The Hacker News - Cybersecurity News and Analysis: Search results for black hat

International Association of Chiefs of Police Investigators Owned by Anonymous Hackers The Antisec wing of Anonymous has come out with another document release in its ongoing assault on law enforcement. A Special Agent Supervisor of the CA Department of Justice is the latest victim of Anonymous who claims that their operations against the FBI succeeded once again after managing to hack two of his Gmail accounts. Anonymous hackers broke into two of Bacalagan's gmail accounts, his text message logs and his Google Voice voicemails, then dumped the whole thing on to a website and The Pirate Bay . Baclagan was a special agent supervisor at the Department of Justice specializing in cybercrime, and his emails contain thousands of correspondences from the private listserv of the International Association of Computer Investigative Specialists, spanning 2005 to 2011. So, any black hat hackers looking for tips on how to avoid being busted might want to scour the archive, which provides es

War Texting : Hackers Unlock Car Doors Via SMS Don Bailey and Mathew Solnik, Two hackers have found a way to unlock cars that use remote control and telemetry systems like BMW Assist, GM OnStar, Ford Sync, and Hyundai Blue Link. These systems communicate with the automaker's remote servers via standard standard mobile networks like GSM and CDMA — and with a clever bit of reverse engineering, the hackers were able to pose as these servers and communicate directly with a car's on-board computer via " war texting " — a riff on "war driving," the act of finding open wireless networks. Don Bailey and Mathew Solnik, both employees of iSEC Partners, will deliver their findings at next week's Black Hat USA conference in Las Vegas in a briefing entitled " War Texting: Identifying and Interacting with Devices on the Telephone Network. " The exact details of the attack won't be disclosed until the affected manufacturers have had a chance to fix their systems, and the hackers are not expected

Security researchers have discovered thousands of backdoored plugins and themes for the popular content management systems (CMS) that could be used by attackers to compromise web servers on a large scale. The Netherlands-based security firm Fox-IT has published a whitepaper revealing a new Backdoor named "CryptoPHP . " Security researchers have uncovered malicious plugins and themes for WordPress, Joomla and Drupal . However, there is a slight relief for Drupal users, as only themes are found to be infected from CryptoPHP backdoor. In order to victimize site administrators, miscreants makes use of a simple social engineering trick. They often lured site admins to download pirated versions of commercial CMS plugins and themes for free. Once downloaded, the malicious theme or plugin included backdoor installed on the admins' server. "By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is

Microsoft BlueHat Security contest - Mega Prize $250,000 Microsoft today launched a $250,000 contest for researchers who develop defensive security technologies that deal with entire classes of exploits. The total cash awards for Microsoft's " BlueHat Prize " contest easily dwarfs any bug bounty that's been given by rivals. The company announced the contest as this year's Black Hat security conference got under way today in Las Vegas. " We want to make it more costly and difficult for criminals to exploit vulnerabilities, " said Katie Moussouris, a senior security strategist lead at Microsoft, in a news conference today. " We want to inspire researchers to focus their expertise on defensive security technologies. "  " Overall, it seemed to us that to take an approach to block entire classes was the best way to engage with the research community and protect customers ," said Moussouris. WHAT IS THE CONTEST? The inaugural Microsof

It is that time of year which everybody loves. It is the holiday season and you will start to see a lot more people express good attitudes and wish everyone else a happy new year. As a matter of fact it may be hard to think that with all of this much goodwill in the air there is someone out there who is trying to take advantage of that. But the fact is no matter what time of year it is there are always going to be bad guys around every corner and they will try to stalk their prey at anytime. It does not matter what time of year it is, the bad guys like to work all year round and you always have to be on the lookout for them. As a matter of fact this time of year is a very good time when it comes to black hat hackers . This is because there are so many people online around this time and they are looking for a bunch of deals for their Christmas shopping. The retailers really go full throttle around this time of year and they want to be able to make as much money as they can. This t

We have seen for the past couple years the cyber wasteland become something that is not dominated by young ambitious hackers anymore. The age of the Wild West is over and the big boys want a piece of the action. With so many infrastructures connected to the web these days it is only natural for more powerful and interested concerns to take their skills to the web. We are seeing the beginnings of true cyber war and it is something that is not going to be stop anytime soon. In the past, what we have seen mostly is governments stay behind the scenes and do defense when it comes to the cyber war. If the government did go on the offensive it would be in secret only discovered when some security firm would get lucky and find some code that would hint to government influence . But these days it is not like that anymore. Everyone knows that the governments of the world are going all out when it comes to cyber war. And the worst part about it is that when it comes to regular civilian

