website hacking | Breaking Cybersecurity News | The Hacker News

Hackers crew Jember Hacker terrorists (JHT) deface the official website of Indonesian president (https://www.presidensby.info) with a message reads, " This is a PayBack From Jember Hacker Team ". Hackers deface website of president Susilo Bambang Yudhoyono (SBY) apparently in protest at growing corruption and wealth inequality in the country and because of increasing anger at the current administration. Deface page mention hacker code name as " MJL007 " who performed the hack and government is working with law enforcement teams to examine log files in a bid to trace the origin of the attack. " Corruption is rampant, the poor are everywhere. The rich get richer, the poor get poorer ," hacker told . Mirror of hack is available at Zone-H .

Another basic security loop-hole in NASA website lead to a Hack. This time hacker going by name " p0ison-r00t " deface a sub domain of NASA ( https://spaceyourface.nasa.gov/ ). The hacked sub domain running a web application using flash, that allow visitors to create some funny videos of Space using Faces. Hacker able to upload his text on the website, as shown in screenshot taken by ' The Hacker News '. We contact hacker to know more about the hack, on asking How ? Hacker said," I found a form on website, accepting file upload but without validating the extension, that allow me to upload a php shell on server ". Hacker also said that because of low privileges he was not able to modify any file, but was able to upload some text on the website, Check here . Mirror of hack also available on Zone-h .

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

RED HAT has fixed multiple web application security issues that allowed hackers to extract website database using Blind SQL injection. Red Hat also confirmed a cross site scripting and Local File Inclusion Vulnerabilities on their website. Mohamed Ramadan Security Researcher and Trainer Attack-Secure , told ' The Hacker News ' that last year he reported 3 flaws to the company and they finally confirm and patch those in January 2013. Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application, rather than getting a useful error message, they get a generic page specified by the developer instead. This makes exploiting a potential SQL Injection attack more difficult but not impossible. Local file inclusion is a vulnerability that allows the attacker to read files, that are stored locally through the web application.This happens because the code of the application does not properly sanitize the include

Most of you knows the power of Nmap, When used properly, Nmap helps protect your network from invaders. One of the best tool for hackers, penetration testers and Security  researchers. Officially Nmap a desktop tool, can be used as web version but should be under some limitations. When someone does Nmap scan against a target to find out the open ports, enumerating system details and installed services versions, most obvious if  used improperly, Nmap can get you sued, fired, expelled, jailed, or banned by your ISP for scanning a target under hacking attempt. Hacker can be tracked back via the IP address from where one perform the scanning, but what if a web version of Nmap available on a website, where one just need to enter the target IP/website address and that website will do a free scan against your target ? Seems easy and one can use Proxy to access that website and which will do a simple and fast scan for you ! Yes, a service called " ScanPlanner " (htt

This morning I received the news of new attacks against Adobe, an Egyptian Hacker named ViruS_HimA hacked into Adobe servers and leaked private data. The hacker claims to have violated Adobe servers gaining full access and dumping the entire database with more of 150,000 emails and hashed passwords of Adobe employees and customers/partner of the firm such as US Military, USAF, Google, Nasa DHL and many other companies. The leaked file contains a list of for each account the following information: Firstname Lastname Title Phone Email Company Username Password hash The hacker declare that his intent was far from to destroy the business of the company, that's why he posted data leaked related only to Adobe, and belonging the domains "*.mil" and ".gov". Which is the motivation of the attack? The attack hasn't a politic motivation, ViruS_HimA desire to demonstrate that despite Adobe is one of the most important company in IT l

On a quick tip from a The Hacker News reader - Travis, we came to know about that some antivirus giving warning when readers try to visit  Bloomberg's Businessweek website ( businessweek.com ) that the site is infected with malware and trying to drop a malware on visitor's system. Website having very high alexa rank, that means it server updates to millions of daily visitors. Most obvious that Bloomberg's site was hacked and then hacker was able to inject the script to infect visitors of site. After exploring the site, I found that some " Under Maintenance " pages like (  hxxp://bx.businessweek.com/photos/spham708_medium.jpg  ) of  Businessweek website having injected iframe that trying to open a remote page uploaded on a italian website as shown below: Injected URL :  hxxp://www.lamiabiocasa.it/class/cls-memcache.php ( Do not open this page ). We have another news from other sources that, recently around hundreds of italian websites was got hacked silently

Another Halloween hack, National Telecommunications Commission (NTC) was hacked Thursday noon, showed a pop-up message saying " Sh4d0wFiend_h4x0r and Wizkidl33t were here! " and would later redirect to another page (ntc.gov.ph/halloween) displaying the hacker's message - " hello and welcome: presented by Wizkidl33t and Sh4d0wFiend_h4x0r " Futher one click, a new page loads with the message " Welcome to the world of Halloween, in a moment you will see a couple of scary and entertainment media, this is not about a government issues this is for Halloween special click proceed to go to the next page ." The hacker group has claimed responsibility for the hacking of several government websites protesting the passage of the Cybercrime Prevention Act in the Philippines.

