The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Paul F Renda give an overview that, What and how new long distance and short distance Dead drop techniques are used by National Security Agency for secure communications. What is a dead drop? It is methods that spies use or have used to communicate with associates who have information for them. The dead drop allows them to exchange information without having actual physical contact with each other. The person leaving the information can leave it under a rock or a can or bush. A special type of empty spikes that can be dropped into holes has also been used drop information. The person leaving the information also leaves some kind of signal the drop was made. The signal could be a chalk marks on a tree or pavement. Someone views the signal and retrieves information. Some more unusual dead drops have used dead animals like rabbits, rats and large birds to hide the information. These have been used by both the CIA and KGB. The one problem with this type of...

Indian Hacker  Godzilla aka G.O.D hacked into Bangladesh Army servers, belongs to domain  www.army.mil.bd and leak Internal Network Information via a note . Hacker also publicly posted their Cisco Router passwords and Mac-Address of all machines within the network. We talked with the hacker to know reason of hacking , and he reply, " Its Parade time for you, Bangladesh Army ! ! ! Even a municipal school website has better security than your website. You have time till December, secure it if u can.. Stop supporting terrorist organizations.. Put your best men at work now, we will come back in December. see you soon.. ./Peace is just what we want.. ./live and let others live. ." In his statement hacker threat to hack Bangladesh sites again by December, if they will not stop supporting terrorism. At the time of reporting this news, the official website of Bangladesh military is down because of cyber attack by Go...

Tse Man- lai,  28-year-old businessman, owner of an information technology company, launched denial-of-service (DoS) attacks on Hong Kong stock exchange last year on August 12 and 13 , was sentenced to nine months in jail on Friday. According to SCMP , Tse Man- lai, who had pleaded not guilty to two counts of obtaining access to a computer with criminal or dishonest intent, was convicted of both counts in the District Court on October 24.  The attacked website is one of the most important economic platform of Hong Kong. Trading in the shares of seven companies was suspended. The seven companies, which included HSBC, Cathay Pacific Airways and HKEx itself, had a combined market value of HK$1.5 trillion. Trading was also halted on a debt security and 419 warrants and derivatives linked to the suspended stocks. Trading in the stocks were suspended, as the companies had tried to make price-sensitive announcements during the lunchtime trading break, which investor...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

Stuxnet , a sophisticated computer virus created by the United States and Israel, to spy on and attack Iran's nuclear enrichment facilities in Natanz also infected Chevron 's network in 2010, immediately after it spread into the wild. This Government created virus Now Infecting Corporations also. Chevron oil giant found the virus in its systems after the malware' s existence was first reported in a blog post in July 2010, according to Mark Koelmel, general manager of the earth-sciences department at the big U.S. oil company. The U.S. government has never officially acknowledged the Stuxnet program. Stuxnet  which was designed to attack computer systems designed by German industrial giant Siemens for managing water supplies, oil rigs, power plants and other critical infrastructure has turned up in other countries. According to the Wall Street Journal, Chevron's experience with Stuxnet appears to be the result of the malware's unintentional release into...

Phishing is most commonly perpetrated through the mass distribution of e-mail messages directing users to a fraud web site or services. These professional criminals daily find new ways to commit old crimes, treating cyber crime like a business and forming global criminal communities. Another latest scam has been notified by GFI that, where cyber criminals are offering the art of hacking Twitter accounts with a web-based exploit. Phishers are sending scam emails and offering fake twitter account hacking service, which in actual will hack their own twitter accounts. Email from phishers have text, " Do you want to learn how to hack twitter? Are you looking for a way to hack your friends twitter account without them finding out? Interested in finding out ways to hack someone's profile? Maybe you want to take a quick peek at their direct message inbox, steal their username or find a glitch to use a hacking script, ". Hackers try to convince readers by showing a exploi...

LulzSec Peru hack the official twitter account ( @partidopsuv ) of the United Socialist Party of Venezuela (PSUV), in the evening hours of Thursday. Hackers start twitting from hacked account, " No to communism. Corrupt Chavez get out. " In a blog post Party people announce that their twitter account is compromised and " Unfortunately this type of attacks, which are part of the fourth generation war that we face today, promoted by the fascist right. " Now account credentials are recovered by party but the tweets posted by hackers are still online. The pastebin link posted by hackers contain more Emails and Documents dumps .

I have recently found an interesting post of Niranjan Jayanand, a researcher of McAfee and members of Facebook team and customer escalation team. The experts announced that his team has recently detected a Trojan that is able to steal every king of image files form a Windows PC, including a memory dump of the victim machine (.dmp files), and upload them to an FTP server. The activities observed are much suspected, they portend that there is an ongoing attack for cyber espionage or a massive information theft operation by  cyber crime  . This could be just a first stages of the attacks in which information are collected for further and complex initiatives. The stolen image files could be used for blackmailing the victims and demanding a ransom , it's nor first time, let's reminds what happened some months ago when nude pictures of celebrities were stolen. This is not the unique use that I could suppose, images could be also used for other purposes, they could be ...

