The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Google raises Hackers bounties to $20,000 Google on Monday raised to $20,000 its bounty on software bugs that hackers could exploit for cyber attacks on the Internet giant's online services. The maximum reward for exposing a vulnerability that would let an intruder's code get up to mischief in a Google data centre was ramped up from the $US3,133 ($A3,030) payout set when the bounty program was launched in November of 2010. Remote code flaws found in Google's Web apps will also be rewarded $20,000.The term "remote code execution" refers to the most serious category of vulnerabilities, those which when exploited allow an attacker to hijack a system and/or plant malware on a machine. A $10,000 bounty will be paid for SQL injection bugs or significant authentication bypass or data leak vulnerabilities, Google said in the revised rules for the program. At Google's Pwnium contest in March, Google paid out $60,000 prizes to anyone that could exploit the Chrome b

Iran Replicating Captured U.S. Drone RQ-170 Sentinel Iranian military aerospace chief General Amir Ali Hajizadeh was quoted having said:" The Americans should be aware to what extent we have infiltrated the plane. " Iran has broke the encryption codes and begun construction of a replica of the United States surveillance drone captured last year, according to Iranian officials. American spy drone that went down in Iran last year, including information that the aircraft was used to spy on Osama bin Laden weeks before he was killed. Iran also said it was building a copy of the drone. US Senator Joe Lieberman dismissed the claim that a copy was being made as " Iranian bluster " saying, "they're on the defensive because of our economic sanctions against them". The U.S. says the drone malfunctioned and downplayed any suggestion that Iran could mine the aircraft for sensitive information because of measures taken to limit the intelligence value of drones operating

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Fuck CISPA - Stop censoring Internet ! -  By:    Patti Galle, Executive Editor The Cyber Intelligence Sharing and Protection Act (CISPA) H.R. 3532 is a new bill being introduced in Congress that is gunning to blast the ongoing cyber attacks that have occurred since internet users figured out the keyboard could be an effective weapon. If passed through Congress, the bill would allow the government access to personal correspondence of any person of their choosing. Once again, we are being fucked by those nosey neighbors in our government. You should be very mad and very afraid because CISPA is far worse than SOPA and PIPA in its effects on the internet. The wording of this bill is mumbo jumbo, vague and broad. Reading through the nonsense, basically the act would allow Congress to circumvent existing exemptions to online privacy laws, and would allow the monitoring and censorship of any user of the internet. Peeping Toms will be wetting their pants. The real kicker (in our asses) is

Have you ever wondered how Hackers or Black Hats hack into a computer system ? Our Hacker Boot Camp training session will teach you how this can be done. You will be shown the techniques, tools and methods that the hacker uses. This insight will help you understand how to better protect your IT architecture and identify the vectors of attack that hackers use. The Hacker News organising an Advance Ethical Hacking and Cyber Security Boot Camp at Delhi, India. All of our instructors are experts in their field and maintain respected reputations within the security community. CCSN is a revolutionary new certification in the field of information security training program for amateurs and professionals to help you gain the skills you need to become an expert in the field of information security. This specialized certification assures potential employers and customers that you have a level of advanced knowledge to detect and offer support for some of the most advanced security

TapLogger Android Trojan cab Determine Tapped Keys Today's smartphones are shipp ed with various embedded motion sensors, such as the accelerometer, gyroscope, and orientation sensors. These motion sensors are useful in supporting the mobile UI innovation and motion-based commands. However, they also bring potential risks of leaking user's private information as they allow third party applications to monitor the motion changes of smart phones. A team of researchers from Pennsylvania State University (PSU) and IBM have devised an Android-based Trojan that can use a handset's onboard movement sensors to crack passwords. The team created an experimental app called TapLogger , which is based on the premise that when you tap on your touch screen, you're not just interacting with the screen, but moving the entire device. So if you hit a button in the upper right corner, your phone will actually move in that direction slightly, and that subtle movement is then read by the accele

