The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Thailand Prime Minister Twitter, Facebook accounts Hacked Prime Minister Yingluck Shinawatra's personal Twitter account was hacked yesterday in what officials said was possibly part of a conspiracy to embarrass the government. The false tweets accused her of cronyism and various failures. The final post read: " If she can't even protect her own Twitter account, how can she protect the country? " Authorities vowed to prosecute the guilty parties. Information and Communication Technology Minister Anudith Nakornthap said an investigation found the hacker used a prepaid phone card and an iPhone to access the accounts. He denied a report that an arrest was imminent, but said details from the investigation would be announced today.Ms. Yingluck won a clear victory in July, but is accused by her critics of being a puppet of her brother, former Premier Thaksin Shinawatra who was thrown out of office in a 2006 military coup. " This country is a business. We work for

Proof of Concept : PuttyHijack - Hijack SSH/PuTTY Sessions PuttyHijack is a POC tool that injects a dll into the Putty process to hijack an existing, or soon to be created, connection. This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers. The injected DLL installs hooks and creates a socket in guest operating system for a callback connection that is then used for input/output redirection. PuttyHijack does not kill the current connection, and will cleanly uninject if the socket or process is stopped. Leaves no race for further analysis. How to run/install PuttyHijack Start a nc listener on some fully controlled machine. Run PuttyHijack specify the listener ip and port on victime machine (Some socail engg skill may be helpfull) Watch the echoing of everything including passwords (grab it for further analysis) Help commands of PuttyHijack !disco – disconnect the real putty from the display !reco –

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

HTC Android Vulnerability - Exposes Phone numbers, Gps, SMS, Emails etc If you are running a HTC Android smartphone with the latest updates applied, chances are your personal data is freely accessible to any app you have given network access to in the form of full Internet permissions.This vulnerability isn't a backdoor or some inherent flaw in Android, it is instead HTC failing to lock down its data sharing policies used in the Tell HTC software users have to allow or disallow on their phone. The problem being, not only is your data vulnerable when Tell HTC is turned on, it's just as vulnerable when it is turned off. In brief, any app on affected devices that requests a single android.permission.INTERNET (which is normal for any app that connects to the web or shows ads) can get its hands on: the list of user accounts, including email addresses and sync status for each last known network and GPS locations and a limited previous history of locations phone numbers from the phon

Once a user scans the QR code, the code redirects them to a site that will install a Trojan on their Android smart phones. Kaspersky's SecureList blog has a report of a malicious QR code on a web site which when scanned directs the user to a URL; the linked site doesn't have a file matching the name in the URL, but it does redirect the browser to another site where the file jimm.apk is downloaded.  The file is a trojanized version of the Jimm mobile ICQ client, infected with Trojan-SMS.AndroidOS.Jifake.f which sends a number of SMS messages to a $6 a message premium rate service. Once installed, the Trojan will send a number of SMS messages to premium-rate numbers, which will end up costing the victim some money, depending on how quickly she is able to find and remove the Trojan. Kaspersky's Denis Maslennikov reports that the malware itself is a Trojanized Jimm application (mobile ICQ client) which sends several SMS messages to premium rate number 2476 (US$6.00 e

Open Source Awards 2011 launched - "Recognizing excellence in open source" The 'Packt Open Source Awards 2011' have been announced. Formerly the Open Source CMS Award, the contest has been running since 2006 and, according to a press release sent to .net, is "regarded as one of the most established platforms for recognising excellence amongst Open Source Software". The aim of the Open Source Awards is to encourage, support and reward open source projects, in part through cash prizes, which have topped $100,000 since 2006. This year, the categories up for awards are: Open Source CMS, Open Source Mobile Toolkits and Libraries, Most Promising Open Source Project, Open Source Business Applications, Open Source JavaScript Libraries, and Open Source Multimedia Software. To identify excellence, the public votes for finalists within each category are combined with ratings from a panel of judges. Packt itself notes that it has no input nor say in the finalist