#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Operation Defense - Anonymous shut down Colombia's president website

Operation Defense - Anonymous shut down Colombia's president website

Aug 03, 2011
Operation Defense - Anonymous shut down Colombia's president website Anonymous and Colombian Hackers shut down the websites of Colombia's president , the interior and justice ministry, the intelligence service DAS and the governing U party. According to hacker's Twitter page, the hacker attack was meant as a protest against government censorship. The DoS attack on the government websites named " Operation Defense ". On the website of the U Party, the hackers posted a fake biography of President Juan Manuel Santos in which the hackers talk about the break-in of the President's facebook page carried out on July 20, Colombia's Independence Day.
Zero-day flaw in WordPress image utility allows to upload files and execute codes

Zero-day flaw in WordPress image utility allows to upload files and execute codes

Aug 02, 2011
Zero-day flaw in WordPress image utility allows to upload files and execute codes Mark Maunder , CEO of Seattle-based technology firm Feedjit, discovered the flaw after his own blog was hacked to load advertising content. He ended up tracing the issue back to TimThumb, which he uses on his blog. Hackers are exploiting a zero-day vulnerability affecting TimThumb, a free image resizing utility widely used on the blogging platform WordPress. Vulnerability in brief : An image resizing utility called timthumb.php is widely used by many WordPress themes. Google shows over 39 million results for the script name. If your WordPress theme is bundled with an unmodified timthumb.php as many commercial and free themes are, then you should immediately either remove it or edit it and set the $allowedSites array to be empty. The utility only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory. I haven't audited the rest of
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
CA security finds Android Trojan which records phone calls

CA security finds Android Trojan which records phone calls

Aug 02, 2011
CA security finds Android Trojan which records phone calls A new Android Trojan is capable of recording phone conversations, according to a CA security researcher . The trojan is triggered when the Android device places or receives a phone call. It saves the audio file and related information to the phone's microSD card, and includes a configuration file with information on a remote server and settings used by the trojan. The malware also " drops a 'configuration' file that contains key information about the remote server and the parameters ," CA security researcher Dinesh Venkatesan writes in a blog, perhaps suggesting that the recorded calls can be uploaded to a server maintained by an attacker. According to the post, the trojan presents itself as an " Android System Message " that requires users to press an "Install" button for it to insert itself in the phone. Once installed, the trojan records all incoming and outgoing calls to a di
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Sun website 1000's users data stolen

Sun website 1000's users data stolen

Aug 02, 2011
Sun website 1000's users data stolen Britain's Rupert Murdoch-owned tabloid The Sun has sent a message to readers warning them that computer hackers may have published their data online after an attack on the paper's website last month. News International, News Group's parent company, issued a statement that said: " We take customer data extremely seriously and are working with the relevant authorities to resolve this matter.We are directly contacting any customer affected by this. " Hacking group LulzSec claimed responsibility for the cyber attack, which forced Murdoch's British papers to pull their websites and culminated in The Sun's site being replaced with a hoax story reporting the mogul had died. The company said it had reported the matter to the police and the Information Commissioner. The stolen information is believed to include names, addresses, dates of birth, email addresses and phone numbers. No financial or password data was comprom
Italian Intelligence agency CNAIPIC steals sensitive data from Indian Embassy

Italian Intelligence agency CNAIPIC steals sensitive data from Indian Embassy

Aug 02, 2011
Italian Intelligence Agency CNAIPIC steals sensitive data from Indian Embassy Sensitive defence information appears to have been stolen from the Indian embassy here by an Italian intelligence agency during the past two years. If the documents released by Anonymous Hackers are to be believed, the Italian cyber police - National Anti-Crime Computer Centre for Critical Infrastructure Protection (CNAIPIC) - was widely hacking Indian embassy's letters with Russian defence firms. Leaked Data which include the letters between the Indian embassy's Air Wing and a local company supplying spares for military aircraft. Izvestia said Italian cyber police had hacked on June 22, 2010 Deputy Air Attache D S Shekhavat's correspondence with Aviazapchast, a company specialising in the supply of aviation spares, complaining about delays in the shipment of 15 helicopter engines. A reply from the Aviazapchast representative in India written on the same day was also hacked by the CNAIPIC
On 4th August SAP systems will be hacked on internet in BlackHat USA 2011

