The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A new sophisticated and stealthy Apache backdoor meant to drive traffic to malicious websites serving Blackhole exploit kit widely has been detected by  Sucuri recently. Researchers claimed that this backdoor affecting hundreds of web servers right now. Dubbed Linux/Cdorked.A , one of the most sophisticated Apache backdoors we have seen so far. The backdoor leaves no traces of compromised hosts on the hard drive other than its modified httpd binary, thereby complicating forensics analysis. All of the information related to the backdoor is stored in shared memory.  The configuration is pushed by the attacker through obfuscated HTTP requests that aren't logged in normal Apache logs. The HTTP server is equipped with a reverse connect backdoor that can be triggered via a special HTTP GET request. This means that no command and control information is stored anywhere on the system. ESET researchers  analyzed the binary and ...

Google just released a new Play Store version 4.0.27 that, contains only very minor tweaks and Google has changed the rules of its Google Play Store to put an end to the practice of developers updating their apps through their own means rather than the official Google Play channel. Shortly before the Facebook Home launch, some users noticed a new version of Facebook was available on their device, but it wasn't through the Play Store. Instead, the update came directly through the app, bypassing the Store altogether. Under the " Dangerous Products " section of the Google Play developer policies, Google now states that " an app downloaded from Google Play may not modify, replace or update its own APK binary code using any method other than Google Play's update mechanism. " Essentially this means that once an app is downloaded by an Android user it cannot contact home base and auto-update its own operating code. Instead, it has to use the off...

BackTrack Linux, a specialized distribution of penetration testing tools, has long been a favorite of security specialists and IT pros. Security professionals have been relying on the BackTrack security distribution for many years to help them perform their assessments. A couple of weeks ago, futuristic major release of BackTrack was announced as   Kali Linux . Today Backtrack team released few updates to Kali Linux as version 1.0.3 and fixed couple of bugs. " Our first attempts at building an accessible version of Kali failed and after a bit of digging, we found that there were several upstream GNOME Display Manager (GDM3) bugs in Debian, which prevented these accessibility features from functioning with the GDM greeter. Working together with an upstream GNOME developer, we knocked out these bugs and had the fixes implemeted in Kali, and hopefully in future builds of GDM3 in Debian ." Download  new version of Kali Linux ( kali-linux-...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

It seems that 2013 is the " Data Leakage Year "! Many customers' information and confidential data have been published on the internet coming from government institutions, famous vendors, and companies too. Ebrahim Hegazy(@Zigoo0) an Egyptian information security advisor who found a high severity vulnerability in " Avira license daemon " days ago, is on the news again, but this time for finding and reporting Blind SQL Injection vulnerability in one of Yahoo! E-marketing applications. SQL Injection vulnerabilities are ranked as Critical vulnerabilities, because if used by Hackers it will cause a database breach which will lead to confidential information leakage. A time based blind SQL Injection web vulnerability is detected in the official Yahoo! TW YSM Marketing Application Service. The vulnerability allows remote attackers to inject own SQL commands to breach the database of that vulnerable application and get access to the user data. ...

More than 50 millions of Smartphone users worldwide are facing a risk posed by a critical flaw in Viber app. The security company Bkav announced that it has found a way to gain full access to Android phones using the popular Viber messaging app. Unlike the Samsung lockscreen issue we reported on earlier, this attack doesn't take any fancy finger work. Instead, all it needs is two phones, both running Viber, and a phone number. " The way Viber handles to popup its messages on smartphones' lock screen is unusual, resulting in its failure to control programming logic, causing the flaw to appear, " said Mr. Nguyen Minh Duc, Director of Bkav's Security Division. Steps to exploit: Send Viber message to victim Combine actions on Viber message popups with tricks like using victim's notification bar, sending other Viber messages, etc. to make Viber keyboard appear Once Viber keyboard has appeared, to fully access the device, create misse...

In recent months the DDoS world has shifted from complex small scale Botnet attacks to much larger network based DDoS attacks , perpetrated largely by hijacked web servers. How many of these hijacked servers are out there remains to be seen. However, Incapsula recently got a very good idea of just how large these DDoS cannons are getting. Last Saturday Incapsula mitigated a rather small, 4Gbps DDoS attack, but this time it had a different pattern that attracted our attention. At first sight the attack seemed rather simple, generating 8 million DNS queries per second, to many domains, from spoofed IP addresses (using real domain name servers' IPs). But this time it included a hint about where it was coming from: all that traffic was coming from the same source. Probably on the same network, maybe even the same device. Tracing it to a single Source - TTL Giveaway Incapsula were able to trace the attack to a single source because this time the attackers slipped-u...

A self-proclaimed leader of hacking group Lulzsec has been arrested in Sydney, know by online name " Aush0k ". Australian Federal Police confirmed they arrested the unnamed 24-year-old man from Point Clare yesterday.  The police allege that the man compromised and defaced a government website, triggering an investigation that led to his arrest. The man is reportedly a senior member of staff at a prominent Sydney IT firm, and used his position of trust within the company to get access to sensitive information. His knowledge and skills presented " a significant risk to the clients of the company for which he was employed had he continued his illegal online activities ," police said. He faces a maximum of 12 years in jail. AFP Commander Glen McEwen says " This man is known to international law enforcement and police will allege he was in a position of trust within the company with access to information from clients including government agencies ," It's wo...

