The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Indian ISPs get court relief, Torrent Sites Unblocked After weeks of confusion and frustration with blocked websites, the mess finally looks to be clearing. Indians are all heaving a sigh of relief because their ISPs have unblocked the access to the file-sharing, video-streaming BitTorrent sites that include The Pirate Bay, Torrentz.eu, Vimeo among others. It was in news last month that following Reliance, Airtel had also blocked torrent services and video sites after they received the 'John Doe' court order. Thousands of users from various states of India found the access to torrents blocked. India's Medianama is reporting today that the Madras High Court recently limited a badly drafted April ruling on the subject. The court said in its updated ruling, according to Medianama, which obtained a copy of it, that " the interim injunction is granted only in respect of a particular URL where the infringing movie is kept and not in respect of the entire website. Further, the a

Intel CPU Vulnerability can provide control of your system to attacker The U.S. Computer Emergency Readiness Team (US-CERT) has disclosed a flaw in Intel chips that could allow hackers to gain control of Windows and other operating systems. The flaw has already been exploited on 64-bit versions of Microsoft Windows 7, FreeBSD, NetBSD and there's a chance Apple's OS X may also be vulnerable. The flaw was disclosed the vulnerability in a security advisory released this week. Attackers could execute malicious code via kernel privileges or launch a local privilege escalation attack.  VMware's virtualization software is not affected, and neither are AMD's processors, as they do not use the SYSRET instruction whose incorrect handling causes the flaw or handle it differently.Many of the affected vendors have already pushed out an update that defuses the flaw. However, it said that while 32-bit operating systems are safe, " Intel CPUs that use the Intel 64 extension need th

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

US and Israel developed Flame Malware against Iran Unnamed Western officials confirmed that Flame was developed by US and Israeli governments. The United States and Israel jointly developed the Flame computer virus that collected intelligence to help slow Iran's nuclear program. The massive piece of malware secretly mapped and monitored Iran's computer networks, sending back a steady stream of intelligence to prepare for a cyber­warfare campaign, according to the officials. The effort, involving the National Security Agency, the CIA and Israel's military, has included the use of destructive software such as the Stuxnet virus to cause malfunctions in Iran's nuclear-enrichment equipment. The cyber campaign against Iran's nuclear program has included the use of another computer virus called Stuxnet that caused malfunctions in Iran's nuclear enrichment equipment. " This is about preparing the battlefield for another type of covert action, " said one former high-ranking U

Linkedin sued by Member for Hacking Incident Illinois resident Katie Szpyrka filed a $5 million class action lawsuit against LinkedIn in the US District Court in the Northern District of California on June 15, claiming the business-oriented social networking site violated its own user agreement and privacy policy. The move comes in relation to a security breach around June 6 when LinkedIn admitted that encrypted passwords belonging to some 6.5 million of its 160 million users had been stolen and posted on the web. The incident resulted in hackers posting users' information online but it is not yet clear how much data they obtained. Szpyrka, who pays a monthly fee of $26.95 for a premium LinkedIn account, says the networking site used an alarmingly weak encryption format whereby it failed to 'salt' the passwords before storing them. The suit alleges that LinkedIn failed to adequately protect members because it stored passwords in an unsalted SHA hashed format, which Szpryka conte

Hacker charged for hacking into U.S. Energy Department Andrew James Miller, a 23-year-old resident of Devon, Pennsylvania, was arrested on Thursday and charged with one count of conspiracy, two counts of computer fraud, and one count of access device fraud, according to a statement issued by the Justice Department's Criminal Division. According to the indictment, between 2008 and 2011, Miller and others allegedly remotely hacked into computer networks belonging to RNK Telecommunications Inc., a Massachusetts company; Crispin Porter and Bogusky Inc., a Colorado advertising agency; the University of Massachusetts; the U.S. Department of Energy; and other institutions and companies. The indictment alleges that when Miller hacked into the computers, he obtained other users' access credentials to the compromised computers. He and his co-conspirators then allegedly sold access to these computer networks as well as other access credentials. After gaining unauthorized access to these

