The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The FBI Tuesday announced the arrest of Karen 'Gary' Kazaryan , a 27-year old man, who is said to have blackmailed more than 350 women after convincing them to strip off in front of their webcams has been arrested in the US. He was arrested in Glendale, California on Tuesday after being indicted on 15 counts of computer intrusion and 15 counts of aggravated identity theft, and faces a possible 105 years in the Big House if convicted. The FBI described the alleged blackmail as " se*tortion ". He is accused of hacking into the victims accounts and changing their passwords, locking them out of their own online accounts. He then searched emails or other files for naked or semi-naked pictures of the victims, as well as other information, such as passwords and the names of their friends.  He then posed online as the women, sent instant messages to their friends and somehow, persuaded those friends to get undressed so that he could view and take pictures of the...

VideoLAN recently published a security advisory warning of a buffer overflow vulnerability in versions 2.0.5 and earlier of VLC Media Player, which might be exploited to execute arbitrary code. This vulnerability was reported by Debasish Mandal. The vulnerability is caused due to an error in the "DemuxPacket()" function (modules/demux/asf/asf.c) when processing ASF files and can be exploited to cause a buffer overflow via a specially crafted ASF file. To exploit the vulnerability, a user must explicitly open a specially crafted ASF movie. Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious file. VideoLAN advises users to refrain from opening files from untrusted locations and to disable the VLC browser plug-ins until the issue is patched. A patch will be included in VLC 2.0.6, the next version of the media player, which is only available for testing purposes at the moment.

The New York Times says Chinese hackers probably working for the military or Chinese government have carried out sustained attacks on its computer systems, breaking in and stealing the passwords of high-profile reporters and other staff members. For the last four months, Chinese hackers have persistently attacked The New York Times . On Thursday, The Wall Street Journal announced that it too had been hacked by Chinese hackers who were trying to monitor the company's coverage of China. It said hackers had broken into its network through computers in its Beijing bureau. " The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them " " Evidence shows that infiltration efforts target the monitoring of the Journal's coverage of China, and are not an attempt to gain commercial advantage or to misappropriate customer information, " the statement rea...

Incapsula announced this week that they're offering an intriguing Backdoor Protection feature for sites using their cloud-based website security and performance services. What's a Backdoor? A backdoor is a malicious function that enables hackers to remotely operate a site or server, even after whatever exploit they used for initial access has been patched. Installing a backdoor is often the first thing a hacker will do after gaining access to your site - so if you've been hacked before, there's a good chance you've already got one. Hackers love backdoors because they provide easy return access to the site. Once installed, backdoors can used to distribute spam and malware, launch distributed denial of service (DDoS) attacks, or to help steal valuable data like credit card numbers. Recently, Incapsula reported how during the ongoing DDoS attacks against United States banks, a backdoor was used to turn a compromised site into a unwilling foot-soldier in the hackers Zombie Bo...

A Security Flaw in Universal Plug & Play (UPnP) are exposing more than 50 millions of computers, printers and storage drives to attack by hackers remotely. Rapid7 said Tuesday in a research paper , that problem lies in routers and other networking equipment that use a commonly employed standard known as Universal Plug and Play or UPnP. UPnP allows networked devices to discover each other and automatically establish working configurations that enable data sharing, media streaming, media playback control and other services. In one common scenario a file-sharing application running on a computer can tell a router via UPnP to open a specific port and map it to the computer's local network address in order to open its file-sharing service to Internet users. Over 80 million unique IPs were identified that responded to UPnP discovery requests from the internet and around 40-50 million network-enabled devices are at risk due to vulnerabilities found in th...