The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

If you're not already particularly picky about who you friend on Facebook, you might want to think about rejiggering those privacy settings. It's not the backdoor access that the FBI has been pushing for, but US District Judge William Pauley III has now ruled that it and other law enforcement agencies are entitled to view your Facebook profile if one of your "friends" gives them permission to do so. As GigaOm reports, a New York City federal judge ruled in a recent racketeering trial that it's legal for police to view your Facebook profile if one of your friends grants them permission. Better start sniffing out the rats on your friends list. That's because all of that data that you think is personal really isn't that personal after all, according to the Judge. " Colon's legitimate expectation of privacy ended when he disseminated posts to his friends because those friends were free to use the information however the wanted including sharing it with the Government

A team of researchers has discovered a weakness in the command-and-control infrastructure of one of the major DDoS toolkits, Dirt Jumper, that enables them to stop attacks that are in progress. The command and control (C&C) servers of the Dirt Jumper DDoS toolkit can be compromised and, in principle, completely taken over via SQL injection holes. SQL injection involves inserting database instructions in unexpected and unprotected places, effectively taking charge of a web application's database from the outside. According to the Prolexic report, the open source penetration testing tool sqlmap can be used to dump the contents of Dirt Jumper's database configuration file in a matter of seconds, revealing administrative usernames and passwords. The company's research includes Dirt Jumper v.3, Pandora and Di BoT. According to Prolexic, the Dirt Jumper family of DDoS botnet kits was originally authored by an individual who uses the handle 'sokol.' Various versions of Dir

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

Adobe has missed dozens of vulnerabilities in Reader in this week's Patch Tuesday run according to Google engineers who reported the flaws. Sixteen vulnerabilities still affected the Windows and Mac OS X versions, while 31 critical and "trivially exploitable" bugs were found in the Linux application. Of particular concern to Google's Mateusz Jurczyk and Gynvael Coldwind are bugs in Reader for Linux, although other issues affect versions for Windows and OS X. For the Linux version, which went completely unpatched, Adobe and Google have been working together to counter 14 "new unique crashes" and nine "test-cases" that were potentially exploitable for remote code execution. When Adobe released a new version of Reader for Windows and Mac OS X earlier this week, it patched 12 vulnerabilities, but another 16 remained unpatched. Jurczyk and Coldwind decided to come forward with information on those flaws in the interest of user safety, as Adobe has no plans to issue additional out of band

FireEye Security experts are analyzing a targeted trojan that leverages emailed PDF files to gain access to systems and deliver its payload to specified networks in the aerospace, chemical, defense and tech industries. " We have seen different versions of this malware arriving as an exe inside a zipped file or as a PDF attachment. In this particular sample, the exe once executed opens up a PDF file called "Health Insurance and Welfare Policy." In addition to opening up a PDF file, the initial exe also drops another executable called ABODE32.exe (notice the typo) in the temp directory ." The malware also uses JavaScript to assess which version of Adobe Reader is currently running on the host machine, and then executes attacks based on known vulnerabilities in the discovered version. Once the trojan has infected its host machine, it communicates with its command and control server, the user agent string and URI of which are hard-coded into MyAgent's binary. FireEye

There's a new family of malware that's using a complex set of capabilities to disable antimalware and listen in on sessions between users and some social networks. Bafruz is essentially a backdoor trojan that also is creating a peer-to-peer network of infected computers. Microsoft has announced that its Microsoft Malicious Software Removal Tool has recently been modified to detect two new malware families, Matsnu and Bafruz. The payload seems to start by terminating a long list of security processes listed in its code. It then displays a fake system alert that looks like that of any standard rogue AV attack. The device actually restarts in Safe Mode. Here, the malware can disable all the security products more easily, allowing it to perform its other tasks without being interrupted. " This may lead the user into believing all is well with their security product, while in the meantime, Bafruz is downloading additional components and malware onto the computer in the back

It sounds like an air traveler's nightmare, Researchers at Trusteer recently uncovered a variant of the Citadel Trojan targeting the virtual private network (VPN) credentials used by employees at a major airport.The firm would not disclose the name of the airport because the situation is being investigated by law enforcement. Many businesses use VPNs to provide outside workers with access to secure data. Incursions on these networks often involve advanced "Man in the Browser" malware such as the Citadel, Zeus, and SpyEye programs. The man-in-the-browser (MITB) assault first used form-grabbing malware, which steals data entered into web forms before it is passed over the internet, to steal the airport employees' VPN usernames and passwords, Amit Klein, Trusteer's chief technology officer, said in a blog post. "This was potentially very dangerous, but we don't know whether the attacker group was targeting the financial system of the airport for economic gain or if the attack wa

The latest version of Backtrack is out! Check out Backtrack 5 R3! " The time has come to refresh our security tool arsenal – BackTrack 5 R3 has been released. R3 focuses on bug-fixes as well as the addition of over 60 new tools – several of which were released in BlackHat and Defcon 2012. A whole new tool category was populated – "Physical Exploitation", which now includes tools such as the Arduino IDE and libraries, as well as the Kautilya Teensy payload collection. " Backtrack Team have released a single VMware Image (Gnome, 32 bit), for those requiring other VM flavors of BackTrack. Download BackTrack 5 R3

