The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

In the last quarter of 2013, sale of a Smartphone with ANDROID operating system has increased and every second person you see is a DROID user. A Russian security firm ' Doctor Web' identified the first mass distributed Android bootkit malware called ' Android.Oldboot ', a piece of malware that's designed to re-infect devices after reboot, even if you delete all working components of it. The bootkit Android.Oldboot has infected more than 350,000 android users in China, Spain, Italy, Germany, Russia, Brazil, the USA and some Southeast Asian countries. China seems to a mass victim of this kind of malware having a 92 % share. A Bootkit is a rootkit malware variant which infects the device at start-up and may encrypt disk or steal data, remove the application, open connection for Command and controller. A very unique technique is being used to inject this Trojan into an Android system where an attacker places a component of it into the boot...

Malware code can be very small, and the impact can be very severe! The Antivirus firm AVAST spotted a malicious version of the open source FTP (File Transfer Protocol) software ' FileZilla ' out in the wild. The software is open source, but has been modified by the hackers that steal users' credentials, offered on various hacked sites for download with banner or text ads. Once installed, the software's appearance and functionalities are equal to the original version, so a user cannot distinguish between the fake or real one, and the malware version of the " .exe " file is just slightly smaller than the real one. " The installed malware FTP client looks like the official version and it is fully functional! You can't find any suspicious behavior, entries in the system registry, communication or changes in application GUI ." The only difference is that the malware version use 2.46.3-Unicode and the official installer use v2.45-Unicode , as ...

We are continuously keeping our eye on new variants of the widely spread Ransomware family like Cryptolocker , Prison Locker, Copycat and Locker which encrypts your files and ask for a random amount to decrypt it.  If infected by such malware, to be very honest, there is no hope for recovering your documents without paying a ransom amount to the cyber criminals. Online users are now facing another similar ransomware called ' CryptorBit ', ( Virustotal report ) first spotted on September 2013. It is not a variant of Cryptolocker but it does exactly the same thing i.e. Encrypt all the files on the Hard Disk. CryptorBit is an infection that activates by clicking links in a spam message or malicious email, or websites while browsing the web, or by opening an attachment in an email from a malicious source. Once your system gets infected by the CryptorBit, it will encrypt your files and hold them until a ransom of $50 - $500 or more is not paid. It will display...

Python supply chain attacks are surging in 2025. Join our webinar to learn how to secure your code, dependencies, and runtime with modern tools and strategies.

Are you fond of playing games on your Smartphone like Angry Birds or Subway Surfer ?? You should now stop wasting your time, because NSA is utilizing your gaming energy in the best possible way. According to the latest documents leaked by former U.S. Government contractor Edward Snowden , Some of the world's most popular Smartphone applications are telling British (GCHQ) and American intelligence agencies ( NSA ) everything about you. NSA is tapping communication across the Internet of all " leaky " apps ( Unencrypted app, without SSL connection ) to peek into the tremendous amounts of very personal data, including your age, location, sex and even sexual preferences. This is really unacceptable! The Guardian claims that the NSA and its UK counterpart GCHQ have been developing capabilities to take advantage of these 'leaky' apps, collecting most sensitive information such as sexual orientation and " even sends specific sexual preferences such a...

A location based Social Networking platform with 45 million users,' Foursquare ' was vulnerable to the primary email address disclosed.  Foursquare is a Smartphone application that gives you details of nearby cafes, bars, shops, parks using GPS location and also tells about your friends nearby. According to a Penetration tester and hacker ' Jamal Eddin e ',  an attacker can extract email addresses of all 45 million users just by using a few lines of scripting tool. Basically the flaw exists in the Invitation system of the Foursquare app. While testing the app, he found that invitation received on the recipient's end actually disclosing the sender's email address, as shown above. Invitation URL:  https://foursquare.com/mehdi?action=acceptFriendship&expires=1378920415&src=wtbfe& uid = 64761059 &sig=mmlx96RwGrQ2fJAg4OWZhAWnDvc%3D Where 'uid' parameter represents the sender's profile ID.  Hacker noticed th...

Do you use Thunderbird , a free; open-source; cross-platform application for managing email and news feeds? According to a Pakistani Security Researcher from Vulnerability-Lab, a flaw gives an attacker the ability to run code on a user's machine. Mozilla Thunderbird 17.0.6 email application is vulnerable to critical validation and filter bypass vulnerability, enables an attacker to bypass the filter that prevents HTML tags from being used in messages. According to a Security Advisory released by Vulnerability-Lab , the flaw resides in Mozilla's Gecko engine. During the testing, the researchers found many java script errors which gave the researcher much hope in believing that the application might actually be vulnerable. By default, HTML tags like <script> and <iframe> are blocked in Thunderbird and get filtered immediately upon insertion. However, while drafting a new email message, attackers can easily bypass the current input filters by encoding...

