The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

According to a report, All major Indian telecom companies, including Bharti Airtel, Vodafone India and Tata Tele services, have agreed to share real-time interception of BlackBerry calls and data services on their networks with Security agencies to meet the December 31 deadline fixed by the Indian government . Research In Motion (RIM), the manufacturer of BlackBerry, has been directed to provide the resolution and web-browsing needs of the BlackBerry Internet Services. This is to be done in discussion with concerned service providers and law interception organisations. Earlier in 2011, the government set the deadline for RIM to come up with facilities for interception, or face closure of their operations in India. The security agencies in the country have been trying to get the company to install local servers so they could access and monitor the stream of messages going back and forth to implement better security in the country. The Ministry for Home Affairs ordere...

Symantec product PGP Whole Disk Encryption which is used to encrypt all the contents on the disk on a block-by-block basis having Zero-Day Vulnerability, according to a pastebin note . Note was posted on 25th Dec by Nikita Tarakanov , claiming that  pgpwded.sys kernel driver distributed with Symantec PGP Desktop contains an arbitrary memory overwrite vulnerability. Affected version of software is Symantec PGP Desktop 10.2.0 Build 2599 (up-to date). Through a blog post , Symantec confirmed that its a potential issue, but it cannot easily be exploited. Vulnerability is limited to systems running Windows XP and Windows 2003 only. An attacker would need local access to a vulnerable computer to exploit this vulnerability. Note posted by Nikita also provide technical details on the issue, that help Symantec encryption engineering team to understand the issue. " However, the exploit would be very difficult to trigger as it r...

Four Iraqi Government websites defaced today by hacker going by name " riSky ". Defaced domains include Iraq National Investment Commission website also. Where, Tens of thousands of protesters rallied across Iraq on Friday, charging that Sunni Muslims had been disenfranchised under the Shiite-led government of Prime Minister Nouri Maliki and pressing for detainees to be freed, there internal and externals hackers are also creating trouble for Government. Hacker claiming to hack the server, as proof he offer ' The Hacker News ' some screenshots of cpanel WHM, as shown below: Defaced Domain: investpromo.gov.iq nic.iq investpromo.com istithmar.iq Hack Mirror: https://zone-h.com/mirror/id/18883643 https://zone-h.com/mirror/id/18883647 https://zone-h.com/mirror/id/18883639 On going hacks and Protest in Iraq are driving the protests in the hopes of creating their own semi-autonomous region akin to Kurdistan, emboldened by the belief that the ongoing u...

Indian hacker, Godzilla once again hit Bangladesh government server . Hacker told us about his latest cyber attack on  Directorate General of Forces Intelligence Bangladesh (DGFI -  www.dgfi.gov.bd ) server . He claimed to back up all confidential mails in the server and list of all their agents around the globe. Hacker taunt Bangladesh govt , " To all stupid Intelligence people of Bangladesh do you know what is security??,  Iam really felling pitty for you." Through a paste  note, hacker leak one sample mail (funny one), which is the conversation between Dewan Mamoon and DGFI Director. Some words from email are, " I love the CIA. I love the DGFI. I love the Bangladesh armed forces. I love America and I love Bangladesh. " and " I know that you are the ones to thank for sponsoring me in Bangladesh and the CIA for sponsoring me in America. " Compromised Intelligence server claimed to be full of sensitive information. In past year, G...

It's the news of the day, a fraudulent digital certificate that could be used for active phishing attacks against Google's web properties. Using the certificate it is possible to spoof content in a classic phishing schema or perform a man-in-the-middle attack according Google Chrome Security Team and Microsoft experts. Microsoft has been immediately started the procedure to update its Certificate Trust list (CTL) and all versions of its OSs to revoke the certificate. Microsoft has also decided to revoke other two certificates for the same reason, it seems that some attacks using the first certificate have been already detected, fraudulent digital certificate that was mistakenly issued by a domain registrar run by a Turkish domain registrar. Microsoft has issued a security advisory " Microsoft Security Advisory ( 2798897 ) -Fraudulent Digital Certificates Could Allow Spoofing " that states: "Microsoft is aware of active attacks using one fraudulent digital certificate is...