The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

TigerBot - SMS Controlled Android Malware Stealing Information A new form of Android malware controlled via SMS messages has been discovered and the malware can record phone calls, upload the device’s GPS location, and reboot the phone, among other things. Researchers at NQ Mobile, working alongside researchers at North Carolina State University, have discovered this Android malware called "TigerBot", differs from “traditional” malware in that it is controlled via SMS rather than from a command & control (C&C) server on the Internet. A common aspect of Android malware is the use of a command and control server that tells the malware what to do next and acts as a repository for any captured passwords or banking information. The current information about this malware show that it can execute a range of commands including uploading the phone’s current location, sending SMS messages, and even recording phone calls. It works by intercepting SMS messages sent to the...

181000 records compromised in Utah Security Breach Utah health officials said that hackers who broke into state computers last weekend stole far more medical records than originally thought, and the data likely includes Social Security numbers of children who have received public assistance. The Utah Department of Health has been hacked. 181,604 Medicaid/CHIP recipients have had their personal information stolen. 25,096 have had their Social Security numbers (SSNs) compromised. What is particularly threatening about this attack is the fact that the stolen records included personal information including client names, addresses, birth dates, SSNs, physician’s names, national provider identifiers, addresses, tax identification numbers, and procedure codes designed for billing purposes. “ We understand clients are worried about who may have accessed their personal information, and that many of them feel violated by having their information compromised ,” said Michael Hales, deputy dir...

Anonymous Leaks Tunisia Prime Minister ’s Emails Anonymous Hackers says it has hacked 2,725 emails belonging to Tunisia's ruling Ennahda party, including those of the prime minister, in the latest challenge to the Islamist-led government. The email addresses of the president, head of the Constituent Assembly, Ennahdha party officials, and other party leaders were disclosed as well as documents from the electoral campaigns. In a video posted on a Facebook page belonging to Anonymous TN, a hacker wearing the trademark activist "Guy Fawkes" mask, said the emails were released in protest against Ennahda's alleged failure to protect the unemployed and artists who were attacked by Salafi Islamists during a recent protest. The activist said the emails include phone numbers, bank transactions and invoices paid during Tunisia's election campaign in October, in which Ennahda won more than 40 percent of parliament seats, going on to lead the government. The Tunisian g...

Your Facebook credentials at risk on Android - iOS jailbroken devices Facebook allows its authentication credentials to be stored in plain text within the Apple iOS version of its mobile app, allowing an attacker complete control over your Facebook account if he knows where to look. Security researcher Gareth Wright noted the vulnerability and alerted Facebook. Wright wrote on his blog that he discovered the issue while exploring the application directories in his iPhone with a free tool and came across a Facebook access token in the Draw Something game on his phone. The simple ‘hack’ allows a user to copy a plain text file off of the device and onto another one. This effectively gives another user access to your account, profile and all on that iOS device. Facebook’s native apps for the two platforms not encrypting your login credentials, meaning they can be easily swiped over a USB connection, or more likely, via malicious apps. Facebook has responded that this issue only ...

Indian government get access to BlackBerry messages After a battle lasting almost two years, BlackBerry maker Research In Motion has knuckled under to the Indian government, giving security forces in that country access to private instant messages. RIM decided to set up Blackberry servers that were stationed in Mumbai, India. If you were thinking that this move could only lead to the Indian government seeking more control over what goes in and out of RIM’s Blackberry servers, you would be right on the money. Not only has the Indian government gotten their way with the Blackberry servers, but they will now be able to tap into BBM messages. This was confirmed by Indian security agencies who revealed that the process to decrypt the 256-bit encrypted data used by BBM is underway and would be up and running soon, claiming that the interception of BBM messages will be used in case where the government suspects that crimes or terror plots are being hatched. It should also be noted t...

Anonymous vs Britain's Home Office - Operation Trial At Home As announced during last days Anonymous has launched a Distributed Denial of Service (DDoS) against several UK government websites. A massive recruiting campaign is started on social media, a call to arm to protest the extradition of U.K. citizens to the United States. The Operation named “ Operation Trial At Home ,” fight the European Arrest Warrant (EAW) that could lead to the extradition of three accused criminals by the U.K.’s Home Office, the government department responsible for domestic security. Anonymous has provided Home Office’s IP address in its announcement to the supporters, Scheduling for April 7 the a DDoS ( with denial-of-service) attacks against the Home Office’s website. During the week I wrote and article on the intent of the famous group of hacktivist and on the possible reasons of the action. The attacks have mainly two motives: to protest against the extradition of Gary McKinnon, Christopher H...

Joomscan 4.4.2012 Security Scanner - 623 Vulnerabilities Added Security Team Web-Center just released an updated for Joomscan Security Scanner. The new database Have vulnarbilities 623. Joomla! is probably the most widely-used CMS out there due to its flexibility, user friendlinesss, extensibility to name a few.So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity.It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites. Check for new updates with command: ./joomscan.pl or check ./joomscan.pl update . A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site. Download for Windows (141 KB) Download for Linux (150 KB)

LulzSec hacker pleads guilty in Sony breach Accused LulzSec hacker Cody Kretsinger pleaded guilty today in a federal court in Los Angeles, California, to felony charges associated with the breach of Sony Pictures Entertainment that occurred in mid-2011. The hacker had previously pleaded not guilty.Kretsinger was arrested last September, months before the recent raid on the "leaders" of the group. The hacker had been charged with conspiracy and the unauthorized impairment of a protected computer and pleaded not guilty at the time for both counts. The indictment accused Kretsinger and co-conspirators of stealing confidential information from Sony Pictures' computer systems and distributing the material on LulzSec's website before trumpeting the attack on Twitter. The breach caused more than $600,000 in damages, according to court papers. He and other LulzSec hackers, including those known as "Sabu" and "Topiary," stole the personal information...