The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Watering hole Internet Explorer 8 zero-day attack on the US Department of Labor website last week has spread to 9 more global websites over the weekend, including those run by a big European company operating in the aerospace, defense , and security industries as well as non-profit groups and institutes Attacks exploiting a previously unknown and currently unpatched vulnerability in Microsoft's Internet Explorer browser have spread to at least. Researchers analyzing the attacks say that the attack tie it to a China-based hacking group known as " DeepPanda ". Security firm CrowdStrike said its researchers unearthed evidence suggesting that the campaign began in mid-March. Their analysis of logs from the malicious infrastructure used in the attacks revealed the IP addresses of visitors to the compromised sites. The logs showed addresses from 37 different countries, with 71 percent of them in the US, 11 percent in South/Southeast Asia, and 10 percent in Europe. M...

A suspect hacker ' Shih ' was arrested by Taiwan Criminal Investigation Bureau (CIB)  last week for hacking into a popular local classic music website. The police raided the apartment of the suspect and seized his computer. The investigation was launched by the bureau after it received a report from the website's operator who said its site was hacked in March. During initial investigations, Shih confessed to the police that he hacked into the website's customer database and made unauthorized changes to customer data. Shih also confessed that he has used a hacking technique called SQL injection to attack the website's database . SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application. The  Criminal Investi...

The official website of the Office of the Thai Prime Minister was quickly taken down after a hacker defaced the website with abusive message pasted next to an altered photograph of a laughing Prime Minister Yingluck Shinawatra . The words " I'm a slutty moron " appeared briefly alongside a picture of a smiling Yingluck, followed by " I know that I am the worst Prime Minister ever in Thailand history!!! " . It was signed by " Unlimited Hack Team ". The PM's Office's site was hacked at around noon Wednesday. Technicians struggled to deal with the problem. An investigation has been launched and authorities seem confident that they can identify the culprits. Unlimited Hack Team has been around for a while. According to a lengthy video posted on YouTube , the team is two young men, who use well-known exploits and scripts to break into websites from a regular Windows Server PC. Prime minister's secretary-general said, " ...

#OpUSA campaign is officially started, the day has come, today May 7 as announced by Anonymous , a coordinated online attack will hit Banking and government websites. The announcement made by popular group of hacktivists is creating great concerns between US security experts in charge of defense the potential targets. The message passed sent by Anonymous to US authorities is eloquent, " We Will Wipe You Off the Cyber Map "  A new wave of attacks, presumably distributed-denial-of-service attack , is expected to hit principal US financial institutions exactly as already happened in the last months. The hacktivists participating to OpUSA campaign protest against the policy of the US Government blamed to have committed war crimes in foreign states and in its countries. "A nonymous will make sure that's this May 7 will be a day to remember. On that day anonymous will start phase one of operation USA. America you have committed multiple war crimes in Iraq, Afg...

Security researchers revealed that series of " Watering Hole " has been conducted exploiting a IE8 zero-day vulnerability to target U.S. Government experts working on nuclear weapons research. The news is not surprising but it is very concerning, the principal targets of the attacks are various groups of research such as the components of U.S. Department of Labor and the U.S. Department of Energy, the news has been confirmed by principal security firms and by Microsoft corporate. The flaw has been used in a series of "watering hole" attacks, let's remind that "Watering Hole" is a technique of attack realized compromising legitimate websites using a " drive-by " exploit. The attackers restrict their audience to a individuals interested to specific content proposed by targeted website, in this way when the victim visits the page a backdoor Trojan is installed on his computer. The website compromised to exploit the IE8 zero-day is the Dep...

The Algerian hacker linked with the SpyEye computer virus, designed to steal financial and personal information was extradited by Thailand to the United States to face charges that he hijacked customer accounts at more than 200 banks and financial institutions and have been used to steal more than $100 million in the last five years. A SpyEye allowed cybercriminals to alter the display of Web pages in the victims' browsers as a way to trick them into turning over personal financial information. The virus only impacts PCs and not Macintosh operating systems. A report issued last year by security firms McAfee said that about a dozen cybercrime groups have been using variants of Zeus and SpyEye, which automate the process of transferring money from bank accounts. The stolen funds are transferred to prepaid debit cards or into accounts controlled by money mules, allowing the mules to withdraw the money and wire it to the attackers. Hamza Bendelladj ,...