The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

This Tuesday, Microsoft will be releasing its September's Patch Tuesday updates includes 14 bulletins in total, fixing issues in Windows, Office, Outlook, Internet Explorer, SharePoint and FrontPage. In all, there are eight remote code execution flaws in Microsoft Office, Microsoft Server Software, Microsoft Windows, which can allow hackers to gain access to, or take control of an affected system without user prompts or permission. The four critical bulletins affect Sharepoint, Outlook, Internet Explorer and XP and Windows 2003. Bulletien second will address a Remote Code Execution flaw in Microsoft Office that can be triggered simply by previewing an email in Outlook, even without explicitly opening the e-mail. The problem for users is that Outlook automatically displays the content of each email it previews. The remaining 10 bulletins are all rated important by Microsoft, four of them patch remote code execution flaws in Office, while three other privilege esc...

National Security Agency (NSA)  has the capability to access a broad range of data on most Smartphones out there, including iPhone, BlackBerry, and Android devices, according to the  documents provided by former US intelligence contractor Edward Snowden to the  German news agency Der Spiegel report. A 2009 NSA document states that it can " see and read SMS traffic ". This data includes Contact, call lists, SMS traffic, notes and location data about where a user has been, the NSA has set up teams to specialize in cracking each operating system. The leaked information also revealed that the NSA has organized a working group for each operating system. The documents also state the NSA has successfully accessed BlackBerry email data, a system previously thought to be very secure. Recently, two Guardian reporters , the Newspaper primarily responsible with leaking NSA documents, discovered a mystery app on their iPhones . It has no title, no...

Recently, Tor Project Director - Roger Dingledine described a sudden increase in Tor users on the Tor Network after the events related to disclosure of the PRISM surveillance program, Since August 19, 2013, there has been an impressive growth in the number of Tor users. At first, No one knew who or what is responsible for this spontaneous growth of Tor users, but Security researchers at Fox-IT firm found evidence that the spike in Tor traffic is caused by a Mevade Botnet, that hides its Command-and-Control server in the anonymizing network. The security firm documented the presence of the Mevade malware architecture based on the anonymizing network, " The malware uses a command and control connectivity via Tor .Onion links using HTTP. While some bots continue to operate using the standard HTTP connectivity, some versions of the malware use a peer-to-peer network to communicate (KAD based). " " Typically, it is fairly clear what the p...

Trust is something that's earned, not given. We trusted tech companies with our data because they promised to keep it secure. That trust was called into question after former NSA contractor Edward Snowden revealed that NSA is snooping on us with the help of same tech companies. Today Google announced that they have accelerated their efforts towards encrypting the information that has been flowing through its data centers across the world to thwart snooping by NSA and intelligence agencies, but do can you Trust Google and Other Internet Companies now ? " It's an arms race ," Eric Grosse, Google's vice president for security engineering, tells WP . " We see these government agencies as among the most skilled players in this game. " Google officials declined to provide details on the cost of its new encryption efforts, the numbers of data centers involved, or the exact technology used. According to the report, encrypted information would...

The spy agencies' activities have gone on for more than a decade. Now we have enough details about how the NSA eavesdrops on the internet, another explosive news has emerged yesterday from the Snowden files that NSA has the ability to decrypt most of anything that is on the internet. They have done this not through cracking encryption mathematically, but by secretly using influence and billions of dollars to insert backdoors designed to preserve their ability to eavesdrop.  Also the majority of devices connected to the Tor anonymity network may be using encryption keys that can be broken by the National Security Agency, according to Rob Graham, CEO of penetration testing firm Errata Security. The ability to crack high-level encryption is something that has been a pretty significant legend in the infosec community. Graham arrived at that conclusion after analyzing nearly 23,000 Tor connections through an exit node that Graham controls and about 76 perc...

The Syrian Electronic Army (SEA) , a pro-regime hacker group that emerged during Syrian anti-government protests in 2011, and involved in cyber attacks against western media organizations are now in the FBI's wanted list. The Federal Bureau of Investigation has issued an alert warning of cyber attacks by the Syrian Electronic Army and finally put them on its radar. " The SEA'S primary capabilities include spear-phishing, web defacements, and hijacking social media accounts to spread propaganda. " they said. The FBI also has increased its surveillance of Syrians living in the US. According to some anti-Assad activists, the group was founded by former intelligence agents and hardcore Assad supporters. SEA had compromised social media profiles for Western news organizations by sending fake email messages to news staff in an attempt to gain access to login credentials. Most recently, the group grabbed international attention after commandeering the webs...

