The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The Windows version of Crisis , a piece of malware discovered in July, is capable of infecting VMware virtual machine images, Windows Mobile devices and removable USB drives, according to researchers from antivirus vendor Symantec.The installer was actually a Java archive (JAR) file which had been digitally signed by VeriSign. Crisis is distributed via social engineering attacks that trick users into running a malicious Java applet. The applet identifies the user's OS, Windows or Mac OS X and executes the corresponding installer. " The threat uses three methods to spread itself: one is to copy itself and an autorun.inf file to a removable disk drive, another is to sneak onto a VMware virtual machine, and the final method is to drop modules onto a Windows Mobile device ," Symantec explained in a blog post . Malware authors are putting significant efforts into making sure that new variants of their Trojan programs are not detected by antivirus products when they are released. Also

The website of  the Moscow district court that sentenced three members of the band Pussy Riot to jail has been attacked by hackers posting anti-Putin messages. As well as the anti-Putin slogan Anonymous Russia posted an appeal for the band's release as well as a video clip of one of the band's songs.The slogan read: " Putin's thieving gang is plundering our country, wake up comrades! " In a message posted on the website, the hackers said the in Russian that :  We are American group Anonymous. We don't forget and we don't forgive. Justice system has to be transparent. Pussy [Riot's members] are alive. Another caption called for the release of the band's jailed members - Nadezhda Tolokonnikova, 22, Marina Alyokhina, 24, and Yekaterina Samutsevich, 30. Jude Marina Syrova said that the women had grossly violated public order and " deeply insulted the faith of the believers with their disrespectful criminal act " when they took over a church pulpit in Moscow's Christ the Savior cathed

The amount of malware crafted and aimed at Android devices is ever-increasing. With Android being the most popular platform for smartphones and tablets around the world, Android users have become the low-hanging fruit when it comes to writing malware by the nefarious users. A new Android threat has affected 500,000 devices in China so far. Analysts at TrustGo Security Labs have discovered the Trojan!SMSZombie.A. It is a complex and sophisticated malware that exploits a vulnerability in the China Mobile SMS Payment System to fund unauthorised payments, steal bank card numbers and receipt information regarding money transfers. The trojan is difficult to detect, and even more difficult to remove.  SMSZombieA was first discovered on August 8, and the malware is embedded in several wallpaper apps. The wallpaper apps are noted to use provocative titles and nude images to encourage users to download. The trojan installs itself on a device after its user has downloaded and installed the app

Permissions in SaaS platforms like Salesforce, Workday, and Microsoft 365 are remarkably precise. They spell out exactly which users have access to which data sets. The terminology differs between apps, but each user's base permission is determined by their role, while additional permissions may be granted based on tasks or projects they are involved with. Layered on top of that are custom permissions required by an individual user.  For example, look at a sales rep who is involved in a tiger team investigating churn while also training two new employees. The sales rep's role would grant her one set of permissions to access prospect data, while the tiger team project would grant access to existing customer data. Meanwhile, special permissions are set up, providing the sales rep with visibility into the accounts of the two new employees. While these permissions are precise, however, they are also very complex. Application admins don't have a single screen within these applications th

AuthenTec, a leading provider of mobile and network security, today introduced a new security offering that provides military-grade encryption to data stored on today's Android smartphones and tablets without sacrificing device performance. AuthenTec's MatrixDAR(TM) for Android meets the stringent requirements of FIPS 140 certification.  MatrixDAR allows for full disk encryption in both the device and its storage media and incorporates AuthenTec's SafeZone software. This expands the company's security services for data-in-transit over SSL and IPSec connections and data-as-rest stored on a mobile device. It prevents unauthorized access and renders the smartphone or tablet useless if lost or stolen. AuthenTec offers the product for OEMs to directly install on devices, allowing IT departments to avoid installation of separate encryption software. " Our new MatrixDAR offering gives smartphone and tablet OEMs the ability to easily integrate military-grade FIPS 140-cert