US-based website covering China's Bo Xilai scandal hacked A US-based website that has reported extensively on the Bo Xilai scandal in Chongqing says it has been crippled by a concerted hacker attack. The site was rendered inaccessible for much of Thursday, depriving readers of coverage of the latest developments in the downfall of Chinese Communist Party official Bo Xilai, said Watson Meng, 47, who runs the Chinese-language site from Durham, North Carolina. Watson Meng, the manager of the Boxun.com website, said it was out of action for several hours after a denial of service attack, in which several hackers overload a website with enquiries.The site was set up in 2000 to report on the pro-democracy movement and has been attacked before. The scandal has deeply embarrassed party leaders. Six years ago, when Shanghai powerful party chief Chen Liangyu was sacked in a corruption purge, Chinese social media was in its infancy and months went by with no word on the case against hi

Hackers Launch DDoS Attack on D.C. Government Websites Hackers launched a DoS denial of service attack on D.C. government websites today, clogging the system with a flurry of requests so that it operates extremely slow or is impossible to load. " The District government has detected an attempted intrusion into it's technology infrastructure system, " the D.C. Department of Homeland Security and Emergency Management said in an email to specified recipients around noon. " Customers may experience intermittent difficulties in accessing the District's web site as we attempt to address the issue. We are aggressively working to resolve this matter. " In January the group launched a similar attack against the UFC for its support of the controversial Stop Online Piracy Act that was debated by Congress earlier this year. DDoS attacks have been launched by a variety of groups such as Anonymous and LulzSec against federal government websites and servers, including the FBI and CIA.

Specialized Trojan can stealing credit card details from hotel The next time you check in to a hotel, a cybercriminal could be checking you out. A remote access computer Trojan (RAT) designed to steal credit card details from hotel point-of-sale (PoS) applications is being sold on the underground forums, according to researchers from security firm Trusteer. Trusteer, the world's leading provider of secure web access services, detected these schemes and says hotel poaching is a virile trade in underground and tech forums. Attack codes can be purchased in Visa underground forums for $280 and the spyware cannot be detected by anti-virus software. The package even includes a manual loaded with tips on how the poacher can trick the desk clerk into loading the spyware for them. Malware writers often repackage their malicious installers with new algorithms in order to evade signature-based antivirus detection, said Bogdan Botezatu, a senior e-threat analyst at antivirus vendor BitDefende

Anonymous Hackers target F1 website in Bahrain GP protest Anonymous a collective who have hacked or taken down websites for social comment purposes, have turned their attention to the official Formula 1 website Formula1.com , taking it offline on Friday. The group also attacked F1-racers.net where it posted a message saying the " Formula 1 racing authority was well-aware of the Human Rights situation in Bahrain and still chose to contribute to the regime's oppression of civilians and will be punished. " According to  Statements: "Anonymous has watched with growing alarm the incredible human rights abuses of the Bahrain regime, We have watched this tyrannical government tear gas it's own people literally to death, with over 30 fatalities so far. The occasion of Anonymous re-launching Operation Bahrain will be this despicable Grand Prix Formula One race to be held in Bahrain tomorrow through the 22nd of April." "Beginning tomorrow, and lasting for

Pastebin Censored ! Anonymous launches AnonPaste -  Uncensored Anonymous and the People's Liberation Front have launched a "totally secure and safe alternative" to Pastebin, the site used by the hacktivist collective to dump data recovered from hacks.  AnonPaste  for people to post uncensored documents and files without compromising their identities. Shared content can be set to expire after 10 minutes, an hour, a day, a month, a year, or never. In addition, the site promises to remain advertising-free and unmoderated, maintain no connection logs, and store only encrypted data. The two groups said AnonPaste offers 256-bit AES encryption at the browser layer. AnonPaste supports a URL shortening feature and allows users to post up to 2MB of text snippets at a time. Users can specify how long they want the text to remain available on the site. AnonPaste , which accepts donations via WePay and BitCoins, was built using the open source ZeroBin software, which doesn't record the I