The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

At the 27th Chaos Communication Congress ( 27C3 ) hacker conference, security researchers demonstrated how open source software on a number of revamped, entry-level cell phones can decrypt and record mobile phone calls in the GSM network. Using a normal laptop and a homemade monitoring device, team leader Karsten Nohl of Berlin's  Security Research Labs  explained that GSM mobile communications can be decrypted in "around 20 seconds." He said his team was able to record and playback entire conversations in plain text. Last year, Nohl and his team showed how they managed to crack the A5/1 encryption algorithm used in GSM, in three months using 40 distributed computers. Since then, he says his team has considerably improved the rainbow tables needed for the attack; the tables are once again available from the BitTorrent peer-to-peer network. Nohl says he has also made a lot of progress with the other hardware and software needed for the attack. Furthermore, the scenario fo

It's a scene from an as-yet-unmade thriller: Across a country, tens of thousands of cellphones all blink white at the same, and turn themselves off. Calls are lost, phones are rendered useless, and the affected mobile operator is forced to pay a ransom or lose customers. It hasn't happened yet. But speaking at the Chaos Computer Club Congress here, German researchers showed how vulnerabilities in some the simplest, but most common phones in the world could conceivably lead to just such a scenario. Mobile phone security has been a growing concern due to the increasing popularity of smartphones, whose web-browsing and app-running capabilities allow attacks similar to those made against computers. Yet more than 85 percent of the world's cellphones are feature phones — simple devices with the ability to play MP3s or browse the web, but without the power of the iPhone or Android-based handsets. Vulnerabilities have been found in this type of phone before, but new open source tools allo

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Criminals this week hijacked ChronoPay.com, the domain name for Russia's largest online payment processor, redirecting hundreds of unsuspecting visitors to a fake ChronoPay page that stole customer financial data. Reached via phone in Moscow, ChronoPay chief executive Pavel Vrublevsky said the bogus payment page was up for several hours spanning December 25 and 26, during which time the attackers collected roughly 800 credit card numbers from customers visiting the site to make payments for various Russian businesses that rely on ChronoPay for processing. In the attack, ChronoPay's domain was transferred to Network Solutions, and its domain name system (DNS) servers were changed to "anotherbeast.com," a domain registered at  Network Solutions  on Dec. 19, 2010. The attackers left a message on the ChronoPay home page – designed to look as if it had been posted by Vrublevsky (see image above) – stating that hackers had stolen the personal data of all ChronoPay users who had shared p

Known to successfully slow down the Iranian nuclear program, the Stuxnet cyber worm is now expected to spawn variations that are predicted to disrupt non-traditional IT targets, from power grids to electronic voting stations. The Stuxnet cyber worm is a very complex, efficient and stealthy string of code that was first discovered in June 2010. And while it is likely the darling of Western governments for the disruption it unleashed on Iran's embryonic nuclear program, there are emerging concerns that variants of the Stuxnet virus could bring widespread havoc to systems around the world - beyond the traditional information technology targets. eWeek  reported on Tuesday that the Stuxnet worm is thought to have damaged as many as 1,000 Iranian centrifuges, after having already affected more than 62,000 computer systems in Iran alone. The genius of the Stuxnet code was reported in the mild manipulation of the centrifuge engine speeds, prompting the engines to operate just fast enough t

The Thai Netizen Network has issued a statement calling for a review of Thai cybercrime laws in light of curbs on free speech and has issued a book for netizens to help them safeguard their privacy and circumvent censorship at the same time. Supinya Klangnarong, co-ordinator of the Thai Netizen Network, said that the biggest problem was article 15 and 14, which is ambivalent, too encompassing and overlaps with criminal law. Over the years, articles 14 and 15 have been used to silence political dissent, she said. The case of Prachathai webmaster Chiranuch Premchaiporn was cited as an example of the arbitrary nature of the laws. She was arrested for leaving comments up on the site for 20 days. That number is not in any law. The problem is with the role of the intermediary - that of ISPs (Internet service providers), search engines or blog hosts. Under current law, they are treated as if they were editors. That is simply impractical without bringing the Internet in Thailand to a stop. Th

