The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Incapsula announced this week that they're offering an intriguing Backdoor Protection feature for sites using their cloud-based website security and performance services. What's a Backdoor? A backdoor is a malicious function that enables hackers to remotely operate a site or server, even after whatever exploit they used for initial access has been patched. Installing a backdoor is often the first thing a hacker will do after gaining access to your site - so if you've been hacked before, there's a good chance you've already got one. Hackers love backdoors because they provide easy return access to the site. Once installed, backdoors can used to distribute spam and malware, launch distributed denial of service (DDoS) attacks, or to help steal valuable data like credit card numbers. Recently, Incapsula reported how during the ongoing DDoS attacks against United States banks, a backdoor was used to turn a compromised site into a unwilling foot-soldier in the hackers Zombie Bo

A Security Flaw in Universal Plug & Play (UPnP) are exposing more than 50 millions of computers, printers and storage drives to attack by hackers remotely. Rapid7 said Tuesday in a research paper , that problem lies in routers and other networking equipment that use a commonly employed standard known as Universal Plug and Play or UPnP. UPnP allows networked devices to discover each other and automatically establish working configurations that enable data sharing, media streaming, media playback control and other services. In one common scenario a file-sharing application running on a computer can tell a router via UPnP to open a specific port and map it to the computer's local network address in order to open its file-sharing service to Internet users. Over 80 million unique IPs were identified that responded to UPnP discovery requests from the internet and around 40-50 million network-enabled devices are at risk due to vulnerabilities found in the Universa

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

PokerAgent botnet was discovered in 2012 by ESET Security Research Lab, which is a Trojan horse designed to harvest Facebook log-on credentials, also collecting information on credit card details linked to the Facebook account and Zynga Poker player stats. According to  latest report , the botnet is still active mostly in Israel and 800 computers were infected, where over 16194 Facebook credentials stolen. The Trojan is active with many variants and belongs to MSIL/Agent.NKY family. ESET reveal that, the Trojan is coded in C# language and easy to decompile. After deep analyse, team found that the bot connects to the C&C server. On command, Trojan access the Facebook account of victim and collects the Zynga Poker stats and number of payment methods (i.e. credit cards) saved in the Facebook account. Once collected, information sent back to the C&C server. The Trojan is downloaded onto the system by another downloader component. This downloader component was seen on the

The Vulnerability-Laboratory Research Team discovered persistent and client side POST Injection web vulnerability in the nCircle PureCloud (cloud-based) Vulnerability Scanner Application. The vulnerability allows an attacker to inject own malicious script code in the vulnerable module on application side. Benjamin K.M. from Vulnerability-Laboratory provide more technical details about these flaws, the first vulnerability is located in the Scan Now > Scan Type > Perimeter Scan > Scan section when processing to request via the ` Scan Specific Devices - [Add Devices] ` module and the bound vulnerable formErrorContent exception-handling application parameters. The persistent injected script code will be executed out of the `invalid networks` web application exception-handling. To bypass the standard validation of the application filter the attacker need to provoke the specific invalid networks exception-handling error. In the second step the attacker spli

The Hacktivist group  Team GhostShell today exposes data including 700,000 accounts / records from African universities and businesses during a campaign named ProjectSunRise . Hacker mention, " GhostShell's new project focuses on Africa, mainly, for the time being, South Africa and to some extent other countries from the continent, such as Algeria, Nigeria, Kenya and Angola. " In this new campaign hackers have targeted a many companies and universities i.e Angola's National Diamond Corporation, Ornico Marketing, Moolmans Africa Mining Corporation, South African Express Petroleum, State University, Kenyan Business Directory, PostNet Internet Services and also PressOffice linked to BidOrBuy which is South Africa's largest online store. Hacker release Mysql databases dumps of all these sites via pastebin notes . Hackers said, " Companies like Anglo American have decimated our vast natural resources and have paid our local workers next to nothing. In a resul

