The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Cloudworm - Candidate MS12-020 - POC How secure are cloud servers? In technical circles, people are aware of the cloud variables and that cloud service providers offload the virtual machine security onto the customer as much as possible. Technical people know this. Not all cloud customers fall into this category and not all clouds are created equally. There are more casual and also very (too busy) customers as well. It is highly probably that many Windows cloud images may be vulnerable to a MS12-020 RDP exploit by default. New research using the nmap nse script " rdp-ms12-020.nse " developed by @ea_foundation shows that all Rackspace Windows cloud images are vulnerable by default. And on AWS EC2 any existing, unpatched Windows AMIs or EBS images (pre 2012.03.13) that are booted with the AWS Management Console default firewall ruleset are vulnerable as well. A Cloudworm Although cloud service providers have taken some steps to mitigate MS12-020, it is nowhere near enough

Johnny - GUI for John the Ripper Johnny is a GUI for John the Ripper. It was proposed by Shinnok. s release includes all things from development release plus nice tabbed panel for mode selection and some additional clean-ups. Basic functionality is supposed to work: password could be loaded from file and cracked with different options. The reasoning behind Johnny is simple but at the same time profound: Complexity through simplicity and non-intrusive expert and non-expert availability. Johnny is a GUI concept to John the Ripper written in C++ using the Qt framework, making it cross-platform on both Unix/Linux and Windows operating systems. It was programmed as a part of the Google Summer of Code 2012 and supports bother 32-bit and 64-bit architectures. The interface also leaves room for lots of new options, either future John options, as well as GUI specific options like, hash detection, dictionary editing and generation or interactive bruteforce charsets or rules creation and many

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

POC Android botnet - Command and Control Channel over SMS To avoid detection, this proof-of-concept code utilizes the Short Messaging Service (SMS) as a command & control channel. This adds fault tolerance because, if a smartphone is not available on the GSM network due to being powered off or out of service range, when an SMS message arrives for delivery, the message is queued and delivered by the network. Download the POC code from Here. Compiling instructions are simple and straight forward. Please follow these: Compile with arm-gcc with the -static flag set Copy to anywhere on the underlying OS that is writable (/data/ is good). Rename /dev/smd0/ to /dev/smd0real/ Start the bot application Kill the radio application (ps | grep rild) The radio will automatically respawn and now the bot proxy will be working The PoC code for smartphone botnet C&C over SMS was presented at the Shmoocon held in January 2011. It seems that the author also has it working for the

Cyber Warfare - The Hacker News Magazine April 2012 Edition Call it Cyber Warfare, Terrorism, Computer Mania this month The Hacker News turns over every leaf of the newest way world citizens are fighting wars and using their keyboards to destroy planet earth. Most call it Cyber Warfare and we are once again proud to have some fantastic writers like Pierluigi Paganini , Mourad Ben Lakhoua , Lee Ives , Paul F. Renda and Ahmed Sherif back with us to help educate all our readers about the impending cyber war crisis and what we can do about it. Pierluigi Paganini gives us a step by step technical understanding of the issue and Ahmed Sherif gives a fantastic look at SCADA, the workings and the take downs. Join us as we explore this new frontier and let us know how you feel and what you have learned! Download   (Cyber Warfare)   April Edition [7.05 Mb PDF] Want to Download All other Editions ? [ Click Here ]

The Pirate Bay Buys Greek Airspace for Launching Low Orbit Server Drones Few days back we reported that , One of the world's largest BitTorrent sites " The Pirate Bay " is going to put servers on GPS-controlled aircraft drones in order to evade authorities who are looking to shut the site down. Most of the people from World didn't take it serious, well but The Pirate Bay is apparently deadly serious about investing in drone servers that it will fly in international airspace to make it incredibly difficult for governments to stop its expansion. A blog posting on the Pirate Bay site said the service had gone offline for a few hours on 18th March to move its front machines (which redirect a user's traffic to a masked location). " We have now decided to try to build something extraordinary ," it said. If actually happening, it is part of a wider move to stay several steps ahead of the law, with The Pirate Bay gleefully thumbing its nose at the legislative attempts

