The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Internet censorship in Pakistan , National Filtering and Blocking System A Pakistan government department has called for proposals for the development, deployment and operation of a national level URL Filtering and Blocking System. The proposal request states that each box of the system " should be able to handle a block list of up to 50 million URLs with a processing delay of not more than 1 millisecond. " According to a request for proposals from the National ICT (Information and Communications and Technologies) R&D Fund, the Pakistani government is struggling to keep a lid on growing Internet and Web use and is looking for a way to filter out undesirable Web sites. The 'indigenous' filtering system would be 'deployed at IP backbones in major cities, i.e., Karachi, Lahore and Islamabad,' the RFP . According to a post on EEF , Ever since the Pakistan Telecommunication Act, passed in 1996, enacted a prohibition on people from transmitting messages that are " fals

Hackers leak objectionable  Photos from LA cops inbox CabinCrew group of Hackers, that claims to have found, and reported, objectionable photos of children in an officer's private e-mail account, anonymously posted hacked police data to a website. More than 100 local law enforcement officers had their private information pilfered and published on a public website prompting a response from the FBI " Over the past three weeks, we in the cabin have been targeting law enforcement sites across the United States, be it for injustices they have allowed through ignorance or naivety, taken part in, or to point out the fact that their insecurity failed to protect the safety of those they took an oath to serve, " the hacker statement on the Pastebin site said. The hackers posted officers' property records, campaign contributions, biographical information and, in a few cases, the names of family members, including children. Authorities said the current intrusion is different

Facebook app spreading Android Malwares Even though Google recently introduced a malware-blocking system called Bouncer to keep the Android Market safe from malicious software, crafty spammers and fraudsters are still managing to find ways around the restrictions to get their software onto users' phones. Security firm, Sophos have reported that there is malware going around via the Facebook application. The malicious software disguises itself as an Android app named "any_name.apk" or "allnew.apk" and is sent to Android phones via Facebook's mobile app.  An Android user may receive a Facebook friend request and if the user goes to the requester's profile to check them out, they could be diverted to another web page instead, where the malicious app will be automatically downloaded. Although Android doesn't by default allow apps to be automatically downloaded, some users choose to turn off this protection in order to have access to apps distributed outside of the Android Market. This

There's a natural human desire to avoid threatening scenarios. The irony, of course, is if you hope to attain any semblance of security, you've got to remain prepared to confront those very same threats. As a decision-maker for your organization, you know this well. But no matter how many experts or trusted cybersecurity tools your organization has a standing guard, you're only as secure as your weakest link. There's still one group that can inadvertently open the gates to unwanted threat actors—your own people. Security must be second nature for your first line of defense For your organization to thrive, you need capable employees. After all, they're your source for great ideas, innovation, and ingenuity. However, they're also human. And humans are fallible. Hackers understand no one is perfect, and that's precisely what they seek to exploit. This is why your people must become your first line of defense against cyber threats. But to do so, they need to learn how to defend thems

Millions of pcAnywhere users still Vulnerable to hijacking 3 weeks before we reported that Symantec releases patch to address pcAnywhere source code exposure, because attackers had obtained the remote access software's source code. But According to H.D. Moore, chief security officer at Rapid7, estimated 150,000 to 200,000 PCs are running an as-yet-unpatched copy of the Symantec software. While Symantec said it had patched all the known vulnerabilities in pcAnywhere. Symantec has released new information and a patch to address the recent code exposure incident. According to Computerworld report, PCs connected to the Internet, including as many as 5,000 running point-of-sale programs that collect consumer credit card data, could be hijacked by hackers exploiting bugs in the troubled program. Symantec released a patch that eliminates known vulnerabilities affecting pcAnywhere 12.0 and pcAnywhere 12.1.At this time, Symantec recommends that all customers upgrade to pcAnywhere 1

Zero-day Smartphone Vulnerability exposes location and User Data Smartphones are increasingly becoming the preferred device for both personal and professional computing, which has also attracted hackers to increase their focus on creating malware and other security vulnerabilities for these devices. A former McAfee researcher " Dmitri Alperovitch " has used a previously unknown hole in smartphone browsers to plant China-based malware that can record calls, pinpoint locations and access user texts and emails. He conducted the experiment on a phone running Android operating system, although he saysApple Inc.'s iPhones are equally vulnerable. Android is particularly vulnerable because it has become the main operating system for mobile devices. Today most smartphones are android-based therefore there is a huge dividend for hackers to write Android-targeted malware compared to other operating systems. Alperovitch, who has consulted with the U.S. intelligence community, is

Another #FuckFBIFriday , Anonymous hack FBI partner Infragard As Anonymous has promised that it will attack government, corporate and law enforcement web sites every Friday, So Anonymous has attacked the FBI affiliate Infragard for the second time, this time taking over and defacing the web site of its Dayton, Ohio chapter. Hackers give message " Greetings Pirates! Another #FuckFBIFriday is here and once again we emerge from the hacker underground to wreak havoc upon the 1%'s institutions of repression " . InfraGard is a private non-profit organization serving as a public-private partnership between the U.S. businesses and the FBI. However, Anonymous has its own definition - " the sinister alliance between law enforcement, corporations, and white hat wannabees, " the group wrote in a note it posted onto the homepage of InfraGard Dayton, Ohio. Mirror link of hack is here .

