The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Your Facebook credentials at risk on Android - iOS jailbroken devices Facebook allows its authentication credentials to be stored in plain text within the Apple iOS version of its mobile app, allowing an attacker complete control over your Facebook account if he knows where to look. Security researcher Gareth Wright noted the vulnerability and alerted Facebook. Wright wrote on his blog that he discovered the issue while exploring the application directories in his iPhone with a free tool and came across a Facebook access token in the Draw Something game on his phone. The simple 'hack' allows a user to copy a plain text file off of the device and onto another one. This effectively gives another user access to your account, profile and all on that iOS device. Facebook's native apps for the two platforms not encrypting your login credentials, meaning they can be easily swiped over a USB connection, or more likely, via malicious apps. Facebook has responded that this issue only appl

Indian government get access to BlackBerry messages After a battle lasting almost two years, BlackBerry maker Research In Motion has knuckled under to the Indian government, giving security forces in that country access to private instant messages. RIM decided to set up Blackberry servers that were stationed in Mumbai, India. If you were thinking that this move could only lead to the Indian government seeking more control over what goes in and out of RIM's Blackberry servers, you would be right on the money. Not only has the Indian government gotten their way with the Blackberry servers, but they will now be able to tap into BBM messages. This was confirmed by Indian security agencies who revealed that the process to decrypt the 256-bit encrypted data used by BBM is underway and would be up and running soon, claiming that the interception of BBM messages will be used in case where the government suspects that crimes or terror plots are being hatched. It should also be noted that

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Anonymous vs Britain's Home Office - Operation Trial At Home As announced during last days Anonymous has launched a Distributed Denial of Service (DDoS) against several UK government websites. A massive recruiting campaign is started on social media, a call to arm to protest the extradition of U.K. citizens to the United States. The Operation named " Operation Trial At Home ," fight the European Arrest Warrant (EAW) that could lead to the extradition of three accused criminals by the U.K.'s Home Office, the government department responsible for domestic security. Anonymous has provided Home Office's IP address in its announcement to the supporters, Scheduling for April 7 the a DDoS ( with denial-of-service) attacks against the Home Office's website. During the week I wrote and article on the intent of the famous group of hacktivist and on the possible reasons of the action. The attacks have mainly two motives: to protest against the extradition of Gary McKinnon, Christopher H

Joomscan 4.4.2012 Security Scanner - 623 Vulnerabilities Added Security Team Web-Center just released an updated for Joomscan Security Scanner. The new database Have vulnarbilities 623. Joomla! is probably the most widely-used CMS out there due to its flexibility, user friendlinesss, extensibility to name a few.So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity.It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites. Check for new updates with command: ./joomscan.pl or check ./joomscan.pl update . A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site. Download for Windows (141 KB) Download for Linux (150 KB)

LulzSec hacker pleads guilty in Sony breach Accused LulzSec hacker Cody Kretsinger pleaded guilty today in a federal court in Los Angeles, California, to felony charges associated with the breach of Sony Pictures Entertainment that occurred in mid-2011. The hacker had previously pleaded not guilty.Kretsinger was arrested last September, months before the recent raid on the "leaders" of the group. The hacker had been charged with conspiracy and the unauthorized impairment of a protected computer and pleaded not guilty at the time for both counts. The indictment accused Kretsinger and co-conspirators of stealing confidential information from Sony Pictures' computer systems and distributing the material on LulzSec's website before trumpeting the attack on Twitter. The breach caused more than $600,000 in damages, according to court papers. He and other LulzSec hackers, including those known as "Sabu" and "Topiary," stole the personal information

British Paypal hacker jailed for stealing millions Identities A UK cybercrook has been jailed for 26 months following his conviction for stealing millions of banking and PayPal identities. According to Report, Southwark Crown Court heard how Edward Pearson, 23, could have made about £834,000 if he chose to use the information he hacked out of people's Paypal accounts. Pearson, an 'incredibly talented' boarding school student who carried out the crime for an 'intellectual challenge', has been jailed for two years and two months. "One of his programs scanned through 200,000 accounts registered to online payment service PayPal - identifying names, passwords and current balances." according to the Daily Mail. Pearson might have been able to cash out the compromised accounts and make hundreds of thousands in ill-gotten gains. But in the event he actually only made £2,400 before his 21-year-old student girlfriend, Cassandra Mennim, used stolen credit cards to book

