The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

An eavesdropping tool allegedly used by the German government to intercept Skype calls is full of security problems and may violate a ruling by the country's constitutional court, according to a European hacker club. The information was released as part of a move towards financial transparency. The government released figures of expenses incurred by the Federal Ministry of the Interior following a parliamentary inquiry. This raises a whole lot of ethical and privacy questions. It has long been rumored that the German government was interested in developing an application to intercept Skype. Three years ago, documents released by WikiLeaks purported to show a proposal by a Bavarian company, DigiTask, offering to develop such a tool. The Chaos Computer Club obtained several versions of a program that has allegedly been used by German law enforcement in possibly hundreds of investigations to intercept Skype calls, said Frank Rieger, a member of the club. On page...

Drivers may have gotten a chuckle out of an electronic message board in Maine warning of zombies, but city officials were not amused. A Portland, Maine road sign is changed to a zombie warning on Wednesday, Oct. 10, 2012. It originally read " Night work 8 pm-6 am. Expect delays. " An electronic message board that typically warns motorists about impending roadwork instead read: " Warning Zombies Ahead! " as shown. City spokeswoman Nicole Clegg says the signs are a safety precaution and changing it could have led to driver distraction. She tells The Portland Press Herald tampering with a safety device is a misdemeanor punishable by up to a year in jail and a $1,000 fine. Subscribe  to our  Daily News-letter via email  - Be First to know about Security and Hackers.

Computer hackers broke into a Florida college's computer system and stole the confidential information of nearly 300,000 students statewide and the school's president. State and college officials said a breach that at first involved employees at Northwest Florida State College was much larger than suspected and now potentially involves student records from across the state. More than 3,000 employee records and 76,000 student records containing personal identification information were also stolen, including names, Social Security numbers, birthdates, ethnicity and gender for any student statewide who was eligible for Florida's popular Bright Futures scholarships for the 2005-06 and 2006-07 school years. The breach occurred sometime between late May and late September. The school notified the public on Monday. It was discovered during an internal review from Oct. 1 through Oct. 5. The school's president, Ty Handy, was among the employees victimized, the schoo...

The latest version of Mozilla's Firefox browser has been taken offline after a security vulnerability was discovered. Mozilla's Firefox 16 web browser got its regular six-weekly update yesterday but the organisation decided to pull the browser hours after the release. The outfit claimed it became aware of a security vulnerability in Firefox 16 and that updates are expected to ship at some point today. According to the Mozilla Security Blog , Firefox 16 features a security vulnerability that allows " a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters. " " As a precaution, users can downgrade to version 15.0.1 " - Firefox 16 offers several new features, most of which are aimed at developers. One such feature is the Developer Command Line, which provides keyboard control over the Developer Tools. Other features include CSS3 Animations, Image Values, IndexedDB, Transitions, and Transforms. ...

Anonymous Hackers  AnonSwedenOp  posted a video on YouTube on October 8 where it threatened the Estonian government with a possible cyber attack. " Estonian government had sacrificed its own people instead of helping its own people, Estonian government has channelled money to helping Greece that is much better off. " " Estonia says that it doesn't have money but then they give 357 million to Greece ," the statement declares. Anonymous Group will most probably attack on Friday, October 12, according to video and this attack will go as Operation #OpEstonia. The the end of the Video, Hacker with the promise: " This must end. Estonian people, we haven't forgotten you ". Anonymous Hacker last week took down the website of Swedish central bank also and this attack can also be on high rate, if they get possible massive number of attacks. Subscribe  to our  Daily Newsletter via email  - Be First to know about Se...

The Philippine Supreme Court on Tuesday suspended implementation of Republic Act 10175 or the Cybercrime Prevention Act for 120 days, while it decides whether certain provisions violate civil liberties. The law, signed last month, aims to combat Internet crimes such as hacking, identity theft, spamming, cybersex and online child pornography. Human Rights Watch, a human rights monitoring group, hailed reports of the TRO, and called on the tribunal to strike down what it called a "seriously flawed law." Many Facebook and Twitter users, and the portals of several media organisations in the Philippines, have replaced their profile pictures with black screens to protest against the law. Hackers also defaced several government websites in protest. Journalists and citizen groups are protesting because the law also doubles the normal penalty for libel committed online and blocks access to websites deemed to violate the law. They fear such provisions will be used by politic...

Hacker going by name " VenomSec " hacked the website of one of the biggest Islamic magazine IslamToday  ( https://magazine.islamtoday.net/ ) is an online magazine which is operated from Riyadh, the capital of Saudi Arabia and He leaked the database of the site also on a note in Pastebin . At the time of writing this article, the website was online and working without any interruption. One of the Hacker  Blog mention that : However, the reason for attacking the magazine site was not mentioned anywhere but from the message left by the same hacker on his previous attackwas to " protest against the on going war in the country and the Middle East, they are against the war and the anti-Islamic movie that has has resulted in spreading hate against the west ".  In Past  VenomSec hack few more Islamic sites including the website of Afghan Islamic Press and the official website of Lahore High Court of Pakistan. 

