The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Thailand Prime Minister Twitter, Facebook accounts Hacked Prime Minister Yingluck Shinawatra's personal Twitter account was hacked yesterday in what officials said was possibly part of a conspiracy to embarrass the government. The false tweets accused her of cronyism and various failures. The final post read: " If she can't even protect her own Twitter account, how can she protect the country? " Authorities vowed to prosecute the guilty parties. Information and Communication Technology Minister Anudith Nakornthap said an investigation found the hacker used a prepaid phone card and an iPhone to access the accounts. He denied a report that an arrest was imminent, but said details from the investigation would be announced today.Ms. Yingluck won a clear victory in July, but is accused by her critics of being a puppet of her brother, former Premier Thaksin Shinawatra who was thrown out of office in a 2006 military coup. " This country is a business. We work for

Proof of Concept : PuttyHijack - Hijack SSH/PuTTY Sessions PuttyHijack is a POC tool that injects a dll into the Putty process to hijack an existing, or soon to be created, connection. This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers. The injected DLL installs hooks and creates a socket in guest operating system for a callback connection that is then used for input/output redirection. PuttyHijack does not kill the current connection, and will cleanly uninject if the socket or process is stopped. Leaves no race for further analysis. How to run/install PuttyHijack Start a nc listener on some fully controlled machine. Run PuttyHijack specify the listener ip and port on victime machine (Some socail engg skill may be helpfull) Watch the echoing of everything including passwords (grab it for further analysis) Help commands of PuttyHijack !disco – disconnect the real putty from the display !reco –

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

HTC Android Vulnerability - Exposes Phone numbers, Gps, SMS, Emails etc If you are running a HTC Android smartphone with the latest updates applied, chances are your personal data is freely accessible to any app you have given network access to in the form of full Internet permissions.This vulnerability isn't a backdoor or some inherent flaw in Android, it is instead HTC failing to lock down its data sharing policies used in the Tell HTC software users have to allow or disallow on their phone. The problem being, not only is your data vulnerable when Tell HTC is turned on, it's just as vulnerable when it is turned off. In brief, any app on affected devices that requests a single android.permission.INTERNET (which is normal for any app that connects to the web or shows ads) can get its hands on: the list of user accounts, including email addresses and sync status for each last known network and GPS locations and a limited previous history of locations phone numbers from the phon

Once a user scans the QR code, the code redirects them to a site that will install a Trojan on their Android smart phones. Kaspersky's SecureList blog has a report of a malicious QR code on a web site which when scanned directs the user to a URL; the linked site doesn't have a file matching the name in the URL, but it does redirect the browser to another site where the file jimm.apk is downloaded.  The file is a trojanized version of the Jimm mobile ICQ client, infected with Trojan-SMS.AndroidOS.Jifake.f which sends a number of SMS messages to a $6 a message premium rate service. Once installed, the Trojan will send a number of SMS messages to premium-rate numbers, which will end up costing the victim some money, depending on how quickly she is able to find and remove the Trojan. Kaspersky's Denis Maslennikov reports that the malware itself is a Trojanized Jimm application (mobile ICQ client) which sends several SMS messages to premium rate number 2476 (US$6.00 e

Open Source Awards 2011 launched - "Recognizing excellence in open source" The 'Packt Open Source Awards 2011' have been announced. Formerly the Open Source CMS Award, the contest has been running since 2006 and, according to a press release sent to .net, is "regarded as one of the most established platforms for recognising excellence amongst Open Source Software". The aim of the Open Source Awards is to encourage, support and reward open source projects, in part through cash prizes, which have topped $100,000 since 2006. This year, the categories up for awards are: Open Source CMS, Open Source Mobile Toolkits and Libraries, Most Promising Open Source Project, Open Source Business Applications, Open Source JavaScript Libraries, and Open Source Multimedia Software. To identify excellence, the public votes for finalists within each category are combined with ratings from a panel of judges. Packt itself notes that it has no input nor say in the finalist