The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

' The Hackers Conference 2012 ' to be held in New Delhi The Biggest Hacking Mania has arrived. The Hackers Conference 2012 will be held in New Delhi on July 29. THC 2012 is expected to be the first open gathering of Blackhat hackers in India who will debate latest security issues with the top itelligence echolons in India. The Registrations and Call for papers for the conference are now open. The organizers have deicded to keep the number of seats to limited to ensure quality of the conference. The conference will be held at the India Habitat Center on July 29th. The Hackers Conference will see a galaxy of renowned speakers presenting 0-Day Vulnerabilities, Exploits and Android/Blackberry/iPhone Hacks. Apart from Speakers presenting on WI-FI and Web Application Security the Special invitees from government Intelligence agencies will also speak on National Security Issues emerging from Scada Hacking. The conference has sent special invites to Blackhat hackers to come and

Social game Zynga's YoVille gets hacked Matt Spencer has been an active player of "YoVille" since the Zynga-owned virtual world launched in 2008, but hasn't played the game in about three weeks. He  post a complaint on the gaming company's forum that i n late January, Spencer's " YoVille " account was compromised and he lost much of his collection of virtual items, including millions of virtual coins and a pair of sunglasses that have become a collectors' item. Hackers infiltrate the social game affecting gameplay and stealing users' virtual goods, but private and sensitive data isn't compromised. Zynga is aware of the security problem and is addressing it, said Cadir Lee, the company's chief technology officer. The company first started to get reports about it "a few weeks ago," he said. The company investigated the issue and found that it was due to some "compromised administrative and moderation tools," he

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Android Malware and Corporate Networks Security A new Android Trojan dubbed " NotCompatible " is being spread through compromised Web sites. This may directly affect Android tablets and smartphones, along with being a potential risk hazard to corporate networks and their security. Kevin Mahaffrey is co-founder and CTO of a San Francisco based firm called Lookout Security. The main focus of the company is Android and during their investigations it was found there was a new malware out there. Called " NotCompatible " the Android malware is, according to Mahaffrey, a risk to corporate networks. According to their report, a hacked Web site would contain a hidden iFrame at the bottom of the page. When the Android browser loads the page, it will attempt to load the file in the hidden iFrame. Upon loading the file, the browser would transfer control to the app loader, which would display an application installation screen, with the header com.Security.Update. An unsuspecting us

ISPA to launch cyber security code of practice in SA South Africa's Internet Service Providers' Association (ISPA) has teamed with Australia's Internet Industry Association to develop a new voluntary industry code of practice to improve cybersecurity for end users. Known as the ' icode ', and developed in conjunction with Australia's Internet Industry Association, the code will provide a consistent approach for South African ISPs to help inform, educate and protect their customers in relation to cyber security. " The increasing threat of zombied computers - computers which have been essentially hijacked and are under the control of criminals or other third parties - presents a real risk to users. Identity theft, fraud, and increases in spam are all possible consequences of compromised computers. " By following the code, ISPs will contribute to reducing the number of compromised computers in South Africa and enhance the overall security of the South African and internation

RedKit Exploit Kit : New web malware exploitation pack Trustwave researchers have spotted a new exploit kit called " RedKit Exploit Kit " that  being used in the wild is aiming to enter a market that is practically monopolized by the widely famous BlackHole and Phoenix exploit kits. In actual, The new kit has no official name, so the researchers dubbed it ' Redkit ' due to the red bordering used in the application's panel. " Logging to the admin panel presents you with options which are typically used by other exploit kits. The panel allows you to check the statistics for incoming traffic, upload a payload executable and even scan this payload with no less than 37 different AV's ," Trustwave reports . To deliver the malware, RedKit exploits two popular bugs: 1.)  The Adobe Acrobat and Reader LibTIFF vulnerability ( CVE-2010-0188 ). 2.)  The Java AtomicReferenceArray vulnerability ( CVE-2012-0507 ), lately used by the criminals behind the massive Fl

