The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Al-Jazeera says hackers have targeted the Qatar-based TV satellite channel for the second time in a week, sending out false news reports on its mobile sms service. Al Jazeera confirm the hack in a tweet ," We'd like to inform our subscribers that Aljazeera sms sevice is being compromised by pirates and they've sent fake news news with no basis " " The story claiming that the Prime Minister (Sheikh Hamad bin Jassem) has been the target of an assassination attempt in the royal palace is completely false and was a result of hacking of the service ," the channel said in breaking news. A pro-Damascus group known as the Syrian Electronic Army quickly claimed responsibility for the Sunday hack on Twitter.  Social networks, including Twitter, quoted Al-Jazeera's mobile service on Sunday as saying that Sheikh Hamad was targeted in an attack on the palace in Doha and that the wife of the emir, Sheikha Moza bint Nasser, was lightly wounded. Hackers posted a pro-Syrian stateme

Last month, those assholes in the California State Assembly passed a resolution urging state educational institutions to more aggressively crack down on criticism of the State of Israel on campuses, which the resolution defines as "anti-Semitism." The anti-democratic resolution is the latest step in the broader campaign to stifle and suppress dissent on California's increasingly volatile campuses. Get this, it passed without public discussion. The vote on the resolution came when most students were between semesters and away from their campuses. The resolution uses the classic trick employed by defenders of Israel's Zionist regime: lumping together any criticism of the Israeli state's policies or of the US government's support for them with racist attacks on Jews. The bulk of the resolution is dedicated to defining criticism of the state of Israel as "anti-Semitism."  It lists the following as examples of "anti-Semitism": • "language or behavior [that] demonizes and delegitimizes Is

To minimize the risk of privilege misuse, a trend in the privileged access management (PAM) solution market involves implementing just-in-time (JIT) privileged access. This approach to  privileged identity management  aims to mitigate the risks associated with prolonged high-level access by granting privileges temporarily and only when necessary, rather than providing users with continuous high-level privileges. By adopting this strategy, organizations can enhance security, minimize the window of opportunity for potential attackers and ensure that users access privileged resources only when necessary.  What is JIT and why is it important?   JIT privileged access provisioning  involves granting privileged access to users on a temporary basis, aligning with the concept of least privilege. This principle provides users with only the minimum level of access required to perform their tasks, and only for the amount of time required to do so. One of the key advantages of JIT provisioning

Iranian National Computer Emergency Response Team releases a tool for Gauss malware detection . Cyber surveillance virus has been found in the Middle East that can spy on banking transactions and steal login and passwords, according Kaspersky Lab, a leading computer security firm. Gauss primarily infects 32-bit versions of Windows, though a separate spy module for USB drives can collect information from 64-bit systems. Infections are mainly split between Windows 7 and Windows XP, although some of the Gauss modules don't work against Windows 7 Service Pack 1. Mac and Linux machines appear to be safe. Multiple modules of Gauss serve the purpose of collecting information from browsers, which include the history of visited websites and passwords. Detailed data on the infected machine is also sent to the attackers, including specifics of network interfaces, the computer's drives and BIOS information. The Gauss module is also capable of stealing data from the clients of several Leb

Two security researchers claim to have developed a new attack that can decrypt session cookies from HTTPS (Hypertext Transfer Protocol Secure) connections. From the security researchers who created and demonstrated the BEAST (Browser Exploit Against SSL/TLS) tool for breaking SSL/TLS encryption comes another attack that exploits a flaw in a feature in all versions of TLS. The new attack has been given the name CRIME by the researchers.The CRIME attack is based on a weak spot in a special feature in TLS 1.0, but exactly which that feature is has not been revealed by the researchers. They will say that all versions of TLS/SSL including TLS 1.2, on which the BEAST attack did not work are vulnerable. Once they had the cookie, Rizzo and Duong could return to whatever site the user was visiting and log in using her credentials. HTTPS should prevent this type of session hijacking because it encrypts session cookies while in transit or when stored in the browser. But the new attack, devis

Julian Assange's mother, Christine Assange has done an excellent job of compiling the facts surrounding the issue of Julian's extradition case. Please, everyone share this, copy it, email it and send it to your elected officials and congressional representatives. The truth is what will set Julian Assange free and he must be freed immediately. Assange Extradition Fact Sheet 1) Julian Assange is not charged with anything in Sweden or any other country. [Source: @wikileaks ] 2) Julian Assange did not flee Sweden to avoid questioning. He was given permission to leave the country on the 15th September 2010, after remaining 5 weeks in Sweden for the purpose of answering the allegations made against him. [Source: Undue delay for Julian Assange's interrogation ] 3)  The case against Julian Assange was initially dropped, and deemed so weak it could not warrant investigation. After the intervention of a Swedish politician close to American diplomats, it was revived by a different prosec

