The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Government eavesdropping and security agency GCHQ is developing new tools to sift through them for nuggets of useful data from Facebook, Twitter, LinkedIn, Google+, Pinterest. All of these are the source of valuable intelligence that the UK's intelligence agencies want to know about. During a visit to Bletchley Park, UK foreign secretary William Hague launched a 'spy drive' to recruit staff for GCHQ and other intelligence agencies, a National Cipher Challenge for schools, and a £480,000 grant to the home of WW2 code-breaking. " The work involves devising algorithms, testing them and general problem solving in the broad field of language and text processing. This pioneering research work is open to specialist in mathematical/statistics, computational linguists (eg speech recognition and/or language processing) and language engineering ." Job Description explains . " Using data-mining techniques, you will help us to find meaningful patterns and relationships in large

Do you believe that it is possible to shut down Facebook with a cyber attack on 5th November 2012, which is not even organised in a proper way ? Few activists on internet threatened to shut down Zynga and Facebook, after the gaming giant announced it was laying off five per cent of its work force. Most obvious like other big fake claims, this claim is also not from the activist working as Anonymous Genuinely. Generally I am strong supporter of Anonymous or Wikileaks but the Idea behind Anonymous have lots of Pro and Con. I ask some Anonymous (who are actually managing major operations) to comment about the attack scheduled on 5th November by some unknown anonymous group, and their reply was simply -- " FAKE " . Facebook , Twitter and other social media sites and News organisations are giving you platform for spreading information, they are your voice with an amplifier. Do you think you can use your MIC after unplugging is ? If yes, then think again... Me

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Google is bringing a host of new features to its Android 4.2 Jelly Bean operating system designed to increase productivity, creativity and peace of mind and some very promising security improvements including: client side malware protection, Security Enhanced Linux, and always-on VPN . Most important Security Improvements in Android 4.2 is that it now includes a service based on Bouncer that works with all apps, not just those on Google Play. For example, it can check the apps you download on the Amazon App Store, or from 3rd Party sites. Whenever user will install any app from a different source than the official market, and will scan it for any malicious code that may prove potentially harmful for your device. Other than this, Users can now control how much data apps can access and share. This is made even more secure by something called VPN lockdown that can limit the amount of information sent over a connection that may not be secure or that is shared rather than priv

French security researcher firm and famous bug hunters at Vupen announced that it had already developed an exploit that could take over a Window 8 machine running Internet Explorer 10, in spite of the many significant security upgrades Microsoft built into the latest version of its operating system. Windows 8 operating system released last week, and now Microsoft itself has not been aware of security vulnerabilities available in release. " We welcome #Windows 8 with various 0Ds combined to pwn all new Win8/IE10 exploit mitigations, " Vupen posted on Twitter . Bekrar's claim follows up on his promise earlier in the month that Vupen would be ready to compromise Windows 8 immediately upon its launch: " Windows 8 will be officially released by MS on Oct 26th, we'll release to customers the 1st exploit for Win8 the same day #CoordinatedPwnage " "T he in-depth technical details of the flaws will be shared with our customers and they can use them to protect their critical infrastruc

Folks from abuse.ch spotted an interesting piece of ransomware malware currently circulating in the wild. Current release is infecting Windows users. It seems that Cybercrooks are taking advantage of Anonymous Banner, for conducting such malware campaigns and supposed to be another game by opposite parties for discredit/Infamous the name of Anonymous in the eyes of the world. Before twitter user @FawkesSecurity posted a threat to bomb a government building by Anonymous. But later, collective group clear themself by statement, " Anonymous is not a terrorist organization. Anonymous does not use bombs. Anonymous does not condone violence in any way. Anonymous supports justice and universal equal rights. We support peaceful protest ." Ransomware malware restricts access to the computer system that it infects and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Message read " Your computer has been hacked by the Ano

Late in August McAfee Labs discovered a Fake Antivirus program that claims to detect infections, and displays alerts to scare users into purchasing protection. On the contrary, this program is not genuine software and has nothing to do with reliable and effective AV tools. The truth is that this is another scam application developed to enter your PC through vulnerabilities in outdated programs. Trend Micro, which detects the threat as TROJ_FAKEAV.EHM said, " After infecting a user's system, this malware scares its victim into buying the "product" by displaying fake security messages, stating that the computer is infected with spyware or other malware and only this product can remove it after you download the trial version. As soon as the victim downloads Win 8 Security System, it pretends to scan your computer and shows a grossly exaggerated amount of nonexistent threats ". This sort of malware is commonplace, with examples existing for Windows XP, Windows Vista, Windows 7 and even

Another Halloween hack, National Telecommunications Commission (NTC) was hacked Thursday noon, showed a pop-up message saying " Sh4d0wFiend_h4x0r and Wizkidl33t were here! " and would later redirect to another page (ntc.gov.ph/halloween) displaying the hacker's message - " hello and welcome: presented by Wizkidl33t and Sh4d0wFiend_h4x0r " Futher one click, a new page loads with the message " Welcome to the world of Halloween, in a moment you will see a couple of scary and entertainment media, this is not about a government issues this is for Halloween special click proceed to go to the next page ." The hacker group has claimed responsibility for the hacking of several government websites protesting the passage of the Cybercrime Prevention Act in the Philippines.

Algerian hackers going by name ' SanFour25 ' yesterday deface 7 Indian government  websites including Indian Defence Research and Development Organisation (DRDO), West Bengal police and the Prime Minister's Office (PMO) websites. According to TheHindu , The most sensitive website that came under attack was the one operated by the Recruitment and Assessment Centre (RAC) of the DRDO ( www.rac.gov.in/experts/Dz.php ). The website was down for over 9 hours, which actually deals with the recruitment of scientists to the several laboratories of the DRDO. List of Hacked domains: https://rciregistration.nic.in/rehabcouncil/Dz.txt policewb.gov.in/wbp/counter.txt www.rac.gov.in/experts/Dz.php www.diu.gov.in/departments/Dz.php gpra.nic.in/writereaddata/Dz.php birapdbt.nic.in/video/Dz.php iii.gov.in/tmp/Dz.php Mirrors of hacked sites are available on Zone-H at  SanFour25 archive. It is possible that  the hackers could have attacked the website to get details of the scientist

Cisco Prime DCNM is a management tools for your Storage and Ethernet Networks, provides a robust framework and comprehensive feature set that meets the routing, switching, and storage administration needs of present and future virtualized data centers. According to an  advisory released, Cisco Prime Data Center Network Manager (DCNM) contains a remote command execution vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary commands on the computer that is running the Cisco Prime DCNM application. The vulnerability exists because JBoss Application Server Remote Method Invocation (RMI) services, specifically the jboss.system:service=MainDeployer functionality, are exposed to unauthorized users. All Cisco Prime Data Center Network Manager releases prior to release 6.1(1), for both the Microsoft Windows and Linux platforms, are affected by this vulnerability. Successful exploitation of the vulnerability may allow an unauthenticated, rem