The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The US government is claiming that authorities do not need court warrants to affix GPS devices to vehicles to monitor their every move. t's been more than a year since a Supreme Court decision established that affixing a GPS tracking device to a vehicle constitutes a search under the constitution. The decision, United States vs. Jones , throws out the drug-related conviction of nightclub owner Antoine Jones. The GPS locator was installed the day after the warrant expired and while the vehicle was outside of the department's jurisdiction, and DC police tracked Jones for nearly a month after installation before arresting him. " Requiring a warrant and probable cause before officers may attach a GPS device to a vehicle, which is inherently mobile and may no longer be at the location observed when the warrant is obtained, would seriously impede the government's ability to investigate drug trafficking, terrorism, and other crimes. Law enforcement officers co...

Russian anti-virus company Doctor Web reports that a new Mac OS X adware Trojan spreading itself via crafted movie trailer pages that prompt users to install a browser plugin. Basically, an adware is any software package which automatically renders advertisements in order to generate revenue for its author. Dubbed as ' Trojan.Yontoo.1 ', Attackers have provided a number of alternative ways to spread the threat. The Trojan can also be downloaded as a media player, a video quality enhancement program or a download accelerator. When victim visits the site, the dialogue only imitates the traditional plate and specially designed by hackers to enter a potential victim of misleading. After pressing the « Install the plug-in » victim is redirected to the site to download malware. When launched, Trojan.Yontoo.1 displays a dialogue window that asks the user if they want to install Free Twit Tube. after the user presses ' Continue ', instead of the promis...

Computer networks at major South Korean banks and top TV broadcasters crashed simultaneously Wednesday, during a Massive cyber attack. South Korean police investigating reports from several major broadcasters and banks. least three broadcasters KBS, MBC and YTN and the Shinhan and Nonghyu banks reported that their computer networks had been crached. The state-run Korea Information Security Agency said that Screens went blank at 2 p.m. and more than seven hours later some systems were still down.  The take down was apparently not from a distributed denial-of-service (DDOS) attack, but a virus that has apparently infected machines in these organizations and delivered its payload simultaneously. An official at the Korea Communications Commission said investigators speculate that malicious code was spread from company servers that send automatic updates of security software and virus patches. The Associated Press says: " The latest network para...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

Indian Security Researcher Jiten Jain from Xebia Architects today revealed that one of the Largest Private Banks in India, HDFC Bank's e-Banking website could be easy target of Unique type of Denial of Service Attack which could result in blocking of e-banking accounts of all its customers. Here is the detailed report of vulnerability submitted by him. ___________________________________________ The NetBanking service of HDFC Bank, Which is one of the largest and most reputed Banks in India, is completely vulnerable to ID theft, Targeted phishing and Mass Account Blockade. HDFC bank has implemented an extra security solution called 'Secure Access' on its website but instead it has given a hidden door to hackers to block all HDFC NetBanking accounts. 'Secure Access' is an additional layer of security implement on HDFC Bank website is essentially a solution protecting your account from hackers and fraudsters. Secure Access, an online security initiati...

Self-described troll and Grey hat AT&T Hacker Andrew "Weev" Auernheimer, 26, has been sentenced to 41 months in prison for exploiting an AT&T security hole three years ago, and releasing thousands of iPad owners email addresses. According to authorities, they obtained the ICC-ID and e-mail address for about 120,000 iPad users. Each charge carried with it a potential prison terms of five years. He will serve 41 months in a federal prison, with concurrent probation for three years. He also owes restitution to the U.S. Treasury to be dispersed to AT&T in the amount of $73,000. In 2010, Auernheimer and Daniel Spitler, discovered that visiting an unsecured AT&T Web server and entering a number associated with the customer's wireless account allowed him to obtain that customer's email address. Computer security researcher Charlie Miller tweeted " We could all go to jail for security research at any moment, and a jury would happily convi...

Researchers are already warning that malware authors developing more sophisticated attack techniques for mobile devices, using encryption and randomization or hiding malicious code in image files. As analyzed by Symantec a malicious Infrared X-Ray  Android application, attempting to lure Android device owners to download an app that supposedly allows the camera on the device to see through clothes. This malware app is spreading quickly widely in Japan by sending the spam messages via SMS to phone numbers stored in the device's Contacts, so that the recipients of the spam to be tricked easier because the invitation to download the app is coming from someone they know rather than from an unknown sender. The app is designed to steals all details in the device's contact list and are uploaded to a predetermined server. Symantec  confirmed that there are several variants of this app exist, ". .the latest variants have added an interesting payload: rather...