The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

This Sunday, The Capital , New Delhi plays host to an International The Hackers Conference where blackhat hackers will discuss the challenges of cyber safety with security agencies. Your Smartphone is an always-on and always-connected digital extension of your life which will be used by attackers to covertly steal your sensitive data and spy on you. Mahesh , An Independent Security Researcher and Android Developer/Hacker will demonstrate " Android Spy Agent ". This application allows us to remotely access the entire victim's personal information and even though the confidential data available in the android cell phone. The type of personal information includes the victim's contacts, call logs, messages, browser's history, GPS location and much more information directly available on the victim's cell phone.  Many-a-times we think that is there any way by which we can read the private sms of anyone. So here is the solution Mr. Mahesh will present in...

Security researchers are expected to disclose new vulnerabilities in near field communication (NFC), mobile baseband firmware, HTML5 and Web application firewalls next week at the Black Hat USA 2012 security conference. The Black Hat session aim to expose sometimes shocking vulnerabilities in widely used products. They also typically show countermeasures to plug the holes. Two independent security consultants will give a class called " Advanced ARM exploitation ," part of a broader five-day private class the duo developed. In a sold-out session, they will detail hardware hacks of multiple ARM platforms running Linux, some described on a separate blog posting. The purpose of the talk is to reach a broader audience and share the more interesting bits of the research that went into developing the Practical ARM Exploitation and presenters Stephen Ridley and Stephen Lawler demonstrate how to defeat XN, ASLR, stack cookies, etc. using nuances of the ARM architecture on Linux. I...

Android's DNS resolver is vulnerable to DNS poisoning due to weak randomness in its implementation. Researchers Roee Hay & Roi Saltzman from IBM Application Security Research Group demonstrate that how an attacker can successfully guess the nonce of the DNS request with a probability thatis su cient for a feasible attack. Android version 4.0.4 and below are Vulnerable to this bug. Weakness in its pseudo-random number generator (PRNG), which makes DNS poisoning attacks feasible. DNS poisoning attacks may endanger the integrity and con dentiality of the attacked system. For example, in Android, the Browser app can be attacked in order to steal the victim's cookies of a domain of the attacker's choice. If the attacker manages to lure the victim to browse to a web page controlled by him/her, the attacker can use JavaScript, to start resolving non-existing sub-domains. Upon success, a sub-domain points to the attacker's IP, which enables the latter to steal wild card...

A scientist working at the Atomic Energy Organisation of Iran said computer systems have been hit by a cyber-attack which forced them to play AC/DC's Thunderstruck at full volume in the middle of the night. The attack came to light after a researcher at security firm F-Secure received a string of emails from a Iran's atomic energy organisation." I am writing you to inform you that our nuclear program has once again been compromised and attacked by a new worm with exploits which have shut down our automation network at Natanz and another facility Fordo near Qom. " " It does sound really weird ," he said. "If there was an attack, why would the attacker announce themselves by playing ' Thunderstruck? " If true, this attack is the third hacking attempt aimed at Tehran's controversial nuclear program. It sounds like the AEOI may have been hit with an infrastructure-targeting malware attack, similar to those that have plagued the Middle East since 201...

The Vulnerability reported on 06/12/2012, dubbed as " CVE-2012-0217 " - according to that Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack. The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape. FreeBSD/amd64 runs on CPUs from different vendors. Due to varying behaviour of CPUs in 64 bit mode a sanity check of the kernel may be insufficient when returning from a system call. Successful exploitation of the problem can lead to local kernel privilege escalation, kernel data corruption and/or crash. Inj3ct0r team today released related private exploit on their website , which allow normal FreeBSD users to Privilege Escalation. All systems running 64 bit Xen hypervisor running 64 bit PV guests onIntel CPUs are vulnerable to this issue. However FreeBSD/amd64 running on AMD CPUs is not vulnerable to thisparticular problem.Systems w...

" Choose a job you love, and you will never have to work a day in your life " said Confucius. These would be the words that describe Marius Corîci the most. In 2003 he started doing business in the plumbing industry and co-founded ITS Group, a franchise for Romstal Company, the biggest plumbing installations retailer from South-Eastern Europe. In 2007 he moved into Artificial Intelligence field and founded Intelligentics, a group for Natural Language Processing. Now, he is very focused on infosec and got involved in all the biggest independent security projects in Romania: S3ntinel , Hack Me If You Can , Hack a Server and DefCamp . Marius considers himself a serial entrepreneur and is very passionate about Artificial Intelligence. Never a quitter, always a perfectionist, looking for challenges that will change the world we live in. He believes in people and the power of great teams, and he intends to start blogging in the near future. What determined you to shift your attention towar...

Four months after the gaming site Gamigo warned users about a hacker intrusion that accessed some portions of its users' credentials, more than 8 million usernames, emails and and encrypted passwords from the site have been published on the Web, according to the data breach alert service PwnedList. The list of passwords, which were scrambled using a one-way cryptographic hash algorithm, were published earlier this month to a forum on the password-cracking website Inside Pro . According to forbe," The list also contained 8.2 million unique e-mail addresses, including 3 million American accounts from the US, 2.4 million accounts from Germany, and 1.3 million accounts from France ." Gamigo warned users in early March that an attack on the Gamigo database had exposed hashed passwords and usernames and possibly other, unspecified additional personal data. The site required users to change their account passwords. PwnedList founder Steve Thomas said, " It's the largest leak I'v...