The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Your Android Phone is Spying On You, Use custom ROM To Protect your Privacy In this digital age, privacy is more important than ever. Just because you "don't have anything to hide," does not mean that you shouldn't value your privacy or fight for it when companies do things like this, especially with something as personal as your cell phone. An Android developer recently discovered a clandestine application called Carrier IQ built into most smartphones that doesn't just track your location; it secretly records your keystrokes, and there's nothing you can do about it. Is it time to put on a tinfoil hat? That depends on how you feel about privacy. In the nearly 20-minute video clip, Eckhart shows how software developed by mobile-device tracker Carrier IQ logs each keystroke and then sends them off to locations unknown. In addition, when Eckhart tried placing a call, Carrier IQ's software recorded each number before the call was even made. What is Carrier IQ, exactly?

Nullcon GOA 2012 - International Security Conference The open security community is a registered non-profit society and by far the largest security community in India with more than 2000 members comprising of information security professionals, ethical hackers and law enforcement professionals that focuses on Infosec research and assisting Govt. and private organizations with cyber security issues. null has 7 chapters through out India - Pune, Bangalore, Mumbai, Hyderabad, Delhi, Chennai and Bhopal, interacting with around 5000-6000 people by various activities like monthly meets, security camps, workshops, talks at various events & organizations and executing security projects. Our portal https://null.co.in provides free information on security research, responsible vulnerability disclosure, open source security software project, white papers, presentations, monthly chapter meets. We see that currently there is a disconnect between the Govt. agencies and private organizations

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Security Research : Be friend to anyone on Facebook in 24 hours " People have simply ignored the threat posed by adding a profile without checking if this profile is true. New Technologies have loopholes, but it is up to the users to be aware of this type of flaw. Social networks can be fantastic, but people make mistakes. Privacy is a matter of social responsibility. There is no solution. We must make good use of the social network and we are alone in this task ", said Nelson Novaes , a Brazilian (independent) Security and Behavior Research. The two experiments (Proof of Concept – Research Study) were presented at the Conference Silver Bullet . Both were used with the sole purpose of POC to demonstrate the fragility and privacy issues in the use of social networks. The technique is unusual and totally contrary to the terms of use of Facebook, but shows exactly how users can be manipulated. To prove his theory, the researcher in the field of online security and behavior Nelson Nova

Millions of printers open to devastating hack attack Could a hacker from half-way around the planet control your printer and give it instructions so frantic that it could eventually catch fire? Or use a hijacked printer as a copy machine for criminals, making it easy to commit identity theft or even take control of entire networks that would otherwise be secure? It's not only possible, but likely, say researchers at Columbia University, who claim they've discovered a new class of computer security flaws that could impact millions of businesses, consumers, and even government agencies. The researchers, who have working quietly for months in an electronics lab under a series of government and industry grants, described the flaw in a private briefing for federal agencies two weeks ago. They told Hewlett-Packard about it last week. HP said Monday that it is still reviewing details of the vulnerability, and is unable to confirm or deny many of the researchers' claims, but generally disp

New Facebook Worm installing Zeus Bot in your Computer Recently We Expose about 25 Facebook phishing websites and also write about biggest Facebook phishing in French  which steal more then 5000 usernames and passwords. Today another new attack on Facebook users with Zeus Bot comes in action. The researchers of Danish security firm CSIS , has spotted a worm spreading within the Facebook platform. A new worm has popped up on Facebook, using apparently stolen user credentials to log in to victims' accounts and then send out malicious links to their friends. The worm also downloads and installs a variety of malware on users' machines, including a variant of the Zeus bot. If followed, the link takes the potential victim to a page where he or she are offered what appears to be a screensaver for download. Unfortunately, it is not a JPG file, but an executable (b.exe). Once run, it drops a cocktail of malicious files onto the system, including ZeuS, a popular Trojan spyware capa

Assassin DoS 2.0.3 - Created By MaxPainCode MaxPainCode develop a new dos tool is based on a new attack that uses HTTP Flood to get the site down, this will work if you try with big dedicated server. Another Feature of Assassin DoS is that it will not take all your resources as the most DoS do. Also its like only 100 mili seconds delay when hitting the target and its available for windows. Same Issue is Discussed with Microsoft Security Response Center by Developer of This tool. Its available to Download here  (Disclaimer : Use it at your own Risk)