It is now possible to hack the human brain ? YES ! This was explained researchers at the Usenix Conference on Security, held from 8 to 10 August in Washington State. Using a commercial off-the-shelf brain-computer interface, the researchers have shown that it's possible to hack your brain, forcing you to reveal information that you'd rather keep secret. In a study of 28 subjects wearing brain-machine interface devices built by companies like Neurosky and Emotiv and marketed to consumers for gaming and attention exercises, the researchers found they were able to extract hints directly from the electrical signals of the test subjects' brains that partially revealed private information like the location of their homes, faces they recognized and even their credit card PINs. Brain-computer interface or BCIs are generally used in a medical setting with very expensive equipment, but in the last few years cheaper, commercial offerings have emerged. For $200-300, you can buy an Emotive or Ne

Julian Assange made a speech today from the balcony of the Ecuadorian Embassy in London and I felt a primal urge brought on by the fact that this man, in all his manly glory, has stuck his proverbial neck out for the essence of life. Truth and Justice. He is a handsome and articulate man, fighting for the basic rights of every human being on the planet. What could be more sexy? Putting aside husbands, lovers, friends, and professional media, he can Wik my Leaks anytime he wants. Julian started by reminding us that he is there because he can't be elsewhere. He blended his thanks for Ecuador's stand for justice with the announcement of an emergency meeting of Latin American countries next Friday specifically to address his situation and to defend the right of asylum. He made a straight forward statement that the United States must return to the values it was founded on and " Obama must do the right thing ." Bradley Manning must be released and " he is a hero and example to all

A team of Hackers called, " r00tBeer Security Team " today hack into official blog of Advanced Micro Devices (AMD) which is a American multinational semiconductor company. AMD is the second-largest global supplier of microprocessors based on the x86 architecture and also one of the largest suppliers of graphics processing units. Hacker deface the blog page ( https://blogs.amd.com/wp-content/r00tbeer.html ) and also leak the complete user database of blog on his twitter account. Leaked database SQL file uploaded on Mediafire by Hackers which include 200 AMD user's Emails, Wordpress Blog Usernames and Passwords. During the time of writing, I think AMD is not aware about that they are the Victim of a Hack attack. We are tweeting to the AMD team for informing them. Screenshot of Hack as shown below: Now only AMD, these hackers also hack another High Profile website called " TBN - The Botting Network ", A Popular forum to learn How to make Money with 96000 member

A rather serious security flaw in the iPhone 's SMS messaging system has been discovered and revealed by well-known security researcher and jailbreak extraordinaire 'pod2g'. Security flaw affecting all iPhones that he says could facilitate hackers or thieves to access your personal information. The researcher claims that the flaw has actually been present in Apple's iPhone software ever since the first iPhone was launched in 2007, but has failed to have been picked up on by anybody, including Apple it seems. Researcher revealed an SMS spoofing flaw that affects every version of Apple's mobile OS. Using the flaw, hackers could spoof their identities via text and send messages asking for private information (by pretending to be from a users' bank, for example), or direct users to phishing sites. Users would be under the impression they were replying to the sender displayed on the screen of their iPhone, when in fact the text would be routed through to a different number without their

Malware researchers have uncovered an attack targeting an organization in the energy industry that attempts to wreak havoc by permanently wiping data from an infected computer's hard drive and rendering the machine unusable. Symantec would not name the victimized firm, and so far has seen the attack only in this one organization. W32.Disttrack is a new threat that is being used in specific targeted attacks against at least one organization in the energy sector. It is a destructive malware that corrupts files on a compromised computer and overwrites the MBR (Master Boot Record) in an effort to render a computer unusable. W32.Disttrack consists of several components: Dropper—the main component and source of the original infection. It drops a number of other modules. Wiper—this module is responsible for the destructive functionality of the threat. Reporter—this module is responsible for reporting infection information back to the attacker. " Ten years ago we used to see pur

 Hello faithful readers and new comers to our magazine! We are very sorry to have missed publishing the July issue, however, we were busy at work putting on the THE HACKERS CONFERENCE in Delhi, India. We had a fantastic turn out and professional, informative speakers. We plan to have another conference on Internet Security in September next year and hope to see you there! For now, enjoy all the good information on Botnets in our August edition and thank you again for your continued support. Download Magazine