide, including those of financial institutions, web-based companies, and governmental and non-governmental organizations. On the confiscated computers, police discovered databases with large amounts of stolen emails, social network profiles and associated passwords, as well as stolen credit card data. The site www.cwi-group.org was used by the members of the group to coordinate their activities. Constantly changing its location and ...

Microsoft to patch three critical vulnerabilities on Tuesday When Patch Tuesday rolls around next week, Three critical vulnerabilities , as well as six Important issues will be addressed by Microsoft . Only three of the nine security bulletins are ranked Critical, while the remaining six are rated as Important. Although all three of of the Critical vulnerabilities center on Windows, one of them also includes Internet Explorer 9. Interestingly, the flaw does not extend to previous versions of the browser, so it appears it's something new. The two other critical bulletins could allow malicious users to remotely execute code on Windows operating systems, including all supported server and client versions. "Many are expecting a patch for CVE-2012-1889: a vulnerability in Microsoft XML Core Services, which is currently being exploited in the wild," says Marcus Carey, a security researcher with Rapid7. Get the full details when the security bulletins are officially release...

Thousands May Lose Net Access On July 9th July The warnings about the Internet problem have been splashed across Facebook and Google. Internet service providers have sent notices, and the FBI set up a special website. Thousands of Canadians could be among the hundreds of thousands of people around the world who might lose Internet access on July 9.That's the day the FBI will shut down all the "clean servers" it set up to combat a massive hacking operation. Last November the FBI arrested and charged six Estonian men behind the malware as part of Operation Ghost Click. These hackers were able to make a fortune off their project, raking in millions for ads placed on their fraudulent websites.On the eve of the arrests, the FBI hired Paul Vixie, chairman of the Internet Systems Consortium (ISC) to install two temporary Internet servers that would prevent infected users from losing access to the Internet once the DNSChanger botnet was shut down. DNS (Domain Name System) is a...

Android Clickjacking Rootkit Demonstrated Mobile security researchers have identified an aspect of Android 4.0.4 (Ice Cream Sandwich) and earlier models that clickjacking rootkits could exploit. Researchers at NC State in the US have developed a proof-of-concept prototype rootkit that attacks the Android framework and could be used to steal personal information. What is clickjacking? It is a malicious technique that tricks users and is often used to take over computers, web cams, or snag confidential info that is revealed by users who thinks they are on an innocent webpage. Like most Android malware, the rootkit can be distributed as a malicious app, opening up a host of potential vulnerabilities on any device on which it is installed. However, it functions in a different way. The rootkit, which could be bundled with an app and is said to be undetectable by anti-virus packages, would allow an attacker to replace a smartphone's browser with a version that logs key strokes to cap...

Anonymous Arab Hacker post hundreds of Israeli email addresses and passwords Islamic Anonymous hackers on Sunday revealed hundreds of Israeli email addresses and their passwords on the website of Anonymous Arab. Most of the addresses and passwords listed are active accounts. It is yet unclear what website was hacked to obtain the information published on the website of Anonymous Arab. Roni Bachar, the manager of the cyber-attack department at Avnet, said in a statement, " There was apparently penetration of an Israeli site which cannot be determined at this stage, a site that requires identification by email address and a password, as is usual at forum, content and commercial sites. " Bachar added that he doesn't believe that Facebook itself was hacked, " since the attack revealed only a small number of addresses, about 300, and passwords were determined through estimates and guesses of the brute force type. " There are what look like numerous identity ca...

Traffic Interception Vulnerability found in Cyberoam The TOR team have discovered a fake certificate in the wild. The certificate, issued by a US company called Cyberoam , was used in an attempt to trick a user in Jordan into believing that her/his connection to the TOR website, was private and secure, though in fact it was being spied upon by a Cyberoam device. This issue was discovered and analysed by Runa A. Sandvik of the TorProject and Ben Laurie. A certificate handling flaw in Cyberoam's deep packet inspection (DPI) devices allow traffic from a single 'victim' to be intercepted by any DPI device from the vendor, according to the Tor Project. Cyberoam make a range of DPI devices which are capable of intercepting SSL connections. " While investigating this further, Ben Laurie and I found a security vulnerability affecting all Cyberoam DPI devices. Examination of a certificate chain generated by a Cyberoam DPI device shows that all such devices share the same CA certificat...

Chinese hackers allegedly plant bug via flash drives on India navy's computers, which relayed sensitive data to China IP addresses. The sniffing tool was found in the naval computers exactly as INS Arihant, India's first nuclear missile submarine, was in trials at the targeted facility in Visakhaptnam. The virus had reportedly created a hidden folder, collected specific files and documents based on certain "key words" it had been programmed to identify. It remained hidden on the pen drives until they were put in computers connected to the internet, after which the bug quietly sent files to the specific IP addresses. Officials of the Indian Navy stated for The Indian Express that " an inquiry has been convened and findings of the report are awaited. It needs to be mentioned that there is a constant threat in the cyber domain from inimical hackers worldwide ." So far, India has arrested six officers for procedural lapses which led to the breach. It is not clear if any of...

The Truth About Julian Assange And Wikileaks By: Ann Smith , Executive Editor The Hacker News Last night I had the privilege of speaking to Christine Assange , the mother of Julian Assange  who has been a reluctant hostage of a global political war among the United States, the UK, and Sweden and of all places Ecuador. Christine was very informative and thorough in explaining the history and current events regarding the heinous manner in which her son has been treated for supporting one of the most sacred rights of man this being right to have and freely provide access to truthful information. Still, facts and information do not cover the love and concern a mother feels for her child. As a mother myself, I felt Christine's immense and intense worry for her son's safety and his life. As a citizen of the world who carries many of the same concerns we all do of political strife, injustice, world war, poverty, and economic failure, she is above all a mother. I respect Chr...