The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Indian Government is planning to ban the use of US based email services like Gmail for official communications to increase the security of confidential government information. The recent disconcerting reports that that India was being spied upon by American intelligence agencies has opened an all new chapter in the cyber security space. As leaked by former US National Security Agency contractor Edward Snowden, that NSA involved in widespread spying and surveillance activities across the globe. The Government plans to send a formal notification to about 500,000 employees across the country, asking them to stick to the official email service provided by India's National Informatics Centre, Time of India Reported. The fact that several government officers in top positions use their Gmail IDs for official communications i.e. Several senior government officials in India, including ministers of state for communications & IT Milind Deora and Kruparani Killi, have t...

Do you think, because you're using an Apple Mac , your data is safe from hackers ? Well, it is not true, there are dozens of security weaknesses and today Researchers have made it easier to exploit Apple Mac OS X, that allows penetration testers and hackers to gain root access. The flaw remained unmatched by Apple for the last five months, dubbed CVE-2013-1775 , the flaw allowed attackers to bypass normal password authentication procedures by resetting the computer clock to January 1, 1970. The reason that specific date is required is because it represents the beginning of time to the operating system and some applications that run on it. When the SUDO command is used in combination with a clock reset, the computer can be tracked into providing root access without a password. Metasploit authors have come up with a brand new module that makes the bug even easier to exploit , renewing interest in the problem. The module gains a session with root permissions as long a...

Cisco has fixed a critical vulnerability in Secure Access Control Server for Windows that could allow remote attackers to execute arbitrary commands and take control of the underlying operating system. Cisco Secure ACS is an application that allows companies to centrally manage access to network resources for various types of devices and users.  The reported flaw affects Cisco Secure ACS for Windows versions 4.0 through 4.2.1.15. Successful exploitation requires that Cisco Secure Access Control Server is configured as a RADIUS server EAP-FAST authentication. The Cisco Security advisory said: " The vulnerability is due to improper parsing of user identities used for EAP-FAST authentication. An attacker could exploit this vulnerability by sending crafted EAP-FAST packets to an affected device. An exploit could allow the attacker to execute arbitrary commands on the Cisco Secure ACS server and take full control of the affected server ," The newly patch...

Recently, The Social Media is buzzing over reports that Apple has invented a new technology that now can Switch off iPhone Camera and Wi-Fi, when entering a 'sensitive area'. Technology would broadcast a signal to automatically shut down Smartphone features, or even the entire phone. Yes ! It's true, On June 2008 - Apple filed a patent ( U.S. Patent No. 8,254,902 ) - titles " Apparatus and methods for enforcement of policies upon a wireless device " that defines the ability of U.S. Government to remotely disable certain functions of a device without user consent. All they need to do is decide that a public gathering or venue is deemed sensitive and needs to be protected from externalities. Is it not a shame that you can't take a photo of the police officer beating a man in the street because your oppressive government remotely disabled your Smartphone camera? Civil liberties campaigners fear it could be misused by the authorities to silence...

Hackers are using a new exploit for a bug in the out-of-date but popular Java 6 platform to attack victims, and has been added to a commercially available Neutrino exploit kit. The use of Java 6 still is prevalent, opening up a significant number of users to the threat. F-secure analyst Timo Hirvonen warned about the exploit over Twitter, advising that he had found an exploit in the wild actively targeting an unpatched vulnerability in Java 6, named CVE-2013-2463 . The exploit's proof-of-concept was made public last week, prior to in-the-wild attacks surfacing on Monday. Oracle is aware of the hole but, since Java 6 is no longer supported, the company will not patch the issue. The vulnerability lies in Java Runtime Environment's 2D sub-component, which is used to make two-dimensional graphics. Because no patch is available, the exploits provides cybercriminals and other attackers an effective vehicle to launch attacks targeting users and organiz...

Media companies including the New York Times, Twitter and the Huffington Post has been unavailable since Tuesday after the external malicious attack by a group of hackers supporting Syrian President Bashar Assad. For the second time this month, the New York Times' website has gone down. " The New York Times website was unavailable to readers on Tuesday afternoon following an attack on the company's domain name registrar, Melbourne IT ," the Times wrote. In its most recent alleged attack, SEA was apparently able to use what's called a spear phishing attack to gain access to the Australia-based domain registrar for The New York Times website and read: " Hacked by SEA, Your server security is very weak ." It appears the domain name system (DNS) for NYTimes.com was rerouted, but can be found using its numerical Internet Protocol addresses, which is 170.149.168.130. The New York Times website has been restored just now, at least temporarily a ...