The capillary diffusion of mobile devices, the lack of security systems on these platforms and low level of awareness on principal cyber threats made them a privileged target for cybercrime. We have assisted in the recent year to an explosion of malware designed to hit principal mobile OSs, in a recent report Sophos security firm revealed that in Australia and the U.S. Android threat exposure rates exceeding those of PCs showing the urgency to implement proper countermeasures. The situation appears really critical that why I asked to the expert of Group-IB Forensics Lab to show me how these agents work with a really case study. Several month ago Group-IB Forensics Lab detected mobile-banking malware through Google Play by Sberbank request (Russian leading national bank).  The File associated to the malware was named sber.apk , it was an Android Package having size of 225,905 bytes and digest md5: F27D43DFEEDFFAC2EC7E4A069B3C9516 . Analyzing the functionality of the ag

The mastermind Russian Hackers who coded and distributed the Gozi malware,  Nikita Vladimirovich Kuzmin , 25 was charged along with Deniss Calovskis, 27, and Mihai Ionut Paunescu, 28 for infecting more than a million computers worldwide in order to steal banking and other credentials from tens of thousands of victims. They may face a maximum penalty of 95, 60 and 67 years in prison, respectively. Kuzmin allegedly created the Gozi program in 2005, hiring a programmer to write the source code and then leasing it to other criminal customers. According to latest reports , Nikita has agreed to cooperate with the United States. As potential evidence, the feds have been able to retrieve 51 servers in Romania as well as laptops, desktops and external hard drives. The data seized amounts to 250 terabytes. Paunescu, a Romanian national who went by the name " Virus " operated a bulletproof hosting service that provided criminal customers with servers and IP addresses from which to s

Firewall, VPN and spam filtering products from Barracuda Networks contains hidden hard coded backdoor ed SSH accounts, that allow any hacker to remotely log in and root access sensitive information. According to an advisory published by Stefan Viehböck of SEC Consult Vulnerability Lab reported the vulnerabilities in default firewall configuration and default user accounts on the unit. Barracuda were informed of the vulnerabilities at the end of November. All Barracuda Networks appliances with the exception of the Barracuda Backup Server, Barracuda Firewall, and Barracuda NG Firewall are potentially affected i.e Barracuda Spam and Virus Firewall, Barracuda Web Filter, Barracuda Message Archiver, Barracuda Web Application Firewall, Barracuda Link Balancer, Barracuda Load Balancer, Barracuda SSL VPN, CudaTel. Barracuda recommended that all customers immediately update their Barracuda security definitions to v2.0.5, ensure the products' security definitions are set to o

Anonymous hackers deface the official website of U.S. Sentencing Commission website (ussc.gov) on Friday under a new campaign called " Operation Last Resort " in memory of  Reddit co-founder Aaron Swartz and also threatening to release a massive WikiLeaks-style exposure of sensitive U.S. government secrets. " The time has come to show the United States Department of Justice and its affiliates the true meaning of infiltration. The time has come to give this system a taste of its own medicine. " hackers said. The hack was performed in opposition to alleged unjust policies of the United States Department of Justice (DOJ) with the late Aaron Swartz. They also had distributed encrypted government files and claimed to give away decryption keys publicly as soon as possible. Where as this is not specified exactly what files they have obtained. Swartz was facing up to 50+ years in prison and a $4 million fine after releasing pay-walled academic articles from the popula

Iranian hackers deface multiple big companies Turkmenistan domains (.tm) yesterday using DNS poisoning attack. All hacked domains are registered by NIC at Turkmenistan. Hacker managed to find and exploit a SQL Injection vulnerability in NIC website in order to get database of the site. Because the passwords was stored in plain text, that make more easy for those hacker to access the domain panels of each domain and changing the DNS entries to shift websites on a rouge server with defaced page. The defaced message as shown below: Defaced domains : www.youtube.tm www.gmail.tm www.msdn.tm www.intel.tm www.officexp.tm www.xbox.tm www.windowsvista.tm www.orkut.tm www.google.tm Mirror of hacks are available at Zone-H .