Spain Police under Anonymous attacks after another Arrests in Spain Anonymous attacks Official Site of the National Police ( https://policia.es/ ) after the arrests of suspected Anonymous hacktivists . The Spanish branch of the group has reported that six hacktivists have been arrested in Spain over the past few days. The police did not confirm the identity of the suspects, but claimed the force's technological investigation brigade is conducting a large operation. Anonymous Tweet : " @AnonOps 6 #Anonymous were caught by the police in spain. They're talking about a big anti-hack operation" We know. Expect uspolicia.es DOWN | #Anonymous #Spain " . Last week, Following the arrest of three young Anonymous hackers in Greece, the collective carried out a second assault on the ministry of justice's website, defacing its homepage. Last June Anonymous launched #OpPolicia, a successful DDoS attack against the Spanish National Police website. The attack was a direc

Metasploit Framework 4.2.0 : IPv6, VMware, and Tons of Modules! Since last release in October, Metasploit added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads.  Metasploit 4.2 now ships with thirteen brand new payloads, all added to support opening command sessions and shells on IPv6 networks. In addition, Metasploit's existing arsenal of payloads has been updated to support IPv6 as well. With this release comes a pile of new modules targeting VMware vSphere/ESX SOAP interface, as well as a pair of new brute force modules to audit password strength for both vmauthd and Virtual Web Services. Metasploit 4.2 now ships with fourteen new resource scripts, nearly all of which were provided by open source community contributors. These scripts demonstrate the power of Metasploit's extensible architecture, allowing programmatic Metasploit module usage through the powerful Ruby scripting language. Download Metasploit Framework 4.2.0  and Re

PacketFence 3.2.0 released The PacketFence development team has published version 3.2.0 of its open source network access control (NAC) system. PacketFence allows organisations to increase control over their network by enforcing authentication and registration for newly connected devices. It also enables abnormal network activity detection and the isolation of troublesome devices. New features in 3.2.0 OpenVAS Vulnerability Assessment integration for client-side policy compliance Bandwidth violations based on RADIUS accounting information Billing engine integration for allowing the use of a payment gateway to gain network access. PacketFence 3.2.0  fix Reflected Cross-site scripting (XSS) in Web Admin printing system. Further information about the update, including a full list of changes, can be found in the official release announcement and in the change log . PacketFence 3.2.0 Download

Minister's email hacked by Socialist Workers Party The employment minister claims his email has been hacked by campaigners against a Government work experience scheme, which is continuing to attract controversy. Chris Grayling accused a group of socialist activists of pressuring firms to quit the scheme amid accusations that it was "slave labour" because youngsters worked for nothing, while keeping their benefits. But his claim that his email was hacked as part of the campaign clearly sent alarm bells ringing across Whitehall, and a retraction was hastily issued. He also claimed that firms reportedly pulling out of the programme, including supermarket giant Sainsbury's, had never formally been involved in the Government initiative because they ran their own scheme.  [ Source  to read more]

Skype Cross Site Vulnerabilities , user accounts can be Hijacked The independent security researcher Ucha Gobejishvili has detected a cross site scripting (XSS) vulnerabilities affecting shop.skype.com and api.skype.com . According to a blog post on 1337 Blog , the XSS flaw discovered on these sites could allow an attacker to hijack cookies if he manages to convince the potential victim to click on a specially designed link. If exploited successfully, a hacker could hijack the user's session and even steal his/her account. Skype has been informed of the vulnerabilities and is currently investigating. Other XSS discovered by him are listed  here .

Crime with $50 GPS jammer increasing rapidly in UK Too many are using illegal GPS jamming devices on UK roads, according to a study, and are putting critical emergency systems at risk of failure and it's at extreme risk from criminals, terrorist organizations and rogue states and even someone with a rudimentary GPS jammer that can be bought on the Internet for $50. It's thought that those using GPS jammers could be doing so to block tracking systems installed on the vehicles, suggesting that they might be stolen. Initial findings using six months' worth of data from 20 probes suggests that between 50 and 450 incidents of deliberate GPS jamming take place every day across the UK. Jammers vary wildly in effectiveness and power output. A recent study by GPSWorld of 18 commercially available receives showed an effective range that varied from 300 meters up to 6 kilometers. The danger of such devices affecting critical safety systems is obvious. In 2009 investigators discov