MALWARE - June 2012 | The Hacker News Magazine Released Welcome readers, techies working in the darkness of night and any other internet security minded folk. June finds us exploring the new "F" word: Malware . You will learn lots from our regular author, Perluigi Paganini as he takes you through the history of malware and its consequences. We introduce two new authors, Charlie Indigo who will get your mind to thinking about the future of internet security and just what kind of world we will be living in. Gerald Matthews gives us an overview of malware and how the FBI, of all people, helped us out. Our founder, Mohit Kumar writes about the topic in general and Ann Smith ,Our Executive Editor, of course, will wow you with a thorough provoking editorial. Thanks again for your readership......we hope to hear from you soon. Download MALWARE - The Hacker News Magazine

LulzSec hacker - Brit Ryan Cleary charged for Sony and Fox hacks A 20-year-old Briton suspected of links to the hacking group Lulz Security is accused of cracking into websites for a Fox reality TV show, a venerable news show and other sites to deface them or steal personal information, federal prosecutors said Wednesday. Ryan Cleary, 20, reportedly had ties to the well-known branch of Anonymous called LulzSec before he was arrested in London last June (although the hacktivist group denies his involvement with it). U.S. federal prosecutors said today that he worked to take down, deface, and steal personal information from Web sites. In a separate and similar case filed against Cleary in the United Kingdom in 2011, he faces allegations that he and others hacked a law enforcement agency, the Serious Organized Crime Agency, and various British music sites - all while he was still a teenager. Commenting on Tuesday's indictment, FBI spokesperson Laura Eimiller said, "Cleary is a skilled

United States Department of Defense data leaked  by Anonymous hackers A group called the " Wikiboat " belongs to Anonymous hackers have attacked the Defense.gov website and leaked data from the website. They have published the leaked data to the pastebin note. Also, today the Wikiboat targeted the GEMA.de website and took it offline. The leaked data includes some officials name, Emails ID's and Phone numbers as shown below: Hackers claim that, they have not collect this data from any SQLi vulnerability, even this data is collected form other sources. Three weeks before they was threatening to take down the websites of companies like Apple, Bank of America and Toyota and leak sensitive data. As part of its "Operation New Son ' they announced to attacks on a number of international companies.

OpenVPN Defaced by Hackers OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features Got Hacked Yesterday by Hacker called " HcJ ". Hacked deface the page as shown in above picture. Words form Page: OPENVPN Hacked No News Is a Good News HcJ & Cyb3R-1sT & Egyptian.H4x0rZ & Sas-TerrOrisT & H311 c0d3 &ISM H4CK Quote of the Day Don't be lammer, Leave your computer and enjoy your summer ./ HcJ During the writing of post, OpenVPN officials restore the site back to original state. If you like to see the deface page, can visit Zone-H for mirror. VPN Hacks May Leak Information: Such hacks can also be carried out by investigation agencies to collect evidences against various hackers. Always use double VPN or Tor with VPN for better Security.

Anonymous Hackers, with Twitter account " LulzsecReborn " Hack into TweetGif (https://tweetgif.com) and Hack complete Database, Later they publish that on the Internet also. TweetGif is a website which allows you to use animated GIF image as your twitter picture. LulzSec Reborn, a 3.0 version of the earlier LulzSec, have leaked 10,000 Twitter profiles' passwords,  Usernames, real names, locations, bios, avatars and secret tokens used to authenticate their accounts. Pastebin message posted:  The leaked data was uploaded to embed upload and contains a 4 MB SQL file with all the user details . Users table from https://tweetgif.com/ nothing serious like 10.000 twitters… https://www.embedupload.com/?d=9ZMOMGIIQA How Hackers and Spammer can use this? OAuth is an authentication protocol that allows users to approve application to act on their behalf without sharing their password. If your Twitter oauth Secret Key and Token get compromised , then the application or H