The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

During the first day of Pwn2Own competition at the CanSecWest conference in Vancouver , latest versions of all major browsers were exploited by hackers.  Chrome, Firefox and Internet Explorer 10 on Windows 8 were successfully pwned by various competitors, bringing them tens of thousands of dollars in prizes.  French vulnerability research and bug selling firm ' Vupen ' brought down IE10 running on a Windows 8 powered Surface Pro tablet by exploiting a pair of flaws. Researchers Jon Butler and Nils from MWR Labs managed to exploit Google Chrome on Windows 7 and also used a kernel bug to bypass the sandbox. " By visiting a malicious webpage, it was possible to exploit a vulnerability which allowed us to gain code execution in the context of the sandboxed renderer process. We also used a kernel vulnerability in the underlying operating system in order to gain elevated privileges and to execute arbitrary commands outside of the sandbox with system privi

Anonymous, the Internet hacktivist hacked into ' Anglo American ' and dump their complete database online. The dump includes the Personal details of 122 investors, and more than 400 registered share holders details and other database also. Anglo American is a British multinational mining company headquartered in London, United Kingdom. They are the world's largest primary producer of platinum and mine many other things like diamonds, copper, nickel, iron ore and metallurgical and thermal coal. The attack against  Anglo American  is part of a larger Anonymous operation - Operation Green Rights . In a statement hackers said ," Anglo American, you destroy nature and pursue and kill indigenous people. We say enough to all of this ," " In the name of tribal leaders, whom you have offended, and the natives you have deported, in the name of the miners killed during a strike against your dirty company, in the name of nature that you consider as a s

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Twitter continues to implement new security features. But really, who thinks social media will ever be unhackable? The official twitter account of Saudi Aramco , the world's biggest oil producer hacked by hacker with name ' Mister Rero '. The background on Saudi Aramco's official Twitter page and the name has been changed by hacker. So far, no tweets posted by hacker. Last year in August about 30,000 workstations inside internal computer networks of Saudi Aramco was infected by a virus. Last month Burger King's and Jeep's official Twitter accounts was compromised.

While the rest of the world engaged in cyber security conferences and Anonymous operations, an Indian patriotic hacker used the time to attack Unofficial Pakistan Intelligence agency ISI. Hacker going by name " Godzilla " today claimed to hack into one of the server belongs to ISI website ( https://isi.org.pk ) and claimed steal possible information from website database. According to the information shared by hacker with ' The Hacker News ', he claims to have access to Remote Desktop Protocol (RDP) of the server located at 173.193.110.72. He disclose that System installed with Windows 2008 server standard edition and having three derives i.e C,D,E with operating system in C and Hostname ' AHCORP ' He also claimed to hack into MSSQL server containing 3 databases, with 9 users and located at https://mssql.isi.org.pk, as shown in screenshot taken by him. Some partial tables of the database ' msdb ' as listed below: bakupfile bakup

Chinese search engine Baidu has just launched a security product called Baidu Antivirus 2013 . Described as a ultra light weight, easy to use, extremely fast anti-virus program that promises to protect your system from malware, viruses, spyware, adware and other malicious programs. Most interesting thing is that Baidu Antivirus comes only in English. Back in January, Baidu launched Baidu PC Faster, a software suite designed to fix speed and performance issues. The program combines the Baidu Antivirus Engine and Baidu Cloud Security Engine with the Avira Antivirus engine to provide you with complete protection against all online threats. " Baidu Antivirus offers an easy to use interface with several advanced configuration options as well as quarantine of infected files. It also has an extremely small memory footprint, so you can actually do other things while it is running on your computer. Other features include automatic updates, Host Intrusion Prevention System (HIPS), scan r

iOS was in the news lately for a series of security mishaps, but this time android back in scene. A security flaw discovered by Terence Eden on the Galaxy Note II with Android 4.1.2 that allows hackers to briefly bypass the phone's lock screen without needing a password. By hitting " emergency call " then " emergency contacts " then holding the home button, the main home screen becomes visible for around a second just enough time to load an app, before reverting back to the lock screen. Not all apps will open in this manner, a demo video shows that Google Play does not respond. Reportedly, Eden contacted Samsung roughly five days ago but has yet to hear back. He said that he has not tested any other Samsung devices to see if they are also affected. The flaw appears to be similar to a screen lock vulnerability in newer Apple devices, including the iPhone 5. Steps to follow: Lock the device with a "secure" pattern, PIN