Founder and CEO of Security Explorations of Poland,  Adam Gowdiak has reported a new unpatched security vulnerability in JAVA that affects all Java versions, including 7u21 released last Tuesday. Gowdiak claims to have sent to Oracle a report about a reflection API vulnerability in the newly shipped Server Java Runtime Environment (JRE), notifying them of the new security weakness. " It can be used to achieve a complete Java security sandbox bypass on a target system ," Vulnerability allows attackers to completely bypass the language's sandbox to access the underlying system. Gowdiak has not published any further details about the vulnerability in order to give Oracle time to patch the problem. Last week's Oracle patch update repaired many issues plaguing the platform. Java 7 Update 21 contains 42 new security fixes for Oracle Java SE. A majority of these flaws are browse-to–a-hacked-site-and-get-infected vulnerabilities. According to Oracle, " 3...

The Associated Press Twitter account has been hacked,and posted a bogus post about explosions at the White House and Barack Obama is injured. Within a few minutes, Twitter suspended the account, and Julie Pace, the chief White House correspondent for The A.P., announced at a White House briefing that the account had been hacked. " The president is fine ," spokesman Jay Carney said. " I was just with him. " AP said later: " The @AP twitter account has been hacked. The tweet about an attack at the White House is false. " The Syrian Electronic Army claimed responsibility, tweeting out: " Ops! @AP get owned by Syrian Electronic Army! #SEA #Syria #ByeByeObama. " Last year, it took over Twitter and Facebook accounts of the Al Arabiya news channel to spread fake news of a coup and explosion in Qatar, which sides with the Syrian rebels. Shortly after the account was suspended, Mike Baker, a reporter for the news organization, posted a messa...

FireEye experts have been tracking the Operation Beebus campaign for a few months now, and new same gang of hackers are being blamed for a set of recently discovered spear-phishing attacks that aim to steal information related to American drones . These attacks exploited previously discovered vulnerabilities via document files delivered by email in order to plant a previously unknown backdoor onto victim systems. Operation Beebus is an APT-style attack campaign targeting government agencies in the United States and India as well as numerous aerospace, defense, and telecom industry organizations. FireEye Labs has linked the attacks to the China-based Comment Group hacker collective (a prolific actor believed to be affiliated with the Chines government), and Operation Beebus. " The set of targets cover all aspects of unmanned vehicles, land, air and sea, from research to design to manufacturing of the vehicles and their various subsystems. Other related malware have been discov...

The call for papers for The Hackers Conference 2013 is now open.  #THC2013  is a hacker conference taking place in New Delhi , India on August 25th, 2013.  The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives on cyber security meet face-to -face to join their efforts to co-operate in addressing the most topical issues of the Internet Security space. This is the second edition of the Conference . Following the huge success of the conference last year the current edition of the conference brings back to you all the knowledge, all the fun in a better, grander way! The Conference will be held in New Delhi, on the 25 of August 2013, and will get together industry leaders, Government representatives, Academia and underground Black-hat hackers to share knowledge and leading-edge ideas about information...

Tor is a web service that allows users to surf the Internet, use IM, and other services while keeping themselves completely anonymous, but  Japan's National Police Agency wants ISPs to block access to Tor if users are found to have abused it. The push by Japanese authorities is because they're worried about an inability to tackle cyber crime enabled in part by anonymizing services such as Tor.  Japanese police is having a hard time when it comes to crimes in the cyberspace. Just last year a hacker, going by the name Demon Killer, took remote control of systems across the country and posted death threats on public message boards. The panel claimed it has been used in the past to commit internet fraud, help paedophiles groom kids online and, tellingly, enabled leaks from Tokyo's Metropolitan Police Department. Tor has proven to be an invaluable tool for pro-democracy campaigners in the Middle East while censorious regimes such as the Chinese authorities have att...

Trusteer researcher Tanya Shafir   has recently identified an active configuration of TorRAT targeting Twitter users. Other than  spreading ideas on the most popular social networks, now cyber criminals are spreading  malware . The malware launches a Man-in-the-Browser (MitB) attack through the browser of infected PCs, gaining access to the victim's Twitter account to create malicious tweets.  Because the malware creates malicious tweets and sends them through a compromised account of a trusted person or organization being followed, the tweets seem to be genuine. Those tweets contain malicious links and they read : " Our new King William will earn even more than Beatrix. Check his salary" or "Beyonce falls during the Super Bowl concert, very funny!!!! " At this time the attack is targeting the Dutch market. The malware spreading via the online social networking service, used as a financial malware to gain access to user credentials and target their fi...

