#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Ebook download | Breaking Cybersecurity News | The Hacker News

ColdFusion Zero day vulnerability : Remote File Disclosure of Password Hashes

ColdFusion Zero day vulnerability : Remote File Disclosure of Password Hashes

Jan 03, 2012
ColdFusion Zero day vulnerability : Remote File Disclosure of Password Hashes Yesterday  Blackhatacademy Released Fully automated MySQL5 boolean based enumeration tool . Today Another post expose the most critical ColdFusion vulnerability affects about a tenth of all ColdFusion servers at the present. It chains together multiple exploits, and it provides a 30 second window into the Administrator panel. The ColdFusion Administrator panel can then be used to write out a shell. ColdFusion Markup Language is an interpreted language utilizing a Java backend. It allows direct access to Java via its cfscript tags, while simultaneously offering a simple web wrapper. It is vulnerable to a variety of attacks, but mainly LFD and SQLi. ColdFusion scripts are commonly run as an elevated user, such as NT-Authority\SYSTEM (Windows) or root (Linux), making them especially susceptible to web-based attacks. Patching a ColdFusion instance from the LFD->Bypass->RCE exploit can only be done o
Android mobile internet tethering become undetectable by carriers

Android mobile internet tethering become undetectable by carriers

Jan 03, 2012
Android mobile internet tethering become undetectable by carriers When the idea that your smartphone's data connection would be able to be shared by your laptop with no additional charge, everyone seemed to be on board over the past year, carriers have started up extra costs for this and have struck down all attempts by apps to sidestep the process , until now. What one of the most well-known hacker/developers in the world Koushik Dutta, aka Koush, has done is to create a non-market app that allows you to use your smartphone as an internet hotspot, doing so without adding costs to you beyond what that data would cost to you on your smartphone on its own. And it's completely (nearly) undetectable by carriers. " Over the last month, I've been working on a new app. Tether Alpha is a USB[2] tether solution for Mac, Windows, and Linux that allows you to use your phone's data connection to get internet access on your desktop or laptop. " Koushik Dutta said. " I am
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
THN December Magazine Released ! Who We are at The Hacker News ?

THN December Magazine Released ! Who We are at The Hacker News ?

Dec 02, 2011
THN December Magazine Released ! Who We are at The Hacker News ?  It is hard to re-cap the past year and all the excitement and hard work we have experienced launching an online magazine.  The subject, Hacking, is even more exciting as the technology world awakens to the security issues facing all internet users from government, large corporations and personal users. We have tried very hard to keep the readers informed and up to date regarding security threats and security breaks world wide.  Our daily news aims to give business and personal PC users an understanding of what is happening in computer security developments and what criminal activity is breaching security systems. Mostly, we understand the importance of disseminating information and keeping the internet free of restrictions.  We believe that information and opinion are the foundation of a healthy society and we strive constantly to address the political and social issues facing our new world of electronic communicati
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Web App Pentesting - PenTest Magazine

Web App Pentesting - PenTest Magazine

Nov 23, 2011
Web App Pentesting - Pentest Magazine The significance of HTTP and the Web for Advanced Persistent Threats Web Application Security and Penetration Testing Developers are form Wenus, Application Security guys from Mars Pulling legs of Arachni XSS BeeF Metaspolit Exploitation Cross-site request forgery. In-depth analysis First the Security Gate, then the Airplane Download Magazine Here
Call for Articles - The Hacker News Magazine | December Edition

Call for Articles - The Hacker News Magazine | December Edition

Nov 04, 2011
Call for Articles - The Hacker News Magazine | December Edition THN Magazine is a free monthly magazine designed to spread awareness and knowledge about cyber security. Our goal is to provide the most up-to-date information on a wide variety of topics that relate to hackers and security experts worldwide. We welcome contributions from readers and hackers like YOU! Simply submit your idea or article to thehackernews@gmail.com or  admin@thehackernews.com  and your submission could be featured in our next edition. Some topics of interest include, but are not limited to: New attack and defense techniques Related to Anonymous ,Activist and Hacktivists Vulnerability discovery Small tactics and techniques; Big attacks and impact Mobile hacking Professional exploit development Security and hacking events around the world Technical book reviews Security and hacking threats Security tools Expert interviews If you enjoy our monthly publication, please spread the word! By sha
How to Beat Evil Governments When Your Internet Turned Off ?