On 4th August SAP systems will be hacked on internet in BlackHat USA 2011

Aug 02, 2011
On 4th August SAP systems will be hacked on internet in BlackHat USA 2011 On the 4th of august at the world largest technical security conference - BlackHat USA 2011, which will take place in Las Vegas, SAP security expert and CTO of ERPScan Alexander Polyakov will show how any malicious attacker can get access to the systems running on SAP via Internet using new critical vulnerability. SAP systems are used in more than 100 000 world companies to handle business-critical data and processes. Almost in each company from Forbes 500 system data are set for the handling of any process beginning from purchasing, human resources and financial reporting and ending with communication with other business systems. Thus receiving an access by the malicious attacker leads to complete control over the financial flow of the company, which can be used for espionage, sabotage and fraudful actions against hacked company. The given attack is possible due to dangerous vulnerability of the new type,
30 China Government Sites Hacked By Hitcher

30 China Government Sites Hacked By Hitcher

Aug 02, 2011
30 China Government Sites Hacked By Hitcher Pakistani Hacker with code name " Hitcher " today hit 30 China Government websites as listed below : Hacker deface all these domains and Mirror of every defacement is available  here .  In past,  LUMS University Database was also Hacked By Hitcher.
Anonymous and Lulzsec stand for Jake Davis with #FreeTopiary Operation

Anonymous and Lulzsec stand for Jake Davis with #FreeTopiary Operation

Aug 01, 2011
Anonymous and Lulzsec stand for Jake Davis with #FreeTopiary Operation Two Days before Accused LulzSec hacker "Topiary" was got arrested and today he released on bail . Jake Davis, an 18-year-old from the Shetland Islands, was released on bail after being charged with five offences relating to computer attacks and break-ins by the LulzSec and Anonymous hacking groups. In his support today all Anonymous and Lulzsec hackers stand together once again with a new operation #FreeTopiary on Twitter. Anonymous Call everyone for Show their support to @atopiary  on IRC Chat . Anonymous also call for Anonymous Legal Help also. Quotes from Various Supporters : 1.) FreeTopiary an idea is the seed of human kind. 2.) Make no mistake, Topiary is a political prisoner. 3.) I love how kids are the ones showing multimillion/billion security companies how insecure they are... 4.) You cannot arrest an idea. UPDATE : Press Release for Opearation #FreeTopiary On an historical day
Another Government contractor - PCS Consultants (USA) got Hacked by #Antisec

Another Government contractor - PCS Consultants (USA) got Hacked by #Antisec

Aug 01, 2011
Another Government contractor - PCS Consultants (USA) got Hacked Another Government contractor - PCS Consultants (USA) got hacked by Anonymous Hackers & #Antisec operation Hackers. Database of website has been extracted and leaked on internet via tweeter on Pastebin .The leaked Data extracted Includes Admin's and 110 users emails, passwords in encrypted hashes. According to PCS website " PCS Consultants, Inc is a full-service Human Resources and Risk Management Compliance Company, offering support in recruitment and internal placement, position classification, employee relations, OSHA compliance programs, worker's compensation administration, and training for a variety of HR/Safety and EEO-related subjects.Providing support to all levels of government, our team of consultants are carefully selected to ensure they have the necessary knowledge and understanding of relevant Public Sector Acts and Standards and high level oral and written communication skills, excell
Accused LulzSec hacker Topiary released on bail

Accused LulzSec hacker Topiary released on bail

Aug 01, 2011
Accused LulzSec hacker Topiary released on bail Jake Davis, an 18-year-old from the Shetland Islands, was released on bail after being charged with five offences relating to computer attacks and break-ins by the LulzSec and Anonymous hacking groups. Davis was granted bail to stay with his mother at their new home in Spalding, Lincolnshire, on condition that he does not access the internet either directly or through anyone else. He also has to wear a tag to ensure a 10pm to 7am curfew. Davis, whom police believe used the online nickname " Topiary " and was a member of the LulzSec and Anonymous hacking groups, was arrested at 2.10pm last Wednesday in Mid Yell, an northern island of the Shetlands. Jake Davis allegedly had the login passwords of 750,000 people on his computer. He was charged on Sunday night with offences under the Computer Misuse Act, the Serious Crime Act, and the Criminal Law Act. Davis is accused of gathering data from National Health Service computers,
Cybersecurity Resources