The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Facebook profiles can be hijacked by Chrome extensions malware Cybercriminals are uploading malicious Chrome browser extensions to the official Chrome Web Store and use them to hijack Facebook accounts, according to security researchers from Kaspersky Lab. The rogue extensions are advertised on Facebook by scammers and claim to allow changing the color of profile pages, tracking profile visitors or even removing social media viruses. The attacks manifest as suggestions to download Facebook apps. Those apps are, alas, not real. Instead they are malware and, in one case, a malware-laden Chrome extension hosted in Google's very own Chrome Web Store. To do that, they must follow a series of steps, which include installing a fake Adobe Flash Player Chrome extension. The launchpad for the fake Flash Player is a Facebook app called " Aprenda ". If Aprenda is installed it redirects users to Chrome Web Store, encouraging them to install the fake Flash extension. " This last o...

eToro Vulnerable to Database Dump Security Experts at Zsecure.net discover a serious Vulnerability in eToro, which is a financial trading company based in Cyprus and one of the top ranked Forex Trading Service Provider Worldwide. It provides personal online financial services in forex, commodities and stock indices through its own electronic trading platform. eToro is primarily a platform and a software provider; it is not itself a financial broker. Rather, it connects its customers with third party brokerage services provided by various brokers. About the Vulnerability zSecure team has detected detected an active vulnerability in eToro's web-portal which allows the complete access to their database and even the complete database can be dumped/downloaded. Since the company is handling the portfolio thousands of trader's keeping their database vulnerable to outside attack is a shame on the part of the company which is said to carrying millions of value of transactions every...

Oxford University launches Cyber Security Centre Cyber crime is not going away. As the world becomes ever more interconnected and dependent on networks, laptops and personal handheld devices, the opportunities are just too great. The personal information stored on such devices credit card information, drivers' licenses and Social Security numbers is at high risk and is often targeted by criminals because of the price it can bring on the black market. The Oxford Cyber Security Center is the new home to cutting-edge research designed to tackle the growing threats posed by cyber terrorism and cyber crime, and to safeguard the trustworthiness of electronically-stored information. In addition to being a springboard for new research, is an umbrella for current research activity worth in excess of £5m, supported close involvement of over 12 permanent academic staff, and in excess of 25 research staff, 18 doctoral students. Each year brings its own set of risks and chal...

Return of Lulzsec , Dump 170937 accounts from Military Dating Site Another Hacking group after Lulzsec , comes with name LulzsecReborn has posted names, usernames, passwords, and emails of 170,937 accounts on MilitarySingles.com on Pastebin as part of the group's Operation Digiturk. LulzSec was a major ticket item last year as the group hacked a number of high profile Web sites all in the name of the "lulz." After their so called "50 Day Cruise," the group broke up and went their separate ways.Hacker claim that, There are emails such as @us.army.mil ; @carney.navy.mil ; @greatlakes.cnet.navy.mil ; @microsoft.com ; etc.. in dump. In response to a query by the Office of Inadequate Security, ESingles, the parent company of MilitarySingles.com, said that there is " no actual evidence that MilitarySingles.com was hacked and it is possible that the Tweet from Operation Digiturk is simply a false claim. ". LulzSecReborn hack the site and added his deface page here , (as shown in abo...

Anonymous Attacker Package by Maxpain " Maxpain " Hacker and Security Developer, Releases two tools in an Package called " Anonymous Attacker Package ". First one is - Anonymous external attack , allows you to execute udp flood web attack, into websites, this tool was made as external of LOIC, the following package contains : #Anonymous External Attack - A console application made in C# that allows you to flood the websites with anonymous style , and sending 4096 packets each second. The program delays some seconds for each packet that it makes, so it flood effectively without lagging your own connections. Cool for DDoS attacks. (213kb file) #Anonymous DNS Extractor - Extracts the dns and ip servers of the following website, Developer included this program, cause in the target ip of AEA - anonymous external attack you need to use an IP. (128kb file) Both of programs are really light and console applications, by giving you the ultimate experience web attack. ...

Free Configuration Check Tool by eEye Digital Security eEye Digital Security, the industry's leading innovator of threat management solutions, just released new research, " Working Toward Configuration Best Practices " . Findings verify that proper configuration and mitigations remain the most effective way to secure IT infrastructure. The research team at eEye also found that the leading mitigations it recommended in 2011 disabling WebDAV and Microsoft Office document converters - prevented even more vulnerabilities in 2011 than in 2010. In the case of turning off the Office document converters, the percentage increased from eight to 10 percent. Combined, the two tactics mitigate 20 percent of vulnerabilities. To put these relatively simple recommendations into action, IT administrators can download a new, free tool from the eEye researchers. It tests for some of the most highly recommended configuration updates and: • Offers a simple pass/fail and informational status ...

7 Ways to Improve Your Network's Web Security Admins looking to improve on their company's web security often turn to software solutions to help assess and automate their security tasks. Good web security software can make surfing the web safe and secure by protecting users from potential vulnerabilities in their operating systems or browsers, as well as helping them to avoid policy violations. The top web security software packages can help you to improve your network's web security in many ways. Here are seven of the major benefits web security software offers: 1. Automatic blocking of malicious content Compromised websites can lead to compromised workstations. Whether it's a malicious script or a media file, web security software can scan and block data before displaying it in a browser compromises a machine. 2. Scan downloads for malware Users frequently go to the Internet to download files, whether those are programs, music, or screensavers. Web security software can scan those...