The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Samsung Galaxy S II (AT&T) trusted pattern lock Security Bypassed Major security flaw found in AT&T's upcoming Samsung Galaxy S II device. Guys at BGR noticed that the information on the upcoming AT&T version of the Samsung Galaxy S II isn't so safe behind a once trusted pattern lock, and that it can quite simply be bypassed. All you have to do : Wake the device using the lock key, then let the screen time out, then wake it again with the lock key and you can access all the data. AT&T's Version of Samsung Galaxy S II is confirmed to have this security flaw, but the Sprint version or other does not suffer from this. Even I just check my own Samsung Galaxy S II (Indian Version), Yeah - ITS SAFE :) Video Demonstration [ Source ]

Nmap 5.61 TEST2 -  IPv6 OS detection Added Nmap Added IPv6 OS detection, CPE, 30 more scripts, and more features in latest release Nmap 5.61 TEST2. Change Log for Nmap 5.61TEST2 Added IPv6 OS detection system! The new system utilizes many tests similar to IPv4, and also some IPv6-specific ones that we found to be particularly effective. And it uses a machine learning approach rather than the static classifier we use for IPv4. We hope to move some of the IPv6 innovations back to our IPv4 system if they work out well. The database is still very small, so please submit anyfingerprints that Nmap gives you to the specified URL (as long asyou are certain that you know what the target system isrunning). Usage and results output are basically the same as withIPv4, but we will soon document the internal mechanisms athttps://nmap.org/book/osdetect.html, just as we have for IPv4. For anexample, try "nmap -6 -O scanme.nmap.org". [David, Luis] [NSE] Added 3 scripts, bringing the tota

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

Virus removal website compromised to serving malware One of the Famous Virus Removal Service website : laptopvirusrepair.co.uk  is compromised and Hacker is Serving Malware on the website. In above screenshot Avira detects the JS/Blacole.psak Java script Virus hosted on the site.  The snippet of code is located at the bottom of the index page: It is an obfuscated iframe that redirects to a site that will deliver exploits:  zdesestvareznezahodi.com/tds/go.php?sid=1 . This Site is listed in  malwareblacklist .  Detected Virus is : Kaspersky: Trojan-Downloader.JS.Agent.geo and Effected Platforms / OS: • Windows 95 • Windows 98 • Windows 98 SE • Windows NT • Windows ME • Windows 2000 • Windows XP • Windows 2003 • Windows Vista • Windows Server 2008 • Windows 7 Side effects of JS/Blacole.psak Java script Virus: • Can be used to execute malicious code • Drive-by download

Russian firm Elcomsoft unveils tool to crack BlackBerry encryption security A Russian security company has upgraded a phone-password cracking suite with the ability to figure out the master device password for Research in Motion's BlackBerry devices. Elcomsoft said that before it developed the product, it was believed that there was no way to figure out a device password on a BlackBerry smartphone or PlayBook tablet. BlackBerry smartphones are configured to wipe all data on the phone if a password is typed incorrectly 10 times in a row, the company said. " ElcomSoft Phone Password Breaker " does exactly what it says, enabling its users to recover plain-text passwords governing encrypted backups for BlackBerry smartphones and PlayBook tablets. (The password-breaking tool also works on Apple devices running iOS, such as iPhones and iPads.) The new feature is wrapped into Elcomsoft's Phone Password Breaker. It costs £79 ($123) for the home edition and £199 for the fu

Disable Social Networks From Tracking You with The Priv3 Firefox Extension In Earlier Post we Inform our readers about " Facebook track your cookies even after logout ". Did you know that social networking sites like Facebook, Google+, and Twitter can track your visits to any web page that uses the familiar "Like", "Follow", or "+1" buttons, even if you do not actually click these buttons? If you care about privacy, you must have already installed privacy addons like Ghostery, Adblock Plus, but here's a new addition to your privacy toolkit – Priv3. Priv3 is different from addons like Ghostery. For example, Ghostery blocks social sharing buttons (+1, Like, Tweet buttons) and other social snippets (Facebook comments, Facebook connect) completely, so you may feel disconnected. Priv3 protects your privacy by blocking trackers, but still shows social snippets like Facebook Comments, +1, like buttons so you don't miss any content. Once you intera

