The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Train-switching system can be vulnerable to DDoS attack Hackers who have shut down websites by overwhelming them with web traffic could use the same approach to shut down the computers that control train switching systems, a security expert said at a hacking conference in Berlin. Prof. Stefan Katzenbeisser, the man behind this shocking claim made the revelation during his speech at the Chaos Communication Congress hosted by the Berlin. Prof. Katzenbeisser explained that all hell will break lose in case the encryption keys are compromised in the system, used for switching trains from one line to another. " Trains could not crash, but service could be disrupted for quite some time ," Katzenbeisser told Reuters on the sidelines of the convention. " Denial of service " campaigns are one of the simplest forms of cyber attack: hackers recruit large numbers of computers to overwhelm the targeted system with Internet traffic. Katzenbeisser said GSM-R, a mobile technolo...

Reaver brute force attack Tool, Cracking WPA in 10 Hours The WiFi Protected Setup protocol is vulnerable to a brute force attack that allows an attacker to recover an access point's WPS pin, and subsequently the WPA/WPA2 passphrase, in just a matter of hours. Reaver is a WPA attack tool developed by Tactical Network Solutions that exploits a protocol design flaw in WiFi Protected Setup (WPS). This vulnerability exposes a side-channel attack against Wi-Fi Protected Access (WPA) versions 1 and 2 allowing the extraction of the Pre-Shared Key (PSK) used to secure the network. With a well-chosen PSK, the WPA and WPA2 security protocols are assumed to be secure by a majority of the 802.11 security community. Usage is simple just specify the target BSSID and the monitor mode interface to use: # reaver -i mon0 -b 00:01:02:03:04:05 Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations....

Kuwait Government will suspend Twitter accounts of Anonymous Users In Kuwait, the Ministry of Interior is in the process of enforcing a rule of their own on Twitter which prevents Kuwaiti users from using anonymous accounts. The ministry said in a press statement that such measure comes in order to preserve the rights of citizens and residents of people who were used to slander them and their families under fake names, saying that such is a crime punishable by law. The statement went on to say that the move was meant to protect the rights of citizens and residents who have found themselves the subject of slander through statements made by these anonymous accounts, a crime punishable by law in the country, as it is in the UAE. It confirmed that all public have the freedom of expression guaranteed to them by the Constitution as long as those practices are going according to the law, especially with regard to using the Twitter site. [ Source ]

AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can't easily see. These "invisible" non-human identities (NHIs) now outnumber human accounts in most cloud environments, and they have become one of the ripest targets for attackers. Astrix's Field CTO Jonathan Sander put it bluntly in a recent Hacker News webinar : "One dangerous habit we've had for a long time is trusting application logic to act as the guardrails. That doesn't work when your AI agent is powered by LLMs that don't stop and think when they're about to do something wrong. They just do it." Why AI Agents Redefine Identity Risk Autonomy changes everything: An AI agent can chain multiple API calls and modify data without a human in the loop. If the underlying credential is exposed or overprivileged, each addit...

Easy Router PIN Guessing with new WiFi Setup vulnerability There is a newly discovered vulnerability in the WiFi Protected Setup standard that reduces the number of attempts it would take an attacker to brute-force the PIN for a wireless router's setup process. The flaw results in too much information about the PIN being returned to an attacker and makes the PIN quite weak, affecting the security of millions of WiFi routers and access points. Security researcher Stefan Viehbock discovered the vulnerability (PDF) and reported it to US-CERT .  The problem affects a number of vendors' products, including D-Link, Netgear, Linksys and Buffalo. " I noticed a few really bad design decisions which enable an efficient brute force attack, thus effectively breaking the security of pretty much all WPS-enabled Wi-Fi routers. As all of the of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide " Viehbock said. " One ...

New Zealand agencies can be next target after US host was hacked Sensitive information about the Department of Prime Minister and Cabinet and other New Zealand agencies can be the next target after US host was hacked. US intelligence firm Stratfor had its website hacked by activist group Anonymous on Monday and data including credit card details of its clients, was stolen. The hackers claim Stratfor's more than 4000 clients include the US Defence Department, Microsoft, New Zealand Police, New Zealand Fire Service and Air New Zealand. A spokesperson for the Department of Prime Minister and Cabinet, Rob Mackie, says it's confident no information's at risk,  but was looking into whether anything had been compromised.  Stratfor's website remains under maintenance since the cyber attack.  He says the bigger concern is whether Stratfor is worth subscribing to, considering they were unable to keep their own information secure.

CPLC Chief says ' Pakistan a safe heaven for cyber criminals ' The cyber crimes of multiple kinds in Pakistan have increased by five times over the past four years. Pakistan Daily Times News today reported that, Citizen Police Liaison Committee (CPLC) Chief through a letter on Saturday, apprised the Federal Law, Justice & Parliamentary Affairs Minister that in the absence of Prevention of Electronic Crime Ordinance (PECO) Law 2007, lapsed in 2010, Pakistan had become a safe heaven for cyber criminals and con artists whereas the law enforcement agencies were unable to take legal action against them. According to the Cyber Crime Unit (CCU), a branch of Pakistan's Federal Investigation Agency (FIA), 62 cases were reported to the unit in 2007, 287 cases in 2008 and the ratio dropped in 2009 but in 2010 more than 312 cases were registered in different categories of cyber crimes. " There are numerous complaints regarding fake calls deceiving citizens into receiving a ...

French MP Valerie Boyer 's website hacked by Turkish hackers Hackers have attacked the website ( www.valerie boyer.fr ) of French parliamentarian Valerie Boyer, the author of the bill criminalizing genocide denial that was recently adopted by the French National Assembly. The hackers posted a Turkish flag and an address to the French government and the Armenians community of the country. The message says that the bill was meant to reap votes in 2012 election.French National Assembly passed a bill criminalizing public denial of the Armenian Genocide. If passed and signed into law by the Senate, the bill would impose a 45,000 euro fine and a year in prison. Ms. Boyer said she called the police after she and her family members received death threats.On December 22, 2011, French National Assembly passed a bill criminalizing public denial of the Armenian Genocide. If passed and signed into law by the Senate, the bill would impose a 45,000 euro fine and a year in prison for anyone in Fr...