The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Hacker Conference partnered up with CTF365 to provide the best CTF experience during the conference. While trying to find out more about their product and also about their CTF surprise, I got an interview with Marius Corici Co-founder and CEO for CTF365. Q: November 2012 was when you first announced about this project which was supposed to start at the begin-ning of 2013. What happened that made you delay the starting date? A: Well, we're definitely enthusiastic about making CTF365 the greatest CTF platform out there, and this proves to be much more difficult than initially anticipated. I won't get into detail, because, as it happens, the story is like something pulled out from the theater of the absurd. If we would ever get a chance to make a making-of- CTF365 movie, I'm sure it would be amusing and tragic at the same time. What I will say [and repeat], is that we are putting our best efforts into making CTF365 work, we are a small and committed team, which is a problem [for...

In 2010, as part of what has been dubbed as Operation Aurora , Chinese hackers infiltrated a special database within Google's systems and gained access to a sensitive database worth of information about American surveillance targets.  Google reported the hack publicly years ago, saying that the sophisticated attack resulted in the theft of Google intellectual property and the partial compromise of some human rights activists' email accounts. When the news first surfaced in 2010, Google said hackers stole the source code behind its search engine, and targeted email accounts of activists critical of China's human rights record. But recently discovered that the hackers also obtained surveillance information, including emails belonging to suspected spies, diplomats and terrorists which law enforcement officials had been monitoring. Google reported this breach to the FBI, resulting in a national security investigation. According to the sources, hackers were after the names of ...

A website that can be described as " DDoS for hire " is perfectly legitimate, according to the owner. Malicious sites that offer attack services are not strangers on the Internet, but web sites sponsored by law enforcement is another story altogether. Ragebooter, is one of many sites that accepts payment through PayPal in order to flood sites with junk traffic, overloading servers and denying others access. The service uses a technique called DNS reflection to flood a website and amplify the amount of traffic directed at an address. Unlike other existing sites that offer similar services, the Ragebooter have particularly interesting back door leading directly to the FBI. It seems that the Federal Investigation Bureau uses the site to monitor the activity of users on the network, and that added to the site IP Logger that keeps the IP addresses of all users coming to the site. Investigation shows the site operator is a guy named Justin Folland located in M...

Cyber Security researchers have discovered a family of information stealing malware targeting Pakistan that originates out of India.  Norman Shark, the global security leader in malware analysis solutions for enterprises, service providers and government, today released a report detailing a large and sophisticated cyber-attack infrastructure that appears to have originated from India. The attacks, conducted by private threat actors over a period of three years and still ongoing, showed no evidence of state sponsorship but the primary purpose of the global command-and-control network appears to be intelligence gathering from a combination of national security targets and private sector companies. Attackers used known vulnerabilities in Microsoft software, chucking malware dubbed HangOver onto target machines, most of which were based in Pakistan, where 511 infections associated with the campaign were detected. HangOver installs keyloggers , takes screenshots and...

A Romanian man serving a five-year jail sentence in Romania for his involvement in an ATM skimming scheme, has developed a device designed to protect ATMs from such attacks. 33-year-old Valentin Boanta who is being detained in a prison from Vaslui, Romania, after he was convicted on charges of bank card fraud in 2009, developed what he calls the SRS (Secure Revolving System) which changes the way ATM machines read bank cards to prevent the operation of skimming devices that criminals hide inside ATMs. " When I got caught I became happy. This liberation opened the way to working for the good side ," Boanta said. " Crime was like a drug for me. After I was caught, I was happy I escaped from this adrenaline addiction ," Boanta said. Boanta began working on SRS during his trial. SRS, Boanta says, can be installed into any ATM. ATM skimmers work by installing a second, concealed card reader over the one that's built into the ATM. When an unsuspecting bank customer...

The US Department of Defense has cleared Apple's iPhone and iPad for use on its military networks, along with the Samsung Galaxy S4 and BlackBerry 10 devices, the agency said in a statement Friday. The entire DOD is much, much larger, of course, and mobile devices are increasing in importance for the military just as much as they are for we civilians. The report notes that out of more than 600,000 mobile devices used by the Defense Department, only about 41,000 of those are Apple products, with most of those not connected directly to the military's networks. But because these platforms have previously not been certified or cleared for use, such devices had not been connected to secure military networks, except for testing. The move was hardly shocking, but Samsung devices running the Knox security suite and BlackBerry 10 already trickling into the hands of Pentagon employees, the decision sets the stage for a three-way bout for military market supremacy. Offic...