The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Apple revealed on monday that it received between 4,000 and 5,000 data requests in six months from  U.S. law enforcement for user information and affected accounts. Apple said the most common forms of requests involved investigating robberies and other crimes.  Period between December 1, 2012 and May 31, 2013, federal, state and local law enforcement had requested customer information up to 5,000 times, related to between 9,000 and 10,000 accounts or devices. But the iPhone maker said it works vigorously to protect the privacy of its users and only provides information by court order.  " We will continue to work hard to strike the right balance between fulfilling our legal responsibilities and protecting our customers' privacy as they expect and deserve, " statement from Apple. Apple doesn't provide some types of information either because the company doesn't retain it or because it is encrypted , the company said.  Apple also specified certain ...

If you have followed the startling revelations about the scope of the US government's surveillance efforts, you may have thought you were reading about the end of privacy, and about the Enemies of the Internet. " My computer was arrested before I was ." a perceptive comment by an internet activist who had been arrested by means of online surveillance.  Online surveillance is a growing danger for journalists, bloggers, citizen-journalists and human rights defenders. Over the last few years, law enforcement agencies have been pushing for unprecedented powers of surveillance and access to your private online communications. This week the PRISM surveillance scandal has consumed the Internet as the implications of massive scale U.S. Government spying begin to sink in. The US National Security Organization (NSA) is almost certainly one of (if not the) most technologically sophisticated, well-funded and secretive organizations in the world. The Prism initiative was launched ...

A Philippine Anonymous hacker " #pR.is0n3r " has posted the President Benigno Aquino's three personal mobile telephone numbers online on facebook . Officials would not confirm if the numbers were really the President's. Aquino spokesman Ricky Carandang, " It's cyber vandalism plain and simple ," Carandang said. " We're dealing with it. That's all I can say for now. " Hacker urged his 10,000 followers to communicate directly with their president, but the numbers are no longer working. " The majority are not getting answers to so many issues. It is difficult to speak to a person through go-betweens. If we send him a letter we're not even sure he will receive it, " Hacker wrote in facebook post. In March 2013, Anonymous Hackers  also defaced the Philippines President 's website and other dozen government websites.

US Cloud hosting providers are constantly targeted by cyber crime according the revelations of two malware researchers Mary Landesman, a senior security researcher at Cisco Systems, and Dave Monnier security expert at Team Cymru explained during the 2013 Gartner Security and Risk Management Summit. The hackers are exploiting with a meaningful increase these architecture to organize financially motivated attacks. Landesman and Monnier explained in two distinct sessions that cyber criminals are exploiting US cloud hosting providers to deploy Command and Control servers for their malicious activities despite the great effort in monitoring activities operated by hosting cloud providers. US is one of privileged countries to host malicious architecture due high availability of its infrastructures and cyber criminals know it. " You can move your command and control servers to Kazakhstan, but that's not a very good business decision," "The U.S. has re...

Google says tens of thousands of Gmail accounts belonging to Iranian users have been targeted in an politically motivated hacking campaign in the weeks leading up to the country's closely watched presidential elections. For the last three weeks, the search giant said it has " detected and disrupted multiple email-based phishing campaigns aimed at compromising the accounts owned by tens of thousands of Iranian users. " " These campaigns, which originate from within Iran, represent a significant jump in the overall volume of phishing activity in the region, " Eric Grosse, Google's Vice President for Security Engineering. Phishing attacks are emails which appear official but instead lead users to websites where they are encouraged to reveal data including usernames, passwords, and credit card details. Google said it has a policy to alert users to " state-sponsored attacks and other suspicious activity ," but did not identify the perpetrators be...

About this time every year, Apple gives a gift to mobile developers: the newest version of iOS. The all-new Apple iOS 7 launched at WWCD 2013 this week and Just after 48 hours of  iOS 7  release, 36-year old Jose Rodriguez iPhone user able to hack and bypass Lockscreen to access the Photos in just a few seconds. iOS is infamously popular for its lockscreen security bugs that let anyone bypass the passcode on a device to gain access to information that would otherwise be private. Forbes points us to a new video showing how to completely bypass the iPhone's password protection by accessing the calculator available on the lock screen. " By opening iOS's Control Room and accessing the phone's calculator application before opening the phone's camera, anyone can access, delete, email, upload or tweet the device's photos without knowing its passcode. " iOS 7 beta only available to those with developer accounts for now, cost $99 a year thr...

Edward Snowden, the self confessed NSA Whistleblower of secret surveillance documents, claimed Wednesday that the United States intelligence agents have been hacking computer networks around the world, specially Chinese targets since 2009. Snowden alleged that the Prism program , which collects information on users of numerous technological services such as Google, Facebook and Twitter, targeted universities, businesses and public officials throughout mainland China and Hong Kong. Out of More than 61,000 targets of the National Security Agency , there are thousands of computers in China which U.S. officials have increasingly criticized as the source of thousands of attacks on U.S. military and commercial networks. China has denied such attacks. " We hack network backbones like huge Internet routers, basically that give us access to the communications of hundreds of thousands of computers without having to hack every single one ," he revealed. But why Snowden leaking all this infor...

