Anonymous desktop OS released:

The hacking group Anonymous now has its own desktop operating system, pre-loaded with tools for finding Website vulnerabilities and simulating denial-of-service attacks. However, some members of the group are already distancing themselves from the software. Anonymous-OS is based off Ubuntu and uses MATE, an alternative user interface. The OS comes pre-loaded with a variety of hacking programs, such as the denial-of-service attack simulator Ddosim, the exploit scanner Sql Poison and the password cracker John the Ripper. It also comes decked out in Anonymous logos and slogans. A Tumblr blog with information about the OS says it was created “for educational purposes” and for “checking the security of web pages.” The blog cautions users not to use the OS to attack any Websites, lest you “end up in jail because it is a crime in most countries!” A Website called The Hacker News first spotted the OS on Wednesday, but already, one of Anonymous’ Twitter feeds is warning users to be careful. Anonymous members were recently tricked into installing a trojan, so this supposed OS could be another trap.

Caller ID spoofing scams step up:

That call you received on your mobile phone might not be from the company that popped up on your Caller ID. Cyberthieves are stepping up phone-calling scams that pilfer the accounts of consumers who bank online. And many such calls are linked to Caller ID spoofing, which causes the recipient’s phone to display a Caller ID number that appears to originate from a trusted party. In the second half of 2011, Pindrop Security detected more than 1 million fraudulent calls, including 189,439 in December, a 52% surge from July, according to a first-of-its-kind report released Thursday. “Mobile is a growth area,” says Stan Stahl, president of the Los Angeles chapter of the Information Systems Security Association (ISSA), which works with financial institutions to stem online banking fraud. Spoofers often lure a cellphone user into divulging account information via an automated call or text message that appears to come from the user’s bank. Next, the crooks call the bank, spoofing the victim’s phone number and correctly answering security questions to trick the bank employee into transferring cash or issuing credit cards for mailing addresses under the scammer’s control. Dell SecureWorks estimates small and midsize businesses in the U.S. and Europe lose as much $1 billion a year from online banking accounts.



Hackers offer bounty for Windows RDP exploit

A Web site that bills itself as a place where independent and open source software developers can hire each other has secured promises to award at least $1,435 to the first person who can develop a working exploit that takes advantage of a newly disclosed and dangerous security hole in all supported versions of Microsoft Windows., Krebs on Security reported March 15. That reward is offered to any developer who can devise an exploit for one of two critical vulnerabilities that Microsoft patched March 13 in its Remote Desktop Protocol (RDP is designed as a way to let administrators control and configure machines remotely over a network). The bounty comes courtesy of contributors to, a site that advances free and open software. The current bounty offered for the exploit is almost certainly far less than the price such a weapon could command on the underground market, or even what a legitimate vulnerability research company might pay for such research. Source: