The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

US and Israel developed Flame Malware against Iran Unnamed Western officials confirmed that Flame was developed by US and Israeli governments. The United States and Israel jointly developed the Flame computer virus that collected intelligence to help slow Iran's nuclear program. The massive piece of malware secretly mapped and monitored Iran's computer networks, sending back a steady stream of intelligence to prepare for a cyber­warfare campaign, according to the officials. The effort, involving the National Security Agency, the CIA and Israel's military, has included the use of destructive software such as the Stuxnet virus to cause malfunctions in Iran's nuclear-enrichment equipment. The cyber campaign against Iran's nuclear program has included the use of another computer virus called Stuxnet that caused malfunctions in Iran's nuclear enrichment equipment. " This is about preparing the battlefield for another type of covert action, " said one former high-ranking U

Linkedin sued by Member for Hacking Incident Illinois resident Katie Szpyrka filed a $5 million class action lawsuit against LinkedIn in the US District Court in the Northern District of California on June 15, claiming the business-oriented social networking site violated its own user agreement and privacy policy. The move comes in relation to a security breach around June 6 when LinkedIn admitted that encrypted passwords belonging to some 6.5 million of its 160 million users had been stolen and posted on the web. The incident resulted in hackers posting users' information online but it is not yet clear how much data they obtained. Szpyrka, who pays a monthly fee of $26.95 for a premium LinkedIn account, says the networking site used an alarmingly weak encryption format whereby it failed to 'salt' the passwords before storing them. The suit alleges that LinkedIn failed to adequately protect members because it stored passwords in an unsalted SHA hashed format, which Szpryka conte

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

Hacker charged for hacking into U.S. Energy Department Andrew James Miller, a 23-year-old resident of Devon, Pennsylvania, was arrested on Thursday and charged with one count of conspiracy, two counts of computer fraud, and one count of access device fraud, according to a statement issued by the Justice Department's Criminal Division. According to the indictment, between 2008 and 2011, Miller and others allegedly remotely hacked into computer networks belonging to RNK Telecommunications Inc., a Massachusetts company; Crispin Porter and Bogusky Inc., a Colorado advertising agency; the University of Massachusetts; the U.S. Department of Energy; and other institutions and companies. The indictment alleges that when Miller hacked into the computers, he obtained other users' access credentials to the compromised computers. He and his co-conspirators then allegedly sold access to these computer networks as well as other access credentials. After gaining unauthorized access to these

MALWARE - June 2012 | The Hacker News Magazine Released Welcome readers, techies working in the darkness of night and any other internet security minded folk. June finds us exploring the new "F" word: Malware . You will learn lots from our regular author, Perluigi Paganini as he takes you through the history of malware and its consequences. We introduce two new authors, Charlie Indigo who will get your mind to thinking about the future of internet security and just what kind of world we will be living in. Gerald Matthews gives us an overview of malware and how the FBI, of all people, helped us out. Our founder, Mohit Kumar writes about the topic in general and Ann Smith ,Our Executive Editor, of course, will wow you with a thorough provoking editorial. Thanks again for your readership......we hope to hear from you soon. Download MALWARE - The Hacker News Magazine

LulzSec hacker - Brit Ryan Cleary charged for Sony and Fox hacks A 20-year-old Briton suspected of links to the hacking group Lulz Security is accused of cracking into websites for a Fox reality TV show, a venerable news show and other sites to deface them or steal personal information, federal prosecutors said Wednesday. Ryan Cleary, 20, reportedly had ties to the well-known branch of Anonymous called LulzSec before he was arrested in London last June (although the hacktivist group denies his involvement with it). U.S. federal prosecutors said today that he worked to take down, deface, and steal personal information from Web sites. In a separate and similar case filed against Cleary in the United Kingdom in 2011, he faces allegations that he and others hacked a law enforcement agency, the Serious Organized Crime Agency, and various British music sites - all while he was still a teenager. Commenting on Tuesday's indictment, FBI spokesperson Laura Eimiller said, "Cleary is a skilled

