The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Last.fm Confirms They Were Hacked , Change Your Passwords Now After this week’s LinkedIn fiasco, it appears the latest tech giant to fall to bored hackers is Last.fm. Music-streaming website Last.fm is the latest organisation to urge its users to change their passwords immediately. The London-based site, owned by CBS, said in an advisory that it was currently investigating a possible leak of passwords but did not provide any further details. The dating site said it is "continuing to investigate" but "as a precaution" has reset affected members passwords.Affected members will receive an email with instructions on how to reset their passwords.eHarmoney, which brands itself as "#1 Trusted Online Dating Site for Singles" has around 20 million registered online users. The breach was confirmed by Last.fm on their official Twitter account overnight, and comes amidst a backdrop of similar breaches, including at LinkedIn where up to 8 million passwords may ha...

Anonymous India takes down MTNL website The hacker-group Anonymous has struck again in India. This time the victim is the MTNL website. The group posted on their website, saying, ” We are against Internet Cencorship. Instead of blocking few URLs the ISP blocked the whole domain of various file sharing websites. The HC Madras, DoT didn’t isssue any list of websites to be blocked still ISP supported internet censorship. ” MTNL's corporate website could not be accessed, following the attack since afternoon and officials said efforts were underway to restore it. MTNL Delhi, Deputy - GM (Internet), Deepak Sharma said it was not hacking but 'denial of service attack' under which the server is unable to provide services to the customers. Anonymous has called for non-violent protests across several cities in India on June 9 to protest against what it alleges as ‘censorship’ of the internet. It accused the department of telecom of instructing the Internet Service Providers (I...

LinkedIn Confirms Millions of Account Passwords Hacked LinkedIn Wednesday confirmed that at least some passwords compromised in a major security breach correspond to LinkedIn accounts. Norweigan IT website Dagens IT first reported the breach, noting that “Two days ago a package on the 6.5 million encrypted passwords posted on a Russian hacker site. Vicente Silveira, Director at LinkedIn, confirmed the hack on the company's blog Wednesday afternoon and outlined steps that LinkedIn is taking to deal with the situation. He wrote that those with compromised passwords will notice that their LinkedIn account password is no longer valid. “It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases,” Linkedn director Vicente Silveira said in the blog post. The file only contains password...

Researchers bypass Google Bouncer Android Security Google's Android platform has become the most popular mobile operating system both among consumers and malware writers, and the company earlier this year introduced the Bouncer system to look for malicious apps in the Google Play market. Bouncer, which checks for malicious apps and known malware, is a good first step, but as new work from researchers Jon Oberheide and Charlie Miller shows, it can be bypassed quite easily and in ways that will be difficult for Google to address in the long term. Bouncer is an automated process that scans apps for known malware, spyware, and Trojans, and looks for suspicious behaviors and compares them against previously analyzed apps. If malicious code or behavior is detected, the app is flagged for manual confirmation that it is malware. “ This screencast shows our submitted app handing us a connect-back shell on the Bouncer infrastructure so that we can explore and fingerprint its envir...

Flame Malware Spread Via Rogue Microsoft Security Certificates Microsoft released an emergency Windows update on Sunday after revealing that one of its trusted digital signatures was being abused to certify the validity of the Flame malware that has infected computers in Iran and other Middle Eastern Countries. The patch revoked three intermediate Microsoft certificates used in active attacks to “spoof content, perform phishing attacks, or perform man-in-the-middle attacks”.Microsoft also killed off certificates that were usable for code signing via Microsoft’s Terminal Services licensing certification authority (CA) that ultimately “chained up” to the Microsoft Root Authority.The authority issued certificates for users to authorise Remote Desktop services in their enterprises. The Microsoft blog post explains that a vulnerability in an old cryptography algorithm is exploited by some elements of Flame to make them appear as if they originated from Microsoft. Most systems around t...