Al-Qaeda websites hacked and remains down for past 12 days Al-Qaeda's main internet forums have been offline for the past 12 days in the longest sustained outages of the sites since they began operating. Several online forums frequently visited by al-Qaeda operatives were downed over the course of the last few weeks, including two of the terrorist organization's top sites, al-Fida and Shamukh al-Islam. No one has claimed responsibility for disabling the sites but the breadth and duration of the outages have prompted speculation the forums have been taken down in a cyber attack launched perhaps by a government or hacking group. The digital sabotage could have been carried out by any number of governments or private hackers, said James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies. Some analysts have speculated that the administrators of the sites might have taken them down if they suspected that the forums had

" Reboot " - Upcoming latest Hacker Movie you should watch Rosa Entertainment and Jan-Ken-Po Pictures just announced that their cyberpunk thriller short film " Reboot " will launch with a Sneak Preview at DEFCON. Written and Directed by Joe Kawasaki, and Produced by Sidney Sherman, the film stars a bevy of hot up-and-coming actors including Emily Somers (Gabriele Muccino's upcoming "Playing the Field"), Travis Aaron Wade ("War of the Worlds"), Martin Copping (Australian series "Neighbours"), Sonalii Castillo ("NCIS"), and Janna Bossier (Slipnot's "Vermilion"). Set within a dystopian world that is a collision between technology and humanity, "Reboot" touches upon many of the current social and political concerns that arise from becoming more and more intertwined with the virtual. In contemporary Los Angeles, a young female hacker (Stat) awakens from unconsciousness to find an iPhone glued to her hand and a mysterious countdown ticking away on the display. Suffering fr

More than 600000 Macs system infected with Flashback Botnet The computer security industry is buzzing with warnings that more than half a million Macintosh computers may have been infected with a virus targeting Apple machines. Dr. Web originally reported Wednesday that 550,000 Macintosh computers were infected by the growing Mac botnet. But later in the day, Dr. Web malware analyst Sorokin Ivan announced on Twitter that the number of Macs infected with Flashback had increased to 600,000, with 274 of those based in Cupertino, Calif. Dr. Web explained that a system gets infected with the Mac Flashback trojan " after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system ." A specific JavaScript code on the site that contains the virus is then used to load a Java applet, which is how the malware makes its way onto a user's computer. This Trojan spreads via infected web pages and exploits Java vulnerabilities that have be

Anonymous Plans 7 April Attack on British government UK hackers linked to the Anonymous group are encouraging supporters to attack the Home Office website this Saturday (7 April) in protest at the extradition of three UK citizens to the US. Called #OpTrialAtHome , the hacktivist group @AnonOpUK posted a warning on its Twitter page that an attack on the Home Office was planned for Saturday, 7 April. An associated photo/poster shows images of Gary McKinnon, Richard O'Dwyer and Christopher Tappin. McKinnon and O'Dwyer are awaiting extradition from the UK to the US. Tappin's extradition was effected on 24 February when he was flown to El Paso, Texas. Supporters have been encouraged to launch denial-of-service attacks on the Home Office's IP address, which Anonymous has revealed. Those not savvy enough to launch automated attacks on the site could contribute to the effect by simply visiting the site in large numbers. Julian Assange, the editor-in-chief and founder of WikiLeaks,

Anonymous hacks 500  Chinese websites Messages by the international hacking group Anonymous went up on a number of Chinese government websites on Thursday to protest internet restrictions. " Dear Chinese Government, you are not infallible, today websites are hacked, tomorrow it will be your vile regime that will fall, " the message read in English. " So expect us because we do not forgive, never. What you are doing today to your Great People, tomorrow will be inflicted to you. With no mercy. Nothing will stop us, nor your anger nor your weapons. You do not scare us, because you cannot afraid an idea. " Some of the messages were directed at the Chinese people while others addressed the government. Some websites that Anonymous said it attacked were working Thursday, and government officials denied the sites were ever hacked. China's National Computer Network Emergency Response Technical Team was not available for immediate comment. The hacks were announced on

Internet #Censorship : CISPA - Newest Cyber Security Bill If you download and distribute copyrighted material on the Internet, or share any information that governments or corporations find inconvenient, you could soon be labeled a threat to national security in the United States. That's the aim of a bill in Congress called the Cyber Intelligence Sharing and Protection Act (CISPA). The good news is that SOPA and PIPA haven't come to pass, but the bad news is that they could be followed by a bill that is even more invasive and could violate even more of your civil liberties. According to a press release issued last week, the bill already has over a 100 congressional co-sponsors. Yet the bill is only now beginning to appear on the public radar. CISPA would let companies spy on users and share private information with the federal government and other companies with near-total immunity from civil and criminal liability. It effectively creates a 'cybersecurity' exemption to all existi