A Hacker going by name - " LegitHacker97 " claiming that he successfully access a NASA subdomain website , that actually belongs to a US Government computer, as mentioned on homepage. ***** WARNING ***** This is a US Government computer Hacker also dump a  82.51 MB (compressed or 337 MB uncompressed) Archive five days ago on internet, includes the complete source code of the website (in ASP). After watching the pastebin note , we tried to contact the hacker for collecting more information about the hack. Hacker describe The Hacker News via mail that," This was hacked by a major LFI vulnerability which allowed me to upload my own shell (backdoor to the site) and I took advantage of it by downloading all off the website ! ". He add ," But now vulnerability is fixed ". I download the dump from the link posetd by hacker in pastebin note and tried to match the files with NASA website and subdomains, and found that these file actually belo

A huge hack carried out today ! One of the biggest Peru Domain registrar company (punto.pe) hacked by Lulzsecperu (declared by a tweet ) and Complete database of 207116 websites has been leaked on internet.  Leaked database include Domain panel username, encrypted password, Company descriptions. Hacked domains include all .PU domains ie. Banks , Institutes, computer security companies, corporates, colleges, government, personal websites. " We clarify that we have no malicious purposes, only prove that the security of PERU is bad and should be corrected. Greetings to the computer crimes division of the National Police of Peru from March 2012 is nil activity and fail or be close to where we are now ASBANC for trying. " Hacker said in an statement . He upload the database here :  https://anonfiles.com/file/e14504f5033d2a53457af667b686340f Password for file: lulzsecperu 2-3 Hours after  Lulzsecperu hack,  another hacker " @passfile " come up w

Yesterday I have reported about a huge mysterious hack in wordpress servers, that cause compromise of 15000 wordpress account and hacker managed to post same spam article of " Money making sites " with title - " Im getting paid! " on each blog. We explained how hacker was earning in thousands of dollars by just sharing his Referral link on all these hacked sites. The campaign include some malicious domains where hacker is redirecting all readers and service from a well known email marketing company - Getresponse . Using the same dork -- site:wordpress.com "Im getting paid!" , today we tried to find out number of hacked accounts and once again another shocking number - its 59300 blogs in compromised list on 2nd day of hacking campaign. So many blogs have been compromised without any known method and wordpress team still not in action. As mentioned in last article, yesterday I tried to contact with Getresponse response team whose Email ser

Wordpress Security Team is sending out warning messages to thousands of wordpress users that their account has been compromised recently. Warning message include " We recently detected suspicious activity on your WordPress.com account. To protect your identity and keep your site safe, we've reset your password. " Message continue " To reset your password and get access to your account and blog, please visit WordPress.com. Click on "Forgot password?" in the Login toolbar to get started. It is very important that your password be unique because using the same password across different web applications increases the risk of your account being hacked. " Note: Wordpress officially has not announce yet any security breach news on their website, but these warning mails are silently received by compromised account holders. Method of hack is still not confirmed. But hacking 15000 blogs from wordpress server and posting same article on all sites most obvious can

Over 2011-2012 we've seen an increase in distributed denial-of-service (DDoS) attacks and other web attacks on SME's websites. Incapsula is one of the companies whose service is useful to protect your website from all threats and mitigate DDoS attacks which affect your websites, servers, databases, and other essential infrastructure. Incapsula is a cloud-based website security and performance service, including a PCI-certified cloud web application firewall and a content delivery network (CDN) for small and medium-sized businesses. We at ' The Hacker News ' got the chance to review the service using an Enterprise plan account. Really it takes I think 1-2 minutes to join the service and add this extra layer of virtual shield around your Website. You have to make a simple DNS settings change in your domain panel. Your site traffic is then routed through Incapsula's global network of high-powered servers. Incoming traffic is analyzed and a security layer is a

This utility provides a Web interface for remote operation c operating system and its service / daemon. Opportunity Description / features: Authorization for cookies Server Information File manager (copy, rename, move, delete, chmod, touch, creating files and folders) View, hexview, editing, downloading, uploading files Working with zip archives (packing, unpacking) + compression tar.gz Console SQL Manager (MySql, PostgreSql) Execute PHP code Working with Strings + hash search online databases Bindport and back-Connect (Perl) Bruteforce FTP, MySQL, PgSQL Search files, search text in files Support for * nix-like and Windows systems Antipoiskovik (check User-Agent, if a search engine then returns 404 error) You can use AJAX Small size. The boxed version is 22.8 Kb Choice of encoding, which employs a shell. Changelog (v2.5.1): Remove comments from the first line . Added option to dump certain columns of tables. the size of large files are now well defin