The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A group has hacked the French website for the EuroMillions lottery (https://euromillions.fr/) with warnings denouncing gambling as the work of the devil. A group going by name " Moroccanghosts ", posted the message in Arabic and French  - " Oh you believers. Wine, games of chance, statues all augur impurity and are the work of the devil. " It exhorted people to quit gambling, saying it was used by the devil along with alcohol to " sow hatred between yourselves and turn you away from God and prayer ". The company behind the site, Francaise des Jeux, took the passage down and the site was unavailable from last 12 hours later, but now Euromillions.fr  redirects to https://www.fdj.fr , the secure website of the firm that runs the Euromillions lottery in France. The Twitter user Moroccanghosts appeared to threaten that other gambling sites could be next. So there may be more attacks. France has a population of 65 million, including an estimated four million Mu

So you just bought a new Android-based smartphone, what comes next? What else but the most exciting part downloading the right apps to boost its functionality. Android gives you the freedom to personalize your device, which has made it attractive to those who want their smartphones to be as unique as possible " Many apps will ask you to grant them network access so they can download updates. Others seek permission to read your phone's state and identity so calls won't disrupt them from doing what they're doing. Unfortunately, these permissions can be abused for criminal intentions. " Trendmicro  said in report. Before android applications was abusing permissions to access user's personal data, but now new generations of adware targeting Android smartphones are increasingly violating user privacy by grabbing personal information and using it without permission. Adware is software that is used to gather information about the users. This information

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Raymond announce X-Ray 2.0, a program which is frontend for VirusTotal multi scanner. X-Ray will provide users with automatic submission of files that you think are suspicious to 35 (Agnitum, Antiy Labs, Avast, AVG, Avira, Bitdefender, QuickHeal, ClamAV, Comodo, Dr.Web, Emsisoft, ESET, F-Prot, F-Secure, Fortinet, Hacksoft, Ikarus, K7Antivirus, Kaspersky, Kingsoft, McAfee, Microsoft, Norman, nProtect, Panda, PC Tools, Rising, Sophos, SUPERAntiSpyware, Symantec, TotalDefense, TrendMicro, VBA32, Vipre, ViRobot). Key Features: - Abort upload progress - Retrieve latest scan report from VirusTotal (API 2.0) - Send file to VirusTotal for scanning (API 2.0) - Automatic failover when chosen method for sending files to VirusTotal fails. - Two methods of sending files to VirusTotal (Email and API) - Copying MD5 hash and results to clipboard via right click context menu. - History (VirusTotal detection report and Analysis Submission date & time) - Clear History - Change submission method for

Symantec provide overview and analysis of the year in global threat activity via its Internet Security Threat Report (ISTR) , with a exclusive details that 400 million new variants of malware were created in 2011, which is an average of 33 million new variants of malware a month, or an average of one million new variants a day. The report is based on data from the Global Intelligence Network, which Symantec's analysts use to identify, analyze, and provide commentary on emerging trends in attacks, malicious code activity, phishing, and spam. Here are some highlights from the threat landscape of 2011. " It is impossible to manually analyze such a large number of sample files, so it is therefore necessary to use an automated threat analysis system to analyze sample behavior and prioritize the files that virus definitions should be created for ." Symantec said in a blog post. Political activism and hacking were two big themes in 2011 themes that are continuing into 2012

One of the most awaited occasions in a year is your birthday, same way we are today celebrating ' The Hacker News ' 2nd Birthday week from on 28th October-3rd November 2012. Originally founded on 1st November 2010 by Mohit Kumar , ' The Hacker News ' was the very First dedicated Hacking and Security News website available on Internet, Now been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers. We are happy to announce that this project is now Supported and endorsed by thousands of Security Experts, administrators and members of various underground hacking groups and communities worldwide.  With the need for information security solutions becoming more critical, In these two years we served updates to over 30 Million Readers through various projects including Daily happenings of Hacking & Security community via The Hacker News , A most comprehensive and informative collection of security, hacking, a

Internet Activist and collective hacker group "NullCrew" released a huge dump of 7,000 names-passwords database from US Government websites and 2000 names-passwords database from Military websites. Hacker claimed to hack into five websites, including Montana's Official State Website, United Nations, Louisiana Department of Environmental Quality, Texas Juvenile Justice Department, Force Health Protection & Readiness, domains are -  unescoetxea.org , www.mt.gov , www.la.gov, www.texas.gov and fhpr.osd.mil respectiverly. Few days back two Nullcrew members,  null and 0rbit_g1rl claimed to perform the hack into above sites using few vulnerabilities such as " Unproperly sanitized code, leading to disclosure of all files on a server and Boolean blind SQL injection " and they threatened to release the database soon. Today in a announcement via Twitter, hacker leaked the Database including 2000 and more Military, Air Force and Army officials us

