The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Cyber criminals  are using popular note-taking app Evernote as Command-and-Control Server to give commands to the malware installed on infected PCs using botnets. TrendMicro uncovered a malware detected as " BKDR_VERNOT.A " tried to communicate with Command-and-Control Server using Evernote. Malware delivered via an executable file that installs the malware as a dynamic-link library. The installer then ties the DLL into a legitimate running process, hiding it from casual detection. Once installed, BKDR_VERNOT.A can perform several backdoor commands such as downloading, executing, and renaming files. It then gathers information from the infected system, including details about its OS, timezone, user name, computer name, registered owner and organization. Researchers  also pointed out that the backdoor may have also used Evernote as a location to upload stolen data. " Unfortunately, during our testing, it was not able to login using the credentials embedded in the

The last week has seen probably the largest distributed denial-of-service (DDoS) attack ever. A massive 300Gbps was thrown against Internet blacklist maintainer Spamhaus' website but the anti-spam organisation , CloudFlare was able to recover from the attack and get its core services back up and running.  Spamhaus, a group based in both London and Geneva, is a non-profit organisation that aims to help email providers filter out spam and other unwanted content. Spamhaus is pretty resilient, as its own network is distributed across many countries, but the attack was still enough to knock its site offline on March 18. Five national cyber-police-forces are investigating the attacks.  A group calling itself STOPhaus,  an alliance of hactivists and cyber criminals is believed to responsible for bombarding Spamhaus with up to 300Gbps. The attacks on Spamhaus illustrate a larger problem with the vulnerability of systems fundamental to the architecture of the Internet, the D

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

A new botnet emerged from underground and is menacing payment world, the cyber threat dubbed vSkimmer come from Russia according revelation of McAfee security firm .  The security expert Chintan Shah wrote on a blog post that during monitoring of Russian underground forum found a discussion about a Trojan for sale that can steal credit card information from Windows PC for financial transactions and credit card payments.  vSkimmer agent is able to detect card readers on the victim's machine and gather all the information from the Windows machines sending it to a remote control server encrypting it (Base64). The malware collects the following information from the infected machine and sends it to the control server: Machine GUID from the Registry Locale info Username Hostname OS version The vSkimmer malware indicated as the successor of the popular Dexter, a financial malware that targeted Point-of-Sale systems to grab card data as it transmitted during sales flow. Dexter

The mother of alleged Anonymous hacktivist Barrett Brown has pleaded guilty to helping her son hide two laptop computers from federal investigators. Brown's mother, Karen McCutchin , pleaded guilty last week to a charge of obstructing the execution of a search warrant. She faces a maximum sentence of 12 months in prison and a $100,000 fine. Sentencing has not yet been scheduled. On March 6, 2012, officers with the Federal Bureau of Investigation raided Brown's Dallas, Texas apartment in an attempt to execute a search warrant for computers that could contain information involving hacktivist group Anonymous and LulzSec. The feds hadn't found all the computers they were looking for during a search of Brown's apartment that morning and Brown, located at his mother's house, refused to volunteer them. Karen McCutchin Plea Agreement Barrett Brown is expected to stand trial in September, at which point he will have spent an entire year behind bars witho

Tibetan and Uyghur activists are once again targeted with a new malware, specially designed for Android devices. This is the first documented attack that targets Android smartphones . Security researchers at Kaspersky say they've  found a targeted malware attack on Android phones that seems to come from China. The attack relied heavily on social engineering, a kind of verbal manipulation, to hack into their targets' devices. Malware seeks to steal information like contacts, call logs, and SMS of people who work in the field of human rights. Kaspersky has identified the Trojan as " Chuli ," after a command function that shows up prior to posting stolen data to the command-and-control server at the URL: hxxp://64.78.161.133/*victims's_cell_phone_number*/process.php. On March 24, the attackers infiltrated the email account of a high-profile Tibetan activist, and used that account to send a spear-phishing email to their contacts list. Once the victim

A couple of years ago, the tech world was abuzz about the cloud. Cloud computing refers to computing where the processing or storage takes place on a networked series of computers rather than on the device that you're using. Whether you're using a PC, laptop, tablet, smartphone, television, or video game console, everything now connected to Cloud Storage and always in sync. But there is a limitation, that smartphones can essentially remember deleted information, which poses a huge risk to organizations that issue smartphones to employees and to organizations that don't explicitly disable the use of personal devices for work-related computing. Researchers at the University of Glasgow found that cloud storage apps that say they send files to the cloud also leave retrievable versions of files on the devices. They  tested some cloud-based file storage systems tested included Box, Dropbox and SugarSync on HTC Desire, running Android 2.1, and an iPhone 3S running iOS 3. They found tha

