The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Cyber criminals become hyper active during festivals. Diwali is no exception. Shantanu Ghosh, Vice-President and Managing Director (India Product Operations) of Internet security solutions company Symantec has observed that malware authors and spammers are using Diwali (The festival of lights that's celebrated across the world (primarily in the Indian sub-continent) as the latest event to lure unsuspecting users into downloading malware, buying products, and falling for scams. Shantanu said cyber criminals attempt to 'poison' web search engine results to take advantage of huge rush in search activity during popular events. " We have observed that cyber attackers are using various techniques to make the most of Diwali, " he warned. Cyber-attackers make use of social engineering tactics to lure users to purchase from or register on unknown websites. Users may be exposing personal information to Internet scammers. " Before giving into the temptation of clicking on a link in

CIA Director was uncovered when a woman described as close to him received harassing emails and complained to authorities. The FBI traced the emails and found that they had been sent by Paula Broadwell, who wrote a highly favorable book on the former Army general's life and work. While initially investigating the reports, the FBI feared the CIA director's personal email account may have been hacked, but the sexual nature of the email exchanges exposed the affair. A Yahoo email account belonging to former CIA Director David Petraeus may have been compromised by the group Anonymous. The personal email account was exposed during the the leak of commercial intelligence company STRATFOR by Anonymous Hackers, among other millions of email accounts of customers belongs to the company.  The emails sent by Broadwell indicated that she perceived the other woman as a threat to her relationship with Petraeus, law enforcement officials. Anonymous also obtained email logins to ST

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

Imagine someone getting access to your computer, encrypting all your family photos and other priceless files, and then demanding a ransom for their safe return. That is what ransomware is all about. Symantec's latest research report suggests police-themed ransomware could be a replacement to the once-lucrative fake antivirus scareware trade. According to  report , Ransomware distributors are raking in around $5 million dollars a year and the spoils are being spread among just 16 crime groups. Symantec's estimates suggest a significant but not yet thriving crime business, which delivers each operation, on average, $300,000 a year. Reticently identified Oracle Java SE Remote Java Run time Environment vulnerability (  CVE-2012-5076 ) leads to  Geo located   Ransomware Malware . Java vulnerability actually can allows attacker to unauthorized disclosure of information, unauthorized modification and disruption of service. This Ransomware shows a bogus notification, that preten

Guadeloupe is a Caribbean island located in the Leeward Islands, in the Lesser Antilles. Today a hacker going by name "UR0B0R0X" claimed to hack into the " Network Information Center Guadeloupe " (nic.gp), which is Guadeloupe National Domain registrar having control over domains of big companies like Google.gp, Paypal.gp, twitter.gp, Yahoo.gp,  and many more. Hacker claimed to hack server of  nic.gp and leak credentials (encrypted) of 1271 Guadeloupe domains and user accounts including usernames, email addresses and phone numbers from server as shown via a  paste-bin note . and complete database uploaded on a  file sharing  site.

It's be Just hours Windows Phone 8 has been released - and hackers have already dished out a malware prototype for the platform. Windows Phone 8 is the second generation of the Windows Phone mobile operating system. Windows Phone 8 Microsoft's latest in mobile OS technology - comes in as a direct competition to rivals Apple and Google. The research firm Gartner indicates that by 2016 the increase in Windows Phone users will slightly fall below Apple`s iOS users. To be showcased at the International Malware Conference, MalCon - on 24th November in India, the prototype has been created by Shantanu Gawde, who has previously created a malware that utilized the famed Xbox Kinect. Windows Phone 8 replaces its previously Windows CE-based architecture with one based on the Windows NT kernel with many components shared with Windows 8, allowing applications to be easily ported between the two platforms. While no further details of the malware are available at this point of time, it will

A 15-year-old  UG Nazi hacker  going by the name of Cosmo or Cosmo the God  was sentenced in juvenile court on Wednesday with terms for six years without any computers or Internet, until his 21st birthday. During these 6 years, he'll need approval from his parole officer to access the internet. Wired report that hacker resides in Long Beach, California, and began as a politicized group that opposed SOPA, took down a bevy of websites this year, including those for NASDAQ, CIA.gov, and UFC.com. It redirected 4Chan's DNS to point to its own Twitter feed. Hacker pled guilty to more than a few felonies, with charges ranging from credit card fraud to online impersonation. The probation that Cosmo agreed to as part of his plea limits his use of the internet to solely educational purposes, and all use will be supervised. As part of the hacker group UGNazi, he was able to gain access to accounts on sites including Amazon, PayPal, Microsoft, Netflix, and many more. He is prohibited from

Anonymous hacker deface Kuwaiti Ministry of Awqaf and Islamic Affairs ( https://islam.gov.kw/)  Deface page have Anonymous Mask as shown in screenshot with an Arabic language message . Translated message " Letter to the Kuwaiti people full and without any exception ! Jordan and Palestine red line and pocket Asarthm Bandas ! God bless you, O Saddam and what God has failed them !! Gary trampling upon you and one-and-one, O and Ladd dog !! Strong Protection, is Our Target " At the time of writing, site is defaced, This Anonymous groups seems to to be note related to whole anonymous groups and Operations. Will will update you soon with more updates.

ZCompany Hacking Crew members hack and deface  English Defence League official website (https://englishdefenceleague.org),a far-right British organization . Deface page include text " Fuck Zionist Jews! – Boycot israel! – Fuck the American Government! - Fuck fascist Organizations like EDL" and a screenshot of a email. " EDL admins have been harassing innocent people and stealing money from them to fund their racist adventures " Hacker continue. Hacker trend the hacking operation as # OPEDL and #OpRacism  on twitter. Further message include, " Such a shame! EDL admins! as we ZHC said we will always be one step ahead of you. We will chase you, expose your racism and even remove you from the web. We demonstrated it successfully by deleting your facebook page three times. And we have demonstrated it successfully by defacing and exposing your frauds yet again.But the best is yet to come. Yes right, details of supporters and donors of EDL will be made public soo

The Windows 8 and Windows RT security updates will be the first shipped since those operating systems' launch on Oct. 26. The latest vulnerabilities include three critical security vulnerabilities for Windows 8, and one critical security vulnerability for the Surface-based Windows RT operating system. These flaws are considered "critical" and could allow remote code execution on vulnerable systems. Among the various flaws, versions from Windows XP (Service Pack 3) all the way through to Windows 8 are affected, including versions of the Office suite, and versions of Windows Server. Released only in September, Windows Server 2012 requires patching to maintain maximum security. If you've enabled automatic updates, the patches will automatically install on Tuesday. As usual, the specific details about what is being fixed in these updates won't be revealed until the patches themselves are available for download in order to not give hacker groups an advance

Paul F Renda give an overview that, What and how new long distance and short distance Dead drop techniques are used by National Security Agency for secure communications. What is a dead drop? It is methods that spies use or have used to communicate with associates who have information for them. The dead drop allows them to exchange information without having actual physical contact with each other. The person leaving the information can leave it under a rock or a can or bush. A special type of empty spikes that can be dropped into holes has also been used drop information. The person leaving the information also leaves some kind of signal the drop was made. The signal could be a chalk marks on a tree or pavement. Someone views the signal and retrieves information. Some more unusual dead drops have used dead animals like rabbits, rats and large birds to hide the information. These have been used by both the CIA and KGB. The one problem with this type of dead drop is that other