The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Hacker will release full Norton Antivirus code on Tuesday A hacker with code name of ' Yama Tough ' announce via Twitter that on Tuesday he will leak the full source code for Symantec Corp's flagship Norton Antivirus software which is 1,7Gb src. Last week Yama Tough has released fragments of source code from Symantec products along with a cache of emails. The hacker says all the data was taken from Indian government servers. Yama Tough is trying to prove that Indian government was snooping on America and China. YamaTough said via Twitter " Pass it on to forensics and win the lawsuit ,".He has offered support to an American man who filed a lawsuit against Symantec Corp by publishing source code from a 2006 version of Norton Utilities, a software program at the heart of the legal dispute. It was not immediately clear how the source code might help the case. A Symantec spokesperson commented on the incident: " We are still gathering information on ...

Data Stealing Malware on Internal Computer of  Japan Space Agency Japan Aerospace Exploration Agency (JAXA) announce that their computer has been infected with a virus, leading to a possible leak of data on its H-II Transfer Vehicle (HTV) the craft popularly known as Konotori that hauls cargo for the International Space Station (ISS). JAXA still isn't sure how the virus got on the computer, or who put it there. JAXA said the infection occurred on July 6 last year, when an employee in his 30s involved in the HTV's operation at the Tsukuba Space Center opened an e-mail attachment titled "bonenkai". An identical e-mail was also sent to several coworkers, but the employee accidentally opened the attachment as the sender had the same name as one of his friends. The space agency is working to minimize the damage and prevent further incursions. JAXA is now conducting an investigation into the leak and is checking other computers for viruses, according to the press releas...

Fake Angry Birds Game  spreading Malware from Android Market From last week premium rate SMS Trojans surfaced in the Android Market. Google has pulled 22 apps that are masquerading as legitimate versions of popular games like Angry Birds and Cut the Rope. Security researchers have discovered a way to bypass an Android smartphone owner's permissions and access private data stored on their smartphone. Avast Blog explain this as - For example, if someone tried to look for “Cut the rope free”, this malicious application was in the fourth place in the search results. Apps published by the developer Miriada Production may look like well known Android games (Angry birds, Need for speed, World of Goo and others) and users could be easily confused.  The fake apps include "Cut the Rope", "Need for Speed", "Assassins Creed", "Where's My Water? ","Riptide GP", "Great Little War Game", "World of Goo", "Angry Bir...

 Zappos a division of Amazon got Hacked A notification mail from Zappos is circulating in Customers that a division of Amazon " Zappos.com " got Hacked by Unknown Hackers. Notification mail indicated that names, email addresses, mailing addresses, and the last four digits of customer's social security numbers have been compromised. Also the databases that contain sensitive billing information, such as credit card numbers, was not accessed by hackers. According to messages from Zappos CEO Tony Hsieh to employees and customers: Zappos are currently working with law enforcement for an investigation.

Security Enhanced (SE) Android Released by National Security Agency (NSA) The National Security Agency (NSA) releases the first version of Android Security Enhanced . The system is designed to minimize the impact of security holes on Android . SE Android project is enabling the use of SELinux in Android in order to limit the damage that can be done by flawed or malicious apps and in order to enforce separation guarantees between apps. However, the scope of the SE Android project is not limited to SELinux.  How can SELinux help Android? Confine privileged daemons. Protect them from misuse. Limit the damage that can be done via them. Sandbox and isolate apps. Strongly separate apps from each other and from the system. Prevent privilege escalation by apps. Provide centralized, analyzable policy. Distinctive features SE Android: Per-file security labeling support for yaffs2, Filesystem images (yaffs2 and ext4) labeled at build time, Kernel permission checks...

URL redirection Vulnerability in Google An open redirect is a vulnerability that exists when a script allows redirectionto an external site by directly calling a specific URL in an unfiltered,unmanaged fashion, which could be used to redirect victims to unintended,malicious web sites. A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. A similar vulnerability is reported in Google by " Ucha Gobejishvili ( longrifle0x ) ".  This problem may assist an attacker to conduct phishing attacks, trojan distribution, spammers. Url: https://accounts.google.com/o/oauth2/auth?redirect_uri=http://www.something.com Same vulnerability in Facebook, Discovered by  ZeRtOx from Devitel group : http://www.facebook.com/l.php?h=5AQH8ROsPAQEOTSTw7sgoW1LhviRUBr6iFCcj4C8YmUcC8A&u=www.something.com Impact of Vulnerability  : The user may be redirected to an untrusted page that contains malwar...

Microsoft launching Real Time Hosted Threat Intelligence Feed Microsoft is to offer a real-time intelligence feed of botnet and e-crime data to public and private sector subscribers, according to security company Kaspersky. Currently, Microsoft is testing a real-time feed to distribute information collected from several sources on major botnets, including Rustock, Waldec and Kelihos networks. Partners would be able to access the information using application program interfaces (APIs) that would be provided free by Microsoft. Data from networks of compromised computers will be among the information on offer to ISPs, CERTs, government agencies and private companies, Kaspersky said . Microsoft will have a lot of data in this system already as anyone who has watched the company’s spectacular attacks on the Kelihos botnet last summer will attest, adding to similar campaigns against Rustock and Waledec, will vouch for. " Companies could use the data to look for opportunistic mal...