The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Polish Researchers have discovered a clever way to send secret messages during a phone call on Skype. We know that, by default skype calls use 256-bit advanced encryption, but researchers find that is not enough. So they find out this new way to communicate messages more secretly by using silence. Mazurczyk, Maciej Karaś and Krzysztof Szczypiorski analysed Skype data traffic during calls and discovered that there is a way in Skype silence, where rather than sending no data between spoken words, Skype sends 70-bit-long data packets instead of the 130-bit ones that carry speech. So by taking advantage of this they hijacks these silence packets and then inject encrypted message data into some of them. The Skype receiver on other end will always simply ignores the secret-message data, but it can be decoded back to receive that secret message. Team decide to present this at Steganography conference  by creating a POC tool called SkypeHide that will be able to hi...

Thai police arrested an Algerian Hacker, wanted by the US Federal Bureau of Investigation for allegedly making millions from cybercrime.  Hamza Bendelladj , 24, was arrested late Sunday while attempting to transit through Bangkok's Suvarnabhumi Airport from Malaysia. Police confiscated from Bendelladj two laptops, one tablet computer, a satellite phone and a number of external hard drives, where satellite phone and notebook computer were his main tools, the commissioner said. Bendelladj graduated in computer sciences from Algeria in 2008, has allegedly hacked private accounts in 217 banks and financial companies worldwide. " With just one transaction he could earn 10 to 20 million dollars ," Lt Gen Phanu said. " He's been travelling the world flying first class and living a life of luxury. " Bendelladj will be extradited to the U.S. state of Georgia, where a district court has issued an arrest warrant. " I'm not in the top 10, maybe just...

Many be many of you are not aware about this, but Facebook having a Secure Files Transfer service for their Employees at https://files.fb.com  and Hacker reported a very critical password reset vulnerability. Nir Goldshlager , a researcher told ' The Hacker News ' that how he defeat Facebook 's Secure Files Transfer service and help Facebook by reporting them about this issue in a responsible non-disclosure way till patch. After analyzing the site, he found that the script Facebook is using is actually " Accellion Secure File Sharing Service " script and so next he download the demo version of service from Accellion website and explore the source codes and file locations. He found that, there is a user registration page also available in source, that was also on files.fb.com. Unfortunately Facebook had removed the Sign up option (link) from homepage, but forget to remove the registration page from its actual location i.e (/courier...

Python supply chain attacks are surging in 2025. Join our webinar to learn how to secure your code, dependencies, and runtime with modern tools and strategies.

Last week we have seen ongoing attacks was exploiting a vulnerability in Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 that came to light after the Council on Foreign Relations website was hacked and was hosting the code. Symantec has linked exploits to the group responsible for a spate of recent espionage attacks Dubbed the " Elderwood Project ". In May 2012, Amnesty International's Hong Kong website was compromised & used to serve up a malicious SWF file that exploited CVE-2012-1875, a vulnerability affecting Internet Explorer. A few months later in Sep 2012, the same group behind that attack was responsible for using another IE zero-day CVE-2012-4969. Microsoft issued a temporary Fix-it patch for the vulnerability but now researchers are claiming that they have bypassed the patch and were able to compromise a fully patched system. Name comes from a source code variable used by the attackers. In the past, the group has used a mix o...

According to a report, All major Indian telecom companies, including Bharti Airtel, Vodafone India and Tata Tele services, have agreed to share real-time interception of BlackBerry calls and data services on their networks with Security agencies to meet the December 31 deadline fixed by the Indian government . Research In Motion (RIM), the manufacturer of BlackBerry, has been directed to provide the resolution and web-browsing needs of the BlackBerry Internet Services. This is to be done in discussion with concerned service providers and law interception organisations. Earlier in 2011, the government set the deadline for RIM to come up with facilities for interception, or face closure of their operations in India. The security agencies in the country have been trying to get the company to install local servers so they could access and monitor the stream of messages going back and forth to implement better security in the country. The Ministry for Home Affairs ordere...