Group-IB , a Russian cybercrime investigation company has discovered a zero-day vulnerability, affects Adobe Reader X and Adobe Reader XI. The vulnerability is also included in new modified version of Blackhole Exploit-Kit , which is used for the distributing the banking Trojans (Zeus, Spyeye, Carberp, Citadel) with the help of exploitation different vulnerabilities in client-side software. The particular exploit is available in underground forums for as much as $50,000 and bug is dangerous because it permits cybercriminals to run arbitrary shellcode by bypassing the sandbox feature integrated into the more recent versions of Adobe Reader. For now this flaw is distributed only in only small circles of the underground but it has the potential for much larger post-exploitation methods. The exploit is limited to  Microsoft Windows installations of Adobe Reader and it can't be fully executed until the user closes his Web browser (...

Kim Dotcom is still fighting a legal battle in New Zealand against the United States over alleged copyright infringement and piracy. Kim Dotcom's upcoming Mega website Me.ga has had its domain name seized by the African nation of Gabon, with a government minister saying his country will not be used as a base for copyright infringement. Last week, Dotcom unveiled plans to relaunch his file-sharing site in January 2013, using the Gabonese domain me.ga, with the message " this button will change the world ." "Gabon cannot serve as a platform or screen for committing acts aimed at violating copyrights, nor be used by unscrupulous people," says the country's Communication Minister Blaise Louembe. Dotcom reassured his followers, by tweeting , " Don't worry. We have an alternative domain. This just demonstrates the bad faith witch hunt the US government is on...Gabon Minister used time machine to analyze legality of the future Mega. Verdict: Cyber cri...

In the UK a 41-year-old man has been arrested over a cyber attack on the website of the British Home Secretary Theresa May. He was arrested in a joint operation by Scotland Yard and local officers on Tuesday morning in Wedgewood Road. The man, who has not been named, was arrested on suspicion of assisting or encouraging crime contrary to the Serious Crime Act 2007. He was taken to a local police station and bailed to return in mid-December, pending further inquiries. Computers, telephones and media storage devices were seized from his home, according to police. Detective Inspector Jason Tunn, from the Metropolitan Police's eCrime Unit (PCeU), said, " The activity this morning demonstrates the commitment of the PCeU and our colleagues to combat cyber criminality anywhere within the UK and take action against those responsible. Assisting and encouraging cyber crime is a serious matter and I would advise all persons to consider their actions and any possible future ...

Yesterday Australian Pizza Hut website was compromised by a hacking group going by the name of 0-Day and Pyknic . Hackers defaced the website and claim that they made off with 260,000 Australian credit card numbers. Hack was 1st noticed by  Whirlpool Forum users. But a Pizza Hut spokeswoman said the company did not store such information on its website. " Pizza Hut can confirm that a layer of its website, pizzahut.com.au , was breached with access gained to names and contact information, including email addresses ". " We are working with our website providers to conduct a thorough investigation of the matter and have also reported the incident to the Office of the Australian Information Commissioner. We would like to reassure all of our customers that absolutely no credit card information was stolen and there is no need for concern regarding credit cards." "The security of our online ordering system has not been compromised in any way and our customers ca...

Dutch media report   Skype has Illegally (without court order) distributed a 16 years old user's personal information including user name, real name, email addresses and the home address used for payment to a private company consistently a police investigation into Anonymous-sanctioned cyber attacks on PayPal.  In 2011 most of the online payment solution companies blocked donations to WikiLeaks, in relation to this Anonymous Hacker DDOS paypal and Mastercard. During investigation of attack an IT firm reach skype for the information of their use and Skype  handed over the personal information of a 16-year-old  Illegally to them. Dutch media report that Police operating the case as 'Operation Talang' which is actually focussed on two persons. Joep Gommers, senior director of global research at the Dutch IT security firm iSIGHT Partners, was hired by PayPal to investigate the attacks. They are Alleged to...

Hacking group #NullCrew deface UNESCO Etxea website (unescoetxea.org), which is an internationally oriented NGOs working for the culture of peace, sustainable human development and human rights, at local and global levels. Deface page reads, " Welcome to the new front page of unesco etxea You have been targeted by NullCrew, as part of the FuckTheSystem movement. We have began the war, once again; but this time, good-luck even coming close to winning. " " The united nations, just a bunch of corrupt nations; united by one source of power.. And for that reason, we have came back; to repeat the process. Enjoy the candy. " After watching the data dumped on deface page including the kernel version of server and wordpress database configuration file we can judge that, hacker is able to upload the php shell on website of UNESCO Etxea and he deface the web page. #NullCrew today also hack  UK Ministry of Defence and dump database...

Google today released Chrome version 23 to the Stable Channel. 23.0.1271.64 for Windows, Mac, Linux, and Chrome Frame. Update includes patch for 12 vulnerabilities in the Windows version and two vulnerabilities in Mac OS X version. Chrome 23 is the support of the Do Not Track (DNT) protocol, number of new features including GPU accelerated video decoding on Windows and easier website permissions. " We recently enabled GPU-accelerated video decoding for Chrome on Windows. Dedicated graphics chips draw far less power than a computer's CPU, so using GPU-accelerated video decoding while watching videos can increase battery life significantly ." Out of  14 vulnerabilities , 6 vulnerabilities rated as high and rest are of either medium or low severity. CVE number of all bugs are - CVE-2012-5128, CVE-2012-5126, CVE-2012-5125, CVE-2012-5124, CVE-2012-5123, CVE-2012-5115, CVE-2012-5127, CVE-2012-5120, CVE-2012-5116, CVE-2012-5118, CVE-2012-5121, CVE-2012-5117,CVE-2012-5119, ...