Oracle has released emergency patches multiple of times in recent months for Java for one after another set of vulnerabilities . About 100 million computers reported to be vulnerable to unauthorized access via different flaw in Java software. Department of Homeland Security's US-CERT already warned users to disable Java permanently to stop hackers from taking control of users' machines. Security experts advised,'T he best defense we have right now for these kinds of attacks is to disable Java in the browser forever' . According to Websense experts, Most browser installations use outdated versions of the Java plug-in that are vulnerable to at least one of several exploits used in popular web attack toolkit. Exploit kits are a very common tool for distribution of many Java-based threats. To detect the vulnerable Java versions that are installed on systems and Websense experts, used their technology via ' threat intelligence network' , which monitors bi

Canonical, the software company that manages and funds Ubuntu, announced to develop a new, open-source operating system customized especially for Chinese users called ' UbuntuKylin OS '. According to the BBC, Chinese government and Canonical partner to launch its home grown operating system. China signaled its intention to move away from its dependence on western software products i.e windows. Canonical staff and Chinese researchers will be working on the OS at a Beijing lab. China's Ministry of Industry and Information Technology will collaborate with Canonical to come up with Kylin to run on servers, aimed at websites, online shops, and hosting. The first version of Ubuntu Kylin is for the laptops and desktops. Therefore the Android dominates the Chinese market for a few more years. The Ubuntu Kylin is not for the mobile device because Canonical already has the Ubuntu Mobile OS. Future releases will also include integration with Baidu maps and shoppi

Apple is beefing up the security of its iCloud and Apple ID accounts by adding two-factor authentication to the account login process. Users who activate the option will be required to enter a four-digit code they may receive via SMS message, aside from the usual password. Two-factor authentication is gaining popularity because it makes login to online services significantly more secure compared to regular process. Apple has rolled out this functionality for Apple ID and iCloud users. " Turning on two-step verification reduces the possibility of someone accessing or making unauthorized changes to your account information at My Apple ID or making purchases using your account ," Apple said . Apple will be using both the app and SMS versions, providing security codes through texts as well as the FindMyiPhone app. As long as users are able to remember their password, they will have the ability to generate a new recovery key from the My Apple ID website. You

T-Mobile devices having a default Wi-Fi Calling feature that keeps you connected in areas with little or no coverage using Wi-Fi connection. But according to new finding by students Jethro Beekman and Christopher Thompson from University of California Berkeley, that this feature lets millions of Android users vulnerable to Man-in-the-Middle attack . The simplest way to become a man-in-the-middle would be for the attacker to be on the same open wireless network as the victim, such as at a coffee shop or other public space. In a technical analysis of the exploit, The flaw could potentially allow hackers to access and modify calls and messages made by T-Mobile users on certain Android smartphones. Beekman and Thompson informed T-Mobile, a division of Deutsche Telekom, of the flaw in December and on March 18 T-Mobile was able to resolve the issue for all affected phone models. T-Mobile uses regular VoIP for Wi-Fi Calling instead of a connection that encrypted, somethin

Yesterday we reported about a massive Cyber attack on South Korea that was responsible for shutting down networks of South Korean banks and TV broadcasters. Police are still investigating the cyber attack  but the country's Communications Commission has revealed that the hacking originated from a Chinese IP address. Symantec Security team analyze the code used in the cyber attacks against South Korea and they discovered an additional component used in this attack that is capable of wiping Linux machines.  The malware, which it called Jokra, contains a module for wiping remote Linux machines. ' The included module checks Windows 7 and Windows XP computers for an application called mRemote, an open source, multi-protocol remote connections manager. ' Symantec said. McAfee also published an analysis of the attack code, which wrote over a computer's master boot record, which is the first sector of the computer's hard drive that the computer checks before the opera

The US government is claiming that authorities do not need court warrants to affix GPS devices to vehicles to monitor their every move. t's been more than a year since a Supreme Court decision established that affixing a GPS tracking device to a vehicle constitutes a search under the constitution. The decision, United States vs. Jones , throws out the drug-related conviction of nightclub owner Antoine Jones. The GPS locator was installed the day after the warrant expired and while the vehicle was outside of the department's jurisdiction, and DC police tracked Jones for nearly a month after installation before arresting him. " Requiring a warrant and probable cause before officers may attach a GPS device to a vehicle, which is inherently mobile and may no longer be at the location observed when the warrant is obtained, would seriously impede the government's ability to investigate drug trafficking, terrorism, and other crimes. Law enforcement officers co