The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Cyber criminals are more business-minded than you might expect. As the business has moved to greater use of mobile and non-Windows computers, so cyber criminals have adapted techniques monetize their efforts. Security researchers at Lookout Mobile Security discovered that various apps uploaded to Google Play Store containing hidden Coinkrypt android malware, that can turn your mobile device into crypto-currency miners. As we know, coin mining is the key component for digital currencies, so the malware uses a botnet of infected Android Smartphones to mine for currency. Such malware does not steal data. Instead, they are capable of mining Bitcoin , Litecoin and Dogecoin using the victim's device. " Mining can be incredibly resource-intensive and, if allowed to run without any limits, could potentially damage hardware by causing it to overheat and even burn out. " researchers said. The Antivirus firm Trend Micro also spotted two apps named - ' Song

When it comes to Information Security, there's a great way to learn, train and keep sharp your skills. This can be done using gamification mechanics to speed up the learning curve and improve retention rate. Capture The Flag competitions use gamification mechanics and represent one of the best ways to learn security hands on. The Infosec team behind Capture The Flag platform  CTF365  has created a place for hackers to play weekend CTFs with great prizes, called  Hacker's Dome . In order to access the Hacker's Dome, you need is a registered and confirmed CTF365 account.  At Hacker's Dome CTF Platform users can deploy their own CTFs and can invite web developers, system administrators and security professionals to take hard challenges. Think RackSpace, of CTF Competitions. Hacker's Dome - First Blood:  First Blood is the first CTF and will start on May 17 2014 15:00 UTC and winners will win more than $6000 in prizes . If Information Security  gamific

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

A 31-year-old South Korean has been recently accused by the police for the allegation of infiltrating and hacking the accounts of 25 million users of   Naver , one of the popular search portal in South Korea. On Wednesday, the Asian National Police Agency revealed that the suspect purchased the private information of 25 million users, including names, residential numbers, Internet IDs and passwords from a Korean-Chinese, back in August last year, Korea Herald reported. The suspect surnamed  ' Seo ', supposedly used the purchased information to hack into the accounts of Naver users and sent out spam messages and other ' illicit emails ' to the account holders. He had made an illegal profit of some 160 million won ( $148,000 ) using this, according to the report. Also a hacker surnamed  ' Hong ', has been arrested by the police who was suspected to develop the hacking program that automatically enter users' IDs and passwords, which was apparently used by

The devices are becoming smarter, therefore the chances to abuse them have increased. As the share of Android has become 87% in the global Smartphone market, so the Android is by far an elementary target of the mobile malware developers. The number of malware variants has increased rapidly and today 99 out of 100 mobile viruses are targeting Android Devices. Most of the sophisticated malware has the capability to steal keylogs , send text messages to the premium numbers, steal personal data without requesting permission from the device user, also have the caliber to modify SMS and MMS messages and contacts.  Mobile Malware can modify or steal the content stored on your device's SD card and some advance botnet  malware even can give complete remote control of your device to an attacker. DENDROID Beginning this month, we warned our readers from one such sophisticated android malware toolkit discovered by the Symantec researchers that dubbed as ' Dendroid ', which runs on HTTP prot

The Android operating system has hardened its security with application Sandboxing features to ensure that no application can access sensitive information held by another without proper privileges. Android applications communicate with each other through Intents and these intents can be abused by hackers to provide a channel for a malicious application to inject malicious data into a target, potentially vulnerable application. Security Researchers at IBM have discovered multiple vulnerabilities in Firefox for Android platform that allow a malicious application to leak the sensitive information related to the user's profile. Android's Firefox app stores the personal data at following location: / data /data/org . mozilla . firefox /files/mozilla/<RANDOM-STRING >. default . Where the random name for user's profile is used to prevent unwanted access to this directory in case of Firefox exploitation. Researchers developed an exploit to brute-force the &

The Mysterious Malaysian Airlines flight MH370 , a Boeing 777-200 aircraft that has gone missing by the time it flew from Kuala Lumpur to Beijing. The Malaysian Prime Minister had also confirmed that the Malaysia Airlines plane had crashed in a remote part of the southern Indian Ocean. Cyber Criminals are known to take advantage of major news stories or events where there is a high level of public interest and now Scammers are also targeting tragedy of MH370 to trap innocent Internet users. Just a few days before we warned you about a Facebook malware campaign claimed that the missing Malaysian Airlines ' MH370 has been spotted in the Bermuda Triangle ' with its passengers still alive and invites users to click a link to view breaking news video footage. This week, Security researchers at FireEye have revealed about various ongoing spear phishing and malware attacks by some advanced persistent threat (APT) attackers. According to the researchers, the Chines

