The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Remember the DNS Changer malware that infected at least four million computers in more than 100 countries, including 500,000 in the United States, with malicious software or malware ? Valeri Aleksejev, 32 years old from Estonia, is the first of the seven individuals to enter a plea, admitting his guilt for his role in the global scam that netted approximately $14 million. He faces up to 25 years in prison, deportation and the forfeiture of $7 million. The other six individuals have been named as Anton Ivanov, Vladimir Tsastsin, Timur Gerassimenko, Dmitri Jegorov, Konstantin Poltev, and Andrey Taame.  Alekseev was the first large-scale Internet fraud criminal case came to trial. The scam had several components, including a click-hijacking fraud in which Malware was delivered to victims' PCs when they visited specially crafted websites or when they downloaded phony video codec software. The malware changed the DNS settings of the infected computers, and even in case

DefenseCode researchers have discovered a critical security vulnerability that allows remote unauthenticated attacker to remotely execute arbitrary code under root privileges in the UPnP (Universal Plug and Play) implementation developed by Broadcom and used by many routers with Broadcom chipsets. Routers with vulnerable Broadcom UPnP stack are mostly based on Broadcom chipset. " We have found that, in fact, same vulnerable firmware component is also used in at least two other Cisco Linksys models - WRT54G3G and probably WRT310N. Could be others. " researchers said . The vulnerability is located within the wanipc and wanppp modules of the Broadcom UPnP stack, which is used by manufacturers that deliver routers based on the Broadcom chipset. The UPnP service is intended to be used on local networks, but Rapid7 found that there are over 80 million devices on the Internet that respond to UPnP discovery requests, making them vulnerable to remote attacks. The vul

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

A hacker with handle name (~!White!~) today disclose SQL injection vulnerabilities in dozens of Military, United Nation and Pentagon domains. SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. Through a Pastebin note hacker announce more details about his findings in many sensitive websites, including Pentagon Defense Post Office Website, Office of the Deputy Director for Science Programs, Wiesbaden Military Community, NMCI Legacy Applications, Darby Military Community, Department of Economic and Social Affairs at United Nation and many more. SQL Injection is the hacking technique which attempts to pass SQL commands through a web application for execution by the back-end database. If not sanitized properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database or even can wipe it out. Hacker also claimed to hack database of Pentagon.mil and other mentioned webs

In recent The Hacker News updates, we have reported about some major hacking events and critical vulnerabilities i.e Cyber attack and spying on The New York Times and Wall Street Journal by Chinese Hackers,  Security Flaws in UPnP protocol , Botnet attack hack 16,000 Facebook accounts, 700,000 accounts hacked in Africa and new android malware that infect more that 620,000 users . Today Twitter also announced that they have recorded some unusual access patterns that is identified as unauthorized access attempts to Twitter user data. Unknown hackers breach Twitter this week and may have gained access to passwords and other information for as many as 250,000 user accounts " the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords " said Bob Lord ,Director of Information Security, at Twitter. For security reasons twitter have reset passwords and revoked session tokens

In London today, an 18-year-old anonymous hacker received an 18-month youth rehabilitation order and a 60-hour unpaid work requirement for his involvement in " Operation Payback ". One strike against Paypal alone cost the site £3.5 million pounds. But Jake Birchall escaped jail today after the judge ruled he had been affected by special needs. He was an advanced user of the internet and had used it for nine years, since he was eight years old. " He did play a prominent and important part in this and I think he has got to learn to get out of bed in a morning and do unpaid work ." The judge said. Jake Birchall had admitted conspiring to impair the operation of computers in 2010 and 2011. They were convicted for their distributed denial of service attacks, which paralyse computer systems by flooding them with online requests. Ashley Rhodes , 28, of Bolton Crescent, Camberwell, south London, was given seven months , and Peter Gibson , 24, from Castl

Kim Dotcom is offering a bounty of €10,000 (approx. US$13,580) to the first person who breaks its newly launched file storage service. Mega's launch last month was meet by criticism from multiple security researchers, Kim Dotcom announced a prize to the hackers last week. Kim tweeted," #Mega's open source encryption remains unbroken! We'll offer 10,000 EURO to anyone who can break it. Expect a blog post today ." Dotcom believes the improvements made to his service's security have made the site close to unbreakable, and Mega staff remain bullish about the site's privacy qualities. Less than two weeks old, Mega passed 1 million registered users after just one day online, and is storing nearly 50 million files. Mega continues to face claims of illegal filesharing on the site. Dotcom claimed this week that only 0.001 percent of files on Mega have been removed for potential copyright infringement. The company blocked a third-party search engine from accessing publi

The FBI Tuesday announced the arrest of Karen 'Gary' Kazaryan , a 27-year old man, who is said to have blackmailed more than 350 women after convincing them to strip off in front of their webcams has been arrested in the US. He was arrested in Glendale, California on Tuesday after being indicted on 15 counts of computer intrusion and 15 counts of aggravated identity theft, and faces a possible 105 years in the Big House if convicted. The FBI described the alleged blackmail as " se*tortion ". He is accused of hacking into the victims accounts and changing their passwords, locking them out of their own online accounts. He then searched emails or other files for naked or semi-naked pictures of the victims, as well as other information, such as passwords and the names of their friends.  He then posed online as the women, sent instant messages to their friends and somehow, persuaded those friends to get undressed so that he could view and take pictures of the

VideoLAN recently published a security advisory warning of a buffer overflow vulnerability in versions 2.0.5 and earlier of VLC Media Player, which might be exploited to execute arbitrary code. This vulnerability was reported by Debasish Mandal. The vulnerability is caused due to an error in the "DemuxPacket()" function (modules/demux/asf/asf.c) when processing ASF files and can be exploited to cause a buffer overflow via a specially crafted ASF file. To exploit the vulnerability, a user must explicitly open a specially crafted ASF movie. Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious file. VideoLAN advises users to refrain from opening files from untrusted locations and to disable the VLC browser plug-ins until the issue is patched. A patch will be included in VLC 2.0.6, the next version of the media player, which is only available for testing purposes at the moment.

The New York Times says Chinese hackers probably working for the military or Chinese government have carried out sustained attacks on its computer systems, breaking in and stealing the passwords of high-profile reporters and other staff members. For the last four months, Chinese hackers have persistently attacked The New York Times . On Thursday, The Wall Street Journal announced that it too had been hacked by Chinese hackers who were trying to monitor the company's coverage of China. It said hackers had broken into its network through computers in its Beijing bureau. " The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them " " Evidence shows that infiltration efforts target the monitoring of the Journal's coverage of China, and are not an attempt to gain commercial advantage or to misappropriate customer information, " the statement rea