The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A dangerous variant of the Ramnit malware has been discovered targeting the UK's financial sector. Trusteer claims to have discovered an interesting trojan based attack technique that injects highly convincing and interactive real-time messages into the user Web stream that they encounter when logging into a UK online banking session. The Ramnit worm was discovered in 2010, but in 2011 researchers spotted a new strain that had incorporated source code from the notorious Zeus banking trojan. Cyber criminals are stepping up their use of social engineering techniques to bypass increasingly security-aware users of online banking and e-commerce sites.   The malware reportedly avoids detection by going into an idle sleep mode until its intended victim logs into their online bank account, at which point it activates and presents them with a fraudulent phishing message. Ramnit circumvented the OTP feature at the target bank using a 'Man in the Browser' attack ...

Distributed Denial of Service attacks have increased in scale, intensity and frequency. The wide range of motives for these attacks political , criminal, or social makes every merchant or organization with an online presence a potential target. Over the weekend Incapsula mitigated a unique DDoS attack against a large gaming website, in which they have discovered a DDoS attack using thousands of legitimate WordPress blogs without the need for them to be compromised. Incapsula released the list of approximately 2,500 WordPress sites from where the attack was originated, including some very large sites like Trendmicro.com, Gizmodo.it and Zendesk.com . In a recent report , we posted about another method for DDoS attacks using DNS amplification , where a DNS request is made to an open DNS resolver with the source IP address forged so that it is the IP address of the targeted site to which the response is thus sent, but this new method uses HTTP rather tha...

Privacy conscious phone users are being offered a new app that claims to be the world's first totally secure messaging service. A London-based iPhone messaging app claims to be unhackable and is offering reward to anyone who can intercept a message sent by it.  Redact believes that messages sent via the app are completely secure, and to prove it a reward of £10,000 has been offered. The application creates a secure and encrypted peer-to-peer network between two iPhones, with messages sent directly from one phone to another and not through the company's servers.  The company has already offered its Secure Messenger service for free to MPs and submitted the technology to CESG, the Government's National Technical Authority for Information Assurance, which provides advice on the security of communications and electronic data. With Redact there are no user names, phone numbers or email addresses. Instead, new users are automatically assigned a unique PIN, simi...

Google has fixed a series of serious vulnerabilities in its Chrome OS , including three high-risk bugs that could be used for code execution on vulnerable machines. Bug bounties is the cash prizes offered by open source communities to anyone who finds key software bugs have been steadily on the rise for several years now. As part of its reward program, Google paid out $31,336 to a researcher who found three of the vulnerabilities . Google's post notes : " We're pleased to reward Ralf-Philipp Weinmann $31,336 under the Chromium Vulnerability Rewards Program for a chain of three bugs, including demo exploit code and very detailed write-up. We are grateful to Ralf for his work to help keep our users safe. " The three-bug chain credited to Weinmann exploited O3D, a JavaScript API (application programming interface) designed for crafting interactive 3-D graphics-based Web applications. The API and supporting browser plug-in were created by Google, with a preliminary ve...

The Guardian's Twitter accounts have been taken over by pro-Syrian government hackers ' Syrian Electronic Army ' , who previously targeted the Associated Press BBC , al-Jazeera, the Qatari government and National Public Radio in the United States, as well as France 24 TV. " We are aware that a number of Guardian Twitter accounts have been compromised and we are working actively to resolve this ," a Guardian spokesperson said. Nine bogus tweets were broadcast in an hour, including some with anti-Israeli sentiments, and others saying " Long Live Syria " and " Syrian Electronic Army Was Here ".  Cyber-security experts believe the SEA have targeted a series of western media organisations in an apparent attempt to cause disruption and spread support for President Bashar al-Assad's regime, which has been under increasing Western pressure to end an ongoing bloody civil war in Syria. The group's domain names were apparently registered by the Syr...