The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Some 22,300 purported student and staff records held by the Australian Defence Force Academy were stolen and published online last month. A member of the Anonymous group, known as Darwinaire , is claiming responsibility for the theft. The systems were compromised in November, with UNSW notifying staff and students within a day, but has only now come to light. Among the victims are hundreds of senior officers in the army, navy and air force, as well as military personnel from other nations who are enrolled at the academy. Hacker express the lack of security as '' I know, right, very surprised I didn't get kicked out. So simple, took like three minutes , ''. The University of Canberra in which the ADFA resides had warned students of possible phishing attacks but said the compromised passwords were mostly redundant.  Darwinare, who describes himself as ''black hacker'', has previously breached the networks of online bookstore Amazo...

The Izz ad-Din al-Qassam Cyber Fighters published a new message on their Pastebin profile , warning of a new round of cyber attacks against U.S. financial institutions, beginning this week. In September and October , al-Qassam launched widespread distributed denial-of-service (DDoS) attacks against numerous banking websites . A Bank of America spokesperson told that the bank is " aware of the reports of possible cyber attacks and [is] monitoring [its] systems, which are fully operational .". Hacker said in new warning note ," After stopping one month attack of Izz ad-Din al-Qassam Group to American banks, today, this group has announced a new cycle of attacks, via an Email which has been sent to us, and has acclaimed that its aim is to compensate guilty offends to holy Prophet of Islam, Mohammad(PBUH). Also, in internet conversations earlier, this group had been stated that these attacks won’t stopped and even in new announcements, it’s been marked that there will b...

With the release of the Microsoft security bulletins for December 2012, Company flag total 7 updates for Windows users, where one is rated as critical that could lead to remote code execution, where as other two are rated as important which fix flaws that could result in the operating system's security features being bypassed. All of the IE fixes involve use-after-free memory vulnerabilities. Where as kernel level exploits bundled into mass-exploitation kits is like Blackhole. In addition to IE, Microsoft is fixing a critical flaw in Microsoft Word that could enable attackers to execute remote code. The vulnerability could be exploited by way of a malformed Rich Text Format (RTF) document. Also Fonts can also be used as a potential attack vector, as this Patch Tuesday reveals. A pair of critical font parsing vulnerabilities are being patched this month, one for OpenType and the other for TrueType fonts. Details of all Updates : MS12-07...

ReVuln Ltd. , a small security company headed by Donato Ferrante and Luigi Auriemma, post a video that demonstrates that how attacks can gain root on the appliances. Samsung Smart TV contain a vulnerability which allows remote attackers to swipe data from attached storage devices. In this demonstration readers will see how it is possible to use a 0-day vulnerability to retrieve sensitive information, root access, and ultimately monitor and fully control the device remotely. Auriemma said, “ We have tested different Samsung televisions of the latest generations running the latest version of their firmware.  Unfortunately we can't disclose additional information but we can only say that almost all the people having a Samsung TV at home or in their offices are affected by this vulnerability. ".

Saudi Arabia's national oil company " Aramco " is the country’s largest oil production facility and is a significant exporter in the Organization of the Petroleum Exporting Countries. They said that a cyber attack against it in August which damaged some 30,000 computers was aimed at stopping oil and gas production at the biggest OPEC exporter. The interior ministry said it was carried out by organised hackers from several different foreign countries and Aramco employees and contractors were not involved. “ The main target in this attack was to stop the flow of oil and gas to local and international markets and thank God they were not able to achieve their goals ,” Abdullah al-Saadan, Aramco’s vice president for corporate planning, said on Al Ekhbariya television. “ Not a drop of oil was lost and the company was able to restore productivity in record time ,” he added. The hackers used several methods to hide their location The attack used a computer viru...