Old habits seem to die hard for a hacker, a cyber criminal who masterminded a £15 million fraud was allowed to join a prison IT class and hacked into the jail's computer system. Nicholas Webber , serving five years in prison for running an internet crime forum Ghost Market , Which allowed those interested in creating computer viruses, partaking of stolen IDs and enjoying private credit card data to congregate. Webber had been arrested for using fraudulent credit card details to pay for a penthouse suite at the Hilton Hotel in Park Lane, Central London. The incident occurred back in 2011, but it only came to light recently " At the time of this incident in 2011 the educational computer system at HMP Isis was a closed network. No access to personal information or wider access to the internet or other prison systems would have been possible, " A spokesman fοr prison tοƖԁ the Daily Mail reported . His IT teacher, Michael Fox ,who was employed by Kensington

A series of websites defacement has been conducted between Philippines and Malaysia over the dispute in the land of Sabah. Hackers claiming to be part of Anonymous group from Malaysian and Filipino and attacking websites of each other. It was believed that the first online attacks were made by Malaysians and defaced the government-owned site of the municipality Moal Boal, Cebu, hours after a skirmish erupted between police and Sulu gunmen on Friday. Meanwhile the online shop of Philippine mobile services provider Globe Telecom was defaced by hackers claiming to be from the " MALAYSIA Cyb3r 4rmy ". A series of websites defacement has been conducted between Philippines and Malaysia over the dispute in the land of Sabah #security — The Hacker News™ (@TheHackersNews) March 2, 2013 On other side  Philippine Cyber Army hackers claiming to have attacked 175 Malaysia-based sites," Greetings Malaysia! Greetings Government! Stop attacking over our cyberspace or

Feross Aboukhadijeh , 22-year-old Web developer from Stanford has discovered  HTML5 browser exploit can flood your Hard Drive with Cat and Dogs i.e junk data. Many times a website needs to leave a little data i.e 5-10KB on your computer like a cookie, but HTML5 allow sites to store larger amounts of data (like 5-10 MB). In a proof-of-concept he was able to full up 1 GB of HDD space every 16 seconds. He created FillDisk.com in order to demonstrate the exploit in HTML5. Once user will visit the website the Web Storage standard allows website to place large amounts of data on your drive. Please note that, It's not a hack and this exploit won't allow attackers to access your computer. However, Web browsers have the ability to limit just how much space websites can dump onto your hard drive. Firefox's implementation of HTML5 local storage is not vulnerable to this exploit. Whereas Chrome, Safari (iOS and desktop), and IE vulnerable to this. You can fin

Kaspersky Lab's team of experts recently published a new research report that analyzed that Cyber criminals have targeted government officials in more than 20 countries, including Ireland and Romania with a new piece of malware called ' MiniDuke '. In a recent attack, malware has infected government computers this week in an attempt to steal geopolitical intelligence. The computers were infected via a modified Adobe PDF email attachment, and the perpetrators were operating from servers based in Panama and Turkey. According to Kaspersky Lab CEO Eugene Kaspersky," I remember this style of malicious programming from the end of the 1990s and the beginning of the 2000s. I wonder if these types of malware writers, who have been in hibernation for more than a decade, have suddenly awoken and joined the sophisticated group of threat actors active in the cyber world. " Last week Adobe released an update that patches the Adobe PDF bug (CVE-2013-6040) used in the atta

Do you still have Java installed? There is a bad news for you ! FireEye has detected yet another Java zero-day vulnerability being exploited in attacks in the wild. The vulnerability targets browsers that have the latest version of the Java plugin installed Java v1.6 Update 41 and Java v1.7 Update 15 and  FireEye warned that the   vulnerability is being exploited to install a remote-access trojan dubbed McRat , researchers from security firm. " Not like other popular Java vulnerabilities in which security manager can be disabled easily, this vulnerability leads to arbitrary memory read and write in JVM process," "After triggering the vulnerability, exploit is looking for the memory which holds JVM internal data structure like if security manager is enabled or not, and then overwrites the chunk of memory as zero. " The exploit is reportedly different from the one used to attack Facebook, Twitter, Apple, and several other companies last mont

Cloud note-taking service Evernote has been hacked and now you have to reset your password  imminently . A ccording to  a post on the official Evernote blog , an  unidentified attacker compromise the servers and extracted usernames, email addresses, and passwords. " Evernote's Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service. " But those passwords were encrypted, so  all users must change their password before they can log back into their account. " In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. " Evernote also said that they h ave no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed. There are also several important steps that you can take to en