Hacker known as " Pinkie Pie " produced the first Chrome vulnerability at the Hack In the Box conference on Wednesday, just ahead of the deadline for the competition this afternoon. The exploit, if later confirmed by Google's US headquarters, will have earned the teenage hacker known as Pinkie Pie the top US$60,000 cash reward. In March, Pinkie Pie and Sergey Glazunov both won $60,000 for their exploits at the first Pwnium competition. Google established the Pwnium competition as an alternative to the Pwn2own contest in order to add the requirement that participants provide details of their exploit. Google will give away up to a total of US$2 million during the event. $60,000 - "Full Chrome exploit": Chrome / Win7 local OS user account persistence using only bugs in Chrome itself. $40,000 - "Partial Chrome exploit": Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows ...

Capital One Financial Corp. said it's the latest target in a new round of coordinated cyber attacks aimed at disrupting the websites of major U.S. banks, and SunTrust Banks Inc. and Regions Financial Corp. said they expect to be next. The so-called "Izz ad-Din al-Qassam Cyber Fighters" posted a specific timetable for its attack program on PasteBin.com, a website commonly used by hackers to brag about exploits. Izz ad-Din al-Qassam also threatened to pursue more cyber attacks next week and has long said it will not stop until the video is removed from the Internet. American banks will reportedly face a massive cyberattack in coming weeks. A Russian-speaking hacker is organizing a massive trojan attack based around fraudulent wire transfers--and American banks appear to be at the center of the raid. In the past, such attacks have sometimes caused websites to slow to a crawl or become inaccessible for some users; however, the impact cannot be gauged in advance. The sam...

Citrix and the Apache Software Foundation have alerted users to a critical vulnerability in the CloudStack open source cloud infrastructure management software. The vulnerability affects all versions of Cloudstack prior to October 7, including the Citrix commercial version. Vulnerability could allow an attacker to take a number of unwanted actions, including deleting all of the virtual machines on a system. There are no known exploits at this time, Details of the issue were disclosed on Sunday. Cloudstack is one of the largest open source cloud infrastructure management systems together with OpenStack and Eucalyptus. Mitigation against the vulnerability is possible by logging into the Cloudstack MySQL database, disabling the system user and setting a random password. " The CloudStack PPMC was notified of a configuration vulnerability that exists in development versions of the Apache Incubated CloudStack project. This vulnerability allows a malicious user to execut...

New privacy threats have been uncovered by security researchers that could allow every device operating on 3G networks to be tracked, according to research from the University of Birmingham with collaboration from the Technical University of Berlin. Researchers said that standard off-the-shelf equipment, such as femtocells, could be used to exploit the flaw, allowing the physical location of devices to be revealed. The 3G standard was designed to protect a user's identity when on a given network. A device's permanent identity, known as International Mobile Subscriber Identity (IMSI) is protected on a network by being assigned a temporary identity called a Temporary Mobile Subscriber Identity TMSI. The TMSI is updated regularly while the 3G networks are supposed to make it impossible for someone to track a device even if they are eavesdropping on the radio link. Researchers have discovered that these methods can easily be sidestepped by spoofing an IMSI paging reques...

Antivirus company Symantec has detected a malicious campaign in which hackers managed to deceive thousands of people allegedly signed by a paid proxy service. They expose that hundreds of thousands of users signing up for a cheap and supposedly legitimate proxy service have ended up downloading malware and being ensnared into a botnet. Three months ago, Symantec researchers started an investigation into a piece of malware called Backdoor.Proxybox that has been known since 2010, but has shown increasing activity recently. " The malware is Backdoor.Proxybox, and our investigation has revealed an entire black hat operation, giving us interesting information on the operation and size of this botnet, and leading us to information that may identify the actual malware author ," Symantec. The service - ProxyBox - supposedly provides access to its entire list of thousands of proxies for only $40 a month, which is obviously too cheap a price for the provider to break eve...

Anonymous Group taken down several Greek government websites, on the eve of a visit by German Chancellor Angela Merkel. Hackers Hack several sites including those of the Citizens Protection Ministry, the police and the Ministry of Justice. A message appeared saying: " The page cannot be found ". In a message posted on YouTube, Anonymous criticized the huge security operation that police plan for Tuesday to contain protests against Merkel, comparing the government to the military junta that ruled Greece from 1967 to 1974. Police could not confirm who was responsible for the attack, which Anonymous claimed in a series of Tweets on the social media site Twitter. Trade unions and opposition political parties have called for mass protests to greet the German chancellor, whom many Greeks accuse of unfairly forcing them down the path of painful austerity and driving the country even deeper into recession.

Hello my Princes of Peace, Warriors of the Revolution, Princesses of the cause, I want you to take two minutes and watch this video: This video is the epitome of the ignorance and arrogance of governments all over the world in response to our cyber war revolution. As you will see, the power people all gathered to warn themselves and the world of the "threat" of the hackers gangs of teenagers running wild on the internet hacking into governments and threatening our safety. EXCUSE ME?? Just who is threatening who here? The most important thing I want you to know is that this type of whining is happening all over the world, and how it is translating is into cybercrime laws and in the case of the United States, Executive Orders that give the government and law enforcement the right to suppress and deny your right to public information, the right to free speech and the right to protest against the corruption and destruction of government secrecy and shenanigans. Why do you think they ha...

