The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

It’s a scene from an as-yet-unmade thriller: Across a country, tens of thousands of cellphones all blink white at the same, and turn themselves off. Calls are lost, phones are rendered useless, and the affected mobile operator is forced to pay a ransom or lose customers. It hasn’t happened yet. But speaking at the Chaos Computer Club Congress here, German researchers showed how vulnerabilities in some the simplest, but most common phones in the world could conceivably lead to just such a scenario. Mobile phone security has been a growing concern due to the increasing popularity of smartphones, whose web-browsing and app-running capabilities allow attacks similar to those made against computers. Yet more than 85 percent of the world’s cellphones are feature phones — simple devices with the ability to play MP3s or browse the web, but without the power of the iPhone or Android-based handsets. Vulnerabilities have been found in this type of phone before, but new open sou...

Criminals this week hijacked ChronoPay.com, the domain name for Russia’s largest online payment processor, redirecting hundreds of unsuspecting visitors to a fake ChronoPay page that stole customer financial data. Reached via phone in Moscow, ChronoPay chief executive Pavel Vrublevsky said the bogus payment page was up for several hours spanning December 25 and 26, during which time the attackers collected roughly 800 credit card numbers from customers visiting the site to make payments for various Russian businesses that rely on ChronoPay for processing. In the attack, ChronoPay’s domain was transferred to Network Solutions, and its domain name system (DNS) servers were changed to “anotherbeast.com,” a domain registered at  Network Solutions  on Dec. 19, 2010. The attackers left a message on the ChronoPay home page – designed to look as if it had been posted by Vrublevsky (see image above) – stating that hackers had stolen the personal data of all ChronoPay use...

Known to successfully slow down the Iranian nuclear program, the Stuxnet cyber worm is now expected to spawn variations that are predicted to disrupt non-traditional IT targets, from power grids to electronic voting stations. The Stuxnet cyber worm is a very complex, efficient and stealthy string of code that was first discovered in June 2010. And while it is likely the darling of Western governments for the disruption it unleashed on Iran's embryonic nuclear program, there are emerging concerns that variants of the Stuxnet virus could bring widespread havoc to systems around the world - beyond the traditional information technology targets. eWeek  reported on Tuesday that the Stuxnet worm is thought to have damaged as many as 1,000 Iranian centrifuges, after having already affected more than 62,000 computer systems in Iran alone. The genius of the Stuxnet code was reported in the mild manipulation of the centrifuge engine speeds, prompting the engines to operate just fas...

The Thai Netizen Network has issued a statement calling for a review of Thai cybercrime laws in light of curbs on free speech and has issued a book for netizens to help them safeguard their privacy and circumvent censorship at the same time. Supinya Klangnarong, co-ordinator of the Thai Netizen Network, said that the biggest problem was article 15 and 14, which is ambivalent, too encompassing and overlaps with criminal law. Over the years, articles 14 and 15 have been used to silence political dissent, she said. The case of Prachathai webmaster Chiranuch Premchaiporn was cited as an example of the arbitrary nature of the laws. She was arrested for leaving comments up on the site for 20 days. That number is not in any law. The problem is with the role of the intermediary - that of ISPs (Internet service providers), search engines or blog hosts. Under current law, they are treated as if they were editors. That is simply impractical without bringing the Internet in Thailand to a stop. Th...

Detectives from London’s Metropolitan Police Service’s cyber crime unit have in the past year shut down 1,800 bogus websites, which were either fraudulent or advertising counterfeit goods, ranging from tickets to Premier League soccer games to Ugg boots and jewelry from Tiffany & Co. The preventative action was carried out in partnership with Nominet–the public body for U.K. domain name registrations–and involved a boosted effort around the holidays, a time when there is traditionally a spike in this type of crime as fraudsters take advantage of the increased number of online consumers. “The removal of these websites will have prevented numerous victims from falling foul to this type of offense,” said Detective Inspector Paul Hoare of the Police Central e-Crime Unit in a statement. “Good advice for online shoppers can be found at the Consumer Direct and Get Safe Online websites but as always, are advice is that as a general rule, if something looks like it is too good to be tru...