FinFisher , a software application used by law enforcement agencies for surveillance, appears to be far more widespred than originally thought.Sold by British company Gamma Internationl Gmbh, FinFisher secretly monitors computers by turning on webcams, recording everything the user types with a keylogger, and monitoring Skype calls. It can also bypass popular antivirus products, communicate covertly with remote servers, record emails, chats, and VOIP calls, and harvesting data from the hard drive.  On Wednesday, computer security company Rapid7 researcher Claudio Guarnieri shared new details of the workings of FinFisher, a piece of malware sold by UK contractor Gamma Group to government agencies. He found FinFisher servers at work in Australia, Czech Republic, United Arab Emirates, Ethiopia, Estonia, Indonesia, Latvia, Mongolia, Qatar, and the United States. Rapid7 has published the IP addresses and communication "fingerprint" of the command and control servers it has disc

Routers made by China-based Huawei Technologies have very few modern security protections and easy-to-find vulnerabilities, two network-security experts stated at the Defcon hacking convention. Huawei is one of the fastest-growing network and telecommunications equipment makers in the world. The vulnerabilities were discovered and presented by Felix Lindner and Gregor Kopf of the security firm Recurity Labs. They talks about three vulnerabilities demonstrated at the Defcon conference, which included a session hijack, a heap overflow, and a stack overflow, and the discussion of more than 10,000 calls in the firmware code that went to sprintf, an insecure function. The problem is due to the use of "1990s-style code" in the firmware of some Huawei VRP routers, he said. (The models are the Huawei AR18 and AR 29 series). With a known exploit, an attacker could get access to the systems, log in as administrator, change the admin passwords and reconfigure the systems, which would

Hacking group Anonymous claimed to have shut down a computer server belonging to Australia's domestic spy agency ASIO, reportedly briefly closing down access to its public web page. The Australian Security Intelligence Organization acknowledged some disruption to its website. The ASIO website was down for about 30 minutes after the attack and is now operating slowly or not at all. It appears the attack may be ongoing, but ASIO's technical staff are recovering the situation. Anonymous has been claiming on its Twitter feed over the past few days that it was able to bring down several sites, including ASIO's. It wrote: " asio.gov.au has been down for some time now, And will be for the rest of the day! " It appeared linked to a controversial government plan to store the web history of all Australians for up to two years which was shelved Thursday until after the 2013 elections. The group Anonymous, which is believed to be a loosely affiliated network of "hacktivists",

A new cyber surveillance virus has been found in the Middle East that can spy on banking transactions and steal login and passwords, according Kaspersky Lab , a leading computer security firm. After Stuxnet, Duqu, and Flame, this one seems to mainly spy on computer users in Lebanon. It's been dubbed Gauss (although Germanic-linguistic purists will no doubt be complaining that it should be written Gauß). Gauss is a complex cyber-espionage toolkit, highly modular and supports new functions which can be deployed remotely by the operators in the form of plugins. The currently known plugins perform the following functions: Intercept browser cookies and passwords. Harvest and send system configuration data to attackers. Infect USB sticks with a data stealing module. List the content of the system drives and folders Steal credentials for various banking systems in the Middle East. Hijack account information for social network, email and IM accounts. The researchers at Russia-based Ka

Security researchers at Kaspersky Lab have discovered five new samples of the ZeuS-in-the-Mobile (ZitMo) malware package, targeting Android and BlackBerry devices. Zitmo (Zeus in the mobile) is the name given to the mobile versions of Zeus, and it's been around for a couple of years already, mostly infecting Android phones. The Zitmo variant has reportedly been operating for at least two years targeting Android phones by masquerading as banking security application or security add-on. ZitMo gets hold of banking information by intercepting all text messages and passing them on to attackers' own devices. It gets onto devices inside malicious applications, which users are duped into downloading. In this case, the malicious app was posing as security software called 'Zertifikat'. Once installed, the packages forward all incoming SMS messages to one of two command and control numbers located in Sweden, with the aim of snaring secure codes and other data. Kaspersky found mobile users

26-year-old Slovenian hacker known as Iserdo stands thought to have been behind the Mariposa botnet is on trial in Slovenia, charged with having masterminded an international cybercrime gang. At its height, the Mariposa botnet infected up to 12.7 million PCs, with more than half of the Fortune 1,000 companies believed to have been compromised, including 40 major banks. Once a computer had been compromised and brought into the botnet, operators could steal information from innocent users - including credit card details and banking passwords. Computer crime-fighting authorities had succeeded in bringing down the Mariposa botnet at the end of 2009, FBI officials worked with Spanish and Slovenian authorities to track down Mariposa's mastermind, Iserdo. He was said to charge between $500 for basic versions of the botnet code and up to $1,300 for more advanced ones, which included customised features, such as capabilities which allowed its operators to to steal credit cards and onlin

