The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cui, a fifth year grad student from the Columbia University Intrusion Detection Systems Lab and co-founder of Red Balloon Security, has demonstrated an attack on common Cisco-branded Voice over IP (VoIP) phones that could easily eavesdrop on private conversations remotely. The vulnerability Cui demonstrated was based on work he did over the last year on what he called ‘ Project Gunman v2 ’, where a laser printer firmware update could be compromised to include additional, and potentially malicious, code. The latest vulnerability is based on a lack of input validation at the syscall interface. Cui said, “ allows arbitrary modification of kernel memory from userland, as well as arbitrary code execution within the kernel. This, in turn, allows the attacker to become root, gain control over the DSP , buttons, and LEDs on the phone. ” While he did not specify the precise vulnerability, Cui said it allowed him to patch the phone's software with arbitrary pieces of code, and that t...

A vulnerability in different versions of Microsoft‘s widely used browser Internet Explorer can allow hackers to track the movements of your mouse. Microsoft is investigating reports of a mouse-tracking flaw that puts virtual keyboards and keypads at risk to remote monitoring. Spider.io, a UK-based company in the advertising analytics field, alleged that two unnamed companies are improperly using a flaw that allows them to track whether display advertisements, sometimes buried far down in web pages, are actually viewed by users. Almost every US-based user of Internet Explorer will have their mouse cursor tracked via this exploit almost every day they browse the web. Microsoft has confirmed that every version of Internet Explorer, from version 6 dating back to 2001 up to 10, released this year, is vulnerable. How this works ? All a hacker needs to do is, buy a ad space on any webpage and wait until a user visits it. If the tab remains open, the hacker has continuous access to use...

This Friday I was working with my co-security researcher " Christy Philip Mathew " in +The Hacker News  Lab for testing the Cookie Handling Vulnerabilities in the most famous email services i.e Hotmail and Outlook. Well, both are merged now and part of the same parent company - Microsoft, the software giant.  Vulnerability allows an attacker to Hijack accounts in a very simple way, by just exporting & importing cookies of an user account from one system to attacker's system, and our results shows that even after logout by victim, the attacker is still able to reuse cookies at his end. There are different way of stealing cookies, that we will discuss below. In May 2012, another Indian security researcher Rishi Narang claimed similar vulnerability in Linkedin website. Vulnerability Details Many websites including Microsoft services uses cookies to store the session information in the user's web browser. Cookies are responsible for main...

A former University of Georgia (UGA) student under investigation for allegedly hacking into the school’s computerized personnel records system committed suicide last month. Stell attended classes at UGA between 2005 and 2007. The Data breach was carried out around two months back near 15th October and that may have led to compromised Full names and Social Security numbers, along with additional sensitive data of 8,500 current and former school employees. According to reports , an investigation into the security breach was ongoing when the suspect, Charles Staples Stell , 26, was found dead at his home in Athens on Nov. 7. The UGA Police Department's computer forensics team was investigating the hack. They said, There is no evidence that the compromised data were used to commit additional crimes. The employee files involved in the security breach were found under the control of Stell during the ensuing forensic evaluation of evidence obtained during the course of the invest...

Japan's National Police Agency has offered a monetary reward for a wanted hacker, use programming languages like C# to create a virus called " iesys.exe " and Hijack systems of innocent people to post aggressive messages on Internet on behalf of Users.  Method called a " Syberian Post Office " to post messages to popular Japanese bulletin board. Hacker use cross-site request forgery exploit, that allow hackers to making online postings via innocent users automatically. The messages included warnings of plans for mass killings at an elementary school posted to a city website. It is the first time that Japan's National Police Agency has offered a monetary reward for a wanted hacker  and will pay up to 3 million yen (US$36,000). The case is an embarrassing one for the police, in which earlier this year four individuals were wrongly arrested after their PCs were hacked and used to post  such messages on public bulletin boards. " Up until now t...