The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Roland Dela Paz (Threat Researcher) at TrendMirco reported that last year a Malware Campaign to target specific users in Japan, China, and Taiwan once again on rise using new breed of Remote Access Tool (RAT) called Plugx (also known as Korplug). This new custom made version comes for less recognition and more elusiveness from security researchers. He also mention that last year campaign used the Poison Ivy RAT, but now its Plugx take its place. " Similar to previous Poison Ivy campaigns, it also arrives as an attachment to spear-phished emails either as an archived, bundled file or specially crafted document that exploits a vulnerability in Adobe Acrobat Reader or Microsoft Office. We've also encountered an instance of Plugx aimed at a South Korean Internet company and a U.S. engineering firm ." Roland mentioned . The attached pdf exploits CVE-2010-2883 (with  Plugx  (RAT) payload connects to a command and control (C&C) server named {BLOCKED}eo.flower-show.org. CVE-2

Another Funny news, today India's most popular but Self Claimed Hacker - Ankit Fadia's website just got hacked by a 17 Year old kid Kul Verma. His official Website https://ankitfadia.in/ got hacked and seems like his Hosting Provider has suspended his website on noticing something not correct with his site. Hacker hacked by a kid, this Questions the capability of Mr. Ankit Fadia once again. We all know that, its not the 1st time Fadia's Website got hacked. In past several young hackers claim to hack and deface his Website. Hacker claim the responsibility on the Facebook Fanpage , says " 17 years old.Love to Hack " and statement " Come Catch if You Can ". If you want to see deface page, please have a look to the Mirror link .

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

GoDaddy.com, which hosts millions of websites mostly for small businesses, said Monday it was investigating an outage that had knocked some of its customers offline. A hacker using the " Anonymous Own3r " Twitter account claimed credit for the outage, " Hello https://godaddy.com/ now yes! all servers #tangodown by @AnonymousOwn3r ," a tweet said. We talk with  Anonymous Own3r to find out the way he used to take down this giant server. Hacker said," I am using thousand of Hacked server as bots to perform the attack. Sending dos attack commands using IRC  to all of them together. I just upload IRC connect on each server to control my every slave by commands ." On further talk, we came to know that he use  DDOS IRC Bot script , available on Pastebin . Its really easy to use, hack randomly hundreds of Servers online and upload your Script. Now just via IRC you can control your slaves to perform a huge DDOS attack. Email services from the company, and GoDaddy

Hacking has always been inherently a young person's game. The first usage of the word "hacker" was to describe pranksters meddling with the phones at MIT. Many hackers have cited boredom, a desire for change, or the thrill of going somewhere one is not supposed to go as their motivation for hacking, all of which could apply to scores of common activities on college campuses. While today's hacking scene is dominated by large hacking groups like Anonymous and Masters of Deception, many of the greatest hacks ever have been pulled off by college, high school, and even middle school kids who rose to infamy armed only with a computer and the willingness to cross the bounds of legality. 1.) Sven Jaschan: In the words of one tech expert , "His name will always be associated with some of the biggest viruses in the history of the Internet." The viruses: the Sasser and NetSky worms that infected millions of computers and have caused millions of dollars of damage since their release in 2004. The

Al-Jazeera says hackers have targeted the Qatar-based TV satellite channel for the second time in a week, sending out false news reports on its mobile sms service. Al Jazeera confirm the hack in a tweet ," We'd like to inform our subscribers that Aljazeera sms sevice is being compromised by pirates and they've sent fake news news with no basis " " The story claiming that the Prime Minister (Sheikh Hamad bin Jassem) has been the target of an assassination attempt in the royal palace is completely false and was a result of hacking of the service ," the channel said in breaking news. A pro-Damascus group known as the Syrian Electronic Army quickly claimed responsibility for the Sunday hack on Twitter.  Social networks, including Twitter, quoted Al-Jazeera's mobile service on Sunday as saying that Sheikh Hamad was targeted in an attack on the palace in Doha and that the wife of the emir, Sheikha Moza bint Nasser, was lightly wounded. Hackers posted a pro-Syrian stateme