A high degree of stealthiness over a prolonged duration of operation in order to do a successful cyber attack can be defined as Advanced Persistent Threat. The attack objectives therefore typically extend beyond immediate financial gain, and compromised systems continue to be of service even after key systems have been breached and initial goals reached. Today's successful targeted attacks use a combination of social engineering, malware, and backdoor activities. Nart Villeneuve and James Bennett (Senior Threat Researcher) from Trend Mirco provide an  ultimate guide for Detecting (APT) Advanced Persistent Threat activities with Network Traffic Analysis , that can be used to identify malware command-and control (C&C) communications related to these attacks, illustrating how even the most high-profile and successful attacks of the past few years could have been discovered. Paper cover Detecting Remote Access Trojans like The GhostNet, Nitro attack, RSA Breach, Taidoor campaign, Sy

Yesterday, we report about the security breach in US Government computers belongs to NASA  restricted area website and Hacker dump out the complete source code and files from server of the website. Today another hacker claim a quick XSS (Cross site scripting) Vulnerability in NASA's Jet Propulsion Laboratory website (https://onearth.jpl.nasa.gov/) via a pastebin note. Hacker is going by name " Antraxt Hacker " and said about vulnerability exposure that,"I just want to proof that NASA is and never will be secured as human kind thinks they are". The xss vulnerable link is disclosed in pastebin note. I feel this not a offensive hack by hacker, even NASA should take advantage of free of cost Penetration testing services from individual like , who even not looking for Bug Bounties.

Julian Assange publish a book based on his interview " Cypherpunks " on " The World Tomorrow ", his controversial talk show, with the people he believes know the solution to the problems of privacy and freedom. The book called ' Cypherpunks: Freedom and the Future of the Internet ,' was written by Assange with three co-authors: Jacob Appelbaum, Jeremie Zimmermann and Andy Muller-Maguhn. Description of this 192 pages book describes, " Cypherpunks are activists who advocate the widespread use of strong cryptography (writing in code) as a route to progressive change. Julian Assange, the editor-in-chief of and visionary behind WikiLeaks, has been a leading voice in the cypherpunk movement since its inception in the 1980s ." Assange said, " In March 2012 I gathered together three of today's leading cypherpunks to discuss the resistance ,  Two of them, besides myself, have been targeted by law enforcement agencies as a result of their work to safeguard priva

A number of Israel's government offices have fallen victim to a cyber attack over the past week, one apparently aimed at slipping a "Trojan horse" into the computer servers at these ministries. Israeli police immediately pulled the national computer network from the civilian Internet after this cyber threat . A Trojan horse has been sent as files attached to emails bearing the name of the IDF Chief of Staff Benny Gantz in the subject line. According to the reports from haaretz ,A senior government clerk stressed that the threat facing the police was being investigated by experts. It is also not clear that either breach involved a wide-scale cyber-attack, or a virus infecting only a few computers. Government employees were advised not to open their emails or Facebook messages if such strange activity was noticed. Dozens of identical emails were sent Wednesday to Israel embassies abroad and to Foreign Ministry employees in Israel. The intelligence tip did not indicate t

" Browser extensions extend the functionality of the web browser. These extensions improve the appearance, functionality, security or other parts of the browser. Extensions were also developed with malicious intent, in order to generate revenue or just spread the code between more and more browsers. The possibility of a malicious browser extension is almost infinite, but we have not seen very powerful malicious extensions yet. " Security researcher Zoltan Balazs has developed a remote-controlled piece of malware that functions as a browser extension. The researcher plans to release the malware's source code on GitHub during a presentation at the Hacker Halted security conference in Miami next Tuesday This Malwaretize Browser extensions is capable of modifying Web pages, downloading and executing files, hijacking accounts, bypassing two-factor authentication security features enforced by some websites, and much more. Balazs is also expected to demonstrate how the proof

The South Carolina Department of Revenue has announced that millions of Social Security numbers and debit/credit card numbers have been compromised. Hackers from outside the United States recently penetrated the website for South Carolina's Department of Revenue and reportedly made off with 3.6 million Social Security numbers and 16,000 unencrypted credit and debit card numbers. According to the statement, investigators discovered that a hacker attempted to access the system several times in August and September. The statement said it is believed the hacker successfully obtained data for the first time in mid-September. " We are taking immediate steps to protect the taxpayers of South Carolina, including providing one year of credit monitoring and identity protection to those affected ." Haley says Friday was the earliest they could announce the breach to allow law enforcement personnel to do their jobs and keep the chance of catching the hacker. Haley says the