The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Vodafone Germany has been hacked and Personal details of more than two million customers have been compromised, some including banking details. Stole data includes names, addresses, birth dates, and bank account information, but the hacker had no access to credit-card information, passwords, PIN numbers or mobile-phone numbers. According to a blog post on the Vodafone website, The company has already involved law enforcement agencies in the investigation, and it is confirmed that a suspect has been identified and searches conducted in the case, but didn't say whether the suspect was an employee or an outsider. It's unclear when the breach took place, but it appears to have involved a successful compromise of an internal server on Vodafone's network. Vodaphone said it is taking action to prevent this type of incident from occurring again, including reinstalling servers and changing passwords and certificates of all administrators. Vodafone customers outside of Germany aren&#

Russian Security Firm Kaspersky Lab has revealed that it has been following a sustained attack on South Korea by hackers seemingly based in North Korea.,  This new Cyber Espionage campaign dubbed "Kimsuky"  has targeted several South Korean think tanks. R esearchers believe the Kimsuky malware is most likely delivered via spear-phishing e-mails  and used multiple Dropbox email accounts "It's interesting that the drop box mail accounts iop110112@hotmail.com and rsh1213@hotmail.com are registered with the following "kim" names: kimsukyang and "Kim asdfa " The Kaspersky researchers revealed that the operation presents distinctive characteristics in its execution and logistics. The investigation started after the team of experts detected an unsophisticated spy program that communicated with it control server via a public e-mail server, an approach followed by too many amateur malware authors. Victims download a Trojan dropper which is used to download additional malwa

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

The Fourth Edition of an International Information Security Conference hosted in Romania , The DefCamp 2013  is now open for Call for Papers . Over 300 Security experts, Researchers, and Enthusiasts from Romania and neighboring countries are expected to take part in the event in Bucharest, at the Crystal Palace Ballroom on November 29-30, 2013 . The Crystal Palace Ballroom is hosting one of the most mesmerizing event of Hacking & Information security in Romania, Defcamp.  In its Fourth year, The conference aims - continues to impress its audience with IT knowledge sharing, competition with varying levels of difficulty, Romanian and foreign speakers, surprises and fun. " We have awaited the 48 hours of DefCamp 2013 since the closing moment of the last edition.  It is hypnotizing to exchange ideas, to compete, to expand your knowledge and to meet people  who you know only from the virtual world. DCTF (DefCamp Capture the Flag) - our main  competition of the co

As we reported yesterday that, your Smartphone is a goldmine for the US National Security Agency (NSA), they have the full access to your Data available on your Smartphones including Android , iPhone and Blackberry. But among other Smartphones,  iPhone apparently is the most popular with the National Security Agency. Another NSA presentation leaked by NSA whistle-blower Edward Snowden and published by German paper Der Spiegel , describing Steve Jobs as the real Big Brother and iPhone buyers as the "zombies" . By cracking mobile operating systems and eavesdropping on mobile communications, the data obtained in this way includes contacts, call lists, SMS traffic, notes and location information. " Such as a iPhone picture of a foreign government official who took selfies while watching TV, and a picture of an unknown man, apparently an Afghani fighter, in the mountains of Afghanistan. And remember the iPhone's location bug? That enabled tracking of people over exten

Earlier reports based on Snowden 's documents revealed the existence of the NSA's PRISM program , and indicate that the National Security Agency spied on Brazilians. On other End, President Obama said that the Syrian government used chemical weapons on its citizens and The United States may have to take military action against Syria. Against same issues, yesterday various pages on  NASA 's website were hacked by a Brazilian Hacker named " #BMPoC " and the visitors to the pages were first greeted with a pop-up window which reads "DO NOT ATTACK THE SYRIAN " followed by another reading " U.S. SPY STOP THE BRAZIL " before the deface page appears. The complete deface message on the page was: Stop spying on us. The Brazilian population do not support your attitude! The Illuminati is now visibly acting! Obama heartless! Inhumane! You have no family? The point in the entire global population is supporting you. NOBODY! We do not want