Symantec product PGP Whole Disk Encryption which is used to encrypt all the contents on the disk on a block-by-block basis having Zero-Day Vulnerability, according to a pastebin note . Note was posted on 25th Dec by Nikita Tarakanov , claiming that  pgpwded.sys kernel driver distributed with Symantec PGP Desktop contains an arbitrary memory overwrite vulnerability. Affected version of software is Symantec PGP Desktop 10.2.0 Build 2599 (up-to date). Through a blog post , Symantec confirmed that its a potential issue, but it cannot easily be exploited. Vulnerability is limited to systems running Windows XP and Windows 2003 only. An attacker would need local access to a vulnerable computer to exploit this vulnerability. Note posted by Nikita also provide technical details on the issue, that help Symantec encryption engineering team to understand the issue. " However, the exploit would be very difficult to trigger as it r...

Four Iraqi Government websites defaced today by hacker going by name " riSky ". Defaced domains include Iraq National Investment Commission website also. Where, Tens of thousands of protesters rallied across Iraq on Friday, charging that Sunni Muslims had been disenfranchised under the Shiite-led government of Prime Minister Nouri Maliki and pressing for detainees to be freed, there internal and externals hackers are also creating trouble for Government. Hacker claiming to hack the server, as proof he offer ' The Hacker News ' some screenshots of cpanel WHM, as shown below: Defaced Domain: investpromo.gov.iq nic.iq investpromo.com istithmar.iq Hack Mirror: https://zone-h.com/mirror/id/18883643 https://zone-h.com/mirror/id/18883647 https://zone-h.com/mirror/id/18883639 On going hacks and Protest in Iraq are driving the protests in the hopes of creating their own semi-autonomous region akin to Kurdistan, emboldened by the belief that the ongoing u...

Indian hacker, Godzilla once again hit Bangladesh government server . Hacker told us about his latest cyber attack on  Directorate General of Forces Intelligence Bangladesh (DGFI -  www.dgfi.gov.bd ) server . He claimed to back up all confidential mails in the server and list of all their agents around the globe. Hacker taunt Bangladesh govt , " To all stupid Intelligence people of Bangladesh do you know what is security??,  Iam really felling pitty for you." Through a paste  note, hacker leak one sample mail (funny one), which is the conversation between Dewan Mamoon and DGFI Director. Some words from email are, " I love the CIA. I love the DGFI. I love the Bangladesh armed forces. I love America and I love Bangladesh. " and " I know that you are the ones to thank for sponsoring me in Bangladesh and the CIA for sponsoring me in America. " Compromised Intelligence server claimed to be full of sensitive information. In past year, G...

It's the news of the day, a fraudulent digital certificate that could be used for active phishing attacks against Google's web properties. Using the certificate it is possible to spoof content in a classic phishing schema or perform a man-in-the-middle attack according Google Chrome Security Team and Microsoft experts. Microsoft has been immediately started the procedure to update its Certificate Trust list (CTL) and all versions of its OSs to revoke the certificate. Microsoft has also decided to revoke other two certificates for the same reason, it seems that some attacks using the first certificate have been already detected, fraudulent digital certificate that was mistakenly issued by a domain registrar run by a Turkish domain registrar. Microsoft has issued a security advisory " Microsoft Security Advisory ( 2798897 ) -Fraudulent Digital Certificates Could Allow Spoofing " that states: "Microsoft is aware of active attacks using one fraudulent digital certificate is...

Japan ministry become the recent victim of a cyber attack through a malware that suspected to have compromised and sent overseas more than 3,000 confidential documents from the ministry, including many on global trade negotiations. After investigation, experts found that Hackers use "HTran" the Advanced Persistant Threat (APT) exploit kit for attack. Computers at country's Ministry of Agriculture, Forestry and Fishery suspected to be infected from this. HTran is a rudimentary connection bouncer, designed to redirect TCP traffic destined for one host to an alternate host. The source code copyright notice indicates that HTran was authored by "lion", a well-known Chinese hacker and member of "HUC", the Honker Union of China. A lot of the documents were about the negotiations over the US-led Trans-Pacific Partnership multilateral trade pact. According to a report from SecureWorks, Dell's security division, in 2011 that the malware is believed to have b...