Malware authors are notorious for quickly leveraging new exploits in the public domain for nefarious purposes. A recently discovered Linux kernel Local privilege escalation exploit , which allows attackers to gain complete control of infected devices, has been ported to the Android smartphone platform. The Linux kernel 2.6.x, including Red Hat Enterprise Linux 6, Ubuntu 12.04 LTS, Debian 6 and Suse Enterprise Linux 11 are vulnerable to privilege escalation flaw with CVE-2013-2094 .  CVE-2013-2094 states, " The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. " Exploit for Linux machines is publically available here . Privilege escalation exploits are particularly dangerous as they can allow cybercriminals to gain complete control over the compromised device.  The exploit can be used to to access d...

Windows 8 PCs contain a new technology called Secure Boot that only boots devices that have been verified by Microsoft. Also Microsoft's own Offline Defender won't boot on Windows 8 PCs with Secure Boot on. Neither will Norton's Bootable Recovery Tool. We asked the guys at FixMeStick how their external hardware-based anti-malware device can boot on brand new Windows 8 hardware with Secure boot on, as well as 10 year old PCs with 32 processors running XP. Here's their answer: 1. It got a Master Boot Record. : In other words, it boots on BIOS-based PCs, essentially all PCs prior to Windows 8. 2. and it got UEFI boot partition : It also got a UEFI boot partition, so it will boot on PCs with the latest UEFI firmware too. 3. It's 32 bit : There's a 32 bit operating system on the stick so it will work with 32 bit microprocessors. Most rescue ISOs\disks are 32 bit only, so by default they work on 32 bit processors and 64 bit processors. 4. and it's 64...

If you own an iPhone or an Android device, then the chances are high that you're familiar with the extremely popular cross-platform messaging app, WhatsApp. According to a whitehat hacker Mohammed Saeed , Whatsapp media server ( media.whatsapp.com ) interface was vulnerable to Traversal local file inclusion. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injected. Flaw allowed hacker to gather usernames via an " /etc/passwd " file and also another sensitive files like log files i.e   "/apache/logs/error.log" or " /apache/logs/access.log ". Flaw was reported by Mohammed with proof of conpect to Whatsapp security team on 27th May and was addressed this week. If you are also penetration tester and have something buggy that can help Whatsapp team to make there service more secure, feel free to contact them at  support@whatsapp.com .

A YouTube video posted by a group calling themselves Anonymous is getting a lot of attention online, claims to have outed two men who allegedly tried to lure underaged girls over the internet. In a video posted on Friday, a member of Anonymous describes a sting operation in which two Edmonton-area men were allegedly caught trying to meet up with 13- and 14-year-old girls for sex. Bob Andrews, the head of ALERT's Integrated Child Exploitation unit in Edmonton. "I think it's really important to let the police do their jobs, and not judge someone in a public forum. " Hacker also claims that they contacted Edmonton police about one meeting that was supposed to take place at West Edmonton Mall, but that police did nothing. " There has been no reply. This is unacceptable. Together, we must act, and we must act swiftly to protect our children. For your benefit, we will begin to reveal the identities of the people that were identified ," the video states. T...

The notorious Zeus Trojan , a family of banking malware known for stealing passwords and draining the accounts of its victims, has steadily increased in recent months. The malware family itself is frequently updated with mechanisms designed to evade detection by antivirus and network security appliances. Trend Micro experts spotted another new variant of  ZBOT Malware which is capable of spreading  itself automatically via USB Flash Drives or removable drives. According to report , this particular ZBOT variant arrives through a malicious PDF file disguised as a sales invoice document and when user opens this file using Adobe Reader, it triggers an exploit . Malware also has an auto update module, so that it can download and run an updated copy of itself. To self propagate, it creates a hidden folder with a copy of itself inside the USB drive with a shortcut pointing to the hidden ZBOT copy. Another variant of ZeuS #Malware spotted, with new feature of spread...

The individual responsible for one of the most significant leaks in US political history is Edward Snowden , a 29-year-old former technical assistant for the CIA and current employee of the defence contractor Booz Allen Hamilton . He's a high school dropout who worked his way into the most secretive computers in U.S. intelligence as a defense contractor and identify himself as the source of leaks about US surveillance programmes - PRISM . He is responsible for handing over material from one of the world's most secretive organisations the NSA. Verax was the name he chose for himself, " truth teller " in Latin. In an interview with The Guardian , Snowden publicly revealed himself as the source of documents outlining a massive effort by the U.S. National Security Agency to track cell phone calls and monitor the e-mail and Internet traffic of virtually all Americans.  Before his leak of U.S. intelligence, Snowden was living in paradise, working for a major U...