Hackers are focusing on vulnerabilities in the PHP web application development platform threatening 80% websites in the world, including many big website i.e. Facebook and Wikipedia. PHP has several predefined variables that are called SuperGlobals i.e. POST, GET, COOKIES, FILES etc. Imperva Releases Hacker Intelligence Initiative Report , particularly concerned about two vulnerabilities that can be used to execute code on servers running PHP and fail to stop PHP SuperGlobal parameter variables being modified by external sources. Dubbed as  CVE-2011-2505 , describes a vulnerability in the authentication feature in PhpMyAdmin (PMA) that enables attackers to modify the  _SESSION  SuperGlobal variable. CVE-2010-3065 describes a problem in the PHP's session serialization mechanism. By injecting malicious value into an internal variable using PHP's Superglobal mechanism, the attacker is able to change the application flow and execute arbitrary commands to take control over

This Tuesday, Microsoft will be releasing its September's Patch Tuesday updates includes 14 bulletins in total, fixing issues in Windows, Office, Outlook, Internet Explorer, SharePoint and FrontPage. In all, there are eight remote code execution flaws in Microsoft Office, Microsoft Server Software, Microsoft Windows, which can allow hackers to gain access to, or take control of an affected system without user prompts or permission. The four critical bulletins affect Sharepoint, Outlook, Internet Explorer and XP and Windows 2003. Bulletien second will address a Remote Code Execution flaw in Microsoft Office that can be triggered simply by previewing an email in Outlook, even without explicitly opening the e-mail. The problem for users is that Outlook automatically displays the content of each email it previews. The remaining 10 bulletins are all rated important by Microsoft, four of them patch remote code execution flaws in Office, while three other privilege escalati

National Security Agency (NSA)  has the capability to access a broad range of data on most Smartphones out there, including iPhone, BlackBerry, and Android devices, according to the  documents provided by former US intelligence contractor Edward Snowden to the  German news agency Der Spiegel report. A 2009 NSA document states that it can " see and read SMS traffic ". This data includes Contact, call lists, SMS traffic, notes and location data about where a user has been, the NSA has set up teams to specialize in cracking each operating system. The leaked information also revealed that the NSA has organized a working group for each operating system. The documents also state the NSA has successfully accessed BlackBerry email data, a system previously thought to be very secure. Recently, two Guardian reporters , the Newspaper primarily responsible with leaking NSA documents, discovered a mystery app on their iPhones . It has no title, no identifying image,

Recently, Tor Project Director - Roger Dingledine described a sudden increase in Tor users on the Tor Network after the events related to disclosure of the PRISM surveillance program, Since August 19, 2013, there has been an impressive growth in the number of Tor users. At first, No one knew who or what is responsible for this spontaneous growth of Tor users, but Security researchers at Fox-IT firm found evidence that the spike in Tor traffic is caused by a Mevade Botnet, that hides its Command-and-Control server in the anonymizing network. The security firm documented the presence of the Mevade malware architecture based on the anonymizing network, " The malware uses a command and control connectivity via Tor .Onion links using HTTP. While some bots continue to operate using the standard HTTP connectivity, some versions of the malware use a peer-to-peer network to communicate (KAD based). " " Typically, it is fairly clear what the purpose of malw

Trust is something that's earned, not given. We trusted tech companies with our data because they promised to keep it secure. That trust was called into question after former NSA contractor Edward Snowden revealed that NSA is snooping on us with the help of same tech companies. Today Google announced that they have accelerated their efforts towards encrypting the information that has been flowing through its data centers across the world to thwart snooping by NSA and intelligence agencies, but do can you Trust Google and Other Internet Companies now ? " It's an arms race ," Eric Grosse, Google's vice president for security engineering, tells WP . " We see these government agencies as among the most skilled players in this game. " Google officials declined to provide details on the cost of its new encryption efforts, the numbers of data centers involved, or the exact technology used. According to the report, encrypted information would