The United States House of Representatives on Thursday voted to approve the highly controversial  cyber security bill CISPA , which stands for the Cyber Intelligence Sharing and Protection Act. The Bill called the Cyber Intelligence Sharing and Protection Act (CISPA) was presented under the guise National Security , but in reality opens up a loop hole for companies that collect personal information about their users and in some cases want to trade of even sell these to other companies for money or other services.  This was the second time that the US House of Representatives passed the CISPA. Senators had earlier rejected the first draft of this bill on the grounds that it wasn't providing enough for protecting the privacy. Some lawmakers and privacy activists worry that the legislation would allow the government to monitor citizens' private information and companies to misuse it. The first parts of CISPA are relevant and necessary. If we're " h...

Security Researcher from Group-IB ( Group-IB is one of the leading companies in global cybercrime prevention and hi-tech crime investigations )   has found a new kind of malware   that targets the Russian stock-trading platform QUIK. It was detected during several targeted attacks starting in November 2012 where  Cyber criminals have traditionally targeted private and corporate banking accounts, using malware (such as variants of the ZeuS  cyber-crime  toolkit ) to log key-strokes and extract account information. In the last year, Group-IB has received several incoming incident fraud requests on some famous online trading and stock brokerages where systems were possibly hacked and recently trading fraudsters have diversified tactics and begun to use malware. Group-IB has detected the first professional malware, targeted at a specialized trading software named QUIK (Quik Broker, Quik Dealer) from Russian software developers ARQA Technolo...

Google's Oman domain ( https://www.google.com.om/ ) was reportedly defaced today due to a hijacking of the company's local domain name by by Moroccan Hackers . The credit being taken by " SQL_Master And Z0mbi3_Ma " serial website defacers. It seems that hackers successfully beached into Oman Telecommunication Company , who is domain registrar of Google's Oman domain and possible DNS hijack techniques is used to re-directed users to a different site whenever they tried to reach Google's local domain. The text on the hacked site reads: " 0h0h0h! U get FUCKED BY! And Z0mbi3_Ma SQL_Master for more: Z0mbi3_Ma@hotmail.com . / Morocco". Same group of hackers were responsible for hacking  The National Security Agency (NSA) in past.  Zone-H mirror record also available for proof of hack and at the time of writing, site is defaced. Whether you own 1 domain or over 100, domain security today is more important than ever. We will update ...

It appears as if another malware scare has come to Android . Lookout Security said on Friday that it has discovered a new family of malware called BadNews .  Malware that avoided detection and made its way onto the Google Play store has been downloaded around 9 million times by users from all over the world. The company uncovered the malware in 32 applications listed by four different developer accounts on Google Play. Google was notified and the company removed the affected apps and killed the developer accounts associated with them. In their report, firm describes the malware: " BadNews masquerades as an innocent, if somewhat aggressive advertising network. This is one of the first times that we've seen a malicious distribution network clearly posing as an ad network. Because it's challenging to get malicious bad code into Google play, the authors of Badnews created a malicious advertising network, as a front, that would push malware out to infected devices...

Last April 7th the Anonymous collective hit the Israeli networks with a huge as historic offensive, for the first time an independent group of hackers declared war to a Governments to protest against its policy. Many web sites of the country were hit by DDoS attacks, the data on the event reported by Israel government are totally different from the information published by Anonymous that produced a report for #OpIsrael in which total damage are estimated of $3-plus billion. According security experts at TrendMicro the collective adopted various botnet coordinating large scale attacks, analyzing traffic directed to one of the targeted website, the researchers discovered that meanwhile usually more of 90% of the traffic is originated in Israel, during the attack almost the entire traffic was originated outside the country and internal connections have fallen to 9% as shown in the following chart: What is surprising is that TrendMicro discovered that many IP addre...

Nir Goldshlager , Founder/CEO at Break Security known for finding serious flaws in Facebook once again on The Hacker News for  sharing his new finding i.e Stored Cross-site Scripting (XSS) in Facebook Chat, Check In and Facebook Messenger. Stored Cross-site Scripting ( XSS ) is the most dangerous type of Cross Site Scripting. Web applications where the injected code is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc 1.) Stored XSS In Facebook Chat: This vulnerability can be used to conduct a number of browser-based attacks including, Hijacking another user's browser, Capturing sensitive information viewed by application users, Malicious code is executed by the user's browser etc. When a user starts a new message within Facebook that has a link inside, a preview GUI shows up for that post. The GUI is used for presenting the link post using a parameter i.e  attachment[params][title]...

The Pirate Bay co-founder  Gottfrid Svartholm Warg (Anakata)  charged with hacking the IBM mainframe of Logica, a Swedish IT firm that provided tax services to the Swedish government, and the IBM mainframe of the Swedish Nordea bank. Svartholm has been charged with several hacking related offenses including serious fraud , attempted aggravated fraud, and aiding attempted aggravated fraud. Three other defendants received similar charges. He was arrested in Cambodia in September 2012 and deported to Sweden where he was arrested for his alleged involvement in the Logica hack. 28-year-old computer specialist Svartholm and other founders of The Pirate Bay were found guilty by the Swedish government in 2009 for facilitating the illegal downloading of copyrighted materials. He has served a one-year prison sentence in Sweden since September 2012, and will likely remain in prison while facing these new charges. Swedish prosecutor Henrik Olin said in a statement, " ...