Security researcher Jonathan Brossard created a proof-of-concept hardware backdoor called Rakshasa that replaces a computer's BIOS (Basic Input Output System) and can compromise the operating system at boot time without leaving traces on the hard drive. In short, firmware is software that is stored in non-volatile memory on a computer chip, and is used to initialise a piece of hardware's functionality. In a PC, the BIOS is the most common example of firmware but in the case of wireless routers, a whole Linux operating system is stored in firmware. Hardware backdoors are lethal for three reasons: They can't be removed by conventional means (antivirus, formatting). They can circumvent other types of security (passwords, encrypted file systems). They can be injected during manufacturing. Rakshasa, named after a demon from the Hindu mythology, is not the first malware to target the BIOS the low-level motherboard firmware that initializes other hardware components. Rakshasa replac

Whenever an important event takes place, new opportunities for cyber criminals, especially for those who develop attacks based on social engineering, arise. Currently, the whole world has its eyes glued to TV screens watching the London 2012 Olympic Games. Anti-malware and anti-virus solutions provider Webroot has issued a warning that an app app called " London Olympics Widget ," which is described as an app that displays aggregated Olympic news coverage. In fact, it's really just harvesting the user's contact list and device ID while reading up on SMS messages too. The package name is 'com.games.London.Olympics.widget'. This app has a digital certificate claiming it was developed in New Delhi, India. For this scam, cybercriminals create websites that are very appealing; some even look very professional that they make it seem that you are close to having access to live programming. Researchers explain that the crooks rely on black hat SEO techniques to make sure t

Website of the Southern Railways www.southernrailway.gov.in has been defaced apparently by Pakistani hackers. The hacker group that calls itself ' Pak Cyber Pyrates ' replaced the home page of the website with a page with content that denounces India's role in Kashmir. Indian and Pakistani hacking groups are engaged in a cyber war of sorts with websites in both the countries being regularly attacked and defaced.

At DEFCON 20, Raphael Mudge the developer of Armitage released the most significant update to Armitage. Armitage is now fully scriptable and capable of hosting bots in acollaborative hacking engagement. Raphael Mudge is the founder of Strategic Cyber LLC, a Washington, DC based company that creates software for red teams. He created Armitage for Metasploit, the Sleep programming language, and the IRC client jIRCii. Previously, Raphael worked as a security researcher for the US Air Force, a penetration tester, and he even invented a grammar checker that was sold to Automattic.  Raphael talk about Cortana scripting language for Cobalt Strike and Armitage. Cortana allows you to write scripts that automate red team tasks and extend Armitage and Cobalt Strike with new features. This technology was funded byDARPA's Cyber Fast Track program and it's now open source . Armitage a red team collaboration tool built on the Metasploit Framework. Cobalt Strike is Armitage's commercial b

Business networking site LinkedIn has announced it took a hit of up to $1 million due to one of the year's largest reported data breaches . LinkedIn spent between $500,000 and $1 million on forensic work after a large number of passwords were breached, LinkedIn CFO Steve Sordello said on the company's earnings call today. He said the 175-million-member company continued to strengthen its website's security and is expected to add $2 million to $3 million in costs in the current quarter toward those efforts. " Part of adding value to our members every day means ensuring that their experience on LinkedIn is safe and secure ," he said. " Since the breach, we have redoubled our efforts to ensure the safety of member account on LinkedIn by further improving password strengthening measures and enhancing the security of our infrastructure and data. The health of our network as measured by number of growth and engagement remains as strong as it was prior to the incident ." After

On Friday, Reuters blog platform was hacked with false posts and on Saturday, the @ReutersTech account on Twitter was taken over and renamed @TechMe. False tweets were sent before it was taken down. The first attack came Friday after Syrian hackers loyal to President Bashar al-Assad allegedly gained access to Reuters' blogging platform, which they used to post a fake interview with rebel Free Syrian Army (FSA) leader Riad al-Assad. The interview essentially said the general was withdrawing troops after a battle. Presumably, the same hackers are responsible for also compromising a Reuters Twitter account dedicated to technology news, which has about 17,500 followers. Reuters confirmed the breach today in a tweet on its main Twitter account: Earlier today @ReutersTech was hacked and changed to @ReutersME. The account has been suspended and is currently under investigation Several of the updates posted on the hacked Reuters account, which claimed that rebels in the city of Aleppo had

Chinese telecoms equipment suppliers have previously been criticized for allegedly being security risks. Huawei is working with British spooks to prove that it has no backdoors in its products which would allow Chinese agents to snuffle Her Majesty's secrets. The U.S. and Australia have made clear their distrust of one of the world's biggest telecoms company. The Australian government, for instance, banned the company from participating in bids for its national broadband network due to potential spying threats. Huawei, which has grown to become one of today's dominant telecommunications equipment companies, is likewise constantly under threat because of what some might call China-bashing. Over the past ten years or so, Chinese telecoms firms such as Huawei and ZTE, another telecoms-equipment provider, have expanded from their vast home market to become global players. Huawei is becoming an increasingly powerful global player, capable of going head-to-head with the best in intens