Last month, those assholes in the California State Assembly passed a resolution urging state educational institutions to more aggressively crack down on criticism of the State of Israel on campuses, which the resolution defines as "anti-Semitism." The anti-democratic resolution is the latest step in the broader campaign to stifle and suppress dissent on California's increasingly volatile campuses. Get this, it passed without public discussion. The vote on the resolution came when most students were between semesters and away from their campuses. The resolution uses the classic trick employed by defenders of Israel's Zionist regime: lumping together any criticism of the Israeli state's policies or of the US government's support for them with racist attacks on Jews. The bulk of the resolution is dedicated to defining criticism of the state of Israel as "anti-Semitism."  It lists the following as examples of "anti-Semitism": • "language or behavior [that] demonizes and delegitimizes Is

Iranian National Computer Emergency Response Team releases a tool for Gauss malware detection . Cyber surveillance virus has been found in the Middle East that can spy on banking transactions and steal login and passwords, according Kaspersky Lab, a leading computer security firm. Gauss primarily infects 32-bit versions of Windows, though a separate spy module for USB drives can collect information from 64-bit systems. Infections are mainly split between Windows 7 and Windows XP, although some of the Gauss modules don't work against Windows 7 Service Pack 1. Mac and Linux machines appear to be safe. Multiple modules of Gauss serve the purpose of collecting information from browsers, which include the history of visited websites and passwords. Detailed data on the infected machine is also sent to the attackers, including specifics of network interfaces, the computer's drives and BIOS information. The Gauss module is also capable of stealing data from the clients of several Leb

Two security researchers claim to have developed a new attack that can decrypt session cookies from HTTPS (Hypertext Transfer Protocol Secure) connections. From the security researchers who created and demonstrated the BEAST (Browser Exploit Against SSL/TLS) tool for breaking SSL/TLS encryption comes another attack that exploits a flaw in a feature in all versions of TLS. The new attack has been given the name CRIME by the researchers.The CRIME attack is based on a weak spot in a special feature in TLS 1.0, but exactly which that feature is has not been revealed by the researchers. They will say that all versions of TLS/SSL including TLS 1.2, on which the BEAST attack did not work are vulnerable. Once they had the cookie, Rizzo and Duong could return to whatever site the user was visiting and log in using her credentials. HTTPS should prevent this type of session hijacking because it encrypts session cookies while in transit or when stored in the browser. But the new attack, devis

Julian Assange's mother, Christine Assange has done an excellent job of compiling the facts surrounding the issue of Julian's extradition case. Please, everyone share this, copy it, email it and send it to your elected officials and congressional representatives. The truth is what will set Julian Assange free and he must be freed immediately. Assange Extradition Fact Sheet 1) Julian Assange is not charged with anything in Sweden or any other country. [Source: @wikileaks ] 2) Julian Assange did not flee Sweden to avoid questioning. He was given permission to leave the country on the 15th September 2010, after remaining 5 weeks in Sweden for the purpose of answering the allegations made against him. [Source: Undue delay for Julian Assange's interrogation ] 3)  The case against Julian Assange was initially dropped, and deemed so weak it could not warrant investigation. After the intervention of a Swedish politician close to American diplomats, it was revived by a different prosec

A new Ransomware Malware dubbed Gaeilge  locks up an infected computer and attempts to extort €100 from the user for an unlock code. The demand for cash reportedly appeared in poorly written Gaelic, and the software nastie was spotted on a computer in County Donegal, Ireland. Gaeilge tell computer users that attempts to access online pornography sent it into shut-down mode. But instead of giving in to the monetary request, the victim took the compromised machine to the repair store, The Register said . Ransomware  (also referred to in some cases as cryptoviruses, cryptotrojans or cryptoworms) comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Technician Brian McGarvey of Techie2u computer repairs told that it was the first time he'd come across a virus written in the Irish language during his 12 years of experience in the job. " It'