The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Thousands May Lose Net Access On July 9th July The warnings about the Internet problem have been splashed across Facebook and Google. Internet service providers have sent notices, and the FBI set up a special website. Thousands of Canadians could be among the hundreds of thousands of people around the world who might lose Internet access on July 9.That's the day the FBI will shut down all the "clean servers" it set up to combat a massive hacking operation. Last November the FBI arrested and charged six Estonian men behind the malware as part of Operation Ghost Click. These hackers were able to make a fortune off their project, raking in millions for ads placed on their fraudulent websites.On the eve of the arrests, the FBI hired Paul Vixie, chairman of the Internet Systems Consortium (ISC) to install two temporary Internet servers that would prevent infected users from losing access to the Internet once the DNSChanger botnet was shut down. DNS (Domain Name System) is a

Android Clickjacking Rootkit Demonstrated Mobile security researchers have identified an aspect of Android 4.0.4 (Ice Cream Sandwich) and earlier models that clickjacking rootkits could exploit. Researchers at NC State in the US have developed a proof-of-concept prototype rootkit that attacks the Android framework and could be used to steal personal information. What is clickjacking? It is a malicious technique that tricks users and is often used to take over computers, web cams, or snag confidential info that is revealed by users who thinks they are on an innocent webpage. Like most Android malware, the rootkit can be distributed as a malicious app, opening up a host of potential vulnerabilities on any device on which it is installed. However, it functions in a different way. The rootkit, which could be bundled with an app and is said to be undetectable by anti-virus packages, would allow an attacker to replace a smartphone's browser with a version that logs key strokes to cap

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a

Anonymous Arab Hacker post hundreds of Israeli email addresses and passwords Islamic Anonymous hackers on Sunday revealed hundreds of Israeli email addresses and their passwords on the website of Anonymous Arab. Most of the addresses and passwords listed are active accounts. It is yet unclear what website was hacked to obtain the information published on the website of Anonymous Arab. Roni Bachar, the manager of the cyber-attack department at Avnet, said in a statement, " There was apparently penetration of an Israeli site which cannot be determined at this stage, a site that requires identification by email address and a password, as is usual at forum, content and commercial sites. " Bachar added that he doesn't believe that Facebook itself was hacked, " since the attack revealed only a small number of addresses, about 300, and passwords were determined through estimates and guesses of the brute force type. " There are what look like numerous identity ca

Traffic Interception Vulnerability found in Cyberoam The TOR team have discovered a fake certificate in the wild. The certificate, issued by a US company called Cyberoam , was used in an attempt to trick a user in Jordan into believing that her/his connection to the TOR website, was private and secure, though in fact it was being spied upon by a Cyberoam device. This issue was discovered and analysed by Runa A. Sandvik of the TorProject and Ben Laurie. A certificate handling flaw in Cyberoam's deep packet inspection (DPI) devices allow traffic from a single 'victim' to be intercepted by any DPI device from the vendor, according to the Tor Project. Cyberoam make a range of DPI devices which are capable of intercepting SSL connections. " While investigating this further, Ben Laurie and I found a security vulnerability affecting all Cyberoam DPI devices. Examination of a certificate chain generated by a Cyberoam DPI device shows that all such devices share the same CA certificate an

Chinese hackers allegedly plant bug via flash drives on India navy's computers, which relayed sensitive data to China IP addresses. The sniffing tool was found in the naval computers exactly as INS Arihant, India's first nuclear missile submarine, was in trials at the targeted facility in Visakhaptnam. The virus had reportedly created a hidden folder, collected specific files and documents based on certain "key words" it had been programmed to identify. It remained hidden on the pen drives until they were put in computers connected to the internet, after which the bug quietly sent files to the specific IP addresses. Officials of the Indian Navy stated for The Indian Express that " an inquiry has been convened and findings of the report are awaited. It needs to be mentioned that there is a constant threat in the cyber domain from inimical hackers worldwide ." So far, India has arrested six officers for procedural lapses which led to the breach. It is not clear if any of

The Truth About Julian Assange And Wikileaks By: Ann Smith , Executive Editor The Hacker News Last night I had the privilege of speaking to Christine Assange , the mother of Julian Assange  who has been a reluctant hostage of a global political war among the United States, the UK, and Sweden and of all places Ecuador. Christine was very informative and thorough in explaining the history and current events regarding the heinous manner in which her son has been treated for supporting one of the most sacred rights of man this being right to have and freely provide access to truthful information. Still, facts and information do not cover the love and concern a mother feels for her child. As a mother myself, I felt Christine's immense and intense worry for her son's safety and his life. As a citizen of the world who carries many of the same concerns we all do of political strife, injustice, world war, poverty, and economic failure, she is above all a mother. I respect Chr