4.9 million Tricare patients data exposed in data breach About 4.9 million patients treated in San Antonio area military treatment facilities since 1992 have been affected by a health information breach involving the theft of backup tapes for electronic health records, federal officials say. Some of the information included Social Security numbers, addresses, phone numbers and private health information for patients in 10 states. A statement posted on the Defense Department's Tricare health system website said no credit card or bank account information was on the backup tapes. " There is no indication that the data has been accessed by unauthorized persons ," the SAIC spokesman says. SAIC is working with the local police department, Defense Criminal Investigative Services and a private investigator to attempt to recover the tapes, the spokesman adds. TRICARE " does not have a policy " on encryption of backup tapes, a TRICARE spokesman says. SAIC did not i

Security Solutions for Beast attack against SSL/TLS Vulnerability Juliano Rizzo and Thai Duong presented a new attack on Transport Layer Security (TLS) at the Ekoparty security conference in Buenos Aires, Argentina. The researchers found that encryption, which should protect us, when we connect to some sites over HTTPS, may be compromised. The researchers say that their code is called BEAST (Browser Exploit Against SSL / TLS) prove to the world that any cryptographic protocol designed to TLS 1.1, is vulnerable and can be quite easily deciphered. Researchers try to decode the authentication cookies used to login to your account PayPal, within 10 minutes, far faster than anyone expected. If successful, the faith of Internet users in one of the pillars of online safety is fully dissipated.BEAST is different from the many published attacks against HTTPS, - said Dwan. - While other attacks are focused on property, authenticity SSL, BEAST Attacks privacy protocol. As far as we know, BE

JonDo 00.16.001 Released - Automatic error recognition and easier usability JonDos publishes a new version of the JonDo-Software, an IP changer and IP anonymization program, that you can use for anonymous surfing in the Internet with high security anonymous proxy servers. What is JonDo? JonDo is an open source and free-of-charge program for Windows, Linux and MacOS X. It hides the user's IP adress behind an anonymous IP address. In contrast to other anonymizers (VPNs, anonymous proxy servers), the user's anonymity stays protected even against the providers (operators) of the anonymous IP address. What is new? Statistics and support requests about the usage of JonDo let assume that several users of older versions do not use the software correctly, and may thereby surf the net unsecured. The current version warns the user in such a case and launches an assistant for fixing the problem if necessary. Of course, users may also consult the extensive online help for this purpo

Atlanta IT Worker Hacked Ex-Employers Database An Atlanta man could receive up to five years in prison after pleading guilty Wednesday to hacking into a former employer's patient database, stealing information and then wiping the database clean. Federal prosecutors said Eric McNeal, 37, used the patient information from a firm identified as " A.P.A ." for a direct marketing campaign at his new employer in the same building. McNeal was an information technology specialist for the perinatal medical practice in Atlanta in November 2009 when he left to join the competing perinatal practice. McNeal used his home computer to hack into his former employer in April 2010, prosecutors said in a release.He downloaded patients' names, addresses and telephone numbers and then cleared his former employer's database, deleting all patient information from its system, prosecutors said. While he used the information for a direct-mail marketing campaign for the benefit of his new employer, there was

"SecurityTube Wi-Fi Security Expert" (SWSE) online certification Launched SecurityTube released their first fully online certification today - " SecurityTube Wi-Fi Security Expert " (SWSE) .  The most interesting thing and key difference from other certifications, is that they are giving out the entire course material free of charge! You only pay if you need the certification. If you are a hobbyist or a causal security enthusiast, the course material is free for you :) The SWSE is based on the Wi-Fi Security Megaprimer which we posted about a while back: https://www.securitytube.net/downloads Full details of the certification is available here: https://www.securitytube.net/certifications For an introductory price of $200 till October 15th, 2011 (only limited seats), they are providing all of the following: - Lifetime access to the Students Portal - Lifetime access to Bi-Monthly Webinars with Full Course Coverage and Live Doubt Clearing sessions - Lifetime