The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Yesterday Anonymous deface the UK Police Online web forum (https://www.ukpoliceonline.co.uk) and stole the private emails addresses of various members. The Metropolitan Police's e-Crime unit is investigating the hack and said that no computer system run by the police force had been hacked. The Hack was originally announced by an Anonymous Twitter account - Operation Jubilee (OpJubilee) , they post a mirror url of defaced page. This hack was one of the part of OpJubilee. ANONYMOUS OPERATION JUBILEE :  Under this there will be Rally of Millions people To Parliament, London on 5th of November 2012. As planned this will be a peaceful gathering at the Parliament Building in London to declare the true jubilee. Hackers send out emails to the former officers whose details were obtained during hack, with a subject line: " A message to the police and armed forces ". Message body: " Hello members of our UK police and armed forces" and called for recipie...

Over 60 Barnes & Noble stores have been used by hackers to gain the credit card data, including the PINs, of customers. The New York  company is warning customers to check for unauthorized transactions and to change their personal identification numbers or PINs. It hasn't said how many accounts may have been compromised. The scheme didn't affect Barnes & Noble's Nook tablets or mobile apps, the chain's member database, or any Barnes & Noble College Bookstores. B&N says it caught the problem in mid-September, and that it's safe now to use credit and debit cards at its stores. The New York Times reported that the hackers had already made purchases on some customer credit cards. Federal authorities are investigating. Barnes & Noble said it is working with banks and card issuers to identify compromised accounts so that additional fraud-protection measures can be taken. All keypads at the stories have been removed and shipped to a si...

This year we have seen some big Security breaches that expose millions of passwords like Yahoo! , LinkedIn , eHarmony and Last.fm , among others , SplashData Reveals Its Annual " 25 Worst Passwords of the Year " List. The three worst passwords haven't changed since 2011; they're password, 123456 and 12345678. The new worst passwords added to this year's list include welcome, jesus, ninja, mustang and password1. Have you ever used one of the most popular passwords of 2012 for your own personal accounts? SplashData CEO Morgan Slain stated " At this time of year, people enjoy focusing on scary costumes, movies and decorations, but those who have been through it can tell you how terrifying it is to have your identity stolen because of a hacked password ." " We're hoping that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different p...

The number one concern of Internet users is that a web site will keep personal information safe and secure. If you are a site owner, giving importance to security is not only for your own protection but for your users' as well. Despite you have the right to set contents to your contracts and terms of service, you still have a portion of liabilities in case your user encountered information and financial thefts as he perform activities within your website. E-commerce usually involves the processing of credit cards and sensitive customer information so security is very important. Online communities and ecommerce websites are mostly the target places of hackers. Toward this end, many users look for a website to display a third party seal as evidence of security. Using a web site seal is a good idea. But providing true web site security requires more than just a seal it also requires using several kinds of security controls managed by a security program to back th...

International hacker group Anonymous is going to create a WikiLeaks competitor scandalous leak portal called Tyler,  for the publication of secret information from governments of various countries. One of the group's members, who specified that he is representing the collective, spoke about the TYLER project and the rift with WikiLeaks in an email interview with the Voice of Russia. They have scheduled this new project to December 21 this year. According to the hacker, who requested anonymity, the conflict between Anonymous and the website of Julian Assange revolves around the forced funding techniques and lack of transparency around money to WikiLeaks. So far Anonymous defends WikiLeaks and Assange personally and supported the mission of the site to share information, news and classified information with the public. They even helped to publish more than 2 million emails, known as the Syrian file. Since Assange has repeatedly threatened to close th...

The PlayStation 3 has been hacked before, originally with the PSJailbreak dongle and fail0verflow, but Sony managed to fight back with Firmware 3.60 which managed to ingeniously re-secure the console. But Hackers have released a custom firmware which allows compromised consoles to log into PSN, alongside LV0 decryption keys which allow the user to bypass future security updates. The hacker group ' The Three Musketeers ' claims that they already had the keys for a while but decided not to publish them. The information also came into the hands of another Chinese hacking group called BlueDiskCFW which was about to release the Iv0 keys for a fee. To avoid others earning money with their hack, The Three Musketeers decided to publish the keys themselves. Here a  Post by Hackers . The team of hackers released the following announcement: As this was a group effort, we wouldn't normally have lost a word about it ever, but as we're done with PS3 now anyways, we ...

A heart defibrillator remotely controlled by a villainous hacker to trigger a fatal heart attack? Yes now its possible, The Government Accountability Office has released a report warning that medical devices are vulnerable to hacking and calling for greater FDA oversight of such devices. The investigation into electronic medical-device safety was initiated after computer-security researchers found dangerous vulnerabilities in insulin pumps. The FDA in 2009 issued guidance urging hospitals and medical device manufacturers to work together to eliminate security risks. But in September, the Government Accountability Office issued a report warning that implantable medical devices could be vulnerable to hacking, posing a safety threat, and asked the FDA to address the issue. " Even the human body is vulnerable to attack from computer hackers ," Representative Anna Eshoo, a Democrat from California, said in a statement on her website . Preventing potential hacking it might s...

