The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The UN nuclear watchdog has acknowledged one of its former computer servers had been hacked. The stolen information was contained in a statement by a group with an Iranian-sounding name calling for an inquiry into Israel's nuclear activities. The International Atomic Energy Agency (IAEA) is investigating Iran's nuclear program. A group called Parastoo Farsi for the swallow bird and a common Iranian girl’s name claimed responsibility for posting the names on its website two days ago. The group had been known to be critical of Israel's undeclared nuclear weapons program. “ The IAEA deeply regrets this publication of information stolen from an old server that was shut down some time ago ,” agency spokesperson said and agency experts had been working to eliminate any “ possible vulnerability ” in it even before it was hacked. Israel and the United States accuse Iran of seeking to develop a nuclear weapons capability, a charge Tehran denies, and says the Islamic state is th...

Once again a zero day vulnerability exploit is sold by cyber criminals in the underground, once again a the flaw is related to Oracle’s Java software that could allow to gain remote control over victim's machine. The news has been reported by KrebsOnSecurity blog that announced that the exploit being sold on an Underweb forum. The vulnerability is related to the most recent version of Java JRE 7 Update 9, it isn't present in previous versions of the framework, in particular the bug resides within the Java class “MidiDevice according the info provided by the seller that describes it with following statements: “ Code execution is very reliable, worked on all 7 version I tested with Firefox and MSIE on Windows 7 ,” “ I will only sell this ONE TIME and I leave no guarantee that it will not be patched so use it quickly. ” The exploited class is a component of Java that handles audio input and output. It's easy to understand that similar vulnerability has a great value du...

Anonymous Hacker managing Operation Syria ( OpSyria ) have released 1 GB of emails dump from  Syrian Ministry of Foreign Affairs. Files are in files are in Arabic language. Documents includes scanned copies of Syrian ministers passports, details about an arms transport from Ukraine, report which shows that 200 tons of Syrian bank notes have been shipped from Russia. " Within the stash you will find details about cargo flights from Russia, each containing 30 tons of fresh Syrian Cash " Hackers said. " Furthermore you will find lulzy documents such as scanned passports from Syrian ministers (PDF) and details about arms transportation from Ukraine ". Emails are available here and Full Archive is available to download also.

A group of Internet hackers appeared in an Ankara court on Monday on charges of terrorism, the first time alleged cyber criminals have been put on trial in Turkey. Those arrested in suspicion of the attacks are mostly students who deny having the technical skills required to carry out such a hack. RedHack has denied the allegations, saying 10 people currently being tried have no ties with the group and that the allegations of terrorism are simply part of the government’s policy against all of its opponents in the country. The defendants, who deny the charges, risk prison sentences ranging from eight to 24 years if convicted. Redhack claims to be affiliated with the international hackers' group Anonymous group, and has carried out several online attacks against state and private domains since 1997. Shortly after the arrests, RedHack declared that the individuals taken into custody had no association with the group. After releasing the statement, the collective brought down seve...

Hacker group Anonymous claims he took down North-side Independent School District's website (www.NISD.net) on Saturday to protest the district's use of tracking badges. On Sunday, Nov. 25, the same hacktivist released a statement via Pastebin giving the school district “1-3 days” to meet with parents and explain the student tracking program in detail. If the district fails to comply with the request, hacktivist promise to “simply shut down” the school district website once again. The hacker group also sent a Twitter message to the NISD account on Thursday, teasingly notifying them that their site was down. " They're tracking students! They have rights too. I want a statement about this, nobody agrees with that, even the parents! " Anonymous said. NISD said it wanted to expand the Student Locator Project to 112 Texas schools and around 100,000 students to curb truancy, apparently a major problem at the school district in question. It was reported th...

An Egyptian hacker “ TheHell ” is selling an exploit in $700 that allows individuals to hijack a Yahoo! email account. The method is shown off in a video that was posted on YouTube. A cross-site scripting (XSS) flaw on Yahoo! Mail creates a means to steal cookies and hijack accounts. In order to work, the victim must click on a malcious link. Upon doing so, the user’s cookies will be stolen and he or she will be redirected back to the Yahoo! email home page. " I'm selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers ," "TheHell" explained. " And you don't need to bypass IE or Chrome xss filter as it do that itself because it's stored xss ." Yahoo! has been notified and is looking for the security hole, which it says can be fixed in a few hours once discovered. They says this XSS flaw falls into the category of a stored vulnerability, which inserts malicious code into a file, database, or back-end system. The mali...

TripAdvisor Inc., a hotel-review website, recently became a victim of the bug, said Trend Micro Inc., an Internet security solutions provider. Many of TripAdvisor’s users received spam mail with booking confirmations for hotels they had checked out on the website , 1.89% of Indian Internet Users have already been affected. The email purporting to be in the name of one of the Hotels has a similar theme to its English counterpart as it contains confirmation and details on an alleged booking reservation.  TripAdvisor, which is among India’s top five travel brands as per digital market research firm ComScore Inc., globally has 60 million unique monthly visitors and 2.4 million unique users per month in India. Gamarue is a family of malware that may be distributed by exploit kits, spammed emails or other malware, and has been observed stealing information from an affected user. Trend Micro reported that one of their manager received the spam at his personal e-mail address ...