China has developed a new supercomputer known as Tianhe-2  which is twice as fast as US and Japanese systems has been measured at speeds of 30.65 petaflops or 74 percent faster than the current holder of the world's-fastest-supercomputer title. Titan, the U.S. Department of Energy's fastest supercomputer, has been clocked in at just 17.6 petaflops per second. Earlier reports said China is aiming for no lesser than a 100 Petaflops machine by 2015. China's National University of Defense Technology last week revealed about a massive machine in Changsha, that's expected to come out next weekend during the International Supercomputing Conference. Tianhe-2 is built with Intel Ivy Bridge and Xeon Phi processors. The powerful system was assembled by Chinese company Inspur using tens of thousands of the latest multicore chips produced by Intel, with an addition of some home-made technology. In total, the supercomputer is said to contain over 3 million proces...

Another member of the hacker collective Anonymous has been unmasked this week. FBI raided the home of Deric Lostutter in April. Two laptops, flash drives, CD's, an external hard-drive, cell phones and an Xbox were reportedly seized during the raid. Deric Lostutter, a 26-year-old from Winchester, is also known as KYAnonymous , a member of the hacktivist collective Anonymous who leaked a video showing the young men who raped an unconscious teenaged girl in Steubenville , Ohio, bragging about what they did in a disgustingly proud manner. In March, football stars Trent Mays, 17, and Ma'lik Richmond, 16, were convicted of the rape. They were sentenced to a minimum of one year in a juvenile detention institution with a maximum stay until they are 21. Lostutter, a self-employed IT security consultant and self-described Anonymous member, said that he'd just returned from a turkey hunt when he noticed what appeared to be a FedEx truck in his driveway. " As I open the doo...

The Pirate Bay co-founder Gottfrid Svartholm Warg a.k.a  'Anakata' is suspected of being involved in one of Denmark's biggest hack attacks. Gottfrid was arrested in Cambodia in September 2012 and has been extradited from Cambodia to Sweden last year, charged with hacking the IBM mainframe of Logica, a Swedish IT firm that provided tax services to the Swedish government, and the IBM mainframe of the Swedish Nordea bank. Now he is suspected in another hacking case, where he and a 20-year-old Danish hacker are suspected to have obtained access to, among other things Danish social security numbers as well as business numbers. Danish suspect was arrested on Wednesday. In January, police in Sweden told colleagues in Denmark about a Danish IP address they had found during an investigation into hacker attacks against a company handling sensitive information for the Swedish tax authority. Grave cases of hacking are punishable by up to six years...

The National Security Agency , part of the U.S. military reportedly has a direct line into the systems of some of the world's biggest Web and tech companies, i.e Microsoft, Google, Facebook, Skype. The NSA access is part of a previously undisclosed program called PRISM , 6-year-old program which allows officials to collect real-time information and as well as stored material including search history, the content of emails, file transfers and live chats, according to reports in the Washington Post . Project PRISM may be the first of its kind and also  GCHQ , Britain's equivalent of the NSA, also has been secretly gathering intelligence from the same internet companies through an operation set up by the NSA. Later confirmed by the White House and members of Congress as saying that the government routinely seeks information in its fight to thwart domestic and international terrorism. Other services that are reportedly part of PRISM include PalTa...

A new piece of sophisticated Android malware has been discovered by security researchers at Kaspersky Labs . Dubbed as Backdoor . AndroidOS . Obad . a , it is the most sophisticated piece of Android malware ever seen. It exploits multiple vulnerabilities , blocks uninstall attempts, attempts to gain root access, and can execute a host of remote commands. It include complex obfuscation techniques that complicated analysis of the code, and the use of a previously unknown vulnerability in Android that allowed it to take control of and maintain a foothold on infected Android devices . There are two previously unknown Android vulnerabilities exploited by Obad . It can gain administrator privileges, making it virtually impossible for a user to delete it off a device. Another flaw in the Android OS relates to the processing of the AndroidManifest.xml file. This file exists in every Android application and is used to describe the application's structure, define its laun...

Microsoft and the FBI have taken down a botnet that controlled millions of infected PCs, which was responsible for massive bank fraud.  Botnets are networks of computers infected with viruses that let them be controlled by hackers. The outfit runs the Citadel Botnets and is believed to have stolen more than $500 million from bank accounts over the past 18 months. Citadel is one of the biggest botnets in operation today. Citadel is a banking Trojan that has been in existence since 2011. As with most banking Trojans, Citadel is a full crimeware kit, providing the attackers with payload builders, a command and control (C&C) server infrastructure, and configuration scripts to target various banks. Citadel infected as many as 5 million PCs around the world including here in Australia and according to Microsoft, was used to steal from dozens of financial institutions, including American Express, Bank of America, Citigroup, Credit Suisse, eBay's PayPal, HSBC...