The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Andhra Pradesh witnessed three cyber crimes a week on average in 2010 and a majority of them were Nigerian frauds, according to the state crime investigation department. Briefing media on the latest case, Additional SP (cyber crimes) U Ramamohan said this was the 54th case this year registered at the Cyber Crime Police Station here, and that the total number of such cases across the state was over 150. He said this was at least 20 per cent more than such cases last year. In the latest case of Nigerian fraud, a resident of Bhimavaram in West Godavari district was lured into paying Rs 15.88 lakh to claim prize money of 700,000 pounds from a non-existent 'Microsoft lottery.' He was asked on phone to deposit money in two accounts in ICICI Bank and Axis Bank, towards 'RBI clearance', 'anti-terrorism clearance', etc and was even given 'receipts' for the deposits. "These cyber criminals have email IDs of lakhs of people, to which they keep sending mails in batches. Even a very small perce

A new zero-day attack against Windows, capable of bypassing the User Access Control protections introduced in Windows Vista and designed to prevent malware from gaining administrative access without user authorisation, has been discovered in the wild. The proof-of-concept implementation of the infection technique, known as Troj/EUDPoC-A, was posted to a Chinese educational forum before being discovered by anti-virus researchers from various security firms. Chester Weisniewski, of anti-virus vendor Sophos, warns that the technique used by the Trojan ' enables an attacker to impersonate the system account, which has nearly unlimited access to all components of the Windows system, ' and does so without triggering the User Access Control protections introduced by Microsoft to prevent exactly that occurring. The flaw targeted by the code is thought to exist in all versions of Windows from Windows XP onwards - including Windows 2008 R2 and fully-patched Windows 7 systems, and t

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

On Monday, Mozilla, the developer of popular open source applications like Firefox and Thunderbird, announced that a database containing usernames and password hashes belonging to users of addons.mozilla.org had been posted publicly by accident. If you registered for an account on addons.mozilla.org and you are one of the 44,000 users who might have been affected by this accidental disclosure, you already should have received an email notification from the Mozilla security team. Is this simply another story of data leakage in a sea of lost usernames and passwords? Not exactly. Mozilla stored passwords set before April 9th, 2009 as MD5 hashes. MD5 has cryptographic weaknesses that permit creation of the same hash from multiple strings. This permits security experts to compute all the possible hashes and determine either your password or another string that will work even if it is not your password. Mozilla did not store passwords in plain text. The good news? Mozilla audited their logs

Over the last few weeks we have been contacted by a number of members of the  our  Facebook page , concerned by a message they saw on Facebook, warning them that their account protection was " very low ". With fake anti-virus (also known as scareware) attacks becoming an ever-growing problem (they attempt to trick you into believing your computer has a security problem when it doesn't), some security-conscious Facebook users might worry that this is a similarly-styled assault, designed to scare you into taking perhaps unwise actions. Certainly the warning message gives you the impression that there's something seriously wrong with how you have defended your Facebook account. I must admit I was surprised to see the message appear on my own Facebook account as I have been quite fastidious in my security settings on the social network. So, I was curious to find out just  why  Facebook believed that my account protection status was "very low", and what they th

The Pune police commissionerate conducted 'Cyber Safe Pune 2010' initiative from December 16 to 22 in the city. The initiative was aimed at creating awareness among people regarding cyber safety. The cyber crime cell conducted lectures at housing societies, schools, banks and colleges last week. Under the initiative, the cyber cell experts informed people about cyber crime. Deputy commissioner of police (cyber) Rajendra Dhale said, "The initiative was conducted to create awareness among the people. We received several queries about social networking sites, mobile thefts, lottery SMSes and credit card frauds.'' "We are urging girls not to upload their photographs on social networking sites. We are also urging them not to share personal information while chatting with unknown people. However, people can register mobile theft cases at the police station,'' he added. "We are requesting people not to fall prey to greedy messages concerning lottery prizes. Each police station has a cyber squ

It has been three weeks since the website of the Central Bureau of Investigation was hacked into by a group of suspected Pakistanis who call themselves 'Pakistani Cyber Army'. The website still remains inactive. With the state's premier investigation agency's website hacked into and remaining inactive for so long, CBI says that they are putting in place security audit measures so that such an incident won't occur again. Independent Information Technology companies had repeatedly warned the government about the vulnerability of its websites, but their advice was not heeded. "We at the National Anti-Hacking Group had been warning the government since 2003, that their websites were vulnerable. We hacked into the government hosted websites and later told them what we had done, just so that they could understand how easy it was. Since the government never took action on any of our recommendations, we dropped the campaign. Today, all our warnings have come true.