The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Microsoft today said it will affair 12 aegis updates abutting anniversary to application 22 vulnerabilities in Internet Explorer (IE), Windows, its Internet server and Visio, the company's abstracts diagramming tool. The aggregation additionally appear it will accommodate patches abutting Tuesday for three bugs it has already acknowledged, including one that has been exploited by abyss for several weeks. "The big account is that there are three zero-days that are actuality patched," said Andrew Storms, administrator of aegis operations at nCircle Security, talking about the leash of accepted flaws. Of the three unpatched-but-admitted vulnerabilities, one is in IE, a additional is in Windows' apprehension of thumbnail images and the third is in IIS (Internet Advice Server), Microsoft's accepted Web server software. Microsoft accustomed the IE bug on Dec. 22, several weeks afterwards French aegis close Vupen issued a bare-bones advising that said all version...

Late yesterday evening website classiccars.com had been defaced. While it's not shocking news that another site of the millions on the internet has been hacked, this one was unusual in that the defacement seemed to be nothing more than an advertisement for the hackers. Ten years ago hacking for bragging rights was a somewhat common practice, but today most attacks are more silent and are designed to steal information. I poked around to find out more about who was behind the attack and how they are compromising the security of the sites they are attacking. The image and stolen JavaScript code that made up the new home page were stored at a free web host. No surprises there, but I did discover that they had an active IRC network. The group had planted an IRC bot in a chat channel that they can command to remotely scan networks for vulnerabilities. This provides them with a list of hosts that are vulnerable to SQL injection and other techniques. It appears the bot uses search en...

As the coin was tossed to kick off Superbowl XLV, Anonymous unleashed their anger at a security firm who had been investigating their membership. HBGary Federal had been working on unmasking their identities in cooperation with an FBI investigation into the attacks against companies who were cutting off WikiLeaks access and financing. Unlike the DDoS attacks for which Anonymous has made headlines in recent months, this incident involved true hacking skills. Anonymous compromised the HBGary website and replaced it with an image explaining their motivation. In addition to the defacement, they downloaded over 60,000 emails from the company and posted them on The Pirate Bay. The Twitter account of HBGary's CEO, Aaron Barr, was also compromised and tweeted multiple offensive messages, as well as his home address, social security number and cell phone. According to Forbes, the LinkedIn accounts of other HBGary executives were compromised "in minutes." The research, whi...

The tech-oriented Nasdaq stock exchange has confirmed that its network has been hacked and its customers have been notified. In a written statement to the Wall Street Journal (WSJ) Nasdaq said it had discovered some malware files installed on a part of its network called Directors Desk – a system designed to allow company boards to store and share documents. "The files were immediately removed and at this point there is no evidence that any Directors Desk customer information was accessed or acquired by hackers," the statement said. "Our trading platform architecture operates independently from our web-facing services like Directors Desk and at no point was any of Nasdaq OMX's operated or serviced trading platforms compromised." The investigation was initially started by the US Secret Service, but has been taken over by the FBI. People familiar with the matter have confirmed to the WSJ that "so far the perpetrators appear to have just been looking aro...

HBGary chief Aaron Barr's Twitter account hijacked and personal details leaked in revenge for infiltration of hacking collective The loose hacker collective Anonymous says it has taken revenge on aUS security company whose principal claimed to have penetrated the group and identified some of its key people. They hacked the Twitter account of Aaron Barr, the chief executive of HBGary, and sent out a series of angry tweets while many Americans were watching the Super Bowl match on Sunday night, allegedly including Barr's social security number and address, and his mobile phone number. The tweets link to torrents of the company's emails. Members of the group also put up a brutal set of claims: "Anonymous has: "entire control of all emails for the company of hbgary.com. we have full admin control of "hbgaryfederal.com. we have wordpress control of hbgary.com "all emails will be put up in a torrent. "full access to all their finincials ...