United States Department of Defense data leaked  by Anonymous hackers A group called the " Wikiboat " belongs to Anonymous hackers have attacked the Defense.gov website and leaked data from the website. They have published the leaked data to the pastebin note. Also, today the Wikiboat targeted the GEMA.de website and took it offline. The leaked data includes some officials name, Emails ID's and Phone numbers as shown below: Hackers claim that, they have not collect this data from any SQLi vulnerability, even this data is collected form other sources. Three weeks before they was threatening to take down the websites of companies like Apple, Bank of America and Toyota and leak sensitive data. As part of its "Operation New Son ' they announced to attacks on a number of international companies.

OpenVPN Defaced by Hackers OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features Got Hacked Yesterday by Hacker called " HcJ ". Hacked deface the page as shown in above picture. Words form Page: OPENVPN Hacked No News Is a Good News HcJ & Cyb3R-1sT & Egyptian.H4x0rZ & Sas-TerrOrisT & H311 c0d3 &ISM H4CK Quote of the Day Don't be lammer, Leave your computer and enjoy your summer ./ HcJ During the writing of post, OpenVPN officials restore the site back to original state. If you like to see the deface page, can visit Zone-H for mirror. VPN Hacks May Leak Information: Such hacks can also be carried out by investigation agencies to collect evidences against various hackers. Always use double VPN or Tor with VPN for better Security.

Anonymous Hackers, with Twitter account " LulzsecReborn " Hack into TweetGif (https://tweetgif.com) and Hack complete Database, Later they publish that on the Internet also. TweetGif is a website which allows you to use animated GIF image as your twitter picture. LulzSec Reborn, a 3.0 version of the earlier LulzSec, have leaked 10,000 Twitter profiles' passwords,  Usernames, real names, locations, bios, avatars and secret tokens used to authenticate their accounts. Pastebin message posted:  The leaked data was uploaded to embed upload and contains a 4 MB SQL file with all the user details . Users table from https://tweetgif.com/ nothing serious like 10.000 twitters… https://www.embedupload.com/?d=9ZMOMGIIQA How Hackers and Spammer can use this? OAuth is an authentication protocol that allows users to approve application to act on their behalf without sharing their password. If your Twitter oauth Secret Key and Token get compromised , then the application or H

Flame spy virus going to Suicide The creators of the world's most complicated espionage virus Flame have sent a 'suicide' command that removes it from some infected computers. U.S. computer security researchers said on Sunday that the Flame computer virus, which struck at least 600 specific computer systems in Iran, Syria, Lebanon, Egypt, Sudan, Saudi Arabia and the Palestinian Authority, has gotten orders to vanish, leaving no trace. The 20-megabyte piece of malware already had a self-destruct module known as SUICIDE that removed all files and folders associated with Flame, but the purging command observed by Symantec researchers instead relied on a file called browse23.ocx that did much the same thing. According to Symantec, the 'suicide' command was "designed to completely remove Flame from the compromised computer," the BBC reports. Computers infected with Flame, including honeypots, have been routinely contacting its C&C servers to check for new commands. W

CVE-2012-2122 : Serious Mysql Authentication Bypass Vulnerability A serious security bug in MariaDB and MySQL Disclosed, According to Advisory All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable. This issue got assigned an id CVE-2012-2122. " When a user connects to MariaDB/MySQL, a token (SHAover a password and a random scramble string) is calculated and comparedwith the expected value. Because of incorrect casting, it might'vehappened that the token and the expected value were considered equal,even if the memcmp() returned a non-zero value. In this caseMySQL/MariaDB would think that the password is correct, even while it isnot. Because the protocol uses random strings, the probability ofhitting this bug is about 1/256 ." " Which means, if one knows a user name to connect (and "root" almostalways exists), she can connect using *any* password by repeatingconnection attempts. ~300 attempts takes only a fraction of second, s