The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Thirty-six websites used to sell stolen bank account details have been taken down following an investigation by the Serious Organised Crime Agency ( SOCA ). The arrest of two men in the UK and another in Macedonia is the result of an international operation in which 36 web domains, used to trade compromised banking data, were taken offline. SOCA has been tracking the development of AVCs and monitoring their use by cyber criminals, who support payment card and online banking fraud on a global scale. Working with the FBI, the BKA in Germany, the KLPD in the Netherlands, the Ukraine Ministry of Internal Affairs, the Australian Federal Police, and the Romanian National Police, SOCA has recovered over 2.5 million items of compromised personal and financial information over the past 2 years. Lee Miles, head of cyber operations for SOCA, said: " Our activities have saved business, online retailers and financial institutions potential fraud losses estimated at more than half a billion pounds...

Microsoft's MSN Hotmail (Live) email service currently hosts over 350 million unique users. A Vulnerability Laboratory senior researcher, Benjamin Kunz Mejri, identified a critical security vulnerability in Microsoft's official MSN Hotmail (Live) service. A critical vulnerability was found in the password reset functionality of Microsoft's official MSN Hotmail service. The vulnerability allows an attacker to reset the Hotmail/MSN password with attacker chosen values. Remote attackers can bypass the password recovery service to setup a new password and bypass in place protections (token based). The token protection only checks if a value is empty then blocks or closes the web session. A remote attacker can, for example bypass the token protection with values "+++)-". Successful exploitation results in unauthorized MSN or Hotmail account access. An attacker can decode CAPTCHA & send automated values over the MSN Hotmail module. Regarding the consequences it was a win for Micr...

The BackBox team has announce the release 2.05 of BackBox Linux. The new release include features such as Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8.0. BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools. What's new System upgrade Bug corrections Performance boost Improved start menu Improved WiFi driver (compat-wireless aircrack patched) New Hacking tools: creepy, fern-wifi-cracker, joomscan, pyrit, reaver, xplico, etc. Updated tools: crunch, fimap, hydra, magictree, metasploit, set, sipvicious, skipfish, w3af, weevely, wireshark, wirouterkeyrec, wpscan, zaproxy, theharvester, xsser, etc. Download Backbox 2.05

Several Lebanese ministry websites were the target of a hack attack Thursday by the group Raise Your Voice, in the second such attack on government-related portals this month. " We are RYV, short for Raise Your Voice, and we are simply a group of people who could not bare (sic) sitting in silence, watching all the crimes and injustice going on in Lebanon. We will not be silenced and brainwashed by your media. We will not stop until the Lebanese people mobilize, demand their rights, and earn them ," said the group's message posted on the hacked websites. It is unclear whether Lebanon Anonymous is affiliated with the hacktivist group #Anonymous, renowned for its attacks on websites of governments and corporations it considers corrupt or seeking to limit free speech on the web. Last month, they took down the Interpol's website as a response to the arrest of 25 of their members, as well as the United Nations' official site. Below is the list of the websites that were hacked on...

Hackers continued to attack the Philippine government's online presence, with at least one agency on Thursday reporting a denial-of-service attack the night before. The official website of the Department of Budget and Management (DBM) yesterday became the latest victim of a cyber attack by suspected Chinese hackers.The DBM website was defaced at around 2 pm Wednesday and will remain offline until the repairs are complete, according to Budget Secretary Florencio Abad. In a press statement, Abad said the DBM's official website, www.dbm.gov.ph , is currently undergoing a security audit and "may be inaccessible until critical issues are resolved." The hackers placed a Chinese flag on the DBM website along with a caption announcing it was " Hacked! Owned by Chinese Hackers?! " The webpage also contained a message: " How come a small bitch border country are overconfident? And Challenged to Our Chinese Super Hacker? " A warning was also displayed: " Don't Trouble Chine...

Facebook strengthens security with AntiVirus Marketplace Facebook has launched Anti-Virus Marketplace  , a new portal to protect the social network's users.Members are being encouraged to download anti-malware programs which they can use at no cost for six months. Facebook is strengthening its security controls in an attempt to protect its 900 million users from spam and malicious content.Facebook said Wednesday that it will work with Microsoft Corp. and with computer security firms Trend Micro Inc., Sophos, Symantec Corp. and Intel Corp.'s McAfee to provide safeguards on Facebook. " The Antivirus Marketplace was developed with industry partners to enhance protection for people on Facebook ," Facebook wrote in a blog post . " This program will help us provide even better protections to those using Facebook, no matter where they are on the web. " Facebook's security push comes as social networks become an increasingly popular target for spammers and ...

Iran Preparing For Cyberwar Against U.S Security professionals in both the U.S. government and in private industry have long feared the prospect of a cyberwar with China or Russia, two states capable of launching destructive attacks on the computer networks that control critical assets such as the power grid or the financial system. But, Iran is recruiting a hacker army to target the U.S. power grid, water systems and other vital infrastructure for cyberattack in a future confrontation with the United States, security specialists will warn Congress Thursday. " If Iran is willing to blow up a Washington restaurant and kill innocent Americans, we would be naive to think Iran would never conduct a cyberattack against the U.S. homeland ," said Counterterrorism and Intelligence Subcommittee Chairman Pat Meehan, R-Pa. " Over the past three years, the Iranian regime has invested heavily in both defensive and offensive capabilities in cyberspace ," states testimony from Ilan Berman...