The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cyber jihadists could use Stuxnet worm to attack the west ! ACCORDING TO Mikko Hypponen , F-Secure's chief security researcher, there has been a revolution in malware with Stuxnet. " The worst case scenario is that Al-Qaeda or another organisation could gain access to this type of knowledge and information, and make use of it to launch attacks on critical infrastructure – like blow up nuclear power plants or do something to our food chain. "

McAfee study  - India is fourth lowest in security adoption ! McAfee and the Center for Strategic and International Studies (CSIS) revealed the findings from a global report 'In the Dark, Crucial Industries Confront Cyber attacks' that reflects the cost and impact of cyber attacks on critical infrastructures. Critical infrastructure refers to computer systems of vital economic assets such as power grids, railways, nuclear energy plants, etc. that make strong targets for criminal threats, industrial espionage and politically motivated sabotage. According to the report findings, India ranked fourth in terms of lowest levels of security adoption after Brazil, France and Mexico, adopting only half as many security measures as leading countries such as China, Italy and Japan. Concurrently, China and Japan were also among the countries with the highest confidence levels in the ability of current laws to prevent or deter attacks in their countries. The report states that currently ...

Scada systems are found in a variety of industrial plants ranging from water and waste treatment to food and pharmaceuticals and even nuclear power plants.Their scurity of these systems is getting worse and is big concern today. Application security management firm Idappcom reported 52 new threats in March targeted at supervisory control and data acquisition (Scada) systems of the sort hit by the infamous Stuxnet worm. "We quickly realised this was too much of a significant blip to be an anomaly. It may be an indicator towards a worrying trend," said Haywood.Our records go back to 2004 and I've never recorded any sort of significant blip on the radar in an area like this previously." said Tony Haywood, chief technology officer at Idappcom. Some of the xploits founded arecausing DOS (Denial Of Service), bringing system to halt. Scada systems are often at greater risk because they are connected to legacy operating systems such as Windows 95 for which there are no service packs or autom...

Codenomicon is a Finland based Information Security company. Recently it has released a universal fuzzer, a fuzz testing solution that combines heuristics and multiple fuzzers with a graphical user interface, automated test executions and reporting features. Fuzzing has been popular between hackers and security researchers to find bugs and0-days in software.This Universal Fuzzer can be used to test everything that can be presented in a file format, such as image files, captured protocol messages, text documents and wireless frames. It creates test cases from sample files, such as pdf-documents, media files and protocol files. The Universal Fuzzer uses heuristics to determine the structure of the sample files, thus it is able to generate more intelligent, targeted test cases and discover more vulnerabilities. The coverage of the tests is further improved by combining the abilities of 15 different fuzzers. The Universal Fuzzer is an easy and flexible solution for performing fuzzing. It...

The OWASP Hackademic Challenges Project is an open source project that helps you test your knowledge on web application security. You can use it to actually attack web applications in a realistic but also controlable and safe environment. On the left menu you can see all attack scenarios that are currently available. You can start by picking one! This is a Customized version of the OWASP Hackademic Challenges only for OWASP Appsec Europe 2011 The competition starts on 21st April and will run for 4 weeks until 15th May. Each week a series of challenges are going to be released according to the schedule below: Week 1 (21st April) Week 2 (28th April) Week 3 (5th May) Week 4 (12th May) Once the competition is over, the winner ( first place in the Top 10 ) will get a free ticket to OWASP Appsec Europe 2011 Let the challenges begin!

A top United States federal lab was the victim of a "silent" cyberattack earlier this month, news outlets are reporting The Oak Ridge National Laboratory in Tennessee was the victim, according to Nextgov.com. The lab is an energy department laboratory that studies nuclear fusion, supercomputing, and other areas. Ironically, "one of the core competencies of the lab is cybersecurity research," according to a quote on Wired. The attack prompted a shutdown of e-mail and Internet access at the facility. The attack vector used to break into Oak Ridge's network is known as an advanced persistent threat, or APT. Nextgov describes it thus: " APTs typically infiltrate a target by e-mailing its employees messages purportedly from legitimate associates that ask the employee to submit personal information, such as passwords, and then harvest this information to access the systems they are after. Once inside the network, the perpetrators often try to extract data -...

 Former Cisco Engineer Arrested for Hacking ! A former Cisco engineer was arrested last year on charges of hacking into his former employer's network and is currently awaiting extradition in Canada. The charges against Peter Alfred-Adekeye, a British national who worked for Cisco before leaving to start his own company, were reported in local Vancouver media this week. Alfred-Adekeye was arrested in May 2010 in Vancouver, on 97 counts of accessing a protected computer without authorization based on a complaint returned by a Secret Service Special Agent. The networking giant alleged that its former engineer used another employee's credentials to log into one of its restricted websites and download software. In 2008, Alfred-Adekeye's new company, Multiven, based in Redwood City, California, filed an antitrust lawsuit against Cisco, claiming that it is stifling competition by forcing its customers to sign service contracts to receive software bug fixes. Multiven p...

Microsoft discloses vulnerabilities in Chrome and Opera Microsoft has issued two advisories on Chrome and Opera, detailing remote code execution and information disclosure vulnerabilities. The disclosure is the result of the Microsoft Vulnerability Research (MSVR) system going live, which is one of the core items within their Coordinated Vulnerability Disclosure (CVD) program. On Tuesday, Microsoft issued an MSRV Advisory related to use-after-free memory errors in Google's Chrome, which, if exploited, would have triggered a crash and allowed remote code execution in the browsers sandbox. "When attempting to parse specially crafted Web content, Google Chrome references memory that has been freed. An attacker could exploit the vulnerability to cause the browser to become unresponsive and/or exit unexpectedly, allowing an attacker to run arbitrary code within the Google Chrome Sandbox," the advisory explains. Google has addressed the issue in a patch delivered last September. Vers...