Decoys have been present in each and every culture, to capture the unknown as well as the known defaulters. The honey, which was used in turning the heads of bears that we used to find in jungles, well the same honey, but in a revisited version is being implemented and used here and has already proven worthy of its existence. This type of honey lures in a different kind of bears. The bears those are present in the cyber jungle. Yes, we are talking of the black hat hackers which are hell bent on intruding your file systems and scratching out info. Read Complete Tutorial and Guide on Honeypots : Honeypot / Honeynet - Tracking the Hackers ! (Video Tutorial for setup & Usage) : Indian Cyber Army So, we are now going to discuss this very new and amazing feature, which only a few of the countries in world stand to have, including ours. Explaining with examples is always easy. Recently, a very famous Turkish hacker was busted using these techniques of Honeypot. The hacker was

Peace deal between Indian Cyber Army and Pakistan Cyber Army C00lt04d  [ ICA ] has given a Statement :  Hello all... C00lt04d here i think everyone know what's happening out there we here were Defacing Pakistani sites.. and on that side Pakistanis were hacking ours... This has gone too far that both the governments are involved in this and they are taking down every black hat activity out here I think every1 have heard how that Adil got arrested by FIA for hacking into their own Government site we don't want this happen to every other hacker out here.... Lets keep the fight As Hackers vs anti-humanity ... and stop the fight between each other....at least for few days Also we know People like Amar Jeet singh are raging cyber war between Rival countries so i suggest all the Hackers Indian And Pakistani to lets move to these guys First and also move our attacks to Third World countries So that the things will settle down here also take

An unknown hacker has just stolen nearly $32 million worth of Ethereum – one of the most popular and increasingly valuable cryptocurrencies – from Ethereum wallet accounts linked to at least three companies that seem to have been hacked. This is the third Ethereum cryptocurrency heist that came out two days after an alleged hacker stole $7.4 million worth of Ether from trading platform CoinDash, and two weeks after an unknown attacker hacked into South Korean cryptocurrency exchange Bithumb and stole more than $1 Million in Ether and Bitcoins from user accounts. On Wednesday, Smart contract coding company Parity issued a security alert , warning of a critical vulnerability in Parity's Ethereum Wallet software, which is described as "the fastest and most secure way of interacting with the Ethereum network." Exploiting the vulnerability allowed attackers to compromise at least three accounts and steal nearly 153,000 units of Ether worth just almost US$32 million

The cyber Security Analyst  ' Ebrahim Hegazy ' (@Zigoo0) Consultant at Q-CERT has found an " Unvalidated Redirection Vulnerability " in the website of the giant security solutions vendor "Kaspersky". Ebrahim, who found a SQL Injection in " Avira " website last month, this time he found a Unvalidated Redirection Vulnerability that could be exploited for various purposes such as: Cloned websites ( Phishing pages) It could also be used by Black Hats for Malware spreading In the specific case what is very striking is that the link usable for the attacks is originated by a security firm like Kaspersky with serious consequences. Would you trust a link from your security vendor? Absolutely Yes! But imagine your security vendor is asking you to download a malware! To explain how dangerous the situation is when your security vendor is vulnerable, Ebrahim Hegazy sent me a video explaining the malware spreading scenario to simulate

Programming has five main steps: the identification and definition of the problem, the planning of the solution for the problem, coding of the program, testing, and documentation. It's a meticulous process that cannot be completed without going through all the essential points. In all of these, security must be taken into account. As you come up with a solution to the problem and write the code for it, you need to make sure security is kept intact. Cyber attacks are becoming more and more prevalent, and the trend is unlikely to change in the foreseeable future. As individuals, businesses, organizations, and governments become more reliant on technology, cybercrime is expected to only grow. Most of what people do in contemporary society involves the internet, computers, and apps/software. It's only logical for programmers to be mindful of the security aspect of making applications or software. It's not enough for programmers to produce something that works. After

You might want to be a little more careful the next time you pick up a cheap knock-off accessory for your device to save a few bucks because new hardware hacks could be the next big thing among cyber criminals . Researchers say they've built a custom iPhone wall charger that can Install malware in any iOS device using a custom made malicious chargers called Mactans , which are in turn controlled by a Raspberry-Pi like computer called a BeagleBoard. Mactans, which is named after the black widow spider's Latin taxonomy, will be demonstrated by Billy Lau, Yeongjin Jang, and Chengyu Song at the Black Hat 2013 conference in July and they said all users were vulnerable to attacks over the charger. They add that they can also demonstrate that the malware infection resulting from their malicious charger is persistent and tough to spot. In order for the malicious software to remain installed and unseen, the trio will show how an attacker can hide their software in the

This week WikiLeaks published "Vault 7" — a roughly 8,761 documents and files claiming to detail surveillance tools and tactics of the Central Intelligence Agency (CIA). The leak outlined a broad range of flaws in smartphones and other devices that the agency uses to intercept communications and spy on its targets, making even China and Germany worried about the CIA's ability to hack all manner of devices. While WikiLeaks promised the "Vault 7" release is less than one percent of its 'Year Zero' disclosure, and there's more to come, we are here with some new developments on the CIA leak. But, before knowing about the latest developments in the CIA hacking tool leak, I would suggest you read my previous piece to know 10 important things about 'WikiLeaks-CIA Leak .' We believe the US intelligence agencies have access to much bigger technical resources and cyber capabilities than the leak exposed in the leak. The dump so far just