Anonymous Hackers Targeting Russian government websites for Putin Inauguration Anonymous hackers to launch cyber attacks on the websites of the Russian state agencies to support the opposition. In a YouTube video , Hackers said that the Russian government website will be subjected to DDOS attack on May 6, and on May 7 the same will happen with the prime minister's site. " Join us! All it takes is a few simple actions to bring this rotten and corrupt system to its logical end. " The hackers then posted instructions for everyone who would like to participate in attacks. Putin convincingly won a six-year presidential term in March despite a wave of protests following a December parliamentary poll the opposition said was tarnished by large-scale voting fraud in support of his party. It said it would launch attacks on the Russian government website Government.ru at 1200 GMT on May 6 and on the prime minister's website Premier.gov.ru on May 7 at 0900 GMT. Anonymous demanded that

Welcome cyber space readers and internet junkies from around the world. May brings us into an in-depth look at our favorite topic: Hacktivism Our fearless leader, Mohit Kumar , founder of The Hacker News opens the discussion with a look at the meaning of Hackitivism and what it means for society today. Our regular writers, security specialist Pierluigi Paganini , and Mourad Ben Lakhousa bring us their perspective on this most interesting and thought provoking topic. As editor, I truly enjoyed Keith H. DeBus 's article on cyber war. I found myself wrapped up in excitement and worry as he takes us into the what's and where's of cyber war. Also, Dominque C Brack does an excellent job discussing the topic. Your executive editor, Patti Galle, brings you to question just what anonymous needs to look like in the future and don't miss our fun pokes at current news. Thanks for your faithful readership and thanks to those who contribute in so many, many ways! Mohit Kumar, Editor-in-ch

Browser Forensic Tool v2.0 - Advanced browser history search engine Browser Forensic Tool v2.0  , Developed by DarkCoderSc (Jean-Pierre LESUEUR) ,is an advanced local browser history search engine, in less than few seconds it will extract the chosen keywords of most famous web browser, actually Internet Explorer, Google Chrome, Mozilla FireFox, RockMelt, Comodo Dragon and Opera. BFT will attempt to find the keyword(s) in the history title and search, if the keyword is present or suspected to be, it will be display in the result list with his URL and Title. The software also give you the possibility to edit the default keywords and of course add / modify your own keywords, to separate keywords subject you can create your own keywords categories and only scan for some keywords in the chosen category . The program is fully asynchronous so it won't affect your work during the scan time nor it will block the customization of keywords and keylist and can be canceled at anytime. D

Sixth Lulzsec Hacker charged for loss of 60,000 credit card from Stratfor Jeremy Hammond, the former LulzSec member alleged to have been at the center of the hacking of private intelligence company Stratfor, Hammond is believed to have been the driving force behind the group's breach of intelligence firm Stratfor which lead to the loss of some 60,000 credit card numbers from company servers. Stratfor is dubbed a "shadow CIA" because it gathers non-classified intelligence on international crises. Hammond's arrest was announced on March 6 along with charges against the four suspected "AntiSec" members, Donncha O'Cearrbhail and Darren Martyn of Ireland, and Jake Davis and Ryan Ackroyd of Britain. Sabu and Hammond are the only Americans involved in the case, as the other four defendants live in the United Kingdom. The data included sensitive law enforcement documents, approximately 60,000 credit card numbers from Stratfor's servers, and the personal

UK's Serious Organised Crime Agency 's website taken offline after DDoS attack The Serious Organised Crime Agency's website was temporarily shut down today after a cyber attack.It was the victim of a scam known as distributed denial of service (DDOS) whereby an internet address is flooded with bogus traffic, effectively making it unreachable. It is the second time in a year that the website has fallen victim to hackers." We elected to take the website offline temporarily at about 10:00 pm (2100 GMT) last night ," a SOCA spokesman said. SOCA was the first target of the AntiSec campaign launched back in June by Anonymous and LulzSec. Soon after, 19-year-old Ryan Cleary was arrested and charged with allegedly playing a role in the DDoS attack that took down the SOCA Web site. Since then, the site was seemingly operating as expected. A Twitter news feed that claims links to the Anonymous hacking collective publicised the DDoS on Thursday, but did not claim respon