Using Tormail Email service for being Anonymous online while conversations and mail exchange?? There is a very disappointing news for all   current and past users, US Federal Bureau of Investigation (FBI) has a complete copy of Tormail server and they are using it to catch the Criminals & Hackers. According to court documents that recently surfaced, the FBI  have cloned the entire email database while investigating Freedom Hosting. In August 2013, when the FBI seized the Tor network's top web host, Freedom Hosting , that gave the feds access to every record of every anonymous site hosted by Freedom Hosting , including TorMail , a service that allowed to send and receive email anonymously . New evidence uncovered by Wired suggests those archives are now being used in completely unrelated investigations, but possibly now the FBI is mining the information from that database to track cyber criminals. Remember the shutdown of the Silk Road bl...

The year 2014 starts with the formation of new mobile malware like ' Android . HeHe ', with the ability to steal text messages, intercept phone calls, and other malware such as ' XXXX . apk ' uses WiFi networks or hotspots to steal information, infected more than 24,000 Devices. But it should not be forgotten by us that 2014 marks the 10th Anniversary of the World's First mobile malware . FortiGuard Labs has published a whitepaper  that briefly explains the major mobile threats from 'Cabir' to 'FakeDefend' over the last decade. The world's first mobile malware was ' Cabir ', detected in 2004 when mobiles were not so popular among all of us. It was developed by the group of hackers known as 29A , designed to infect the Nokia Series 60 , the most popular Smartphone platform with tens of millions users worldwide at that time. The name " Caribe " appears on the screen of the infected phones and the worm spreads itself by seeking other devices such as ...

Hackers broke into an Israeli defense ministry computer via an email attachment tainted with malicious software. Reuters reported Israeli Defense is the latest illustrious victim of the Spear Phishing Attack , and hackers penetrated into an Israeli defense ministry computer using a malicious email as a vector. Aviv Raff , Chief Technology officer at Seculert , confirmed that an Email with a malicious attachment that looked like it had been sent by the country's Shin Bet Secret Security Service. The attackers have penetrated into the network of Israeli Defense accessing to 15 computers, one of them managed by the Israel's Civil Administration that monitors Palestinians in Israeli-occupied territory. The Civil Administration is a unit of Israel's Defense Ministry that control the passage of goods between Israel and the West Bank and Gaza Strip. It is clear that the information contained in the infected system represents a precious target for someone that intend to examin...

Western landscapes are facing a hell lot of data breaches started with Target , Neiman Marcus and now country's largest crafts chain ' Michael's Art and Crafts ' may be is the latest retailer hit by a security breach. In a statement, Irving, Texas-based company acknowledged a possible data security breach that may have affected its customers' payment card information at its 1250 stores across the United States and Canada. They also announced that it is working closely with federal law enforcement and is conducting an investigation with the help of third-party data security experts to establish the facts. " Michaels said in its statement that it had "recently learned of possible fraudulent activity on some US payment cards that had been used at Michaels, suggesting that the company may have experienced a data security attack " company said . CEO Chuck Rubin said that the company has not confirmed a breach, but wanted to alert customers: ...

Apart from various Government websites falling victim to Hacking attacks, the latest to be targeted by hackers belongs to the world's richest cricket Board, the Board of Control for Cricket in India (BCCI). Late night on 26th January ( 65th Republic Day of India ), the official website of Indian cricket's Governing body, BCCI.TV has been defaced by Bangladeshi hacker who goes by the name Ashik Iqbal Chy . The ' About Us ' page on the website has the message " Don'T MesS UP WitH TiGeRs! " along with the image of the Bangladesh national cricket team running with the Bangladeshi Flag. The ' Attack ' on BCCI's website is most likely in response to the latest draft proposal, which aims to shift the control of global cricket from the hands of International Cricket Council (ICC) into the hands of top three cricket boards BCCI, Cricket Australia (CA), England and Wales Cricket Board (ECB) ; therefore the fate of cricket in smaller countries like Bangladesh, New Zeala...

Pwnium is the annual Hacking competition where Google invites coders from around the world to find security holes in Google Chrome. Google has announced its 4th Pwnium Hacking Contest hosted at the Canadian Security conference in March, offering more than $2.7 million in potential rewards for hacking Chrome OS-running ARM and Intel Chromebook. This year the security researchers have a choice in between an ARM-based Chromebook, the HP Chromebook 11 (WiFi) and the Acer C720 Chromebook (2GB WiFi) based on Intel's Haswell microarchitecture . The attack must be demonstrated against one of these devices running " then-current " stable version of Chrome OS. " Security is a core tenet of Chromium, which is why we hold regular competitions to learn from security researchers. Contests like Pwnium help us make Chromium even more secure ," Jorge Lucángeli Obes, Google Security Engineer said. Amongst the payouts are $110,000 for the browser or s...

Cyber Security Expert and Penetration tester, Ebrahim Hegazy has found a serious vulnerability in Yahoo's website that allows an attacker to remotely execute any commands on the server i.e. Remote Command Execution vulnerability. According to Ebrahim blog post , the vulnerability resides in a Chinese subdomin of Yahoo website i.e. https://tw.user.mall.yahoo.com/rating/list?sid= $Vulnerability Any remote user can manipulate the input to the sid parameter in the above URL, that passes the parameter value to an eval() PHP function on the server end. If an attacker is able to inject a PHP code into this web application, it forces the server to execute it, but this method only limited by what PHP is capable of. In a POC Video he has successfully demonstrated few Payloads: Example-1: https://tw.user.mall.yahoo.com/rating/list?sid= ${@print(system("dir"))} Example-2: https://tw.user.mall.yahoo.com/rating/list?sid= ${@print(system("ps"))} Last week, He ...

