The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

This Sunday, The Capital , New Delhi plays host to an International The Hackers Conference where blackhat hackers will discuss the challenges of cyber safety with security agencies. Your Smartphone is an always-on and always-connected digital extension of your life which will be used by attackers to covertly steal your sensitive data and spy on you. Mahesh , An Independent Security Researcher and Android Developer/Hacker will demonstrate " Android Spy Agent ". This application allows us to remotely access the entire victim's personal information and even though the confidential data available in the android cell phone. The type of personal information includes the victim's contacts, call logs, messages, browser's history, GPS location and much more information directly available on the victim's cell phone.  Many-a-times we think that is there any way by which we can read the private sms of anyone. So here is the solution Mr. Mahesh will present in The Hack

Security researchers are expected to disclose new vulnerabilities in near field communication (NFC), mobile baseband firmware, HTML5 and Web application firewalls next week at the Black Hat USA 2012 security conference. The Black Hat session aim to expose sometimes shocking vulnerabilities in widely used products. They also typically show countermeasures to plug the holes. Two independent security consultants will give a class called " Advanced ARM exploitation ," part of a broader five-day private class the duo developed. In a sold-out session, they will detail hardware hacks of multiple ARM platforms running Linux, some described on a separate blog posting. The purpose of the talk is to reach a broader audience and share the more interesting bits of the research that went into developing the Practical ARM Exploitation and presenters Stephen Ridley and Stephen Lawler demonstrate how to defeat XN, ASLR, stack cookies, etc. using nuances of the ARM architecture on Linux. I

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

Android's DNS resolver is vulnerable to DNS poisoning due to weak randomness in its implementation. Researchers Roee Hay & Roi Saltzman from IBM Application Security Research Group demonstrate that how an attacker can successfully guess the nonce of the DNS request with a probability thatis su cient for a feasible attack. Android version 4.0.4 and below are Vulnerable to this bug. Weakness in its pseudo-random number generator (PRNG), which makes DNS poisoning attacks feasible. DNS poisoning attacks may endanger the integrity and con dentiality of the attacked system. For example, in Android, the Browser app can be attacked in order to steal the victim's cookies of a domain of the attacker's choice. If the attacker manages to lure the victim to browse to a web page controlled by him/her, the attacker can use JavaScript, to start resolving non-existing sub-domains. Upon success, a sub-domain points to the attacker's IP, which enables the latter to steal wild card

A scientist working at the Atomic Energy Organisation of Iran said computer systems have been hit by a cyber-attack which forced them to play AC/DC's Thunderstruck at full volume in the middle of the night. The attack came to light after a researcher at security firm F-Secure received a string of emails from a Iran's atomic energy organisation." I am writing you to inform you that our nuclear program has once again been compromised and attacked by a new worm with exploits which have shut down our automation network at Natanz and another facility Fordo near Qom. " " It does sound really weird ," he said. "If there was an attack, why would the attacker announce themselves by playing ' Thunderstruck? " If true, this attack is the third hacking attempt aimed at Tehran's controversial nuclear program. It sounds like the AEOI may have been hit with an infrastructure-targeting malware attack, similar to those that have plagued the Middle East since 201

The Vulnerability reported on 06/12/2012, dubbed as " CVE-2012-0217 " - according to that Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack. The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape. FreeBSD/amd64 runs on CPUs from different vendors. Due to varying behaviour of CPUs in 64 bit mode a sanity check of the kernel may be insufficient when returning from a system call. Successful exploitation of the problem can lead to local kernel privilege escalation, kernel data corruption and/or crash. Inj3ct0r team today released related private exploit on their website , which allow normal FreeBSD users to Privilege Escalation. All systems running 64 bit Xen hypervisor running 64 bit PV guests onIntel CPUs are vulnerable to this issue. However FreeBSD/amd64 running on AMD CPUs is not vulnerable to thisparticular problem.Systems with

" Choose a job you love, and you will never have to work a day in your life " said Confucius. These would be the words that describe Marius Corîci the most. In 2003 he started doing business in the plumbing industry and co-founded ITS Group, a franchise for Romstal Company, the biggest plumbing installations retailer from South-Eastern Europe. In 2007 he moved into Artificial Intelligence field and founded Intelligentics, a group for Natural Language Processing. Now, he is very focused on infosec and got involved in all the biggest independent security projects in Romania: S3ntinel , Hack Me If You Can , Hack a Server and DefCamp . Marius considers himself a serial entrepreneur and is very passionate about Artificial Intelligence. Never a quitter, always a perfectionist, looking for challenges that will change the world we live in. He believes in people and the power of great teams, and he intends to start blogging in the near future. What determined you to shift your attention towar