The United Kingdom Ministry of Defence website (www.qhm.mod.uk) hacked by two Null Hacking Crew members  @OfficialNull  and @Timoxeline  and They extracted data published online . The data dump include 3400 email addresses and passwords from Ministry of Defence portal. Hackers trying to trend  #FuckTheSystem hashtag on twitter and related it to all their hacks against UK government. Hacker wrote on note : " Your webmaster made a terrible mistake... You may criticize us on the simplicity of the vulnerability. But if you can get so much useful data so easily, why wouldn't you? " "We hope that all governments and organizations realize that #FuckTheSystem is definitely not a joke. We hope that you have the decency to grasp the concept of it. But hey... You're the government right... Just some butthurt little fags. This security just proves how much of a joke our governments are. " note continue. Hackers mention that, they hack the website ...

Adobe release updates for Flash Player on Windows, Mac, and Linux to address 7 recently identified critical security vulnerabilities. Updated version is now 11.5.502.110 for Windows or Mac OS X users or to 11.2.202.251 for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. A recent Q3 2012 Threat repor t from Kaspersky Lab showed that nearly 30% of the exploits circulating online are targeting Adobe products. Java vulnerabilities were exploited in more than 50% of all attacks. According to Oracle, different versions of this virtual machine are installed on more than 1.1 billion computers. CVE number of 7 critical Adobe Flash Player Vulnerabilities are CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5278, CVE-2012-5279, CVE-2012-5280. Adobe's advisory about this update is available here .

Security firm Trend Micro recent analyses the Russian crimeware markets and has found that malware tools and services range from one-time packages which cost just pennies to sophisticated packages and services which cost purchasers thousands of dollars per month. If you want to buy a botnet it will cost you somewhere in the region of $700. If you just want to hire someone else's botnet for an hour, though, it can cost as little as $2. There are at least 20 different types of services offered in Russian-speaking forums for just about anyone who wants to make a buck off of cybercrime, everything from crime-friendly VPN and security software-checking services to plain old off-the-shelf exploits. " As the Russian underground community continuously modifies targets and improves technologies, security companies and users must constantly face the challenge of effectively protecting their money and the information they store in their computers and other devices ," the ...

About five months ago, OLPC Project started a little experiment . They chose a village in Ethiopia where the literacy rate was nearly 0% and decided to drop off a bunch of Motorola Xooms there. The One Laptop Per Child project started as a way of delivering technology and resources to schools in countries with little or no education infrastructure, using inexpensive computers to improve traditional curricula. On the tablets, there was custom software that was meant to teach kids how to read. This experiment began earlier this year. Timeline of Experiment: 1st Four Minutes - One kid had opened the box and had figured out how to turn on the Xoom. In 1st Five Days -  The kids were using nearly 50 applications each every day. In Two Weeks - The kids were singing their ABC's in English. Now its 5th Month - They hacked the Motorola Xooms so they could enable the camera, which had been disabled by OLPC. OLPC founder Nicholas Negroponte at MIT Technology Review's EmTech confer...

A group of researchers has developed a side-channel attack targeting virtual machines that could pose a threat to cloud computing environments. Side-channel attacks against cryptography keys have, until now, been limited to physical machines, this attack is the first such attack demonstrated on a symmetric multiprocessing system virtualized using a modern VMM (Xen). A side channel is a form of information leakage that arises as a byproduct of resource exposure, such as the sharing of memory caches. A side-channel attack exploits such leakage to steal secrets, such as cryptographic keys. " In this attack, the researchers were able to extract a private ElGamal decryption key from the target VM's libgcrypt library; the target was running Gnu Privacy Guard. Over the course of a few hours of observations, they were able to reconstruct a 457-bit exponent accompanying a 4096-bit modulus with high accuracy. So high that the attacker was then left to search fewer than 10,000 possible...

According to the report from Bloomberg, In 2009, the FBI told Coca-Cola executives that hackers had broken into their computer systems, when a malicious link was emailed to a senior executive, but never revealed the incident. Hackers were able to spend a month operating undetected, logging commercially sensitive information. " Hackers had broken into the company's computer systems and were pilfering sensitive files about its attempted $2.4 billion acquisition of China Huiyuan Juice Group (1886), according to three people familiar with the situation and an internal company document detailing the cyber intrusion. " Bloomberg said . Coca-Cola, the world's largest soft-drink maker, has never publicly disclosed the loss of the Huiyuan information, despite its potential effect on the deal. Although the report claimed state-sponsored actors were involved, experts interviewed by the news wire said the attack had all the hallmarks of Comment a prolific Chinese hacking group. Re...