A previously undocumented threat actor has been identified as behind a string of attacks targeting fuel, energy, and aviation production industries in Russia, the U.S., India, Nepal, Taiwan, and Japan with the goal of stealing data from compromised networks. Cybersecurity company Positive Technologies dubbed the advanced persistent threat (APT) group ChamelGang — referring to their chameleellonic capabilities, including disguising "its malware and network infrastructure under legitimate services of Microsoft, TrendMicro, McAfee, IBM, and Google."  "To achieve their goal, the attackers used a trending penetration method—supply chain," the researchers  said  of one of the incidents investigated by the firm. "The group compromised a subsidiary and penetrated the target company's network through it. Trusted relationship attacks are rare today due to the complexity of their execution. Using this method […], the ChamelGang group was able to achieve its goal a

A Dutch security researcher has uncovered a slew of security vulnerabilities in an essential component of solar panels which could be exploited to cause widespread outages in European power grids. Willem Westerhof, a cybersecurity researcher at Dutch security firm ITsec, discovered 21 security vulnerabilities in the Internet-connected inverters – an essential component of solar panel that turns direct current (DC) into alternating current (AC). According to Westerhof, the vulnerabilities leave thousands of Internet-connected power inverters installed across Europe vulnerable. Westerhof demonstrates that it is possible for hackers to gain control of a large number of inverters and switch them OFF simultaneously, causing an imbalance in the power grid that could result in power outages in different parts of Europe. The vulnerabilities affect solar panel electricity systems, also known as photovoltaics (PV), made by German solar equipment company SMA, which if exploited in mass

Sony Pictures France hacked by idahc_hacker Idahc the Lebanese hacker did a duet with his French friend Auth3ntiq on Sony Pictures France ( https://www.sonypictures.fr/ ) . In a pastebin post declared again that they are not black hat hackers. Possibly in a ruch but this time they didn't state that they are gray hat hackers. Using another SQLi, the data breach included the /etc/passwd file dump. According to Hacker, There are 177172 found in database, some of them are posted in pastebin.

So finally, Apple will pay you for your efforts of finding bugs in its products. While major technology companies, including Microsoft , Facebook and Google , have launched bug bounty programs over last few years to reward researchers and hackers who report vulnerabilities in their products, Apple remained a holdout. But, not now. On Thursday, Apple announced  at the Black Hat security conference that the company would be launching a bug bounty program starting this fall to pay outside security researchers and white hat hackers privately disclose security flaws in the company's products. How much is a vulnerability in Apple software worth? Any Guesses? It's up to $200,000 . Head of Apple security team, Ivan Krstic, said the company plans to offer rewards of up to $200,000 (£152,433) to researchers who report critical security vulnerabilities in certain Apple software. While that's certainly a sizable bounty reward — one of the highest rewards offered in co

How to become a Professional Hacker? This is one of the most frequently asked queries we came across on a daily basis. Do you also want to learn real-world hacking techniques but don't know where to start? This week's THN deal is for you. Today THN Deal Store has announced a new Super-Sized Ethical Hacking Bundle that let you get started your career in hacking and penetration testing regardless of your experience level. The goal of this online training course is to help you master an ethical hacking and penetration testing methodology. This 76 hours of the Super-Sized Ethical Hacking Bundle usually cost $1,080, but you can exclusively get this 9-in-1 online training course for just $43 (after 96% discount) at the THN Deals Store. 96% OFF — Register For This Course 9-in-1 Online Hacking Courses: What's Included in this Package? The Super-Sized Ethical Hacking Bundle will provide you access to the following nine online courses that would help you secure you

The brand new Android smartphone launched by Google just a few months back has been hacked by Chinese hackers just in less than a minute. Yes, the Google's latest Pixel smartphone has been hacked by a team white-hat hackers from Qihoo 360, besides at the 2016 PwnFest hacking competition in Seoul. The Qihoo 360 team demonstrated a proof-of-concept exploit that used a zero-day vulnerability in order to achieve remote code execution (RCE) on the target smartphone. The exploit then launched the Google Play Store on the Pixel smartphone before opening Google Chrome and displaying a web page that read "Pwned By 360 Alpha Team," the Reg media reports . Qihoo 360 won $120,000 cash prize for hacking the Pixel. Google will now work to patch the vulnerability. Besides the Google Pixel, Microsoft Edge running under Windows 10 was also hacked in PwnFest hacking competition. The Qihoo 360 team also hacked Adobe Flash with a combination of a decade-old, use-after-free