How to Beat Evil Governments When Your Internet Turned Off ?

Oct 28, 2011
How to Beat Evil Governments When Your Internet Turned Off ? Bruce Sutherland explain at DefCon 19 Conference that " How To Get Your Message Out When Your Government Turns Off The Internet " . Bruce Sutherland  is a network systems architect and software developer with Domex Computer Services Inc, based in Melbourne Beach, FL. How would you communicate with the world if your government turned off the Internet? Sound far-fetched? It isn't. It already happened in Egypt and Lybia and the US Congress is working on laws that would allow it to do the same. In this talk we'll explore how to get short messages out of the country via Email and Twitter in the event of a national Internet outage. Remember, data wants to be free. Bruce has worked in the industry for over 20 years and has recently been working on building and hardening web-based applications. He has been an amateur radio operator since 2003 and enjoys making contacts worldwide via amateur radio satellite
[Contest] Win "Ghost in the Wires" Book by Kevin Mitnick

[Contest] Win "Ghost in the Wires" Book by Kevin Mitnick

Oct 12, 2011
[Contest] Win " Ghost in the Wires " Book by Kevin Mitnick Some call him a saint, some a criminal, others adore him. Industry may loathe him but we here at The Hacker News say, " Get ready, loyal subscribers! " Enter our newest contest and win a copy of Kevin Mitnick's new book titled, " Ghost in the Wires ." Fellow hackers will be pleased to know that to celebrate the release of his book,  Kevin Mitnick  has teamed up with  The Hacker News  and is giving away 3 copies of the book to our readers who submit the coolest, keenest and most appealing comments or reviews about the book. Mitnick is no less than a genius as he knits a story of intrigue and suspense as he navigates through the mazes of high tech companies keeping them jumping and realizing they are not invincible……not even close. How you can be one of the Lucky Winners? Does this sound like something you might be interested in? All you need to do is head on over to the book page:   Here  and drop a line via
Linux - Means Freedom [The Hacker News Magazine] October 2011 Issue Released

Linux - Means Freedom [The Hacker News Magazine] October 2011 Issue Released

Oct 03, 2011
Linux - Means Freedom [The Hacker News Magazine] October 2011 Issue Released Dear Readers,                          We here at The Hacker News were very humbled to be given the opportunity to celebrate 10 millions hits to the website. Wow! We are so very grateful for your support and as I told you last month, I don't think Hacking is going anywhere and neither are we!! Your feedback is very important to us. Feel free to send us your thoughts and desires for Hacking news. If you want to write an editorial, let us know. We'd love to include it next month. For now, we will see you in our daily and best wishes for a great month. Content of October Edition: Linux - Means Freedom How to make my Linux Secure ? Hackathon Insider Threads Vs Hackers Linux : How to Series by Alok Srivastav Window 8 - Touch the Future The Security Model of Window 8 Server Microsoft Security Development Cycle September Cyber Attacks Download PFD version of Magazine Download Compressed rar ver
BruCON Agnitio workshop Slides and Video Demonstration - Download

BruCON Agnitio workshop Slides and Video Demonstration - Download

Sep 22, 2011
BruCON Agnitio workshop Slides and Video Demonstration - Download Workshop by David Rook ( Security Ninja ) at BruCON 2011 in Belgium. You can Download Slide from here . Required for the Agnitio hands on demos: A 32bit Windows Operating System (XP or 7 preferably – VM will be fine) .NET framework 3.5 installed Agnitio v2.0 installed Download the Pandemobium Android and iOS source code Download the selected vulnerable open source application Optional In addition to the list above the following things are optional depending on how hands on you want to be: Internet connection to download an application from the Android market place Eclipse IDE installed Android SDK installed Android Debug Bridge (adb) installed, this should be installed as part of the SDK install An AVD configured with the Android market place app installed (instructions here) I think you can also use a rooted Android device if you don't want to use the emulator Workshop format A quick look at static an
Win Free Copies of BackTrack 5 Wireless Penetration Testing Guide with The Hacker News

Win Free Copies of BackTrack 5 Wireless Penetration Testing Guide with The Hacker News

