The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A new sensational discovered has been announced by Kaspersky Lab's Global Research & Analysis Team result of an investigation after several attacks hit computer networks of various international diplomatic service agencies. A new large scale cyber-espionage operation has been discovered, named Red October , name inspired by famous novel The Hunt For The Red October (ROCRA) and chosen because the investigation started last October. The campaign hit hundreds of machines belonging to following categories: Government Diplomatic / embassies Research institutions Trade and commerce Nuclear / energy research Oil and gas companies Aerospace Military The attackers have targeted various devices such as enterprise network equipment and mobile devices (Windows Mobile, iPhone, Nokia), hijacking files from removable disk drives, stealing e-mail databases from local Outlook storage or remote POP/IMAP server and siphoning files from local network FTP servers. Accordin...

Aaron Swartz has committed suicide on January 11, 2013 in New York City.  I have long been fought if you write something about this extraordinary boy, but not dedicate a tribute would be a shame. Aaron Swartz has decided to leave a huge void in the IT scenario.  For me, as the entire world he is a legend, a guy that has profoundly changed our daily work. Aaron Swartz is an eclectic persona; he is an hacker and active activist, co-founder of social news website Reddit and founder of the group Demand Progress. The EFF in a blog post states: " Aaron did more than almost anyone to make the Internet a thriving ecosystem for open knowledge, and to keep it that way. His contributions were numerous, and some of them were indispensable. When we asked him in late 2010 for help in stopping COICA, the predecessor to the SOPA and PIPA Internet blacklist bills, he founded an organization called Demand Progress, which mobilized over a million online activists and proved to be...

Hackers crew Jember Hacker terrorists (JHT) deface the official website of Indonesian president (https://www.presidensby.info) with a message reads, " This is a PayBack From Jember Hacker Team ". Hackers deface website of president Susilo Bambang Yudhoyono (SBY) apparently in protest at growing corruption and wealth inequality in the country and because of increasing anger at the current administration. Deface page mention hacker code name as " MJL007 " who performed the hack and government is working with law enforcement teams to examine log files in a bid to trace the origin of the attack. " Corruption is rampant, the poor are everywhere. The rich get richer, the poor get poorer ," hacker told . Mirror of hack is available at Zone-H .

Python supply chain attacks are surging in 2025. Join our webinar to learn how to secure your code, dependencies, and runtime with modern tools and strategies.

Last week, Happy Hacker   arrested in Thailand on charges of stealing millions from online bank accounts. According to new reports same hacker alleged as ZeuS Mastermind and used to have the profile of a miscreant nicknamed " bx1 ," a hacker fingered by Microsoft before as a major operator of botnets powered by the ZeuS banking trojan .  He remained smiling throughout a press conference in which Thai police explained that Thailand will seek to extradite Mr Bendelladj to the US state of Georgia, where a court has issued a warrant for his arrest. 24-year-old Algerian Hacker , Hamza Bendelladj   arrested at a Bangkok airport enroute from Malaysia to Egypt. The ZeuS botnet is one of the most notorious in existence, and it's also one that has earned its masters some pretty massive payouts. The Email ID's  daniel.h.b@universityofsutton.com , and danieldelcore@hotmail.com  mentioned by Microsoft in a complaint submitted to the U.S. District Co...

A new Java 0-day vulnerability has been discovered, already wind in use by an exploit pack, taking advantage of a fresh zero-day vulnerability in Java and potentially letting hackers take over users' machines. Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The flaw was first spotted by 'Malware Don't Need Coffee' blog . This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. This exploit is already available in two Exploit Packs, that is available for $700 a quarter or $1,500 for a year. Similar tactics were used in CVE-2012-4681 , which was discovered last August. Source of this new Exploit available to download Here . The two most popular exploits packs used by hackers to distribute malware, the BlackHole Exploit Kit and the Cool Exploit Kit already having thi...

Incapsula security study reveals how a simple neglect in managing the administrative password of a small UK site was quickly exploited by Botnet shepherds operating obscurely out of Turkey to hurl large amounts of traffic at American banks. If you've been following the news, you are probably aware of a wave of DDoS attacks that recently hit several major U.S. banks. Izz ad-Din al-Qassam, a hacker group that claimed responsibility for these attacks, declared them to be a retaliation for an anti-Islam video that mocked the Prophet Muhammad and a part of the on-going "Operation Ababil." As the reports of the attack started to roll in, Incapsula security team was able to uncover one of the secret foot-soldiers behind the assault: a compromised general-interest UK-based website that was trying to hurl large chunks of junk traffic at three of the world's largest financial institutions (PNC, HSBC and Fifth Third Bank). At On the eve of the attack, this website su...

Twenty-four hours a day, seven days a week, 365 days each year – it's happening. Whether you are awake or asleep, in a meeting or on vacation, they are out there probing your network, looking for a way in. A way to exploit you; a way to steal your data, a place to store illegal content, a website they can deface, or any of a hundred other ways to mess with you for the simple joy of it all. And they can do this with relative ease, even in an automated fashion, with simple tools that are readily available to all. I'm talking about network scanners. The bad guys use them all day every day to assess networks around the world because a network scanner is one of the easiest and most efficient ways to find the cracks in your armor. If you want to see your network the same way an attacker would, then you want to use a network scanner. Network scanners perform automated tests of systems over the network. They don't require agents or any other software to be installed on the "target" ...

On tip of a readers, yesterday we came across a new MasterCard hack, performed by  Syrian Electronic Army . Hackers was able to breach MasterCard Blog ( https://insights.mastercard.com ) and make a new blog post on the website with title " Hacked By Syrian Electronic Army " on January 5, 2013. For now MasterCard deleted that post, but readers can check Google cache . Today we tried to contact the hacker, but may be they are busy in Hacking Next Target , I started my investigation that how they can hack such a big economic website's blog. Starting from very first step, Information gathering about your target. Simple by reviewing the source code we found that MasterCard blog is using Wordpress. We all know, WordPress is particular a popular attack vector for cyber criminals. To know this, I just tried to access the readme.html file of CMS , that's it - MasterCard #fail ! They are using an old  Wordpress 3.3.2  version, in...