#OpRobinHood : Thousands of United Nation logins leaked by TeaMp0isoN Online 'hactivist' collective Anonymous and hackers Team Poison have joined forces for a new group effort known as 'Operation Robin Hood', that plans to target banks in an effort to give money back to the people. TeaMp0isoN today hack United nation website (www.undp.org) and leak 1000's of Login usernames, Passwords and Emails . Leaked accounts details are posted on pastebin , With a note include " The UN is a fraud! The bureaucratic head of NATO used to legitimise the Barbarism of Capitalist elite! " " How far you have come from the first address by Thomas Jefferson where 'peace, commerce and honestfriendship' were the Modis Operandi to one today where talk of 'eliminating 350,000 people a day'as outlined by Jacques Cousteau is a academic consideration. " They added. Operation Robin Hood Video Message : The music is overly dramatic, the text slamming on

More than 100 Pakistani Government Sites Under Malware attack Website Malware : A newer form of malware is what can be found attacking websites today. In the old days malware was mostly in the form of computer viruses. In today's age of globalization, malware starts to target websites and mobile devices.  Almost 100's of Pakistan Government sites are under attack by Godzilla Malware, Which is Created and implemented by an Indian Hacker. Hacker named " Godzilla " publish a list of all Freezed sites list here  ,including Peshawar Electric Supply Company website (www.pesco.gov.pk), Ministry of Information and Broadcasting - Government of Pakistan website (www.infopak.gov.pk), Pakistan Navy website (www.paknavy.gov.pk) and Many more. Hacker said," The malware is freezing the sever and if the server is changed then banner of malware hits the live ip.. " Today malware is much more sinister. It is backed up by an industry which some estimate at $2 billion a

WikiLeaks wins Aussie Journalism Awards Australia The whistle-blowing website, WikiLeaks, has been honoured at Australia's premier journalism awards for releasing of " an avalanche of inconvenient truths in a global publishing coup " which has had " an undeniable impact ". The Walkley Awards are the Australian equivalent of the Pulitzers: that nation's most prestigious award for excellence in journalism. Last night, the Walkley Foundation awarded its highest distinction — for " Most Outstanding Contribution to Journalism " to WikiLeaks, whose leader, Julian Assange, is an Australian citizen. " WikiLeaks applied new technology to penetrate the inner workings of government to reveal an avalanche of inconvenient truths in a global publishing coup ," the Walkley trustees said in bestowing the award Sunday evening. " Its revelations, from the way the war on terror was being waged, to diplomatic bastardry, high-level horse-trading and the interference in the dome

Discovered the biggest Facebook phishing in French Two Days before we publish that Geeks at Security Web-Center Found 25 Facebook phishing sites. Security Web-Center found another biggest Facebook phishing site in French which steal more then 5000 usernames and passwords, using the fake domain www.frfacebook.fr to scam the victims. All phished passwords are stored here Security Web-Center suggests that potential victims: Change all exposed passwords; Contact the company or organization that was being spoofed (Facebook, in this case); Alert it that your personal information was exposed; Ask it to cancel any accounts affected (Note: We don't recommend this for Facebook, obviously, but view it more as a general tip); and If the information provided can be used to access other institutions, such as credit-card companies, contact them, as well. [ Read More ]

Manila AT&T hackers linked to 26/11 Mumbai terror attack Police in the Philippines working with the US Federal Bureau of Investigation have arrested four people over a premium-line phone scam that targeted customers of the American telecommunications giant AT&T to funnel money to a Saudi-based militant group. These four suspected hackers accused of funnelling profits from attacking corporate telephone networks to an Islamic terrorist group blamed for the attacks on Mumbai three years ago. The four suspects allegedly targeted PBX systems maintained by AT&T and gained access to corporate phone lines that they resold at a profit to call centres. The low-level scam resulted in estimated losses of $2m and ran between at least October 2005 and December 2008, and possibly earlier.The operation was allegedly financed by Jemaah Islamiyah, a proscribed Pakistani terrorist organisation blamed for the terrorist attack in Mumbai, India, in November 2008. FBI declined to give offici

New Apache Reverse Proxy Flaw Allows Access to Internal Network Apache acknowledged another reverse proxy issue (CVE-2011-4317) which was discovered by Apache developer from Red Hat while creating a QualysGuard vulnerability signature for an older problem CVE-2011-3368. Depending on the reverse proxy configuration, the vulnerability could allow access to internal systems from the Internet. In order to set up Apache HTTPD to run as a reverse proxy, server administrators use specialized modules like mod_proxy and mod_rewrite. Apache developers are working on a fix of a flaw in its web server software that creates a possible mechanism to access internal systems.The zero-day vulnerability only rears its ugly head if reverse proxy rules are configured incorrectly and is far from easy to exploit, but it is nonetheless nasty. The problem isn't new and a vulnerability that allowed similar attacks was addressed back in October. However, while reviewing the patch for it, Qualys research