The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

China is taking decisive action against computer hacking with a new law set to govern the sentencing of hackers and other internet offenders. This initiative, announced by the Ministry of Public Security, aims to enhance cybersecurity in response to the growing threat of cybercrime. Lawmakers are currently working on judicial interpretations of these new regulations. Gu Jian, deputy director of the Ministry's Network Security Protection Bureau, stated that these rules are expected to be released by the end of the year. This development represents China's latest effort to strengthen security against cybercrime. Since 2004, more than 1.64 million online offenses have been reported to China's Internet Illegal Information Reporting Center. Although 80% of these cases involve online pornography and scams, hacking incidents are on the rise. Gu noted that eight out of ten computers with internet access in China are now suffering from "botnet attacks." In these attacks...

Police in India report that 97 percent of cyber crimes remain unreported in Gurgaon, a city less than 20 miles from New Delhi. Industry representatives are now collaborating with law enforcement to tackle this issue, according to Times of India. Last week, the IT and business process outsourcing (BPO) industry in Gurgaon met with Joint Commissioner of Police Alok Mittal and Inderjit Singh, chairman of the parliamentary committee on IT, to discuss cyber crime. When asked if the city police and its cyber cell could handle cyber crime, Singh emphasized that the entire system requires an overhaul. This overhaul should start with a new cadre dedicated to solving Internet-related cases. He also stressed the importance of protecting the complainants’ identities in such cases. Industry representatives proposed working directly with the police. "We will provide the police with technical expertise or any other assistance," stated Deepak Kapoor, a BPO industry representative, accord...

We’ve received several rapid-fire tips indicating a major compromise in the Facebook app Sendible. Several prominent Facebook Pages, including Google, Coca-Cola, YouTube, South Park, The Daily Show, and Team Coco, are sending out a malicious link to their followers. The link reads, "Change Your Facebook Background Here!" It's crucial not to click on this link. Those who clicked on the link reported being redirected to a page outside Facebook that asked for personal information. The bottom of this page reads, "Powered By AWeber Email Marketing." Oddly, many other Facebook users are "liking" these links. We’ve contacted Facebook about the issue and will update once we receive their response. The compromised accounts suggest that this malicious link is appearing in tens of millions of feeds right now. Most of the malicious links have been removed, but tips indicate the attack is ongoing, with new links continuing to appear. We still have not heard bac...

A vulnerability has been identified in Microsoft Internet Information Services (IIS) that causes the server to incorrectly handle files with multiple extensions separated by the “;” character. For instance, a file named “malicious.asp;.jpg” is treated as an ASP file. This flaw allows attackers to upload malicious executables to a vulnerable web server, bypassing file extension protections and restrictions. Notably, ASP.Net is NOT affected by this vulnerability. Impact and Versions Affected This vulnerability affects all versions of Microsoft IIS. It works successfully on IIS 6 and earlier versions. IIS 7 has not been tested, but it does not work on IIS 7.5. The vulnerability was discovered in April 2008 but reported in December 2009. Severity and Exploitation The impact on IIS is significant, as attackers can bypass file extension protections using a semi-colon after an executable extension, such as “.asp”, “.cer”, “.asa”,...

BRUSSELS (AFP) – European computer guards battled Thursday against a simulated attempt by hackers to bring down critical Internet services in the first pan-continental test of cyber defences. All 27 of the European Union's member nations as well as Iceland, Norway and Switzerland took part in the simulation as participants or observers, working together against the fictitious online assault, the European Commission said. The exercise was based on a scenario in which one country after the other increasingly suffered problems accessing the Internet, making it difficult for citizens, businesses and public institutions to access essential services. Security experts had to work together to prevent a simulated "total network crash," said Jonathan Todd, a commission spokesman for digital affairs. "I would like to emphasise, so as to avoid any 'War of the Worlds' scenario here, this is purely an exercise and practice," Todd told a news briefing. "...