The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Security researcher Andres Blanco from CoreSecurity discovered a serious vulnerability in two Wireless Broadcom chipsets used in Smartphones. Broadcom Corporation, a global innovation leader in semiconductor solutions for wired and wireless communications. Broadcom BCM4325 and BCM4329 wireless chipsets have been reported to contain an out-of-bounds read error condition that may be exploited to produce a denial-of-service condition. Other Broadcom chips are not affected. The CVE ID given to issue is  CVE-2012-2619 . In advisory they reported that this error can be leveraged to denial of service attack, and possibly information disclosure. An attacker can send a RSN (802.11i) information element, which causes the Wi-Fi NIC to stop responding. Products containing BCM4325 chipsets: Apple iPhone 3GS Apple iPod 2G HTC Touch Pro 2 HTC Droid Incredible Samsung Spica Acer Liquid Motorola Devour Ford Edge (yes, it's a car) Products containing BCM4329 chipsets: Apple iPhone 4 Ap

Italian Anonymous hackers has released 1.35 Gigabyte data from the Italian State Police (Polizia di Stato). The Hack was announced on Monday via The Official Blog of Italy Anonymous . Data uploaded on torrent and available for download . The group has started a campaign named #AntiSecITA. " Anonymous group in Italy appears less active respect other countries, and this has misled those who have been victims of their attacks. Too much Italian security professionals consider the group as a disorganized collective unable to cause serious problems to the political reality of the country ."  Security Affairs  mention. Hacker upload some sample folder which contains assorted material from the archives, like details about wiretaps from Telecom Italia and confidential technical information about interception devices. Information taken from state police servers and portals include police reports, mobile phone numbers, personal email, information on salaries, and soft-porn pictures, 

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

If you think that having a USB Token Smartcard is extremely secure for Digital signatures or other activities, you may be wrong! The research done by Paul Rascagneres can remotely give access to victims smartcard! What makes the attack unique is it uses a keylogger to get the PIN or password and exports the complete USB device in raw to a command and control server (C&C) and uses a device driver to let the attacker use the victims smartcard remotely! The attack also impacts the eID (Belgium identity card) and millions of USB Tokens for Digital Signatures in India by Directors, Secretaries and CA firms for filing returns and signing corporate documents! To be showcased at MalCon next month - we asked Paul a few questions: Does the malware infect the PC or the smartcard? - The malware infects the PC not the hardware. So the attacker can use the smartcard of the victim remotely? - Exactly, the attacker can remotely use a smartcard connected to an infected computer. What makes

Yesterday Anonymous deface the UK Police Online web forum (https://www.ukpoliceonline.co.uk) and stole the private emails addresses of various members. The Metropolitan Police's e-Crime unit is investigating the hack and said that no computer system run by the police force had been hacked. The Hack was originally announced by an Anonymous Twitter account - Operation Jubilee (OpJubilee) , they post a mirror url of defaced page. This hack was one of the part of OpJubilee. ANONYMOUS OPERATION JUBILEE :  Under this there will be Rally of Millions people To Parliament, London on 5th of November 2012. As planned this will be a peaceful gathering at the Parliament Building in London to declare the true jubilee. Hackers send out emails to the former officers whose details were obtained during hack, with a subject line: " A message to the police and armed forces ". Message body: " Hello members of our UK police and armed forces" and called for recipients to "st

Over 60 Barnes & Noble stores have been used by hackers to gain the credit card data, including the PINs, of customers. The New York  company is warning customers to check for unauthorized transactions and to change their personal identification numbers or PINs. It hasn't said how many accounts may have been compromised. The scheme didn't affect Barnes & Noble's Nook tablets or mobile apps, the chain's member database, or any Barnes & Noble College Bookstores. B&N says it caught the problem in mid-September, and that it's safe now to use credit and debit cards at its stores. The New York Times reported that the hackers had already made purchases on some customer credit cards. Federal authorities are investigating. Barnes & Noble said it is working with banks and card issuers to identify compromised accounts so that additional fraud-protection measures can be taken. All keypads at the stories have been removed and shipped to a site where they c