The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Microsoft has released advanced notification for the November 2013 security updates that are scheduled to be released on November 12, 2013. The company plans to deliver eight security bulletins for Windows 8.1, three of them are rated critical and five are important. But there's no relief in sight for a zero-day vulnerability ( CVE-2013-3906 ) in how Office handles .TIFF graphics files . The bulletins listed in Microsoft's advanced notification as critical are for remote code execution vulnerabilities in Windows operating system and the remaining vulnerabilities listed as important are said to be remote code execution, elevation of privilege, information disclosure and denial of service flaws affecting Windows operating system, as well as Microsoft Office. A malicious zero day attack capable of hijacking your PC via a vulnerability found in Windows, Office, and Lync is being exploited more widely than originally thought. Some new reports of the security resea

On Tuesday, the Washington Post revealed a few more NSA slides released by Edward Snowden, which revealed that the spy agency NSA was infiltrating the private data links between Google and Yahoo data centers as part of a program called MUSCULAR . Chairman and former CEO of Google Eric Schmidt says the company's executives are shocked by allegations that the National Security Agency has been collecting data from the search engine's servers. " It's really outrageous that the NSA was looking between the Google data centers, if that's true ," he said. Overnight, Two Google's Security engineers -  Mike Hearn and   Brandon Downey expressed reasonable anger about the news on Google+, said " Fuck these guys ", where these represent NSA and GCHQ. I've spent the last ten years of my life trying to keep Google's users safe and secure from the many diverse threats Google faces. Fuck You to the people who made these slides. I am not American, I am a Brit, but i

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

The US Federal Bureau of Investigation has added five new hackers to its Cyber most wanted list and is seeking information from the public regarding their whereabouts. The men are wanted in connection with hacking and fraud crimes both within the US as well as internationally. Rewards ranging from up to $50,000 to $100,000 are being offered for information that leads to their arrest. Two of them are Pakistani, Farnhan Arshad and Noor Aziz Uddin , who caused the damage of over $50 million after hacking business telephone systems between 2008 and 2012. Arshad and Uddin are part of an international criminal ring that the FBI believes extends into Pakistan, the Philippines, Saudi Arabia, Switzerland, Spain, Singapore, Italy, Malaysia, and other locations. Syrian national Andrey Nabilevich Taame , wanted for his alleged role in Operation Ghost Click , a malware scheme that compromised more than four million computers in more than 100 countries between 2007 and October 2011

Yesterday at Stanford University in the United States, Cyber Security Experts and Leaders from more than 40 countries gathered to talk about the cyberspace security problems and cooperation among countries. The need for international cooperation in cybersecurity is evident, due to the nature of cyberspace itself. Cyberspace or the Internet is "borderless" in nature. Cai Mingzhao , Minister of the State Council Information Office of China said that China is keen to continue working with other countries to deal with cyber security Challenges. Interesting! When China is itself the culprit in major Cyber Threats and attacks. " To maintain cyber security, we need to strengthen international cooperation, " and " We are ready to expand our cooperation with other countries and relevant international organizations on the basis of equality and mutual benefit, " he said . He said that the China is a victim of cyber security breaches, where more than 80% of Chinese i

The use of mobile devices in government environments concerns the secret service of any states, cyber espionage more often exploits the mobile platforms. Mobile devices are reason of great concern for governments, they have a great computational capability, huge memories to store our personal data, GPS to follow our movements and are equipped with a camera and microphone to increase our experience in mobility. The advent of monitoring apps like Mobistealth has already brought the possibility of using the aforementioned features to keep tabs on a target device irrespective of the geographic distance to light. However, it has also raised red flags over the possibility of exploitation of such features by attackers for cyber espionage . The problem is well known to governments that are adopting necessary countermeasures especially following the recent revelations about the U.S. Surveillance program . The UK Government has decided to ban iPads from the Cabinet over foreign e

Microsoft has issued a temporary fix for a 0day vulnerability that can be exploited to install malware via infected Word documents. A Zero-day Remote code execution flaw, which has been dubbed CVE-2013-3906 , exploits a vulnerability in a Microsoft graphics component, to target Microsoft Office users running Windows Vista and Windows Server 2008. " The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images ," it said in the post .  Vulnerability was reported to Microsoft by McAfee Labs senior security researcher Haifei Li. A successful infection can give an attacker complete control over a system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Currently the company is only aware of targeted attacks mostly in the Middle East and South Asia, with attackers sending unsuspecting v

