The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Security researchers at Kaspersky Lab have discovered five new samples of the ZeuS-in-the-Mobile (ZitMo) malware package, targeting Android and BlackBerry devices. Zitmo (Zeus in the mobile) is the name given to the mobile versions of Zeus, and it's been around for a couple of years already, mostly infecting Android phones. The Zitmo variant has reportedly been operating for at least two years targeting Android phones by masquerading as banking security application or security add-on. ZitMo gets hold of banking information by intercepting all text messages and passing them on to attackers’ own devices. It gets onto devices inside malicious applications, which users are duped into downloading. In this case, the malicious app was posing as security software called ‘Zertifikat’. Once installed, the packages forward all incoming SMS messages to one of two command and control numbers located in Sweden, with the aim of snaring secure codes and other data. Kaspersky found mobile users ...

26-year-old Slovenian hacker known as Iserdo stands thought to have been behind the Mariposa botnet is on trial in Slovenia, charged with having masterminded an international cybercrime gang. At its height, the Mariposa botnet infected up to 12.7 million PCs, with more than half of the Fortune 1,000 companies believed to have been compromised, including 40 major banks. Once a computer had been compromised and brought into the botnet, operators could steal information from innocent users - including credit card details and banking passwords. Computer crime-fighting authorities had succeeded in bringing down the Mariposa botnet at the end of 2009, FBI officials worked with Spanish and Slovenian authorities to track down Mariposa's mastermind, Iserdo. He was said to charge between $500 for basic versions of the botnet code and up to $1,300 for more advanced ones, which included customised features, such as capabilities which allowed its operators to to steal credit cards and onlin...

Security researcher Jonathan Brossard created a proof-of-concept hardware backdoor called Rakshasa that replaces a computer's BIOS (Basic Input Output System) and can compromise the operating system at boot time without leaving traces on the hard drive. In short, firmware is software that is stored in non-volatile memory on a computer chip, and is used to initialise a piece of hardware’s functionality. In a PC, the BIOS is the most common example of firmware but in the case of wireless routers, a whole Linux operating system is stored in firmware. Hardware backdoors are lethal for three reasons: They can’t be removed by conventional means (antivirus, formatting). They can circumvent other types of security (passwords, encrypted file systems). They can be injected during manufacturing. Rakshasa, named after a demon from the Hindu mythology, is not the first malware to target the BIOS the low-level motherboard firmware that initializes other hardware components. Rakshasa replac...

Whenever an important event takes place, new opportunities for cyber criminals, especially for those who develop attacks based on social engineering, arise. Currently, the whole world has its eyes glued to TV screens watching the London 2012 Olympic Games. Anti-malware and anti-virus solutions provider Webroot has issued a warning that an app app called " London Olympics Widget ," which is described as an app that displays aggregated Olympic news coverage. In fact, it's really just harvesting the user's contact list and device ID while reading up on SMS messages too. The package name is ‘com.games.London.Olympics.widget’. This app has a digital certificate claiming it was developed in New Delhi, India. For this scam, cybercriminals create websites that are very appealing; some even look very professional that they make it seem that you are close to having access to live programming. Researchers explain that the crooks rely on black hat SEO techniques to make sure t...

Website of the Southern Railways www.southernrailway.gov.in has been defaced apparently by Pakistani hackers. The hacker group that calls itself ' Pak Cyber Pyrates ' replaced the home page of the website with a page with content that denounces India's role in Kashmir. Indian and Pakistani hacking groups are engaged in a cyber war of sorts with websites in both the countries being regularly attacked and defaced.

At DEFCON 20, Raphael Mudge the developer of Armitage released the most significant update to Armitage. Armitage is now fully scriptable and capable of hosting bots in acollaborative hacking engagement. Raphael Mudge is the founder of Strategic Cyber LLC, a Washington, DC based company that creates software for red teams. He created Armitage for Metasploit, the Sleep programming language, and the IRC client jIRCii. Previously, Raphael worked as a security researcher for the US Air Force, a penetration tester, and he even invented a grammar checker that was sold to Automattic.  Raphael talk about Cortana scripting language for Cobalt Strike and Armitage. Cortana allows you to write scripts that automate red team tasks and extend Armitage and Cobalt Strike with new features. This technology was funded byDARPA's Cyber Fast Track program and it's now open source . Armitage a red team collaboration tool built on the Metasploit Framework. Cobalt Strike is Ar...