The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The Pirate Bay co-founder  Gottfrid Svartholm Warg (Anakata)  charged with hacking the IBM mainframe of Logica, a Swedish IT firm that provided tax services to the Swedish government, and the IBM mainframe of the Swedish Nordea bank. Svartholm has been charged with several hacking related offenses including serious fraud , attempted aggravated fraud, and aiding attempted aggravated fraud. Three other defendants received similar charges. He was arrested in Cambodia in September 2012 and deported to Sweden where he was arrested for his alleged involvement in the Logica hack. 28-year-old computer specialist Svartholm and other founders of The Pirate Bay were found guilty by the Swedish government in 2009 for facilitating the illegal downloading of copyrighted materials. He has served a one-year prison sentence in Sweden since September 2012, and will likely remain in prison while facing these new charges. Swedish prosecutor Henrik Olin said in a statement, " A la

In recent few months White hat Hacker ,' Nir Goldshlager ' reported many critical bugs in Facebook OAuth  mechanism, that allowed an attacker to hijack any Facebook account without user's interaction.  Another hacker, ' Amine Cherrai ' reported a new Facebook OAuth flaw, whose exploitation is actually very similar to Nir Goldshlager 's findings but with a new un-patched way. Before reading further, I would like to suggest you to read following post to understand the basic exploitation mechanism: Facebook OAuth flaw allows gaining full control over any Facebook account Facebook hacking accounts using another OAuth vulnerability URL Redirection flaw in Facebook apps push OAuth vulnerability again in action Now, if you are aware about the vulnerability used against Facebook OAuth in  redirect_uri parameter in  the URL, there is another way that  Amine Cherrai found, to bypass the patch applied by Facebook  security team. He found another

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a

If you've ever been tempted to download a 'hack' for your favorite game to accelerate your progress, or to download a pirated copy of the latest title through a torrent or file-sharing site, watch out ! Anti-virus company AVG has today warns that over 90% of hacked or cracked games downloaded via torrent or file-sharing sites are infected with malware or malicious code. It claimed that a lot of these hacks didn't just contain malware, but were simply malware programs in disguise. " Even if we assume that just 0.1% of the gamer playing the top five titles go looking for a hack - a highly conservative estimate - that means 330,000 people are potentially at risk of falling victim to game hack malware, " said AVG. The prevalence of cracked games, key generators, patches, cheats and more indicates that this is a highly organised, crime based, initiative. " This could lead to the loss of any legitimate, paid-for gaming assets, as well as sensitive persona

Chinese hackers defaced the website of the government owned Philippines News Agency (PNA) on Sunday.  Defaced page of the website was with the Chinese flag and the text: " China Hacker EvilShadow Team, We are evil shadow. We are the team. We have our own dignity China Hacker Lxxker. " The hackers shared news of the attack on Facebook. The site was back to normal after an hour. This last hacking incident comes days after the arrest of 12 Chinese fishermen suspected of poaching after their boat ran aground in a protected marine park. This was not the first time that the site was hacked. Last year , cyber attacks on several government websites were blamed on Chinese hackers during a standoff in Scarborough Shoal, a group of rocky outcrops in the South China Sea that is close to main Philippine island of Luzon.

On Monday morning, Google has been the victim of a cyber-attack. Defacement attack was launched by Bangladeshi hacker TiGER-M@TE , their Kenyan domain google.co.ke  was defaced, instead the page splayed a black background€™ stamped in red across it. When a user visited the page the hacked screen spiraled in as some foreign music played in the background.  Google is the third most used site in Kenya. TiGER-M@TE has been quite active with defacements lately, and has targeted some high-profile sites in the past.

Cross site scripting vulnerabilities are mistakenly considered unimportant, but they could allow attackers to inject client-side script in web pages visited by victims. A cross-site scripting (xss) vulnerability may be exploited by hackers to bypass access controls going beyond the exceptions. An Egyptian information security advisor Ebrahim Hegazy (Zigoo) has found an XSS vulnerability in the Avira license daemon. license.avira.com But instead of exploiting it in a normal way " alert('MyName') " stuff and then reporting, He decided to demonstrate it to Avira security team in a different mode with the purposes to show how could an XSS vulnerability allows the hackers to steal user accounts with a clear text data! To demonstrate this attack he has created 4 files: avira.html - the fake login page log.php - the logger which will log the credentials as clear text into txt file avira.txt - credentials will be found here done.html - wi

An alarming dispatch from the Hack In The Box security conference in Amsterdam arrived on Wednesday: a hacker says he's found a way to take over airplane controls . That's probably not true. At least according to the Federal Aviation Administration (FAA), the European Aviation Safety Administration (EASA) and Honeywell, the maker's of the cockpit software, it's not. The FAA, for one, says, " The described technique cannot engage or control the aircraft's autopilot system using the FMS or prevent a pilot from overriding the autopilot. " The agency assures America that this hack " does not pose a flight safety concern because it does not work on certified flight hardware. " So why did Hugo Teso, the German hacker in question, tell everybody at the conference as well as countless journalists who've latched on to the story that he could take over the software? Well, Teso says he's successfully taken over a plane's controls in a flight

A large distributed brute force attack against WordPress sites is understood to be occurring. A large botnet with more than 90,000 servers is attempting to log in by cycling through different usernames and passwords. According to a blog update on IXWebHosting, they are currently experiencing issues where there is a brute force attack on the default  WordPress  login pages of  their customers. " As you can see from our numbers, we were seeing 30 to 40 thousand attacks per day the last few months. In April 2013, it increased to 77,000 per day on average, reaching more than 100,000 attempts per day in the last few days. " Sucuri study says. This attack is greatly effecting Linux servers and attack is possibly conducted using  botnets . To solve the issue, hosting administrator block all connections to wp-login.php. " At this moment, we highly recommend you log into any WordPress installation you have and change the password to something that meets the

It is a terrifying prospect, a hack that allows an attacker to take control of plane navigation and cockpit systems has been revealed at a security conference in Europe. This was demonstrated by Hugo Teso , a researcher at security consultancy N.Runs in Germany who's also a commercial airline pilot. He explained that by building an exploit framework called Simon and a complimentary Android app that delivers attack messages, he could manipulate a plane's path as he saw fit. " You can use this system to modify approximately everything related to the navigation of the plane ," Teso told reporters. Teso found he was able to eavesdrop on the system's communications over its 1MBps link, as well as blocking information and injecting data into link.  It took three years of hunting down holes in standard systems to work out how he could use radio signals to send his own navigation commands to a plane's control system, using publicly available Flight Management System (FMS)

You can install the industry's strongest and most expensive firewall. You can educate employees about basic security procedures and the importance of choosing strong passwords. You can even lock-down the server room, but how do you protect a company from the threat of social engineering attacks? For any of you that are involved in security awareness efforts, you know what I am talking about. It could happen tomorrow, it could happen today or it might already have happened. In a recent disclosure  posted by renowned hacker and developer  DarkCoderSc (Jean-Pierre LESUEUR) explained that how one can easily Socially Engineer Microsoft Skype Support team to get access to any skype account. From a social engineering perspective, employees are the weak link in the chain of security measures in place. He simply used the weakness of Skype password recovery system itself. One simply need to request a new password to Skype support and asking to change the password. After