Last week we noticed a rise in cyber attacks particularly - website Defacement attacks on many governments and organizations of different countries by the hackers around the world. Targeted countries include Singapore, Mexico, Philippines, Australia, Egypt, United States, Syria and many more. Out of all these targets, most controversial were Philippines and Australia, hacked by Activist group Anonymous. Last Sunday, Anonymous hackers from Indonesia defaced hundreds of websites belonging to the Australian Government , saying the action was in response to reports of spying by Australia. The websites, defaced with a message reading " Stop Spying on Indonesia ". We have shared the list of all targeted website on a pastebin note . In a separate incident, Anonymous hackers defaced more than 38 Philippine Government websites, and called on the public to support an anti-corruption protest " Million Mask March " at the Batasang Pambansa on November 5. " The government,

There's an extraordinary malware making rock-n-roll over the Internet and if you are one of the unlucky folks to cross its path, then it could make your computer unusable and you have to pay a few hundred Dollars to retrieve your important data back. We have warned our readers in many  previous articles about a nasty piece of Ransomware malware called ' CryptoLocker ', which is targeting computers running the Microsoft Windows operating system. The CryptoLocker  Ransomware encrypts the files on a victim's computer and issues an ultimatum - Pay up or lose your data . Users who are getting infected with CryptoLocker can see a message informing them that their computer is locked up and their files encrypted. It then asks them to make a ransom payment, which typically ranges between $100 and $700 or 2 Bitcoins , to get their files back. Just yesterday I noticed on a forum that the criminals behind the CryptoLocker malware has recently launched a dedicated  Cry

Today Malware is a very real threat, and if you're not careful about what you download and install, you could end up with a serious problem. But now Google will be trying their very best to block malware from installing itself on your computer on your behalf. Google has developed a security feature for Chrome that lets the browser detect and stop malware downloads. The feature has been added to Chrome Canary, the latest version of the browser which is available to download in beta form now. All you'll see is a notification like the one below, which you can then dismiss: " These malicious programs disguise themselves so you won't know they're there and they may change your homepage or inject ads into the sites you browse. Worse, they block your ability to change your settings back and make themselves hard to uninstall, keeping you trapped in an undesired state. " wrote Linus Upson, a Google vice president, in a blog post . Google is implementing

Earlier this year, in the month of July it was first discovered that 99% of Android devices are vulnerable to a flaw called " Android Master Key vulnerability " that allow hackers to modify any legitimate and digitally signed application in order to transform it into a Trojan program that can be used to steal data or take control of the device.  The vulnerability was also responsibly disclosed to Google back in February by Bluebox and but the company did not fix the issue even with Android 4.3 Jelly Bean. Later, Google has also modified its Play Store's app entry process so that apps that have been modified using such exploit are blocked and can no longer be distributed via Play. Then after a few days, in the last week of July this year,  Android Security Squad , the China -based group also uncovered a second Android master key vulnerability similar to the first one. Security researcher  Jay Freeman has  discovered  yet another Master Key vulnerability in A

Finnish commercial broadcaster MTV3 reports that the Finnish Ministry of Foreign Affair networks has been targeted in a four-year-long cyber espionage operation. Finland's foreign minister said, " I can confirm there has been a severe and large hacking in the ministry's data network ," A large scale spying attack   targeted the communications between Finland and the European Union using  a malware , similar to, and more sophisticated than Red October . The breach was uncovered during the early part of this year. MTV3 also mentioned that the breach was not discovered by the Finns themselves, but from a foreign tip-off reported to CERT.FI. Further the Finnish authorities kept the information under wraps for continuing the forensics. There are indications that information with the lowest level security classification has been compromised, he said. In January, 2013, we had reported about Red October Cyber-espionage operation that targeted th

We have discussed many times in our stories the network of Intelligent devices , their capabilities and the possibilities that cyber criminals could exploit them for illegal activities. Hidden chips are used by cyber criminals and state-sponsored hackers to infiltrate company networks and organizations for various purposes, to send out spam or for cyber espionage . The fact has happened in Russia, the State-owned channel Rossiya 24 has showed the images of an electric iron included in a batch of Chinese imports where the operators find a chip used for spying the environment surround. China is planting Microchips practically in every electrical device, as recently it has been discovered that the  electric iron  and kettles were modified with this technique to launch spam attacks. The Microchips were equipped with a little microphone and according to the correspondent the component were mostly being used to serve malware and the chips in fact are able to connect any co