A new Ransomware Malware dubbed Gaeilge  locks up an infected computer and attempts to extort €100 from the user for an unlock code. The demand for cash reportedly appeared in poorly written Gaelic, and the software nastie was spotted on a computer in County Donegal, Ireland. Gaeilge tell computer users that attempts to access online pornography sent it into shut-down mode. But instead of giving in to the monetary request, the victim took the compromised machine to the repair store, The Register said . Ransomware  (also referred to in some cases as cryptoviruses, cryptotrojans or cryptoworms) comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Technician Brian McGarvey of Techie2u computer repairs told that it was the first time he'd come across a virus written in the Irish language during his 12 years of experience in the job. " It'

The infamous Aurora Trojan horse is just one of many attacks launched by the same group of malware authors over the past three years, according to researchers at Symantec. Security researchers with Symantec have issued a report outlining the techniques used by the so-called " Edgewood " hacking platform and the group behind it. The group seemingly has an unlimited supply of zero-day vulnerabilities. The company said that the group is well-funded and armed with more than a half-dozen unpublished security vulnerabilities. " They are definitely shifting their methodology, and there are open questions about why that is ," said Eric Chien, senior technical director for Symantec's security response group. " They may be finding that older techniques are no longer working ." " The number of zero-day exploits used indicates access to a high level of technical capability. "The researchers said that the group appears to favour "watering hole&quo

Google on Friday said it acquired online virus-scanning service, VirusTotal, a provider of a free service that detects computer viruses and other malicious software in files and websites. VirusTotal, company based in Spain with only a handful of employees, performs the free service by pooling data from scores of " antivirus engines, website scanners, file and URL analysis tools, " according to its site. Users only have to head to the online tool, select the file from their desktops, and the system is supposed to take care of the rest. The maximum file size currently supported by the service is 32MB. In a blog post on Friday, VirusTotal reps asserted that the merger is good news for consumers and bad news for malware generators for the following two reasons: The quality and power of our malware research tools will keep improving, most likely faster; and Google's infrastructure will ensure that our tools are always ready, right when you need them. "Our goal is simple:

The hacker group AntiSec released a file of a million and one UDIDs unique device identifiers which it claims to have hacked it off an FBI computer via a Java vulnerability. UDIDs are unique IDs for iPhone, iPad and iPod Touch devices. They said they obtained the file in March by hacking into the laptop of a Federal Bureau of Investigation agent in the bureau's New York field office. In an unusually lengthy note on Pastebin , a member of AntiSec said the group had culled some personal data such as full names and cell numbers from the published data. Instead, the group said it published enough information such as device type, device ID and Apple Push Notification Service tokens to let users determine whether their devices are on the list. The hackers issued a statement saying: ' During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was

The official website of one of the biggest Arabic-language news network " Al Jazeera " got hacked just now by Pro-Assad hackers called " Al-Rashedon ". If your miss the deface page, please have a look to mirror of it Here . Deface page designed with Dark color as shown in image and have some message in Arabic language, in English its " In response to your attitude against Syria, ( Syrian people and Government ) and your support to the Terrorist & Armed Groups, and sharing Fake news, your site has been hacked and this is our response to you. ( Al Rashedon hakcker group .)" Hacking group " Al-Rashedon " can be the part of " Syrain Electronic Army ", But yet Syrian Hackers didn't claim anything about this hack on their facebook page or website. The Arabic used (and the language mistakes) indicates that the hackers may be people living abroad and not native Syrians, may be these hackers belongs to Iraq. Name " Rashedon "

The Metropolitan Police have issued an urgent warning about a new ransom malware that is in circulation. Ransomware (also referred to in some cases as cryptoviruses, cryptotrojans or cryptoworms) comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. " The "malware" infects personal computers after users have accessed certain websites. *(It should be noted that there are several similar designs currently in circulation) " Ransomware typically propagates like a typical computer worm, entering a system through, for example, a downloaded file or a vulnerability in a network service. The program will then run a payload which will begin to encrypt personal files on the hard drive. More sophisticated ransomware may hybrid-encrypt the victim's plaintext with a random symmetric key and a fixed public key. The malware author is th

In JULY Kaspersky Lab and Seculert revealed the presence of a new cyber-espionage weapon known targeting users in the Middle East. Despite the recent uncovering of the 'Madhi' malware that has infected several hundred computers in the Middle East, researchers say the virus is continuing to spread. The malware, known as 'Mahdi' or 'Madi', was originally discovered by Seculert. In addition to stealing data from infected Windows computers, it is also capable of monitoring email and instant messages, recording audio, capturing keystrokes and taking screenshots of victims' computers. Working together, researchers at Seculert and Kaspersky sinkholed the malware's command and control servers and monitored the campaign. What they found was a targeted attack that impacted more than 800 victims in Iran, Israel and other countries from around the globe. Israeli security company Seculert said it had identified about 150 new victims over the past six weeks as deve