The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

VideoLAN recently published a security advisory warning of a buffer overflow vulnerability in versions 2.0.5 and earlier of VLC Media Player, which might be exploited to execute arbitrary code. This vulnerability was reported by Debasish Mandal. The vulnerability is caused due to an error in the "DemuxPacket()" function (modules/demux/asf/asf.c) when processing ASF files and can be exploited to cause a buffer overflow via a specially crafted ASF file. To exploit the vulnerability, a user must explicitly open a specially crafted ASF movie. Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious file. VideoLAN advises users to refrain from opening files from untrusted locations and to disable the VLC browser plug-ins until the issue is patched. A patch will be included in VLC 2.0.6, the next version of the media player, which is only available for testing purposes at the moment.

The New York Times says Chinese hackers probably working for the military or Chinese government have carried out sustained attacks on its computer systems, breaking in and stealing the passwords of high-profile reporters and other staff members. For the last four months, Chinese hackers have persistently attacked The New York Times . On Thursday, The Wall Street Journal announced that it too had been hacked by Chinese hackers who were trying to monitor the company's coverage of China. It said hackers had broken into its network through computers in its Beijing bureau. " The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them " " Evidence shows that infiltration efforts target the monitoring of the Journal's coverage of China, and are not an attempt to gain commercial advantage or to misappropriate customer information, " the statement rea...

Incapsula announced this week that they're offering an intriguing Backdoor Protection feature for sites using their cloud-based website security and performance services. What's a Backdoor? A backdoor is a malicious function that enables hackers to remotely operate a site or server, even after whatever exploit they used for initial access has been patched. Installing a backdoor is often the first thing a hacker will do after gaining access to your site - so if you've been hacked before, there's a good chance you've already got one. Hackers love backdoors because they provide easy return access to the site. Once installed, backdoors can used to distribute spam and malware, launch distributed denial of service (DDoS) attacks, or to help steal valuable data like credit card numbers. Recently, Incapsula reported how during the ongoing DDoS attacks against United States banks, a backdoor was used to turn a compromised site into a unwilling foot-soldier in the hackers Zombie Bo...

A Security Flaw in Universal Plug & Play (UPnP) are exposing more than 50 millions of computers, printers and storage drives to attack by hackers remotely. Rapid7 said Tuesday in a research paper , that problem lies in routers and other networking equipment that use a commonly employed standard known as Universal Plug and Play or UPnP. UPnP allows networked devices to discover each other and automatically establish working configurations that enable data sharing, media streaming, media playback control and other services. In one common scenario a file-sharing application running on a computer can tell a router via UPnP to open a specific port and map it to the computer's local network address in order to open its file-sharing service to Internet users. Over 80 million unique IPs were identified that responded to UPnP discovery requests from the internet and around 40-50 million network-enabled devices are at risk due to vulnerabilities found in th...

PokerAgent botnet was discovered in 2012 by ESET Security Research Lab, which is a Trojan horse designed to harvest Facebook log-on credentials, also collecting information on credit card details linked to the Facebook account and Zynga Poker player stats. According to  latest report , the botnet is still active mostly in Israel and 800 computers were infected, where over 16194 Facebook credentials stolen. The Trojan is active with many variants and belongs to MSIL/Agent.NKY family. ESET reveal that, the Trojan is coded in C# language and easy to decompile. After deep analyse, team found that the bot connects to the C&C server. On command, Trojan access the Facebook account of victim and collects the Zynga Poker stats and number of payment methods (i.e. credit cards) saved in the Facebook account. Once collected, information sent back to the C&C server. The Trojan is downloaded onto the system by another downloader componen...

The Vulnerability-Laboratory Research Team discovered persistent and client side POST Injection web vulnerability in the nCircle PureCloud (cloud-based) Vulnerability Scanner Application. The vulnerability allows an attacker to inject own malicious script code in the vulnerable module on application side. Benjamin K.M. from Vulnerability-Laboratory provide more technical details about these flaws, the first vulnerability is located in the Scan Now > Scan Type > Perimeter Scan > Scan section when processing to request via the ` Scan Specific Devices - [Add Devices] ` module and the bound vulnerable formErrorContent exception-handling application parameters. The persistent injected script code will be executed out of the `invalid networks` web application exception-handling. To bypass the standard validation of the application filter the attacker need to provoke the specific invalid networks exception-handling error. In the second ste...