Mobile industry watchers have long known that Android is under attack. The number of high risk and dangerous apps targeting Android users jumped from 30,000 in June to 175,000 in September, Trend Micro said in its third quarter security roundup . While some apps are clearly criminal - such as those that secretly purchase premium smartphone services - others are more of a privacy threat. These include "Aggressive Adware" apps that collect more personal information than the user has authorized. App developers may even be aware of the problem, thanks to the existence of rogue ad networks. " Though most adware is designed to collect user information, a fine line exists between collecting data for simple advertising use and violating one's privacy," Trend Micro said. "Because adware normally collect user information for legitimate purposes, they can serve as an effective means to gather more data than some would want to give out. " Many of these issues a...

When it comes to security, small and midsize businesses are largely unaware of the risks they face. Cybercrime is a serious problem which affects businesses of all sizes and can have devastating consequences. U.S. small businesses should understand they cannot completely remain safe from cyber-threats if they do not take the necessary precautions. Although such threats existed long before malware emerged, data theft, fraud and industrial spying are all now typically conducted through cyber-attacks. The picture painted is of an environment under siege, with an alarming 41% of businesses acknowledging themselves less than ready to face cyber-threats. Kaspersky Lab and B2B International recently conducted a survey among IT professionals working for large and medium-sized businesses to find out what IT specialists thought of corporate security solutions, to determine their level of knowledge about current threats, the sort of problems they most often face, and thei...

At the ToorCon hacker conference in San Diego Saturday, Ossmann and his research partner Jared Boone plan to unveil a beta version of the HackRF Jawbreaker , the latest model of the wireless Swiss-army knife tools known as software-defined radios. It grants any computer programmer the ability to develop new ways to interact with radio waves. HackRF, a software radio peripheral. Software radio or Software Defined Radio (SDR) is the application of Digital Signal Processing (DSP) to radio waveforms. It is analogous to the software-based digital audio techniques that became popular a couple of decades ago. The device has the ability to transmit and receive over a wide range of frequencies, covering a huge number of commercial devices. Once can Intercepting and Reversing engineer received  frequencies. Just like a sound card in a computer digitizes audio waveforms, a software radio peripheral digitizes radio waveforms. It's like a very fast sou...

We have already seen vulnerability in Remote Desktop Protocol (RDP) is a potential dangers of desktop remote-access tools commonly used by IT departments to handle help-desk issues and by administrators to manage virtualized machines. According to reports from krebsonsecurity, A Russian company called " dedicated express " ( Dedicatexpress.com ) is selling access to private company servers for as little as $4. Cyber criminals have hacked around 17,000 computers worldwide using such insecure applications in server and selling them in underground markets. Although almost 300,000 compromised systems have passed through this service since its inception in early 2010. New customers who contact the service's owner via instant message and pay a $20 registration fee via WebMoney, a virtual currency. The price of any hacked server is calculated based on several qualities, including the speed of its processor and the number of processor cores, the machine's downlo...

A well known hacking group " Nullcrew " once again most active hacking group right now. Dumping database from number of websites daily. Their latest target was World Health Organization (WHO) website. Well, World Health Organization website (who.int) need treatment now, because their admin panel credentials are leaked on internet by hacking crew. Hacker also disclose the Vulnerable link and Vulnerability type was Sql injection. SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today. It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database. Web application security is much more challenging than infrastructure. The top Web application vulnerabilities ...

A spam message is circulating on Facebook that WWE wrestler Rey Mysterio has died in a stunt gone wrong. Social media is now full of spam messages like this. Last week scammers trick users with " John Cena is died " and this week, rumors about the death of Rey Mysterio. The message actually includes a link that supposedly provides more information about the accident, but in real spammer is just tricking users to redirect on survey website using his referral url. Complete message read," ReY Mysterio of WWE was dead on arrival on the hospital, suffering from 6 broken ribs after perfecting thombstone stunt with co-star The BIG SHOW. Local Police are now investigating and looking for evidences. THE Big SHOW is now facing murder charges. Watch the practice video from WWE and how The BIG SHOW failed to execute the stunt. (for 18yrs & above) " " But that's not all. The user is then presented a webpage that promises him/her the chance to win an ...

According to the Center for Copyright Information, the controversial " Copyright Alert System " will hit the U.S. within weeks. A blog post by Jill Lesser, executive director of the Center for Copyright Information, revealed the long-awaited Copyright Alert System (CAS) will begin "in the coming weeks" and provided some details about the partnership with ISPs to deter subscribers from infringement over peer-to-peer networks. AT&T, Cablevision, Comcast, Time Warner Cable, and Verizon are all participating, and will roll out their responses over the next two months. The so-called Copyright Alert System varies by ISP, but calls for gradually more severe responses to each infringement, starting with emailed warnings and escalating to throttled data speeds or temporary suspension of service. However, offenders can request a review of their network activity by paying a $35 billing fee. If the offender is found not guilty, the $35 will be refunded. The Cop...

