The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Carberp Banking Trojan Scam - 8 Arrested in Russia 8 Men suspected of being involved in the Carberp phishing scam have been arrested in Russia. The men were arrested after a joint investigation by the Russian Ministry of Internal Affairs (MVD) and Federal Security Service (FSB). According to the MVD, the investigation found that two brothers were the ringleaders of the gang, and developed a plan to steal money from the accounts of online banking customers. The eight suspects allegedly stole more than 60 million Rubles ($2 million) from 90 victims using the Carberp Trojan. Russian security firm who assisted with the investigation, pegged the stolen loot at 130 million Rubles ($4.5 million). Police confiscated computers, bank cards, notary equipment, fake documentation, and more than 7 million Rubles ($240,000) in cash during the raid. The gang used the Carberp and RDP-door Trojans to snare victims. Carberp is a well-known Trojan that was recently seen on Facebook as part of a scam

Face to Face with Duqu malware Once again we discuss about Stuxnet, cyber weapons and of the malware that appears derivate from the dangerous virus. The international scientific community has defined a Stuxnet deadly weapon because been designed with a detailed analysis of final target environment supported by a meticulous intelligence work that for the first time in history has embraced the world of information technology. The agent was designed with the intent to strike the Iranian nuclear program and even more clear is who has always opposed such a program, U.S. and Israel first, and consider also the technology skill necessary to develope a weapon with the observed architecture is really high. Extremely important two factors af the event: 1. the choose of control systems as target of the malware. 2. the conception of the virus as an open project, a modular system for which it was designed a development platform used to assemble the deadly cyber weapons in relation to the final

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Vulnerability in Google Earth Software exposed by longrifle0x Ucha Gobejishvili, Security researcher also known as Longrifle0x , found another Interesting Security issue in one of the most famous software called,  Google Earth. He found a critical code execution vulnerability on google earth software client. For Proof of Concept , One can download any version of Google Earth, Then open "Click Placemark" , Put a malicious code there as one sample given below and Execute your code. Another past bug hunting by  Longrifle0x : 1.)  Cross Site Scripting (XSS) Vulnerability in Google 2.)  Skype Cross Site Vulnerabilities, user accounts can be Hijacked 3.) [POC] Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37 and More..

CNCERT Claims - Raising Web attacks on China China's National Computer Network Emergency Response Technical Team (CNCERT/CC)is claiming attacks on public and private organisations from outside of its borders have rocketed in the past year from five million computers affected in 2010 to 8.9m in 2011. They found 47,000 foreign IP address involved in remotely accessing and controlling computers in China during a random sample investigation in 2011. ' This shows that Chinese websites still face a serious problem from being maliciously attacked by foreign hackers or IP addresses ,' Mr Wang Minghua, deputy director of the team's operation department. It said Japan was the source of most attacks, 22.8 percent, followed closely by the United States, 20.4 percent, and the Republic of Korea, 7.1 percent. China has the world's largest Internet population. The number of its Internet users reached 485 million last June. However, a high percentage of that population had experi

NASA sub-domain and Australian Police targeted by Hackers Hacker with name " Black Jester " hack another subdomain (  https://airtrafficconflictresolutions.arc.nasa.gov )   of  NASA. Hacker compromise the database of site and leak password hashes of Users and Database Info also. The leaked info posed on Pastebin Note . In Another Attack, Hacker - S3rver.exe managed to breach the official website of the International Police Association of Australia (ipa-australiapolice.com.au). A Pastebin paste made by the hackers contains the site's database structure along with names, usernames, email addresses and password hashes, Softpedia Reported. The hackers claim that they have warned International Police Association representatives that the site contains some serious vulnerabilities, but apparently they did nothing to secure it. The hackers also tried to root the servers, but apparently it can't be rooted.