The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A new dangerous variant of ZeuS Banking Trojan has been identified by Comodo AV labs which is signed by stolen Digital Certificate which belongs to Microsoft Developer to avoid detection from Web browsers and anti-virus systems. Every Windows PC in the world is set to accept software " signed " with Microsoft's digital certificates of authenticity, an extremely sensitive cryptography seal. Cyber Criminals somehow managed to hack valid Microsoft digital certificate, used it to trick users and admins into trusting the file. Since the executable is digitally signed by the Microsoft developer no antivirus tool could find it as malicious. Digitally signed malware received a lot of media attention last year. Reportedly, more than 200,000 unique malware binaries were discovered in past two years signed with valid digital signatures. A Comodo User submitted a sample of the malicious software that attempts to trick user by masquerading itself as file of Intern

Is Air Travel expensive for You?? Of course it's costly for Common people. But, hackers have found a way out of it too. If you have an iPhone then there is no need to buy airline tickets, as a simple iPhone hack can fool any modern airport and get you a seat in first class for free. Anthony Hariton , an 18 year-old computer science student at the University of Crete in Greece, claims he has found a plough to fetch free flight tickets across Europe by generating fake boarding passes designed for Apple's Passbook app. The student prepares to give his presentation entitled " Exploiting Passbook to Fly for Free, " in a hacking conference next month, in which he will theoretically demonstrate on how to generate fake boarding passes using only a computer and an iPhone, then get through all the Security Airport checks and then eventually ending up on your first class seat to the destination of your choice. HACKING iPHONE APP TO GET FREE BOARDING PASSES The iO

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Pakistan's Federal Investigation Agency (FIA) has arrested a Pakistani Hacker allegedly involved in hacking into a telecom company and uploading their database on his website. With the help of the National Response Center for Cyber Crime (NR3C) of Pakistan's Federal Investigation Agency, the local authorities were able to trace and arrest the hacker suspected of infiltrating into the systems of Warid Telecom, an Abu-Dhabi-based telecoms company that provides services in Congo, Pakistan and Uganda. The suspect, Mubashar Shahzad , a resident of Kasur, is believed to have downloaded Warid Telecom's customer information from the company's databases and exposed it online, which was published on earlysms.com , a site hosted with HosterPK . Investigation started after one of the senior manager of a cellular company filed a complaint saying the ' information of its consumers till 2006 had been exposed over the internet. ' " A technical/forensic analysis found that the web

Do you know, Why another major company is getting hacked every week? Because of poor policies, Laziness to Incident Response and lack in will-power to put efforts on applying important patches. Some companies are not taking their security more seriously, and best suitable example for this is  TxTag,  an electronic toll collection systems in Texas operated by Texas Department of Transportation (TxDOT) . 1.2 MILLION CREDIT CARD ARE AT RISK Security researcher, David Longenecker   claimed a serious flaw at  TxTag website that exposes the active Credit Card Details and Personal Information of 1.2 Million Drivers including active TxTags (vehicle stickers with microchips, which are scanned by electronic readers on toll roads), Names, phone numbers, full residence addresses, email addresses, along with their complete Credit card numbers and Expiration date. According to David, the account names could be easily predictable by anyone, which is typically an 8-digit number that beg

On passed Thursday, Microsoft has released an advance advisory alert for upcoming Patch Tuesday which will address Remote Code Execution vulnerabilities in several Microsoft's products. Microsoft came across a limited targeted attacks directed at their Microsoft Word 2010 because of the vulnerability in the older versions of Microsoft Word. This Tuesday Microsoft will release Security Updates to address four major vulnerabilities, out of which two are labeled as critical and remaining two are Important to patch as the flaws are affecting various Microsoft software such as, Microsoft Office suite, Microsoft web apps, Microsoft Windows, Internet Explorer etc. VULNERABILITY THAT YOU  MUST PATCH Google Security Team has reported a critical Remote code execution vulnerability in Microsoft Word 2010 ( CVE-2014-1761 ) which could be exploited by an attacker to execute the malicious code remotely via a specially crafted RTF file , if opened by a user with an affected vers