Security firm ESET has discovered  a new and effective banking trojan , targeting online banking users and designed to beat the mobile multi-factor authentication systems. Hesperbot detected as Win32/Spy.Hesperbot is very identical to the infamous Zeus and SpyEye Banking Malwares and infects users in Turkey, the Czech Republic, Portugal, and the United Kingdom. Trojan has functionalities such as keystroke logging , creation of screenshots and video capture, and setting up a remote proxy. The attackers aim to obtain login credentials giving them access to the victim's bank account and getting them to install a mobile component of the malware on their Symbian, Blackberry or Android phone. Some other advanced tricks are also included in this banking Trojan, such as creating a hidden VNC server on the infected system and can do network traffic interception with HTML injection capabilities. So far, the Trojan hasn't spread too far. The campaign was first ...

Excitement continues .. Rockstar Games schedule the release of latest The Grand Theft Auto series, GTA 5  on September 17, but Cyber Criminals has already released a fake version of GTA 5 contains malware on torrent networks. Romanian security firm BitDefender issued warning that GTA V hasn't been leaked, and during installation you will be asked to complete a survey and send off a text message to gain the serial number. You will then be charged €1 per day on your phone bill and will be infected by a virus. The PC version has yet to be announced, so trying to install it on your PC is a ridiculous idea; but that seems to be what a lot of people are doing. " The survey opens in a web browser and, therefore, is able to perform a geographic redirect to the web page that corresponds to the area you are located in, " said, Bitdefender Senior E-Threat Analyst Bogdan Botezatu. This malware is a generic Trojan Trojan.GenericKDV.1134859 , which can steal u...

Code repository GitHub  offers two-factor authentication to beef up security around its users' accounts. Github is a coding repository where developers used to build their projects projects that may turn out to be valued knowledgeable assets. Two-Factor Authentication adds another layer of authentication to the login process, Now users have to enter their username and password, and a secret code in the second step, to complete the sign in. If a hacker manages to steal a user's credentials through phishing or trojans, cannot do anything, as they do need a second key to enter. " We strongly urge you to turn on 2FA for the safety of your account, not only on GitHub, but on other websites that support it, " the company says . This two-factor authentication for Githu can be turned on in your account settings. GitHub hit 3.5 million users' landmark along with 6 million repositories deposited on its 5th anniversary in April. Two-factor authentication can protect...

In the past few days, Facebook refused to pay bounty to Khalil Shreateh , the security researcher who used the bug he discovered to post directly on Facebook CEO Mark Zuckerberg 's Timeline after Facebook Security rejected his attempts to report it. Ehraz Ahmed, an independent Security Researcher claimed that he reported a critical vulnerability to the Facebook Security team, which allows the attacker to delete any account from Facebook. But Facebook refuses to Pay Bug Bounty , because he tested flaw once on his friend's account, " I reported this bug to Facebook, I'm really not happy with them. After waiting for such a long time for their reply, they denied it saying that you used this bug only works for test accounts, where as I used it for removing real accounts and now the vulnerability is also fixed after their email." he said on his blog . Video Demonstration of Exploit: Vulnerable  URL : https://www.facebook.com/ajax/whitehat/delete...

A group of Indian Hackers has designed Artificial Intelligence Assistant Operating System called ' J.A.R.V.I.S ' , who recognizes them, answer questions, tweet for them and Collect information, scan targets for them. Chiragh Dewan, a 18 year old student who is currently pursuing his BCA has taken the initiative to be the first Indian to complete this project  J.A.R.V.I.S , which is inspired by Iron Man's (movie) artificial intelligence assistant Jarvis. With his team of 7 including Himanshu Vaishnav, Mayur Singh, Krishanu Kashyap, Vikas Kumar, Vinmay Nair and Sravan Kumar, they are about to finish the 3rd level of the project. Their long term goal is to create an OS which could adapt itself according to the user's needs. Like if a doctor is using the OS, it will adapt itself so as it is capable of helping him out in his field like searching for new techniques, medicines, help in their research, etc. Add for architects, other professions.  As for users i...

Cybercrime costs organizations millions of dollars and to protect business from the consequences of security breaches, vulnerability intelligence and patch management are basic necessities in the toolbox of any IT team, as emphasized by organizations like the SANS Institute and the National Institute of Standards and Technology under the US Department of Commerce (NIST). The Secunia CSI 7.0 is the Total Package: Vulnerability Intelligence, Vulnerability Scanning with Patch Creation and Patch Deployment Integration. To help IT teams counter the threat, vulnerability research company Secunia merges the in-house vulnerability expertise with a sophisticated patch management solution into the Secunia Corporate Software Inspector (CSI 7.0). The foundation of the Secunia CSI is a unique combination of vulnerability intelligence and vulnerability scanning, with patch creation and patch deployment integration. The Secunia CSI integrates with Microsoft WSUS and System Center 2...

