#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Why US Aircrafts Drop Spy Devices in Syrian ?

Why US Aircrafts Drop Spy Devices in Syrian ?

Dec 23, 2011
Why US Aircrafts Drop Spy Devices in Syrian ? Last week Iranian engineer claim to hijack U.S. drone by hacking GPS system using GPS spoofing. On December 14, residents of a small town in northern Syria reported seeing unidentified aircraft circling overhead, and dropping several small items attached to mini-parachutes , which entered Syrian airspace through the Turkish border. The gadgets, pictured here, look suspiciously like surreptitious listening devices. Residents say the question is :  who dropped them, and why? The sources explained that the aircrafts that dropped the devices were American, not Turkish. They added that the aircrafts took off from Incirlik air base, southeast of Adana, which is 130 km away from the city of Afrin, mainly to belong to the Kurdish nationalists. " This action aims at eavesdropping on communications between the Syrian troops, locating their spots accurately and collecting any information about it in order to provide them to U.S. and Turkish aut
Call spoofing - Evolution of Cybercrime in Growing Children

Call spoofing - Evolution of Cybercrime in Growing Children

Dec 23, 2011
Call spoofing - Evolution of Cybercrime in Growing Children The Hacker News & 5 Other Top IT Security Sites are Sponsoring a Special Edition January 2012 Magazine under a Cyber Security Awareness Campaign called " ENTER AT YOUR OWN RISK ". Our goal is to provide the most up-to-date information on a wide variety of topics that address the tricky and complicated world of hackers and hacking. Lets know about " Call spoofing " and How much easy it is for kids to do Call spoofing. First of all the term ' cyber crime ' is a misnomer. The concept of cyber crime is not radically different from the concept of conventional crime. Both include conduct whether act or omission, which cause breach of rules of law and counterbalanced by the sanction of the state. Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime. The computer may be used as a tool in the follo
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Iran government websites now on local server to Protect them from Cyber Attacks

Iran government websites now on local server to Protect them from Cyber Attacks

Dec 22, 2011
Iran government websit es now on local server to Protect them from Cyber Attacks An Iranian official says the country has transferred the location of most of its government websites from foreign-based hosting agencies to new computer facilities inside the country to avert potential cyber attacks. The country's deputy minister for communications and information technology, Ali Hakim Javadi, Reuters reports that more than 90 percent of all the Iranian government's websites have had their hosting locations transferred inside the country. " Over 30 000 Iranian websites, including those of key institutions such as ministries, were hosted abroad, mainly in North America ," the Islamic Republic News Agency cited Ali Hakim Javadi, the Deputy Minister for Communications and Information Technology, as saying without specifying the countries involved. " The data was at risk of being accessed at any moment ."Iranian officials said last year that malicious software known as Stuxnet affected so
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Corporate fraud vs Anonymous Analytics Group

Corporate fraud vs Anonymous Analytics Group

Dec 22, 2011
Corporate fraud vs Anonymous Analytics Group A new financial research group, Anonymous Analytics  has released a report accusing Chinese firm Chaoda Modern Agriculture of " 11 years of deceit and corporate fraud ". The company is one of China's largest fruit and vegetable suppliers. A faction within the online hacking collective Anonymous has moved into an unlikely new area – exposing corporate fraud and making money in the aftermath. The group alleges that Chaoda's management has funnelled more than $400 million out of the company through false accounting and payments to shell companies. Hong Kong's government announced an investigation into the company on Monday, shortly before the release of the Anonymous report, leading its shares to fall by 26 per cent before being suspended from trading. In a departure from illegal hacking, Anonymous Analytics claims that " all information presented in our reports is acquired through legal channels, fact-checked, and vetted thoroughly befor
Tor anonymity will become illegal with SOPA acts ?

Tor anonymity will become illegal with SOPA acts ?