Germany has confirmed its biggest Data theft in the country's history with usernames and passwords of some 18 million email accounts stolen and compromised by hackers. The Story broke by the German press, Der Spiegel on Thursday, when German Authorities revealed another mass hacking of private data belonged to German citizens and major Internet companies both in Germany and abroad. 16 MILLION AND NOW 18 MILLION Authorities in the northwestern city of Verden unearthed a treasure of personal information, a list of about 18 million stolen email addresses and passwords, and seized it just after only two months from the previous major data breach, when researchers came across 16 million compromised email accounts of German users while conducting research on a botnet, a network of computers infected with malware.  The accounts were compromised by hackers in the mid of January, and Der Spiegel suggests that the same group of hackers is responsible for both thefts and t

iOS devices have a feature called ' Find My iPhone ', allows device owner to locate their stolen devices using linked Apple ID with iCloud Account. Unfortunately, a security flaw in iOS make it possible to turn off Find My iPhone without a password and enabled thieves to bypass the protection which makes the iPhone  untraceable if lost or stolen. To Set-Up ' Find My iPhone ' feature, users need to link their Apple ID with it and this will not only helps in locating the device but also gives permission to its user to remove all the data, drive direction to the lost device, lock the device by a passcode and displays a custom message on the locked screen. KILL 'Find My iPhone' WITHOUT APPLE PASSWORD Normally, disabling Find My iPhone requires Apple ID password, but according to the vulnerability reported by  Miguel Alvarado,  a thief can bypass all of this security feature without knowing your Apple account's password . In a video demons

Have you noticed a blue color " Free Voice Call " icon that appears next to your Facebook contacts in the iOS and Android Facebook Messenger app? Yes, Facebook has updated their Messenger app that includes the ability to make free voice calls to your online pals and now Facebook users can simply tap the phone icon to call their friends. FACEBOOK DITCH WHATSAPP OVER CALLING FEATURE WhatsApp was reportedly developing voice call feature since last year and when it was acquired by Facebook for $19 billion in February, users estimated that Facebook will add Internet calling feature to Whatsapp soon, rather than to its own Facebook Messenger. However, the WhatsApp VoIP calling is still to come and is expected to launch the update with the feature in the coming weeks, but sadly before that Facebook may leave other popular free calling apps, such as Viber, Line, Google's Hangout, Skype behind. USERS' PRIVACY AT RISK, AS NO ENCRYPTION As expected, Faceboo

Beware! Hackers can cause Traffic jams with just a navigation Smartphone application. Two Israeli students were assigned by college to hack Google-owned Waze GPS app , an Israeli-made Smartphone app that provides directions and alerts drivers to traffic and accidents. Shir Yadid and Meital Ben-Sinai , fourth-year students at Technion-Israel Institute of Technology, with the help of two advisers created a virtual program that successfully caused the popular navigation application Waze to report fake traffic jams,  Haaretz  reported. They successfully launched a demo cyber attack against the popular navigation app, with no evil intention to cause any damage to the app, instead it was a simple assignment handed over to these students to demonstrate up to what a malicious hacker could do by creating a fake traffic jam on any popular app, like Waze that provides real-time traffic updates and notifications to users on the road. HOW TO JAM TRAFFIC? To carry out their proje

A 5-year-old San Diego boy managed to hack one of the most popular gaming systems in the world, Xbox and has now been acknowledged as a security researcher by Microsoft. Kristoffer Von Hassel uncovered a vulnerability in Xbox Live's password system, that would allow someone to log into a Xbox player's account without their password. Kristoffer's parents noticed he was logging into his father's Xbox Live account simply by tapping the space bar. YES, BACKDOOR ENTRY WITH JUST SPACE-BAR His father noticed that Kristoffer logged in as his Xbox Live account to play video games that he wasn't meant to be playing and asked how he had done it.  Kristoffer revealed that by typing in the wrong password and then by pressing the spacebar, he bypassed the password verification through a backdoor, and it was pretty simple! HIS FEELING, "was like yeah!" 5-year-old gamer actually hacked the authentication system of a multi-billion dollar company,