RED HAT has fixed multiple web application security issues that allowed hackers to extract website database using Blind SQL injection. Red Hat also confirmed a cross site scripting and Local File Inclusion Vulnerabilities on their website. Mohamed Ramadan Security Researcher and Trainer Attack-Secure , told ' The Hacker News ' that last year he reported 3 flaws to the company and they finally confirm and patch those in January 2013. Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application, rather than getting a useful error message, they get a generic page specified by the developer instead. This makes exploiting a potential SQL Injection attack more difficult but not impossible. Local file inclusion is a vulnerability that allows the attacker to read files, that are stored locally through the web application.This happens because the code of the application does not pro...

Two high school football players in Steubenville, Ohio are under arrest for the sexual assault of a 16-year-old girl. Newly leaked video sheds more light on what may have happened to a girl who told police she was raped by these high school football players in August. Trent Mays and Ma'lik Richmond- have been arrested and charged with raping a fellow 16-year-old, taking her to a number of parties when she was too drunk to resist, digitally penetrating her and possibly even urinating on her.  A small group of information activists was able to do what 3 Ohio state law enforcement agencies couldn't. The clip, released this week by an Anonymous cell calling itself " Knight Sec " is reported to show former Steubenville, Ohio high school athlete Michael Colin Nodianos bragging about the sexual assault from a friend's apartment. On the video which recently was posted online, the boys joke about the girl appearing "dead". On their website, called Local Leaks ...

Soon, you would have the ability to carry a proper desktop operating system on your mobile phone. The firm behind the Ubuntu operating system, Canonical has announced a version of its software for smartphones. Instead of Android, now users will be able to run a very different Linux-based OS , the long-awaited mobile version of Ubuntu which comes with a new UI adapted for smaller screens. Best part, the operating system uses the drivers and kernels from Android, which means it can be easily installed on any smartphone currently running Google's OS, and also means manufacturers won't need to change any of their hardware to support the new OS. Benefits: A single OS for phone, PC and TV Fast, beautiful interface for entry level smartphones Unique PC experience on super phones when docked with a monitor, keyboard and mouse Ubuntu raises the bar for mobile UI design, for richer and more apps. Ubuntu's founder, Mark Shuttleworth, said he was in talks with manufacturers f...

Israel's Prime Minister officially opened a new national program to train teenagers in the art of cyberwarfare. The program named "Magshimim Le'umit", is to prepare them for their future role in the military and intelligence community. Israel Prime Minister Binyamin Netanyahu said the country's computer systems are facing attacks from Iran and other countries, and such attacks are set to increase in the digital age. The new program will accept outstanding pupils aged between 16 and 18 and train them to intercept malicious attacks through a three-year course. Cyber security has become a national priority in Israel, with significant resources being invested in protecting the military and civilian computing networks. Benjamin Netanyahu revealed plans to create a "digital Iron Dome" to protect vital infrastructure from hackers and viruses like last November, Israeli was under heavy cyber attacks from hacktivist group Anonymous as the latte prot...