Four months after the gaming site Gamigo warned users about a hacker intrusion that accessed some portions of its users' credentials, more than 8 million usernames, emails and and encrypted passwords from the site have been published on the Web, according to the data breach alert service PwnedList. The list of passwords, which were scrambled using a one-way cryptographic hash algorithm, were published earlier this month to a forum on the password-cracking website Inside Pro . According to forbe," The list also contained 8.2 million unique e-mail addresses, including 3 million American accounts from the US, 2.4 million accounts from Germany, and 1.3 million accounts from France ." Gamigo warned users in early March that an attack on the Gamigo database had exposed hashed passwords and usernames and possibly other, unspecified additional personal data. The site required users to change their account passwords. PwnedList founder Steve Thomas said, " It's the largest leak I'v

The Biggest Hacking Mania has arrived - ' The Hackers Conference 2012 '.  In this first of its kind conference in India, Blackhat hackers drawn from around the world will demonstrate how they access a victim's personal information, and even confidential data available on the Android cell phone. The conference will be held on July 29 at the India Habitat Centre in New Delhi. The use of Linux as an operating system is increasing rapidly, thanks partly topopular distributions such as 'RedHat' and 'Suse'. So far, there are very few Linuxfile infectors and they do not pose a big threat yet. However, with more desktopsrunning Linux, and probably more Linux viruses, the Linux virus situation couldbecome a bigger problem. 17 years old hacker, Aneesh Dogra will talk on " How to make a Linux ELF Virus (That works on your latest linux distribution) " at ' The Hackers Conference 2012 ' . Linux or Unix has the reputation of being "not so buggy", and of be

Dmitry Olegovich Zubakha, a  Russian  man accused of launching distributed-denial-of-service (DDOS) attacks on Amazon.com, has been arrested this week by authorities in Cyprus based on an international warrant, the Department of Justice revealed. Zubakha, a native of Moscow, was indicted for two denial of service attacks in 2008 on the Amazon.com website. The indictment, unsealed Thursday, also details denial of service attacks on Priceline.com and eBay. " Orders from Amazon.com customers dropped significantly, as legitimate customers were unable to access the website and complete their e-commerce transactions during the pendency of the attack ," read an indictment unsealed in district court in western Washington on Thursday. The botnet involved requested "large and resource-intensive web pages" on a magnitude of between 600 and 1,000 percent of normal traffic levels, according to the indictment. The hacker is charged with conspiracy to intentionally cause damage

Bitweasil lead developer going to Demonstrate an open source Tool called " Cryptohaze " at DEF CON 20 . The Cryptohaze Multiforcer supports CUDA, OpenCL, and CPU code (SSE, AVX, etc). All of this is aimed at either the pentester who can't spray hashes to the internet, or the hacker who would rather not broadcast what she obtained to pastebin scrapers. " Yes, that's 154B - as in Billion. It was done entirely with AMD hardware, and involved 9x6990, 4x6970, 4x5870, 2x5970, and 1x7970 - for a total of 31 GPU cores in 6 physical systems ." BitWeasil posted . WebTables is a new rainbow table technology that eliminates the need to download rainbow tables before using them, and the new Cryptohaze Multiforcer is an open source, GPLv2, network enabled platform for password cracking that is easy to extend with new algorithms for specific targets.  Bitweasil Bitweasil is the primary developer on the open source Cryptohaze tool suite, which implements network-cluster

Hacker with nickname " mr.hack3r420 " has successfully compromise the web server of Reliance Communications ( rcom.co.in ) as shown in image ( screenshot taken by THN team and we make link hidden to save site from further misuse of damage ). Hacker most probably get this access because of Information disclosure Vulnerability in Reliance website.Most of the Folders on website are visible to everyone publicly and there is a interesting file called "Upload_AppId_VId.php" available , using which hacker may be able to upload his own php shell on the server to get access to FTP and Linux User account. This is not the first time Reliance become the victim, a few months back, hacker named "ISAC" was able to access  Reliance Communications ISP  server, and he release the list of all blocked sites by Reliance to Protest against Internet Censorship.

There was an incident that a group claiming to be the cyber hacker or hacktivist group Anonymous has threatened Dahabshiil an international funds transfer company and the leading bank in Somalia, but the international funds transfer company based in the Middle East, says Anonymous was not responsible for the attack on its banking systems. According to the report, The group alleged it was the hacktivist group Anonymous, and threatened to destroy Dahabshiil within two months if the company did not stop what the group alleged as supporting terrorist organizations and terrorists in Somalia and across the world. A group claiming to be Anonymous published thousands of account numbers, names and details online. The hackers claimed it had installed " cyber bombs " within financial institutions around the world and threatened to trigger them if the Dahabshiil did not confess within two months. In the statement the Anonymous group released, the group alleged that it was investigatin