The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Security researchers at FireEye have detected a new series of drive-by attacks based on a new Internet Explorer zero-day vulnerability. The attackers breached a website based in the US to deploy the exploit code to conduct a classic watering hole attack. The discovery was announced just a few days after Microsoft revealed the Microsoft Zero-day CVE-2013-3906 , a Zero-day vulnerability in Microsoft graphics component that is actively exploited in targeted attacks using crafted Word documents sent by email. Microsoft graphics component zero-day vulnerability allows attackers to install a malware via infected Word documents and target Microsoft Office users running on Windows Vista and Windows Server 2008. Recently reported new Internet Explorer zero-day vulnerability detected by FireEye affects the English versions of IE 7 and 8 in Windows XP and IE 8 on Windows 7, but according the experts it can be easily changed to leverage other languages. Experts at FireEye ...

We have a lot of information on Stuxnet virus, a powerful malware that for the first time has shown to governments the capabilities and efficiency of a cyber weapon. Eugene Kaspersky, CEO of Kasperky security firm revealed that Stuxnet had badly infected the internal network of a Russian nuclear plant, according to the information he obtained from an unnamed staffer at the Nuclear Plant. " So unfortunately these people who were responsible for offensive technologies, they recognize cyber weapons as an opportunity ." Kaspersky said. During a presentation given at the Canberra Press Club, Kaspersky provided an excellent overview on the security of cyberspace, in particular highlighting the effect of the activities of state-sponsored espionage and cyber crime. " All the data is stolen, " Kaspersky said. " At least twice ." The malware Stuxnet is widely considered to have been developed by the US Government in a joint work with Israel c...

Microsoft has released advanced notification for the November 2013 security updates that are scheduled to be released on November 12, 2013. The company plans to deliver eight security bulletins for Windows 8.1, three of them are rated critical and five are important. But there's no relief in sight for a zero-day vulnerability ( CVE-2013-3906 ) in how Office handles .TIFF graphics files . The bulletins listed in Microsoft's advanced notification as critical are for remote code execution vulnerabilities in Windows operating system and the remaining vulnerabilities listed as important are said to be remote code execution, elevation of privilege, information disclosure and denial of service flaws affecting Windows operating system, as well as Microsoft Office. A malicious zero day attack capable of hijacking your PC via a vulnerability found in Windows, Office, and Lync is being exploited more widely than originally thought. Some new reports of the security resea...

On Tuesday, the Washington Post revealed a few more NSA slides released by Edward Snowden, which revealed that the spy agency NSA was infiltrating the private data links between Google and Yahoo data centers as part of a program called MUSCULAR . Chairman and former CEO of Google Eric Schmidt says the company's executives are shocked by allegations that the National Security Agency has been collecting data from the search engine's servers. " It's really outrageous that the NSA was looking between the Google data centers, if that's true ," he said. Overnight, Two Google's Security engineers -  Mike Hearn and   Brandon Downey expressed reasonable anger about the news on Google+, said " Fuck these guys ", where these represent NSA and GCHQ. I've spent the last ten years of my life trying to keep Google's users safe and secure from the many diverse threats Google faces. Fuck You to the people who made these slides. I am not American, I am a...

The US Federal Bureau of Investigation has added five new hackers to its Cyber most wanted list and is seeking information from the public regarding their whereabouts. The men are wanted in connection with hacking and fraud crimes both within the US as well as internationally. Rewards ranging from up to $50,000 to $100,000 are being offered for information that leads to their arrest. Two of them are Pakistani, Farnhan Arshad and Noor Aziz Uddin , who caused the damage of over $50 million after hacking business telephone systems between 2008 and 2012. Arshad and Uddin are part of an international criminal ring that the FBI believes extends into Pakistan, the Philippines, Saudi Arabia, Switzerland, Spain, Singapore, Italy, Malaysia, and other locations. Syrian national Andrey Nabilevich Taame , wanted for his alleged role in Operation Ghost Click , a malware scheme that compromised more than four million computers in more than 100 countries between 2007 and Oct...

Yesterday at Stanford University in the United States, Cyber Security Experts and Leaders from more than 40 countries gathered to talk about the cyberspace security problems and cooperation among countries. The need for international cooperation in cybersecurity is evident, due to the nature of cyberspace itself. Cyberspace or the Internet is "borderless" in nature. Cai Mingzhao , Minister of the State Council Information Office of China said that China is keen to continue working with other countries to deal with cyber security Challenges. Interesting! When China is itself the culprit in major Cyber Threats and attacks. " To maintain cyber security, we need to strengthen international cooperation, " and " We are ready to expand our cooperation with other countries and relevant international organizations on the basis of equality and mutual benefit, " he said . He said that the China is a victim of cyber security breaches, where more than 80% of Chinese i...