The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Apple is investigating yet another security breach in its iTunes app store . A Russian hacker worked out a way that allows people to bypass payment in the App Store and download products for free. The hacker, dubbed ZonD80 , posted a video of the crack on YouTube (Deleted by Youtube now ) and claims that the technique makes it possible to beat Apple's payment systems by installing a couple of certificates and assigning a specific IP address to the device. The new service, which has already been subject to attempts at shutting it down, requires no jailbreaking and only minimal configuration changes. It works by funneling purchase requests through a server operated by the hacker, rather than the legitimate one offered by Apple. As a result, charges that normally would be applied to a user's account are bypassed. Below are the steps to the hack: Install two certificates: CA and in-appstore.com. Connect via Wi-Fi network and change the DNS to 62.76.189.117. Press the Like but...

Nvidia shut down its Developer Zone online forum today after hackers gained access to members' account details.A statement Nvidia posted on the forum reads , " Nvidia suspended operations today of the Nvidia Developer Zone. We did this in response to attacks on the site by unauthorised third parties who may have gained access to hashed passwords. " Users are also warned not to provide any personal, financial or sensitive information in response to any email purporting to be sent by an NVIDIA employee or representative. All user passwords will be reset when the system comes back online, though it wasn’t mentioned when that was going to be. NVIDIA insists it is “continuing to investigate this matter. Nvidia forum hack follows the recent LinkedIn and Yahoo! hacks . Earlier 6.5 million LinkedIn hashed passwords were stolen and subsequently published on unauthorized websites.

Nikhil Kolbekar, aka HellsAngel, was arrested on July 11 in Mumbai, India. Eric Bogle, known as Swat Runs Train, and Justin Mills, or xTGxKAKAROT, were taken into custody in Canada, respectively Colorado, US.  HellsAngel and  Bogle is suspected of selling complete credit card details, including names, addresses, social security numbers, birth dates, and bank account information. He also sold remote desktop protocol (RDP) access data that could be utilized to breach computers in countries such as Turkey, India, Czech Republic, Brazil, Germany, France, Italy, Spain, Sweden, and others. The suspect, Nikhil Kolbekar, was produced before the Esplanade Court on Thursday and has been remanded in judicial custody. He will be produced before the Patiala House court in Delhi on July 25, with the US pressing for his extradition through the Interpol. Carding refers to various criminal activities associated with stealing personal identification information and financial informatio...

Phandroid's Android Forums Web site is hacked and user account details stolen, according to a notice posted online. The data includes the user names, e-mail addresses, hashed passwords, and registration IP addresses of the forums' more than 1 million users. If you are one of them, you should change your password: go to your UserCP or use the Forgot your password? . Furthermore, if you use the same e-mail address and password combination elsewhere, you should change it there as well. " I have some unfortunate news to pass along ," the post reads. " Yesterday I was informed by our sever/developer team that the server hosting Androidforums.com was compromised and the website's database was accessed. While the breach is most likely harmless, there are important and potential pitfalls, and we want to provide as much helpful information to our users as possible (without getting too technical). " Phandroid will continue to investigate what happened. The ex...

Security researchers working for F-Secure have found a web exploit that detects the operating system of the computer and drops a different trojan to match.The attack was first seen on a Columbian transport website which had been hacked by a third party. This malware is known as GetShell.A and requires users to approve a Java applet installation. It detects if you're running Windows, Mac OS X, or Linux, and then downloads the corresponding malware for your platform. The malicious files developed for each type of OS connect to the same Command & Control server that F-Secure has localized at IP address 186.87.69.249. Karmina Aquino, a senior analyst with F-Secure said " All three files for the three different platforms behave the same way. They all connect to 186.87.69.249 to get additional code to execute. The ports are 8080, 8081, and 8082 for OSX, Linux and Windows, respectively ." On upcoming 29th July 2012 Security Researchers  Sina Hatef Matbue and Arash Shirk...