A group of computer hackers  Anonymous  goes by the name  xPsych0path  has accuse Masonichip for unwillingness to accept the forced chipping of children they are working toward mitigating it by disrupting the chipping operation. They have built their own operation, in opposition to this issue. In  #OpMasonChip  is designed to express publicly their anger. He had the following to say about this operation; " We are fighting against putting RFID chips inside children by masons they have plan to put chips in all of us and those who don't want it won't be able to buy and sell. So I down all those site's for them " on   pastebin . " But In actual there is no "chip" in Masonichip as it stands for Masonic Child Identification Program and includes Abduction Awareness and "Safe Kids" Education benefits to all children and parents attend events and participate ." Masonichip explained on   their site . They DDOSing following site...

As part of an investigation launched by Başsavcıvekilliği in Ankara on March 20 arrested seven people, including college students. 13 of the indictment prepared by the prosecutor's office in Ankara Was adopted by the High Criminal Court.  Court has accepted an indictment against RedHack, a Turkish hacker group, seeking prison sentences of 8.5 to 24 years for its members as " members of a terrorist group ."  The suspects include three held under arrest  - Duygu Kerimoğlu, Alaattin Karagenç and Uğur Cihan Oktulmuş, under arrest for the past seven months. The suspects stand accused of membership in an armed terrorist organization, illegally obtaining confidential documents and personal information and accessing information systems without permission. Scope of the assessment: " Hierarchical and structured in order to be organized as a terrorist organization, titling, and posting bills realized by events, actions, photographs published on the internet, attacked and seized a...

Harvard's Carr Center for Human Rights Policy website ( www.hks.harvard.edu/cchrp/ ) was hacked last week  and then silently fixed by the administrator without giving Reply/Credit to the Whitehat Hacker who reported the vulnerability. The Hack incident was performed in 3 Phases as described below: Phase 1: A Hacker , with nickname " FastFive" posted a few sql injection vulnerable Educational sites on a famous Hacking Forum last week which included the SQLi vulnerable link for the Harvard Carr Center for Human Rights Policy website, as you can see in the list in the above screenshot taken by me. Phase 2 : Almost 100's of Hackers have seen the post from " FastFive " and they got some juicy information for their next targets. One of them named, " Vansh " successfully exploit the Harvard's site and  extracted the database onto his computer. He Found the username and Password from the table and tried to login on the Admin access panel location...

Security firm Trend Micro discovered a new worm targeting Skype users with spam messages designed to infect machines with the Dorkbot ransomware has been discovered. A malicious worm is taking advantage of the Skype API to spam out messages that link to a ZIP files ie. skype_06102012_image.zip or skype_08102012_image.zip, which is actually detected as Troj/Agent-YCW or Troj/Agent-YDC by Antivirus. According to definition -  Ransomware is a form of malware in which rogue software code effectively holds a user's computer hostage until a "ransom" fee is paid. Ransomware often infiltrates a PC as a computer worm or Trojan horse that takes advantage of open security vulnerabilities. Most ransomware attacks are the result of clicking on an infected e-mail attachment or visiting a hacked website. The message contains the question: "lol is this your new profile pic? h__p://goo.gl/{BLOCKED}5q1sx?img=username" or "moin, kaum zu glauben was für schöne foto...

Hackers incensed by the Philippines' controversial cybercrime law have attacked government sites that deliver emergency information during natural disasters. The website of the Department of Environment and Natural Resources (DENR) was hacked on Saturday, despite calls from Malacañang for a ceasefire. Home page message, "Sorry Admin, Hacked!" and a symbol of a crescent moon and a star, both found on Flag of Turkey (take a look on the red Text). But the site, www.denr.gov.ph , was restored after a minutes. Last Monday,  Anonymous Hackers defaced 11 government  websites. President Benigno Aquino's spokeswoman Abigail Valte appealed for a stop to the attacks, on the websites and social media accounts of the weather service, the earthquake and tsunami monitoring service and the social welfare agency. Hackers announce their next target on their twitter accounts that they've been eyeing " Senator Vicente C. Sotto III " website's.

A hacker group " Kosova Hacker's Security " based in the Middle East take down Interpol website yesterday. According to claim of Hackers, they are doing this cyber attack on a law enforcement agency to show their protest against the controversial Anti-Islam film, Innocence of Muslims. According to the mail notification from Hackers, they claim to DDOS Interpol servers including DNS servers also with a Botnet army of 770 Bots. In more technical terms, hackers are DDOSing Interpol servers with 770 Bots and 65500 packets/second. Interpol website (  https://www.interpol.int/  ) server 193.22.7.16:80 and DNS server 193.22.7.80:53 was under attack by these hackers. At the time of writing this article, may be the website is working fine. On asking, How they got 770 Bots ? Hacker give a screenshot ( shown above ) of the Exploit pack they are using to infect computers and to make them slave of their Botnet weapon. Recently the six major American banks suffer...