The TopTV website and Reliance Netconnect broadband provider websites compromised today by Brazilian hacking crew named " HighTech Brazil HackTeam ". Index.php from Reliance Netconnect and few internal pages of TopTV defaced. Heather Kennedy from TopTV said that they are aware of the breach of security on its website," The IT department was working on the problem all day yesterday, New Year's Day. The site will be restored shortly " Recently the official website of Interpol Indonesia National Central Bureau (interpol.go.id) and many Singapore websites were also hacked by same hackers. The same hacker or group of hackers have also defaced the PG Glass website. The PG Glass home page currently (2 January at 09:30) displays the message " Hackeado por HighTech Brazil HackTeam… " Defaced URLs: https://www.toptv.co.za/index.php?option=com_tvguide&Itemid=29 https://www.reliancenetconnect.co.in/index.php

Last week Council on Foreign Relations website was compromised and recently hit by a drive-by attack using a zero day Internet Explorer 6 vulnerability for Cyber Espionage attack, suspected by Chinese Hackers. Later Microsoft confirmed that  Internet Explorer 6, 7, and 8 are vulnerable to remote code execution hacks. According to researcher  Eric Romang , CFR watering hole attack (CVE-2012-4969 and CVE-2012-4792) has also target Capstone Turbine Corporation website since mid-September. He was able to find a cached version of the first JavaScript that starts the drive-by attack. Then on further search finds that by doing a Google dork search site:capstoneturbine.com "_include"  we can see something strangely like CFR.org "news_14242aa.html" file. Capstone Turbine Corporation is the world's leading producer of low-emission microturbine systems, and was first to market with commercially viable microturbine energy products. Capstone Turbine has shipped tho...

Google Play Developer Console enables developers to easily publish and distribute their applications directly to users of Android-compatible phones. Recently someone posted on Reddit that a developer is trying to spread malware by masquerading infected programs as legitimate software. The account of the developer called, " apkdeveloper " and readers spotted that they are posting fake malware apps by names of famous android games and apps, using the word "Super" as suffix to them, making them seem as an upgraded version of the game. The users can find the difference between the real app and malicious app by observing the device permissions, like as compared to the simple permissions like network access and read write access of the original Temple Run app, the ' Temple Run Super ' app asks for sensitive information like location, phone status, identity and access to user accounts. After many report abuse Google Play has removed the developer from th...

Do you have any idea about an Internal IP Address or a Private IP Address that too assigned for Multinational Companies? Yeah, today we are gonna discuss about Internal IP or Private IP address Disclosure. Disclosure of an Internal IP like 192.168.*.* or 172.16.*.* , can really Impact ? Most security researchers call it as "bull shit" vulnerability. But when it comes to impact calculation even if the server is behind a firewall or NAT, an attacker can see internal IP of the remote host and this may be used to further attacks. Internet Giants like Facebook, Google, PayPal and Serious National Security organizations like FBI, Pentagon and NASA are taking initiatives for their Security Issues. At same, we at ' The Hacker News ' stand together for organizations that talk about national security in a serious way. I guess,its the time to understand about the flaws and its impacts where I would like to share my findings about our Internet Giants and Organiza...

Last Friday, we reported that the website of the U.S. Council of Foreign Relations was allegedly compromised by Chinese hackers who exploited the zero-day bug that was only discovered that same day. The CFR website was compromised with JavaScript that served malicious code to older IE browsers and the code then created a heap-spray attack using Adobe Flash Player. Yesterday former hacker Bryce Case Jr (YTCracker) tweeted about a new zero day exploit threatening all users of IE8, " internet explorer 6-8 0day making the rounds force them toolbar installs and keyloggers on exgf while you still can... ". On Saturday, Microsoft published a security advisory warning users of Internet Explorer 6, 7, and 8 that they could be vulnerable to remote code execution hacks. The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vuln...

Suddenly today Google Chrome start detecting Twitpic.com as malware threat. Twitpic is one of the most popular website for Sharing photos and videos on Twitter. Twitpic denies and said that there is no malware on the website and is trying to contact Google. We also notice that, Twitter profiles and pages with Twitpic URL in tweets are also blocked curretly by Chrome. Many people also complaining about this on Google Help forum. An official statement from Twitpic via tweet ," Working to fix the google chrome malware notice when visiting Twitpic.com as this is not true or the case, trying to contact google ". Google's Safe Browsing Diagnostic page for twitpic.com saying, " Site is listed as suspicious - visiting this web site may harm your computer. Of the 12029 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google vis...