Detectives from London's Metropolitan Police Service's cyber crime unit have in the past year shut down 1,800 bogus websites, which were either fraudulent or advertising counterfeit goods, ranging from tickets to Premier League soccer games to Ugg boots and jewelry from Tiffany & Co. The preventative action was carried out in partnership with Nominet–the public body for U.K. domain name registrations–and involved a boosted effort around the holidays, a time when there is traditionally a spike in this type of crime as fraudsters take advantage of the increased number of online consumers. "The removal of these websites will have prevented numerous victims from falling foul to this type of offense," said Detective Inspector Paul Hoare of the Police Central e-Crime Unit in a statement. "Good advice for online shoppers can be found at the Consumer Direct and Get Safe Online websites but as always, are advice is that as a general rule, if something looks like it is too good to be tru

5 websites Hacked By KiLLerMiNd {PakCyberHaxors Crew} Sites: https://blog.kozmetikdukkan.com/ https://zone-h.org/mirror/id/12792769 https://doviz.webkafe.net/ https://zone-h.org/mirror/id/12792770 https://forum.gknscript.com/ https://zone-h.org/mirror/id/12792772 https://www.gelibolugundem.com/ https://zone-h.org/mirror/id/12792773 https://www.kafe100.com/ https://zone-h.org/mirror/id/12792777

2 websites Defaced by CYBERSAM ! Links : https://www.aarausa.com/ https://www.happyhoundsnj.com/

Top-Channel.Tv DDOS Atack By Teo DownTurn (AHT-CREW) Top-Channel.Tv   The Best TV Channel In Albania...!!!

At the  Chaos Computer Club Congress  here Tuesday, researchers from the University of Regensburg delivered a new warning about the  Tor anonymizer network , a system aimed at hiding details of a computer user's online activity from spying eyes. The attack doesn't quite make a surfer's activity an open book, but offers the ability for someone on the same local network — a Wi-Fi network provider, or an ISP working at law-enforcement (or a regime's) request, for example — to gain a potentially good idea of sites an anonymous surfer is viewing. "Developers have to be aware of this kind of attack, and develop countermeasures," said Dominik Herrmann, a Regensburg Ph.D student studying profiling and fingerprinting attacks. "But that proves to be very difficult." The research, performed by a variety of collaborators in Germany working on anonymity measures, represents a warning for privacy-conscious users wary of spying eyes, whether behind net-unfriendly borders or simply corporate firewalls

In its 2011 IT security predictions, Panda Security is predicting that a further rising tide of malware, along with an online cyberwar plus cyberprotests, will be the order of the day as the year progresses. According to Luis Corrons, Panda's technical director, during 2010 we have seen a significant growth in the amount of malware, a constant theme over the last few years. "This year, more than 20 million new strains have been created, more than in 2009. At present, Panda's collective intelligence database stores a total of over 60 million classified threats. The actual rate of growth year-on-year however, appears to have peaked: some years ago it was over 100%. In 2010 it was 50%. We will have to wait and see what happens in 2011", he said in a security blog. Corrons added that, also during 2010, with Stuxnet and the WikiLeaks cables suggesting the involvement of the Chinese government in the cyberattacks on Google and other targets, a turning point in the hist

A coordinated DDoS attack from an unknown source temporarily knocked 4chan offline in the latest attack against the high-profile group. The 4chan forum helped to create and cultivate the Anonymous hacker group that has used DDoS attacks against numerous companies in recent months as part of Operation Payback. 4Chan's site was down for more than 24 hours, but is back online after suffering its most damaging attack as of late. The site has continued to gain more notoriety as WikiLeaks remains in the headlines, and DDoS attacks aren't uncommon against 4chan. As part of Operation Payback, the Anonymous group attacked a number of websites of companies that were standing up against WikiLeaks. Credit card companies such as Visa, MasterCard and PayPal cut direct ties with WikiLeaks, cutting off donations to the site. Anonymous then targeted the websites of these companies with coordinated DDoS attacks, causing many hours of downtime. Other groups and political figures were targeted for speakin