The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

BlackBerry OS fell during the second day of the Pwn2Own hacking competition as a result of a drive-by download attack that chained together several exploits. The trio that managed to hack RIM's mobile operating system, Vincenzo Iozzo, Willem Pinckaers and Ralf Philipp Weinmann, exploited two vulnerabilities in the open-source WebKit layout engine in order to do it. The attack was launched from a specially crafted web page that stole information like contacts and images from the device and also wrote a file to the storage system. The hackers chained together an exploit for an information disclosure bug and one for an integer overflow vulnerability, but what's most impressive is that they did it without any documentation. They didn't have access to any debugging tool, like the ones available for other systems, that could have helped them determine how the attack code interacts with the system. Instead, they had to rely on exploiting a separate bug to read the device...

Microsoft Windows Picture and Fax Viewer Library  Vulnerability ! I. BACKGROUND The Windows Picture and Fax Viewer "shimgvw.dll" library is used by Windows Explorer to generate thumbnail previews for media files. II. DESCRIPTION Remote exploitation of a buffer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows could allow attackers to execute arbitrary code on the targeted host. An integer overflow vulnerability exists in the "shimgvw" library. During the processing of an image within a certain function, a bitmap containing a large "biWidth" value can be used to cause an integer calculation overflow. This condition can lead to the overflow of a heap buffer and may result in the execute arbitrary code on the targeted host. III. ANALYSIS Exploitation could allow attackers to execute arbitrary code on the targeted host under the privileges of the current logged-on user. Successful exploitation would require the attacker to e...

It's pretty bold and a cunning coup; criminals have installed a trojan in the Android Market Security Tool that Google is distributing to delete the contaminated apps that recently popped up on the Android Market. As users have been told to expect to see the application running on their phones clearing up the damage the Droiddream trojan did, there's a good chance they won't be suspicious of it. According to reports though, at present, the trojan-infested version of the tool is only in circulation on an "un-regulated third-party Chinese marketplace" and appears to only affect users of a particular Chinese mobile network. According to an initial analysis by Symantec, the trojan contacts a control server and is able to send text messages if commanded to do so. According to F-Secure, BGServ (as the contaminant is called) also sends user data to the server after being installed. Apps from sources other than the Android Market cannot, however, be installed unintent...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

Stephen Fewer won Pwn2Own ! The annual Pwn2Own contest at the CanSecWest conference kicked off Wednesday and one of the winners this year was Stephen Fewer, who exploited Internet Explorer 8 on Windows 7. Dennis Fisher spoke with him about the contest, the challenge of attacking IE 8 and the utility of memory protections.

Reverse Engineering of Proprietary Protocols, Tools and Techniques ! This talk is about reverse engineering a proprietary network protocol, and then creating my own implementation. The talk will cover the tools used to take binary data apart, capture the data, and techniques I use for decoding unknown formats. The protocol covered is the RTMP protocol used by Adobe flash, and this new implementation is part of the Gnash project. Download Complete Video : https://www.filesonic.com/file/125296291/reverse.xvid.avi or https://www.fileserve.com/file/jWNATyJ/reverse.xvid.avi WMV3 1024x768 | MP3 48 Kbps | 183 MB

Hacker group Anonymous takes down websites across the world for the greater good: peace, freedom of information and solidarity. Anonymous, which began as a movement in 2003 on a series of internet chat boards, has gone from targeting small time hypocrites to large multinational corporations bringing it from the background of hacker culture to the forefront of global politics. Anonymous is considered a "hackivist" movement that became globally recognized in 2010 after shutting down Mastercard, Visa, and Paypal during what they called Operation Payback. These major corporations stopped providing their services to Wikileaks, which had been using them to accept donations into the Wikileaks defense fund. This action on the part of Visa, Mastercard and PayPal offended the Anonymous community as an affront to freedom and justice. Anonymous stated on Al Jazeera that they could have taken down the infrastructure of all three websites but didn't because they wanted people to still be able to u...

EC-Council Launches Center for Advanced Security Training (CAST) to Address the Growing Need for Advanced Information Security Knowledge Mar 9, 2011, Albuquerque, NM  - According to the report, Commission on Cybersecurity for the 44 th  President, released in November 2010 by Center for Strategic and International Studies (CSIS), it is highlighted that technical proficiency is critical to the defense of IT networks and infrastructures. And there is evidently a shortage of such personnel in the current cyber defense workforce. The United States alone needs between 10,000 to 30,000 well-trained personnel who have specialized skills required to effectively guard its national assets. In essence, there is a huge shortage of highly technically skilled information security professionals. The problem is both of quantity, and quality, and this is not a problem just for the government space. Public and private companies are also in dire straits trying to fill such staffing needs. Th...

Jitendra Chohan College website hacked ! Hacked Site :   www.jccl.svkm.ac.in Mirror :   https://zone-h.org/mirror/id/13211084