Dec 22, 2011
Tor anonymity will become illegal with SOPA acts ? The Stop Online Piracy Act (SOPA) is the newest attempt by Congress and corporations in the United States to regulate the Internet. SOPA's proponents include the Motion Picture Association of America and the Recording Industry of America. They view SOPA as a means to counter rampant piracy on the Internet, especially sites such as ThePirateBay.org. A little-noticed section of the Stop Online Piracy Act could make it illegal to distribute Tor and other software that can circumvent attempts by the U.S. government to block pirate Web sites. The effects of SOPA and PIPA will be felt throughout the world, as the way the bill defines "U.S. websites" is so broad as to cover most of the Internet itself. The list of collateral damage the bills are feared to cause goes on, and the list of the bills' critics keeps expanding. In addition to the million+ citizens who have spoken out, the legislation is also opposed by tech companies such a
Kaspersky Internet Security Memory Corruption Vulnerability

Kaspersky Internet Security Memory Corruption Vulnerability

Dec 21, 2011
Kaspersky Internet Security  Memory Corruption Vulnerability Vulnerability-Lab Team discovered a Memory & Pointer Corruption Vulnerability on Kaspersky Internet Security 2011/2012 & Kaspersky Anti-Virus 2011/2012. A Memory Corruption vulnerability is detected on Kaspersky Internet Security 2011/2012 & Kaspersky Anti-Virus 2011/2012. The vulnerability is caused by an invalid pointer corruption when processing a corrupt .cfg file through the kaspersky exception filters,which could be exploited by attackers to crash he complete software process. The bug is located over the basegui.ppl & basegui.dll when processing a .cfg file import. Affected Version(s): Kaspersky Anti-Virus 2012 & Kaspersky Internet Security 2012 KIS 2012 v12.0.0.374 KAV 2012 v12.x Kaspersky Anti-Virus 2011 & Kaspersky Internet Security 2011 KIS 2011 v11.0.0.232 (a.b) KAV 11.0.0.400 KIS 2011 v12.0.0.374 Kaspersky Anti-Virus 2010 & Kaspersky Internet Security 2010 The kaspersky .c
China Software Developer Network (CSDN) 6 Million user data Leaked

China Software Developer Network (CSDN) 6 Million user data Leaked

Dec 21, 2011
China Software Developer Network (CSDN) 6 Million user data Leaked The "Chinese Software Developer Network" ( CSDN ), operated by Bailian Midami Digital Technology Co., Ltd., is one of the biggest networks of software developers in China. A text file with 6 Million CSDN user info including user name, password, emails, all in clear text leaked on internet. The Download Link  (use xunlei to download the file) of the File is available on various social Networks. NowChinese programmers are busy changing their password now. Full archive of 104.9 MB (MD5 = b75678048d100600d3a6c648075636a7) available for Download Now : Here Just did some data ming on CSDN leaked user data. Some interesting findings. Here are the results of Top 100 email providers form 6M CSDN user emails : @qq.com, 1976190 @163.com, 1766919 @126.com, 807893 @sina.com, 351590 @yahoo.com.cn, 205487 @hotmail.com, 202944 @gmail.com, 186843 @sohu.com, 104735 @yahoo.cn, 87048 @tom.com, 72360 @yeah.net, 53292 @21
Backdoor in Android for No-Permissions Reverse Shell

Backdoor in Android for No-Permissions Reverse Shell

Dec 21, 2011
Backdoor in Android for No-Permissions Reverse Shell Security expert Thomas Cannon working at viaForensics as the Director of R&D has demonstrated a custom-developed app that installs a backdoor in Android smartphones – without requiring any permissions or exploiting any security holes. Thomas built an app which requires no permissions and yet is able to give an attacker a remote shell and allow them to execute commands on the device remotely from anywhere in the world. The functionality they are exploiting to do this is not new, it has been quietly pointed out for a number of years, and was explained in depth at Defcon 18 . It is not a zero-day exploit or a root exploit. They are using Android the way it was designed to work, but in a clever way in order to establish a 2-way communication channel. This has been tested on Android versions ranging from 1.5 up to 4.0 Ice Cream Sandwich, and it works in a similar way on all platforms. The application operates by instructing the br
US Chamber Of Commerce Hit by Chinese Hackers

