The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cyber crime enterprise is showing a growing interest in monetization of botnets , the most targeted sector in recent months is banking. One of most active malware that still menaces Banking sector is the popular Zeus . Zeus is one of the oldest, it is active since 2007, and most prolific malware that changed over time according numerous demands of the black-market. Recently, Underground forums are exploded the offer of malicious codes, hacking services and bullet proof hosting to organize a large scale fraud. Cyber criminals are selling kits at reasonable prices or entire botnets for renting, sometimes completing the offer with information to use during the attacks. The model described, known also as a Fraud-as-a-Service , is winning, malicious code such as Zeus, SpyEye , Ice IX, or even Citadel have benefited of the same sales model, cyber criminals with few hundred dollars are able to design their criminal operation. Since now the sales model and the actor invol...

After only a few days since the developer edition of Google Glass landed, Jay Freeman aka " Saurik " has jailbroken it. Though Google Glass run on Android 4.0 Ice Cream Sandwich, he get root access using an exploit first discovered by another hacker named B1nary .  Freeman, who obtained the device by pre-ordering it at Google I/O last year, announced his success on Friday via Twitter. Such tactics give the user full command of the operating system without restriction. Freeman is not the first to crack Glass, though: just yesterday, another developer, Liam McLoughlin, also got root on his device. Although both jailbreaks were successful on the current Explorer Edition of Glass, it's not clear whether those holes will still be available in the consumer edition. Freeman says that Glass could be made to store data on the device itself or on a nearby phone connected by Bluetooth, instead of sending data to Google servers. McLoughlin says that Google Gla...

The Dutch police have confirmed the arrest of a 35-year-old man suspected of taking part in a massive DDoS attack against the anti-spam group Spamhaus back in March . The attack's bandwidth peaked at over 300Gbps, making it the largest DDoS attack in history. Their target, Spamhaus, is a company which creates blacklists of spam sites and sells them to Internet Service Providers. Spamhaus was attacked with DDOS and the website overcrowded with traffic and went offline. Later CloudFlare was hired by Spamhaus to protect against such attacks. The suspect was arrested by Spanish authorities in Barcelona based on a European arrest warrant and is expected to be transferred to the Netherlands soon. The man arrested is believed to be Sven Kamphuis, the owner and manager of Dutch hosting firm Cyberbunker that has been implicated in the attack. This DDoS attack was believed to have been sparked when Spamhaus placed CyberBunker on its spam blacklist. Cyberbunker i...

LivingSocial, a daily deals website part-owned by Amazon Inc ., hit by a cyber attack that may have affected more than 50 million customers and will need to reset their passwords. LivingSocial says it has 70 million members worldwide. Leaked data includes names, e-mail addresses, dates of birth and encrypted passwords. Customers' credit card information and merchants' financial and banking information were not affected by the hack, LivingSocial said. So it looks like some personal info may have fallen into the wrong hands, but credit card and other financial details should be safe. The cyberattack affected LivingSocial customers in North America, Australia, New Zealand, United Kingdom, Ireland and Malaysia and its LetsBonus users in Southern Europe and Latin America. So if you’re among the affected users, the hackers have just the right amount of information to phish you. The site is sending out emails to customers advising them to change their passwor...

A new sophisticated and stealthy Apache backdoor meant to drive traffic to malicious websites serving Blackhole exploit kit widely has been detected by  Sucuri recently. Researchers claimed that this backdoor affecting hundreds of web servers right now. Dubbed Linux/Cdorked.A , one of the most sophisticated Apache backdoors we have seen so far. The backdoor leaves no traces of compromised hosts on the hard drive other than its modified httpd binary, thereby complicating forensics analysis. All of the information related to the backdoor is stored in shared memory.  The configuration is pushed by the attacker through obfuscated HTTP requests that aren't logged in normal Apache logs. The HTTP server is equipped with a reverse connect backdoor that can be triggered via a special HTTP GET request. This means that no command and control information is stored anywhere on the system. ESET researchers  analyzed the binary and ...