Indian Security Enthusiast ' Arul Kumar ' recently reported an interesting Facebook vulnerability that allowed him to delete any Facebook image within a minute. Facebook Bug Bounty program rewarded him with  $12,500 USD for helping the Facebook Security team to patch this critical loophole in their own " Support Dashboard ". The flaw is critical because using this exploitation method hacker can also delete Mark Zuckerberg's ( Facebook Founder ) Photos from his Photo Album, or even from wall of any verified page too. Arul posted on his blog, " The Support Dashboard is a portal designed to help you track the progress of the reports you make to Facebook. From your Support Dashboard, you can see if your report has been reviewed by Facebook employees who assess reports 24 hours a day, seven days a week ." That means, if you will report abuse the targeted image and send a Photo Removal Request, Facebook Server Will automatically generate...

Before NSA said that they has zero tolerance for willful violations of the agency's authorities, but NSA had violated privacy rules on thousands of occasions. According to documents seen by SPIEGEL, Arab news broadcaster Al Jazeera was spied on by the National Security Agency. The US intelligence agency hacked into Al Jazeera's internal communications system. The NSA said these selected targets had high potential as sources of intelligence. These Documents were provided by the former NSA contractor and whistleblower Edward Snowden . Also NSA was cracking the airline reservation services for Russian airline Aeroflot, accessing " Al Jazeera broadcasting internal communication " was listed as a notable success and the encrypted information was forwarded to the responsible NSA departments for further analysis. Also, The National Security Agency (NSA) has admitted some of their officers misused the agency's massive spying powers to keep tabs on their love ...

Since Snowden came forward with details about the NSA's PRISM program in June, web users concerned about online privacy are increasingly turning toward privacy tools to protect their online data. U.S. Government project PRISM allows the government to tap phone calls, email, and web browsing of any citizen without a warrant. New metrics from The Tor Project show that, the usage of Tor Browser is increasing day by day due to the fact that internet users are getting more and more inclined in keeping their online activity isolated from internet surveillance programs like US Prism. Tor was launched in 2004 and developed by the U.S. Navy, is used by governments, activists, journalists and dissidents to conceal their online activities from prying eyes. The TOR online anonymity service has exploded since early June, up more than 100 percent, from just over 500,000 global users to more than 1.2 million. Of those 600,000 new users, roughly ten percent are from...

The Indian Government is planning to ban the use of US based email services like Gmail for official communications to increase the security of confidential government information. The recent disconcerting reports that that India was being spied upon by American intelligence agencies has opened an all new chapter in the cyber security space. As leaked by former US National Security Agency contractor Edward Snowden, that NSA involved in widespread spying and surveillance activities across the globe. The Government plans to send a formal notification to about 500,000 employees across the country, asking them to stick to the official email service provided by India's National Informatics Centre, Time of India Reported. The fact that several government officers in top positions use their Gmail IDs for official communications i.e. Several senior government officials in India, including ministers of state for communications & IT Milind Deora and Kruparani Killi, have t...

Do you think, because you're using an Apple Mac , your data is safe from hackers ? Well, it is not true, there are dozens of security weaknesses and today Researchers have made it easier to exploit Apple Mac OS X, that allows penetration testers and hackers to gain root access. The flaw remained unmatched by Apple for the last five months, dubbed CVE-2013-1775 , the flaw allowed attackers to bypass normal password authentication procedures by resetting the computer clock to January 1, 1970. The reason that specific date is required is because it represents the beginning of time to the operating system and some applications that run on it. When the SUDO command is used in combination with a clock reset, the computer can be tracked into providing root access without a password. Metasploit authors have come up with a brand new module that makes the bug even easier to exploit , renewing interest in the problem. The module gains a session with root permissions as long a...

Cisco has fixed a critical vulnerability in Secure Access Control Server for Windows that could allow remote attackers to execute arbitrary commands and take control of the underlying operating system. Cisco Secure ACS is an application that allows companies to centrally manage access to network resources for various types of devices and users.  The reported flaw affects Cisco Secure ACS for Windows versions 4.0 through 4.2.1.15. Successful exploitation requires that Cisco Secure Access Control Server is configured as a RADIUS server EAP-FAST authentication. The Cisco Security advisory said: " The vulnerability is due to improper parsing of user identities used for EAP-FAST authentication. An attacker could exploit this vulnerability by sending crafted EAP-FAST packets to an affected device. An exploit could allow the attacker to execute arbitrary commands on the Cisco Secure ACS server and take full control of the affected server ," The newly patch...

Recently, The Social Media is buzzing over reports that Apple has invented a new technology that now can Switch off iPhone Camera and Wi-Fi, when entering a 'sensitive area'. Technology would broadcast a signal to automatically shut down Smartphone features, or even the entire phone. Yes ! It's true, On June 2008 - Apple filed a patent ( U.S. Patent No. 8,254,902 ) - titles " Apparatus and methods for enforcement of policies upon a wireless device " that defines the ability of U.S. Government to remotely disable certain functions of a device without user consent. All they need to do is decide that a public gathering or venue is deemed sensitive and needs to be protected from externalities. Is it not a shame that you can't take a photo of the police officer beating a man in the street because your oppressive government remotely disabled your Smartphone camera? Civil liberties campaigners fear it could be misused by the authorities to silence...