The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Security Enhanced (SE) Android Released by National Security Agency (NSA) The National Security Agency (NSA) releases the first version of Android Security Enhanced . The system is designed to minimize the impact of security holes on Android . SE Android project is enabling the use of SELinux in Android in order to limit the damage that can be done by flawed or malicious apps and in order to enforce separation guarantees between apps. However, the scope of the SE Android project is not limited to SELinux.  How can SELinux help Android? Confine privileged daemons. Protect them from misuse. Limit the damage that can be done via them. Sandbox and isolate apps. Strongly separate apps from each other and from the system. Prevent privilege escalation by apps. Provide centralized, analyzable policy. Distinctive features SE Android: Per-file security labeling support for yaffs2, Filesystem images (yaffs2 and ext4) labeled at build time, Kernel permission checks...

URL redirection Vulnerability in Google An open redirect is a vulnerability that exists when a script allows redirectionto an external site by directly calling a specific URL in an unfiltered,unmanaged fashion, which could be used to redirect victims to unintended,malicious web sites. A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. A similar vulnerability is reported in Google by " Ucha Gobejishvili ( longrifle0x ) ".  This problem may assist an attacker to conduct phishing attacks, trojan distribution, spammers. Url: https://accounts.google.com/o/oauth2/auth?redirect_uri=https://www.something.com Same vulnerability in Facebook, Discovered by  ZeRtOx from Devitel group : https://www.facebook.com/l.php?h=5AQH8ROsPAQEOTSTw7sgoW1LhviRUBr6iFCcj4C8YmUcC8A&u=www.something.com Impact of Vulnerability  : The user may be redirected to an untrusted page that contains malwar...

Microsoft launching Real Time Hosted Threat Intelligence Feed Microsoft is to offer a real-time intelligence feed of botnet and e-crime data to public and private sector subscribers, according to security company Kaspersky. Currently, Microsoft is testing a real-time feed to distribute information collected from several sources on major botnets, including Rustock, Waldec and Kelihos networks. Partners would be able to access the information using application program interfaces (APIs) that would be provided free by Microsoft. Data from networks of compromised computers will be among the information on offer to ISPs, CERTs, government agencies and private companies, Kaspersky said . Microsoft will have a lot of data in this system already as anyone who has watched the company's spectacular attacks on the Kelihos botnet last summer will attest, adding to similar campaigns against Rustock and Waledec, will vouch for. " Companies could use the data to look for opportunistic mal...

The Saudi hacker to Mossad " Don't waste your time by searching for me "! In a response to the Israeli hackers, the Saudi hacker xOmar exposed 200 Israeli credit cards and he described the Israeli hackers by idiots and he said that they published invalid credit cards. And he asked Mossad through his website not to search for him, because they won't catch him.  xOmar threatened the Israeli people by exposing 200 credit cards daily, and all of these credit cards are valid. speaking about the latest efforts to locate his place, he said '' I've heard from some idiots saying that I am from Mexico, and another said that I am in Riyadh, and last one said that I am from Dubai " and he said to mossad in a message '' don't waste your time '' The Secretary-General of the Committee on Information and awareness of banking in Saudi banks '' Tal'at hafiz '' have told the " Arabiya.Net " yesterday that Saudi banks ha...

Self-extracting archive (SFX) as Creative Virus Handler Yesterday I Found and interesting article about " Self-extracting archive (SFX) " on Unremote.org by DarkCoderSc. SFX is a little application that contains compressed files. Creating a customized WinRAR SFX archives is a very easy task, but not all people know how to do it.  It is therefore exactly the same as a .ZIP or .RAR archive. The only difference is that, when you execute it, will automatically extract the files. However, if you add some parameters, you can execute them after extraction or execute a shell command before extraction. So this feature can be used as good virus handler. Let's See how? DarkCoderSc shared his experience with us using a Video Demonstration as shown Below. Start up the WinRAR application; click 'Browse for folder' under the 'File' menu and browse to the location of the file. With the file highlighted, clicking on the 'Add' button will kickoff the archiving process and sele...

Warm up the keyboard, Its time for February The Hacker News Magazine ! Warm up the keyboard, hack into the internet security of your mind and help us fill the February The Hacker News Magazine with fun, interesting and educational web security info. Our readers love to see what you are up to and what the industry is creating and manufacturing for anyone who turns on their computer and wonders if today is the day they will be hacked into cyber space! Mostly, what they can do about it and how they can protect themselves. Topics of interest include, but are not limited to the following: - New Attack and Defense Techniques - Vulnerability discovery - Small Tactics & Techniques - Big Attacks & Impact - Mobile Hacking - Professional Exploit Development - Security and Hacking Events Around The World - Technical Book Reviews - Security and Hacking Threats - Play with Security Tools - Expert Interview We welcome contributions from readers and hackers like YOU! ...