Defending and Analysis of online threats and malwares   have become more challenging nowadays and especially for larger businesses like the popular social networking site - Facebook. To encounter malware, phishing, and other online threats, Facebook has taken an important step forward. Facebook has unveiled its latest security-focused platform, dubbed as ' ThreatData ', which is a framework that aims to standardize its methods for collecting and analyzing data. The ThreatData framework is implemented to import information about the various online threats, malware, phishing and other internet risks, then storing it proficiently for real-time and long-term analysis as well. It consists of three high level components i.e. Feeds, Data storage, and Real-time response. FEEDS:  Feeds will collect data from a distinct source and implement them via a lightweight interface. " Here are some examples of feeds we have implemented: Malware file hashes from VirusTotal; Malicious

Zeus Trojan is one of the most popular families of Banking Trojan, which was also used in a targeted malware campaign against a Salesforce.com customer at the end of the last month and researchers found that the new variant of Zeus Trojan has web crawling capabilities that are used to grab sensitive business data from that customer's CRM instance. 'GameOver' Banking Trojan is also a variant of Zeus financial malware that spreads via phishing emails. GameOver Zeus Trojan makes fraudulent transactions from your bank once installed in your system with the capability to conduct Distributed Denial of Service, or DDoS, attack using a botnet , which involves multiple computers flooding the financial institution's server with traffic in an effort to deny legitimate users access to the site. TAREGET - EMPLOYMENT WEBSITES Now, a new variant of GameOver Zeus Trojan has been spotted, targeting users of popular employment websites with social engineering attacks , implemented t

As we reported earlier, Microsoft will stop supporting the Windows XP operating system after 8th April, apparently 95% of the world's 3 million ATM machines are run on it.  Microsoft's decision to withdraw support for Windows XP  poses critical security threat to the economic infrastructure worldwide. MORE REASONS TO UPGRADE Security researchers at Antivirus firm Symantec claimed that hackers can exploit a weakness in Windows XP based ATMs, that allow them to withdraw cash simply by sending an SMS to compromised ATMs. " What was interesting about this variant of  Ploutus  was that it allowed  cybercriminals  to simply send an SMS to the compromised ATM, then walk up and collect the dispensed cash. It may seem incredible, but this technique is being used in a number of places across the world at this time. " researchers said. HARDWIRED Malware for ATMs According to researchers - In 2013, they detected a malware named Backdoor . Ploutus,  installed on ATMs in Mexico, wh

Microsoft warned about a zero-day vulnerability in Microsoft Word that is being actively exploited in targeted attacks and discovered by the Google security team. " At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010… " company said. According to Microsoft's security advisory , Microsoft Word is vulnerable to  a remote code execution vulnerability ( CVE-2014-1761 ) that can be exploited by a specially crafted Rich Text Format (RTF). An Attacker can simply infect the victim's system with malware if a user opens a malicious Rich Text Format (RTF), or merely preview the message in Microsoft Outlook. " The issue is caused when Microsoft Word parses specially crafted RTF-formatted data causing system memory to become corrupted in such a way that an attacker could execute arbitrary code. " Microsoft acknowledged that remote code execution flaw also exists in Microsoft Word 2003, 2007, 2013, Word Viewer and Office for Mac 2011. Micr

The use of unmanned aerial vehicles (UAVS) called Drones is rapidly transforming the way we go to war. Drones were once used for land surveillance, Delivering Pizza's, then equipped with bombs that  changed the way nations conduct war and  now these hovering drones are ready to hack your Smartphones. London-based Sensepoint security researchers have developed a drone called ' Snoopy ' that can intercept data from your Smartphones using spoofed wireless networks, CNN Money reported. The Drone will search for WiFi enabled devices and then using its built-in technology, it will see what networks the phones have accessed in the past and pretends to be one of those old network connections. Spoofing WiFi networks that device has already accessed allows Snoopy Drone to connect with targeted Smartphone without authentication or interaction. In technical terms, The Drone will use ' Wireless Evil Twin Attack ' to hack Smartphones. Once connected, Snoopy

Android -  a widely used Smartphone platform offered by Google is once again suspected to affect its users with malicious software that puts their android devices at risk. This time the vulnerabilities occur in the way Android handle the updates to add new flavors to your device. Researchers from Indiana University and Microsoft have discovered [ Paper PDF ] a new set of Android vulnerabilities that is capable to carry out privilege escalation attacks because of the weakness in its Package Management Service (PMS) that puts more than one billion Android devices at risk. The researchers dubbed the new set of security-critical vulnerabilities as Pileup flaws which is a short for privilege escalation through updating, that waylays inside the Android PMS and intensifies the permissions offered to malicious apps whenever an android update occurs, without informing users. The research was carried out by Indiana University Bloomington researchers, Luyi Xing, Xiaorui Pan, Ka