US Chamber Of Commerce Hit by Chinese Hackers

Dec 21, 2011
US Chamber Of Commerce Hit by Chinese Hackers A group of hackers in China breached the computer defenses of America's top business-lobbying group and gained access to everything stored on its systems, including information about its three million members. The hackers may have broken into the Chamber's network more than a year before they were discovered. It is not confirm when the initial break-in occurred but security officials from the Chamber quietly shut the breech down in May of 2010. " What was unusual about it was that this was clearly somebody very sophisticated, who knew exactly who we are and who targeted specific people and used sophisticated tools to try to gather intelligence, " the Chamber's chief operating officer David Chavern told the Journal in an interview published today. It isn't clear how much of the compromised data was viewed by the hackers.Chamber officials said the hackers had focused on four Chamber employees who worked on Asia poli
Windows 7 64 bit Memory Corruption Vulnerability

Windows 7 64 bit Memory Corruption Vulnerability

Dec 21, 2011
Windows 7 64 bit Memory Corruption Vulnerability A person known by the alias of " w3bd3vil " on twitter released an HTML snippet that will cause the 64 bit version of Windows 7 to blue screen if viewed under Safari. The underlying vulnerability is however not a flaw in Safari but rather a flaw in the Windows kernel mode device driver, win32k.sys. " A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large "height" attribute viewed using the Apple Safari browser. Successful exploitation may allow execution of arbitrary code with kernel-mode privileges ," the Secunia advisory said. The possibility that the vulnerability can be exploited by using means other than Safari cannot be ruled out.
Bypass SOPA (Stop Online Piracy Act) DNS Blocking with DeSopa 1.1

Bypass SOPA (Stop Online Piracy Act) DNS Blocking with DeSopa 1.1

Dec 21, 2011
Bypass SOPA (Stop Online Piracy Act) DNS Blocking with DeSopa 1.1 A developer who calls himself T Rizk doesn't have much faith in Congress making the right decision on anti-piracy legislation, so he's built a work around for the impending censorship measures being considered  DeSOPA . The Firefox add-on is stunningly simple as the Stop Online Piracy Act (SOPA) would block specific domain names (e.g. www.thepiratebay.com ) of allegedly infringing sites. Firefox, which already boasts an outspoken stance against SOPA, and has already shown they are willing to stand by add-on developers who create circumvention extensions designed to go around measures currently employed by Homeland Security, has welcomed a new add-on, one that is designed to circumvent whatever SOPA website blacklists that are created, provided the bills become law. A new anti-SOPA add-on for Firefox, titled " DeSopa " is such a counter measure.When installed, users can click a single button to resolve a blo
Apple Crash Reports Help Hackers to create a jailbreak exploit

Apple Crash Reports Help Hackers to create a jailbreak exploit

Dec 17, 2011
Apple Crash Reports Help Hackers to create a jailbreak exploit iPhone " jailbreaking " has been a hot topic since Apple released its smartphone more than two years ago. According to the Latest report posted by BBC  that Thousands of iPhone owners have joined forces with a team of hackers to help them find new ways to jailbreak Apple's phone software & Jailbreakers use Apple crash reports to unlock iPhones. You may be wondering and hearing alot on " What Is Jailbreaking an Iphone? How do you do that? " Jailbreaking is basically modifying the iPhone's firmware so that you can get access to the internals of its operating system and install a whole slew of third-party applications on your iPhone that are not otherwise available through official channels.Jailbreaking your iPhone in and of itself doesn't normally make much difference in your operation of it, but it does allow you to install other third-party applications that are not blessed by Apple. A collective of
Cybersecurity Resources