The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Security researcher Andres Blanco from CoreSecurity discovered a serious vulnerability in two Wireless Broadcom chipsets used in Smartphones. Broadcom Corporation, a global innovation leader in semiconductor solutions for wired and wireless communications. Broadcom BCM4325 and BCM4329 wireless chipsets have been reported to contain an out-of-bounds read error condition that may be exploited to produce a denial-of-service condition. Other Broadcom chips are not affected. The CVE ID given to issue is  CVE-2012-2619 . In advisory they reported that this error can be leveraged to denial of service attack, and possibly information disclosure. An attacker can send a RSN (802.11i) information element, which causes the Wi-Fi NIC to stop responding. Products containing BCM4325 chipsets: Apple iPhone 3GS Apple iPod 2G HTC Touch Pro 2 HTC Droid Incredible Samsung Spica Acer Liquid Motorola Devour Ford Edge (yes, it's a car) Products containing BCM4329 chipsets: Apple iPhone 4 Ap

Italian Anonymous hackers has released 1.35 Gigabyte data from the Italian State Police (Polizia di Stato). The Hack was announced on Monday via The Official Blog of Italy Anonymous . Data uploaded on torrent and available for download . The group has started a campaign named #AntiSecITA. " Anonymous group in Italy appears less active respect other countries, and this has misled those who have been victims of their attacks. Too much Italian security professionals consider the group as a disorganized collective unable to cause serious problems to the political reality of the country ."  Security Affairs  mention. Hacker upload some sample folder which contains assorted material from the archives, like details about wiretaps from Telecom Italia and confidential technical information about interception devices. Information taken from state police servers and portals include police reports, mobile phone numbers, personal email, information on salaries, and soft-porn pictures, 

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

If you think that having a USB Token Smartcard is extremely secure for Digital signatures or other activities, you may be wrong! The research done by Paul Rascagneres can remotely give access to victims smartcard! What makes the attack unique is it uses a keylogger to get the PIN or password and exports the complete USB device in raw to a command and control server (C&C) and uses a device driver to let the attacker use the victims smartcard remotely! The attack also impacts the eID (Belgium identity card) and millions of USB Tokens for Digital Signatures in India by Directors, Secretaries and CA firms for filing returns and signing corporate documents! To be showcased at MalCon next month - we asked Paul a few questions: Does the malware infect the PC or the smartcard? - The malware infects the PC not the hardware. So the attacker can use the smartcard of the victim remotely? - Exactly, the attacker can remotely use a smartcard connected to an infected computer. What makes

Yesterday Anonymous deface the UK Police Online web forum (https://www.ukpoliceonline.co.uk) and stole the private emails addresses of various members. The Metropolitan Police's e-Crime unit is investigating the hack and said that no computer system run by the police force had been hacked. The Hack was originally announced by an Anonymous Twitter account - Operation Jubilee (OpJubilee) , they post a mirror url of defaced page. This hack was one of the part of OpJubilee. ANONYMOUS OPERATION JUBILEE :  Under this there will be Rally of Millions people To Parliament, London on 5th of November 2012. As planned this will be a peaceful gathering at the Parliament Building in London to declare the true jubilee. Hackers send out emails to the former officers whose details were obtained during hack, with a subject line: " A message to the police and armed forces ". Message body: " Hello members of our UK police and armed forces" and called for recipients to "st

Over 60 Barnes & Noble stores have been used by hackers to gain the credit card data, including the PINs, of customers. The New York  company is warning customers to check for unauthorized transactions and to change their personal identification numbers or PINs. It hasn't said how many accounts may have been compromised. The scheme didn't affect Barnes & Noble's Nook tablets or mobile apps, the chain's member database, or any Barnes & Noble College Bookstores. B&N says it caught the problem in mid-September, and that it's safe now to use credit and debit cards at its stores. The New York Times reported that the hackers had already made purchases on some customer credit cards. Federal authorities are investigating. Barnes & Noble said it is working with banks and card issuers to identify compromised accounts so that additional fraud-protection measures can be taken. All keypads at the stories have been removed and shipped to a site where they c