For the first time in history, Indian Law Enforcement Agency 'Central Bureau of Investigation' (CBI) has arrested a Cyber criminal after getting a tip-off from the US Federal Bureau of Investigation (FBI). 33-Year-old Amit Vikram Tiwari , son of an Indian Army colonel and an engineering dropout, who allegedly ran two websites offering services for hacking into email accounts was arrested on Friday from Pune city. According to the details submitted by FBI, he had compromised more than 1,000 Accounts around the world and offering illegal services for cracking email account login for $250 - $500 via two websites www.hirehacker.net and www.anonymiti.com hosted on U.S. Based servers. Amit received most of the payments from his Clients via Western Union Money Transfer or PayPal. During the investigation, police found several fictitious names of clients and bank account numbers in his computer. Initial investigation clarifies that he has clients in China, Romania, an...

Snapchat suffered a massive data breach back in December in which 4.6 million usernames and phone numbers were compromised. Earlier this month, the company launched an update to its iOS and Android apps, added a new security measure to ensure that new users aren't spambots or a robot. While signing up for the first time, it now displays nine images and then ask you to pick which images have a " ghost ". Within 24 hours of Snapchat releasing an improved security feature, a developer has written a computer program capable of cracking it. Another hacker, ' Steven Hickson ' took only 30 minutes to write a script that can crack this new security feature. In this CAPTCHA feature, basically have you choose from amongst a bunch of images, identifying the ones that have the Snapchat ghost to prove you are a person. " The problem with this is that the Snapchat ghost is very particular. You could even call it a template. For those of you familiar with template m...

Cyber criminals are taking advantage of the widespread popularity of the mobile messaging app ' WhatsApp '. A malware expert at the Kaspersky Lab revealed a large-scale spamming campaign, advertising a fake PC version of the WhatsApp , to spread a banking trojan. According to the report, unaware users have received an email written in Portuguese language , it also tries to deceive the recipient with a social engineering tactic in which cyber criminals composed the malicious email informing that victims already have 11 pending friend invitations.  If users click on the " Baixar Agora " (Download Now) link in the spam email, they will be redirected to a Hightail.com URL to download the Trojan. Hightail is a cloud storage service, the malicious component deployed on it then downloads the malware via a server in Brazil. The file stored on Hightail server looks like a 64-bit installation file bundled with 2.5 megabyte MP3 file. According to Virus Total engine, onl...

Hey Android users! I am quite sure that you must be syncing your Smartphone with your PCs for transferring files and generating backup of your device.  If your system is running a windows operating system, then it's a bad news for you. Researchers have discovered a new piece of windows malware that attempts to install mobile banking malware on Android devices while syncing. Last year in the month of February, Kaspersky Lab revealed an Android malware that could infect your computer when connected to Smartphone or tablets.   Recently, Researchers at Symantec antivirus firm discovered another interesting windows malware called ' Trojan . Droidpak ', that drops a malicious DLL in the computer system and then downloads a configuration file from the following remote server: https://xia2.dy[REMOVED]s-web.com/iconfig.txt The Windows Trojan then parses this configuration file and download a malicious APK (an Android application) from the following locatio...

A well-known pro-Syrian hacker group known as Syrian Electronic Army (SEA) , aligned with President Bashar al- Assad, who successfully attacked The New York Times, Huffington Post, and Twitter, BBC, National Public Radio, Al-Jazeera, Microsoft, Xbox, Skype and responsible for cyber-attacks against various other U.S media companies in the past. Last evening, the Group claimed the responsibility for hacking another big media outlet " CNN ", compromised their Twitter, Facebook account and the website. CNN's twitter profile with 11.6 million followers saw a number of fake tweets from hackers, including allegations that the Central Intelligence Agency (CIA) is behind the Al-Qaida network. Hackers Tweeted, " Tonight, the #SEA decided to retaliate against #CNN's viciously lying reporting aimed at prolonging the suffering in #Syria. "   Following fake tweets were posted: " Syrian Electronic Army Was Here … Stop lying … All your reports are fake! "  " Obama Bin Laden...

Tor is one of the best and freely available privacy software that lets people communicate anonymously online through a series of nodes that is designed to provide anonymity for users and bypass Internet censorship. When you use the Tor software, your IP address remains hidden and it appears that your connection is coming from the IP address of a Tor exit relay or nodes , which can be anywhere in the world. An exit relay is the final relay that Tor traffic passes through before it reaches its destination. According to a recent report ' Spoiled Onions: Exposing Malicious Tor Exit Relays ', published by security researchers Phillip Winter and Stefan Lindskog revealed that almost 20 exit relays in the Tor anonymity network that attempted to spy on users' encrypted traffic using man-in-the-middle techniques. Both Researchers spent more than four months studying on the Tor exit nodes using their own scanning software called " exitmap " and detected su...