The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Over 2011-2012 we've seen an increase in distributed denial-of-service (DDoS) attacks and other web attacks on SME's websites. Incapsula is one of the companies whose service is useful to protect your website from all threats and mitigate DDoS attacks which affect your websites, servers, databases, and other essential infrastructure. Incapsula is a cloud-based website security and performance service, including a PCI-certified cloud web application firewall and a content delivery network (CDN) for small and medium-sized businesses. We at ' The Hacker News ' got the chance to review the service using an Enterprise plan account. Really it takes I think 1-2 minutes to join the service and add this extra layer of virtual shield around your Website. You have to make a simple DNS settings change in your domain panel. Your site traffic is then routed through Incapsula’s global network of high-powered servers. Incoming traffic is analyzed and a security layer is a...

The new zero day exploit has been discovered and being exploited in the wild. This can be used to load malicious application on victim machines running fully patched Windows XP SP3 along with the latest editions of the IE 7 and IE 8 browser and Adobe's Flash software. Eric Romang  was  examining one of the servers used to launch attacks on vulnerable Java installations in past, and he says that he has found a new zero day exploit for Microsoft's Internet Explorer web browser. He said, " I can confirm, the zero-day season is really not over yet ." AlienVault Labs researcher Jaime Blasco reported that, " the gang behind the Java attacks in August and September may be moving on: with domains used in that attack located at new IP addresses and serving up the new and more potent attacks ." As shown in above image example, the file exploit.html creates the initial vector to exploit the vulnerability and loads the flash file Moh2010.swf, which ...

Russian anti-virus company Doctor Web is warning users about the malicious program which is helping attackers carry out mass spam mailings and allow attacker to use victim's PC as slave of his DDOS Army. According to researchers from the company they have discovered a Trojan " Trojan.Proxy.23012 " application that uses a rare method of distribution through peer networks. " The botnet, consisting of Trojan.Proxy.23012-infected computers, is used by criminals to control proxy servers for the purpose of using them to send spam upon command ". An example of such a spam message is shown in the screenshot below. This Malware work as: 1.) Using peer to peer network it will download the executable file and that will be a encrypted malicious module. A very interesting algorithm used by the Trojan to download the infected computer other malware. 2.) After successfully decrypt it launches another module that reads the image in computer memory or other malicious applica...

Computer hacking is truly an epidemic. It's not enough to apply the latest patches to your servers and workstations or otherwise defend yourself reactively. If you're in charge of your network's security, you must understand how hackers minds work and what tools they're using for their attacks.  Also one of the best ways to protect yourself is to think like a hacker. Evil hackers aren't just a threat to national security. They're a threat to your privacy and even your livelihood. Your personal information? Nothing more than a commodity in their billion-dollar black-market enterprise. There's no product that can prevent hackers from plastering passwords and usernames on the Web. But some white hat hackers are not only chasing these cybercriminals but also thwarting the attacks before they can be launched. Vulnerabilities appear in your environment every day. For example, everyone wants to use their tablet or smart phone to conduct business. A...

Kaspersky has discovered new malware dubbed ' miniFlame ', cyber espionage software directly linked to Flame. This new nation-state espionage malware that has ties to two previous espionage tools known as Flame and Gauss, and that appears to be a “high-precision, surgical attack tool” targeting victims in Lebanon, Iran and elsewhere. miniFlame, also known as SPE, was found by Kaspersky Lab’s experts in July 2012, and was originally identified as a Flame module. But originally MiniFlame seems to be used to gain control of and obtain increased spying capability over select computers originally infected by the Flame and Gauss spyware. According to Kaspersky, versions of miniFlame were created in 2010 and 2011, and some of the six variants are still considered active. It is expected that development of the malicious program could have started as far back as 2007. " MiniFlame is a high precision attack tool ," said Alexander Gostev, Chief Security Expert, Kaspers...

After last year's big PlayStation Network hack a lot of hacking groups such as Anonymous and LulzSec were intensely publicized. Back in June, a massive hack was conducted on the Sony Pictures Website. The attack led to the theft of details on over 1 million accounts and was linked to the hacker group Lulzsec. At the time, the hacker group claimed to have used a “ very simple SQL injection ” attack. Samples of the compromised data were later posted online. Purported LulzSec member Raynaldo Rivera, 20, was charged in August with impairing a protected computer and conspiracy charges. In admitting his guilt, he joins Cody Kretsinger, who also pleaded guilty for the Sony Pictures hijack. Kretsinger is scheduled to be sentenced on 25th October. " Rivera used the HideMyAss anonymising proxy service in an attempt to disguise his IP address while he carried out reconnaissance work, probing Sony Pictures' website for security vulnerabilities. HideMyAss turned over his IP...

A very quick and urgent warning for Twitter users, If you receive a direct message (DM) on Twitter saying " My profile was viewed..times..today " with a link then please don't click it. If you do, you will run the risk of having your Twitter account hijacked, your account turned into a spam-spewing tweet factory and all of your Twitter followers will be sent a personal copy of the same DM saying " My profile was viewed..times..today ". The direct message is a Scam aimed at stealing your twitter account. Or If any of this phishing scheme sounds familiar, it’s because this scam and others like it have been going around for quite some time now. Reason being, they’re all highly effective. Sure, the verbiage in the Twitter DMs may change periodically, but the goal of stealing your Twitter username and password stays the same. We recommend you to: DO  not click the link. DELETE  that message ONCE REVIEW  all the application you have ...