The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

FBI will Monitor Social Media using Crawl Application The Federal Bureau of Investigation is looking for a better way to spy on Facebook and Twitter users. The Bureau is asking companies to build software that can effectively scan social media online for significant words, phrases and behavior so that agents can respond.A paper posted on the FBI website asks for companies to build programs that will map sentiment and wrongdoing. " The application must be infinitely flexible and have the ability to adapt quickly to changing threats to maintain the strategic and tactical advantage ," the Request for Information said, " The purpose of this effort is to meet the outlined objectives…for the enhancement [of] FBI SOIC's overall situation awareness and improved strategic decision making. "The tool would be used in "reconnaisance and surveillance missions, National Special Security Events (NSS) planning, NSSE operations, SOIC operations, counter intelligence, terrorism, and more. Although...

Another Malware from Android Market infect Millions of Users Malware might have infected more than 5 million Android mobile devices via deliberately corrupted apps sold in the Android Marketplace, according to security firm Symantec . They reckoned Android.Counterclank, a slight variant of Android.Tonclank . Symantec explains that the malicious code appears in a package called " apperhand ", and a service under the same name can been seen running on the infected device when it's executed. According to Symantec, the Trojan has been identified in 13 different apps in the Android Marketplace. Symantec's Security Response Team Director, Kevin Haley said:" They don't appear to be real publishers. There aren't rebundled apps, as we've seen so many times before. " Symantec also noted that this slimy piece of malware has the highest distribution of any malware identified so far this year and may actually be the largest malware infection seen by Android users in the operating syst...

Universal Music Portugal database dumped by Hackers Another Latest Tip come in my Inbox today about the leak of Database of Universal Music Portugal 's website. Hacker did not mention his name,or Codename, But he enumerate the Database and Extract it by Hacking the Site. 100's of Tables from Database and Users Data has been leaked via a pastebin File . It includes the Usernames, Passwords and Emails ID's of Users of Site. Immediate after the Hack, The Universal Group taken down the site for maintenance.

Zulu - Zscaler Malware Scanning Service Zscaler has launched a new freE online service called Zulu that can assess the security risk associated with URLs by analyzing the content they point to, as well as the reputation of their corresponding domain names and IP addresses. Zulu allows security savvy users who investigate various web attacks to choose what User-Agent and Referrer headers the scanner will use when accessing a URL. " A unique benefit of this approach is that we can deliver a risk score even when the page content is no longer available ," said Michael Sutton, vice president of security research at Zscaler. " While we can't access the page, we can still assess the URL and host and when they deliver a high risk score despite a lack of page content, one can often conclude the page was indeed malicious but has since been taken down ," he explained. Depending on the type of content a URL points to, Zulu can perform an antivirus scan using the Vir...

CVE-2012-0056 Linux privilege escalation [Video Demonstration] The Linux kernel is prone to a local privilege-escalation vulnerability.Attackers can exploit this issue to gain escalated privileges and execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.Linux kernel 2.6.39 and later versions are affected. The mem_write function in Linux kernel 2.6.39 and other versions, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper . Read More Here . Video Demonstration: You Can Find Exploit Here .

Video Conferencing Systems Vulnerable To Hackers According to a story published earlier this week by the New York Times , A security expert at Rapid 7 found that common videoconferencing equipment could give hackers access to company conference rooms and boardrooms. An investigation led by chief security officer HD Moore with Rapid 7 began when he wrote a program to scan the Internet for videoconferencing systems. HD Moore and Mike Tuchen of Rapid7 discovered that they could remotely infiltrate conference rooms in some of the top venture capital and law firms across the country, as well as pharmaceutical and oil companies and even the boardroom of Goldman Sachs all by simply calling in to unsecured videoconferencing systems that they found by doing a scan of the internet. Moore's scan covered about 3 percent of the addressable internet and found 250,000 systems using the H.323 protocol, a specification for audio and video calls. Moore said he found more than 5,000 organization...