New Java Exploits boosts BlackHole exploit kit A widely disseminated exploit kit popular with hackers has been updated to take advantage of a recently discovered Java vulnerability. Researchers at Microsoft reported last week that it had observed this vulnerability being exploited in the wild. The Java exploit allows attackers to bypass the Java Runtime Environment's sandbox platform to install malicious code remotely. The malicious Java applet is loaded from an obfuscated HTML file. The Java applet contains two Java class files one Java class file triggers the vulnerability and the other one is a loader class used for loading. Named CVE-20120-0507, the flaw essentially allows hackers to bypass the Java sandbox, which is a mechanism designed to blunt attacks from malicious code. For its part, the BlackHole exploit kit, available underground, allows users armed with only basic computer knowledge to set up malicious websites to target vulnerable computers through the web browser

Lulzsec Ryan Cleary Again in Jail for breaking his bail conditions The lawyer for a 19-year-old Briton Ryan Cleary suspected of links to the hacking group Lulz Security says her client's back behind bars for breaching his bail conditions. Mr Cleary, is accused of being a member of the hacktivist group LulzSec as it carried out a series of attacks on targets including the UK's Serious Organised Crime Agency, the CIA and News International. Cleary, who was never an official LulzSec member but ran an Internet Relay Chat that the group used to communicate, had apparently been trading e-mails with Hector Xavier Monsegur, a.k.a. Sabu, the recently outed LulzSec mastermind turned FBI informant. That was a direct violation of his bail agreement, which dictated that Cleary was to have no access to the Internet whatsoever. The Metropolitan Police said Cleary was rearrested on March 5, a day before the FBI disclosed that Monsegur, better known as Sabu, had been secretly working as

Chinese hacker targeting Indian government and Tibetan activists Sites Websites of Indian government and Tibetan activists in the country are under attack in a cyber attack campaign engineered by a Chinese hacker, working with one of the world's largest e-tailers Tencent. The cyber criminal in question is Gu Kaiyuan, once a graduate student at a Chinese university that receives government financial support for its computer security program and currently an employee at Chinese portal Tencent. Before Kaiyuan initiated the exploits, collectively called the Luckycat campaign , he was involved in recruiting students for his school's computer security and defense research. The Luckycat cyber campaign, has been linked to 90 attacks in recent past against targets in India and Japan, as well as against Tibetan activists, said the report released by the Japanese network security firm. 'Luckycat' has been able to compromise about 233 computers many of which are in India. A report

Android Malware as Chinese game " The Roar of the Pharaoh " Security researchers have spotted a bogus Chinese game, that's actually a trojan horse gathering sensitive information from infected devices, next to sending premium-rate SMS messages. It is Chinese game that is original with its rights but on Android it is a fake application that inherits malware Trojan to steal important information from your cell phone. The malware works after an unknowing Android handset owner installs the app, allowing the malware to collect data, such as phone number, IMEI number, phone model, screen size and platform, and recording the OS version and platform used for sending via SMS to the Trojan's authors. But it also noted the new Trojan is unusual as it does not ask for any specific permissions during installation, which is often an indicator an application is up to no good.It added the malware masquerades as a service called " GameUpdateService " a very plausible name for a

U.S. Ambassador claim to be hacked by Russians Michael McFaul, the U.S. ambassador to Russia, took to Twitter Thursday night to accuse Russian media organization NTV of hacking his cell phone and email account. " I respect the right of the press to go anywhere & ask any question. But do they have a right to read my email and listen to my phone? " he tweeted this afternoon. when McFaul arrived for a meeting with the group For Human Rights today, reporters from state-owned NTV began peppering him with questions that kept him on the freezing street without a coat." Everywhere I go NTV is there. Wonder who gives them my calendar? They wouldn't tell me. Wonder what the laws are here for such things? " McFaul tweeted. Russian news agencies said NTV dismissed McFaul's complaint, and officials at the station, which is owned by Gazprom, the state-controlled monopoly, said they have a network of informants who provide them with information. Mr McFaul suggested the television reporters iden