The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Another phishing campaign come in action recently targeting Facebook accounts and company pages with millions of followers. Phishers continue to devise new fake apps for the purpose of harvesting confidential information. Not a new method, but very creative phishing example in Facebook hacking scene, where hacker host a phishing page on Facebook app sub domain itself. Designed very similar to Facebook Security team with title ' Facebook Page Verification ' and using Facebook Security Logo as shown in the screenshot posted above. Phishing app URL: https://apps.facebook.com/verify-pages/ Application hosted on:   https://talksms.co.uk/ The phishing page asking users to enter Page URL and Page Name that victim own and his Facebook login email ID with password. Once victim trapped in hacker web, the phisher records your information. Another interesting fact is that, the phishing domain https://talksms.co.uk/ is a HTTPS site with with verified SSL from GeoTrust

As the popularity of Android has boomed, more and more malware is targeting the platform. Digital miscreants are using fraudulent developer accounts on Google's Play marketplace to spread malware. According to latest  Mobile Threat report from F-Secure , Android malware continued to gain in share in 2012 and was responsible for 79 percent of all threats for the year, up from 66 percent in 2011, but Google developer responded with," F-Secure can say that anything is malware ". F-secure report said, In the fourth quarter alone, 96 new families and variants of Android threats were discovered, which almost doubles the number recorded in the previous quarter.  According to official Google figures, there are over 700,000 apps and games in the Play marketplace and malware on Android jumped 850 percent between 2012 and this year. Whereas an Google Android developer reply to TechCrunch technology generalist ," They say they detected Trojans  but they di

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

During the first day of Pwn2Own competition at the CanSecWest conference in Vancouver , latest versions of all major browsers were exploited by hackers.  Chrome, Firefox and Internet Explorer 10 on Windows 8 were successfully pwned by various competitors, bringing them tens of thousands of dollars in prizes.  French vulnerability research and bug selling firm ' Vupen ' brought down IE10 running on a Windows 8 powered Surface Pro tablet by exploiting a pair of flaws. Researchers Jon Butler and Nils from MWR Labs managed to exploit Google Chrome on Windows 7 and also used a kernel bug to bypass the sandbox. " By visiting a malicious webpage, it was possible to exploit a vulnerability which allowed us to gain code execution in the context of the sandboxed renderer process. We also used a kernel vulnerability in the underlying operating system in order to gain elevated privileges and to execute arbitrary commands outside of the sandbox with system privi

Anonymous, the Internet hacktivist hacked into ' Anglo American ' and dump their complete database online. The dump includes the Personal details of 122 investors, and more than 400 registered share holders details and other database also. Anglo American is a British multinational mining company headquartered in London, United Kingdom. They are the world's largest primary producer of platinum and mine many other things like diamonds, copper, nickel, iron ore and metallurgical and thermal coal. The attack against  Anglo American  is part of a larger Anonymous operation - Operation Green Rights . In a statement hackers said ," Anglo American, you destroy nature and pursue and kill indigenous people. We say enough to all of this ," " In the name of tribal leaders, whom you have offended, and the natives you have deported, in the name of the miners killed during a strike against your dirty company, in the name of nature that you consider as a s

Twitter continues to implement new security features. But really, who thinks social media will ever be unhackable? The official twitter account of Saudi Aramco , the world's biggest oil producer hacked by hacker with name ' Mister Rero '. The background on Saudi Aramco's official Twitter page and the name has been changed by hacker. So far, no tweets posted by hacker. Last year in August about 30,000 workstations inside internal computer networks of Saudi Aramco was infected by a virus. Last month Burger King's and Jeep's official Twitter accounts was compromised.

While the rest of the world engaged in cyber security conferences and Anonymous operations, an Indian patriotic hacker used the time to attack Unofficial Pakistan Intelligence agency ISI. Hacker going by name " Godzilla " today claimed to hack into one of the server belongs to ISI website ( https://isi.org.pk ) and claimed steal possible information from website database. According to the information shared by hacker with ' The Hacker News ', he claims to have access to Remote Desktop Protocol (RDP) of the server located at 173.193.110.72. He disclose that System installed with Windows 2008 server standard edition and having three derives i.e C,D,E with operating system in C and Hostname ' AHCORP ' He also claimed to hack into MSSQL server containing 3 databases, with 9 users and located at https://mssql.isi.org.pk, as shown in screenshot taken by him. Some partial tables of the database ' msdb ' as listed below: bakupfile bakup

Chinese search engine Baidu has just launched a security product called Baidu Antivirus 2013 . Described as a ultra light weight, easy to use, extremely fast anti-virus program that promises to protect your system from malware, viruses, spyware, adware and other malicious programs. Most interesting thing is that Baidu Antivirus comes only in English. Back in January, Baidu launched Baidu PC Faster, a software suite designed to fix speed and performance issues. The program combines the Baidu Antivirus Engine and Baidu Cloud Security Engine with the Avira Antivirus engine to provide you with complete protection against all online threats. " Baidu Antivirus offers an easy to use interface with several advanced configuration options as well as quarantine of infected files. It also has an extremely small memory footprint, so you can actually do other things while it is running on your computer. Other features include automatic updates, Host Intrusion Prevention System (HIPS), scan r