Back in 1991, Microsoft released their first version of Windows, a mouse-driven graphical user interface that revolutionized the way we use computers, both at home and in the workplace. Microsoft's newest operating system has a whole new interface and loads of new features. Windows 8 introduces a new type of application: the Windows Store app. Windows Store apps have a brand new look and feel, run on a variety of devices, and you sell them on the Windows Store. Here is a quick Guide for getting up to speed quickly and getting the most out of Windows 8. Whichever device you end up running Windows 8 on, you'll need to know a few things. How are you going to get the data from your current operating system to the new one? You'll probably be wondering where the famous Microsoft desktop has gone. You might be wondering just what is going on: why did Microsoft discard the Start menu, and why does its replacement look like it was designed for children? Downlo...

Symantec has reported an increase in spam messages containing .gov URLs. Cybercriminals are using 1.usa.gov links in their spam campaigns to trick users into thinking the links lead to genuine US government Web sites. Spammers have created these shortened URLs through a loophole in the URL shortening service provided by bit.ly. USA.gov and bit.ly have collaborated, enabling anyone to shorten a .gov or .mil URL into a trustworthy 1.usa.gov URL. The click rate of the campaign has been significant, redirecting more than 16,000 victims over a five day period to a malicious website designed to look like a CNBC news article pushing several work from home scams. According to researchers from security firm Symantec , they simply leveraged an open-redirect vulnerability present on the official government site of Vermont (Vermont.gov) . Therefore, something like 1.usa.gov/…/Rxpfn9 takes you to labor.vermont.gov/LinkClick.aspx?link=[spam site] which then redirects you ...

One of Anonymous hacker groups " FawkesSecurity " who claim responsibility for a DDOS cyber attack on HSBC Bank says that they also manage to get 20,000 debit card details. When HSBC said , " This denial-of-service attack did not affect any customer data , but did prevent customers using HSBC online services, including Internet banking.", Anonymous tweeted on Friday. " We also managed to log 20,000 debit card details ." On asking, is there any proof of this claim , they replied ,"  We're debating whether to release them or not, HSBC knows debit details were intercepted, They probz won't admit it tho, ". On the other hand, A group that calls itself Izz ad-Din Al Qassam  , which has claimed responsibility for recent cyberattacks on at least nine other banks, also took responsibility for the assault on HSBC. Who ever the real hitman behind this, but according to hacker's warnings - RBS, Lloyds TSB and Barclays Banks are next target...

Facebook is continually changing its privacy settings, trying to give users more control over what they want to share and with whom. Two gay college students were outed on Facebook because of a privacy flaw in Facebook Groups. Users can be added to Facebook Groups by friends without the user's permission or approval.  University of Texas students Taylor McCormick and Bobbi Duncan came out to the world via Facebook, but not in ways they ever intended. The Wall Street Journal examined how Facebook changed the lives of two gay college students, when a classmate added them to a public group for other gay choir singers at the school an action that was shared on the students' news feeds.  In another case Bobbi Duncan desperately wanted her father not to know she is lesbian, but Facebook told him anyway. Soon, she learned that another choir member, Taylor McCormick, had been outed the very same way, upsetting his world as well. The two University of Texa...

Two weeks back we reported that Security firm Trend Micro discovered a worm targeting Skype users with spam messages designed to infect machines with the Dorkbot ransomware has been discovered. This malware is spreading through a question/ phrase sent to the users by someone and the question is: " lol is this your new profile pic? " Yesterday Security researchers from Avast have intercepted a currently spreading Darkbot malware campaign, that's affecting millions of Skype users. According to him,"  It targets all the major Web browsers, and is also capable of distributing related malware such as Ransomware/LockScreen, as well as steal accounting data for major social networking services such as Facebook, Twitter, as well as related services such as GoDaddy, PayPal and Netflix ." Some of the infected PCs install the malware known as ransomeware which locks your PC and ask you to pay $200 dollars within 48 hours to retrieve your files. " If you click on ...

A huge hack carried out today ! One of the biggest Peru Domain registrar company (punto.pe) hacked by Lulzsecperu (declared by a tweet ) and Complete database of 207116 websites has been leaked on internet.  Leaked database include Domain panel username, encrypted password, Company descriptions. Hacked domains include all .PU domains ie. Banks , Institutes, computer security companies, corporates, colleges, government, personal websites. " We clarify that we have no malicious purposes, only prove that the security of PERU is bad and should be corrected. Greetings to the computer crimes division of the National Police of Peru from March 2012 is nil activity and fail or be close to where we are now ASBANC for trying. " Hacker said in an statement . He upload the database here :  https://anonfiles.com/file/e14504f5033d2a53457af667b686340f Password for file: lulzsecperu 2-3 Hours after  Lulz...