Sep 22, 2011
Win Free Copies of BackTrack 5 Wireless Penetration Testing Guide with The Hacker News Fellow hackers would be very pleased to know that to celebrate the release of their new book- BackTrack 5 Wireless Penetration Testing Beginner's Guide , Packt Publishing is giving away 2 copies of the book to The Hacker News readers. Keep reading to find out how you can be one of the Lucky Winner. Here is a quick overview of BackTrack 5 Wireless Penetration Testing Beginner's Guide · Learn Wireless Penetration Testing with the most recent version of Backtrack · The first and only book that covers wireless testing with BackTrack · Concepts explained with step-by-step practical sessions and rich illustrations · Written by Vivek Ramachandran ¬ world renowned security research and evangelist, and discoverer of the wireless "Caffe Latte Attack" Read More How To Win Sound like something you might be interested in? All you need to do is head on over to the bo
Book : Backtrack 5 Wireless Penetration Testing by Vivek Ramachandran

Book : Backtrack 5 Wireless Penetration Testing by Vivek Ramachandran

Sep 14, 2011
Book : Backtrack 5 Wireless Penetration Testing by Vivek Ramachandran This book will provide a highly technical and in-depth treatment of Wi-Fi security. The emphasis will be to provide the readers with a deep understanding of the principles behind various attacks and not just a quick how-to guide on publicly available tools. We will start our journey with the very basics by dissecting WLAN packet headers with Wireshark, then graduate to the next level by cracking WEP, WPA/WPA2 and then move on to real life challenges like orchestrating Man-in-the-Middle attacks, creating Wi-Fi Honeypots and compromise networks running WPA-Enterprise mechanisms such as PEAP and EAP-TTLS. Even though touted as a Beginner's Guide, this book has something for everyone - from the kiddies to the Ninjas. You can purchase the book from: Global: https://www.amazon.com/BackTrack-Wireless-Penetration-Testing-Beginners/dp/1849515581/ India: https://www.packtpub.com/backtrack-5-wireless-penetration-testi
The Hacker News Magazine September Issue - NO ONE IS SECURE

The Hacker News Magazine September Issue - NO ONE IS SECURE

Sep 01, 2011
The Hacker News Magazine September Issue - NO ONE IS SECURE Well folks, after this issue and the obvious intensity of the insecurity of the net, I have a few thoughts on the unfettered access to knowledge. It is more than apparent we all live in a time where the extensive dissemination of opinions, thoughts and ideas and information are done through a modern method of transmission. The simplicity and effectiveness by which computers and networks are used to assemble, store, search, associate, recover, and share information make computer technology especially risky to anyone who wishes to keep personal or protect information from the public sphere or out of the clutches of anyone who is perceived as a probable threat. As this issues explores, the evolving and more advanced capabilities of computer viruses, phishing, fraud schemes, spyware, and hacking activity springing up from every corner of the globe and the diversity of privacy-related issues engendered by computer technology h
#DefCon 19 : Presentations from the Defcon Conference for Download

#DefCon 19 : Presentations from the Defcon Conference for Download

Aug 09, 2011
#DefCon 19 : Presentations from the Defcon Conference for Download Defcon 19 presentations available for download, Go check out the presentations from this year's defcon conference here:  https://good.net/dl/k4r3lj/DEFCON19/ For folks that don't have time to click: curl -silent https://good.net/dl/k4r3lj/DEFCON19/ | grep -i 'pdf' | cut -d '"' -f 8 | cut -d '<' -f 1 | grep -v '/' > dc19pdf.txt; for i in $(cat dc19pdf.txt); do curl --location "https://THIS-DOWNLOAD-WOULD-BE-FASTER-WITH-A-PREMIUM-ACCOUNT-AT-good.net" -L "https://good.net/dl/k4r3lj/DEFCON19/$i" > $i; done
THN Review : Ghost in the Wires - Kevin Mitnick

THN Review : Ghost in the Wires - Kevin Mitnick

Jul 28, 2011
THN Review : Ghost in the Wires - Kevin Mitnick First of all Thanks to Mr. Kevin Mitnick for sending Review Copy of his latest book & Auto-Biography " Ghost in the Wires - My Adventures As The World's Most Wanted Hacker ". I take about a week to read this amazing book and Finally  The Hacker News Review for this Book : Some call him a saint, some a criminal, others adore him. Industry may loathe him but we here at hacker news say " Get Reading " loyal subscribers and laugh, get mad, feel revenge, and pure educational enjoyment reading Kevin Mitnick's new book " Ghost in the Wires " .  Yeah, we consider him pretty cool and the father of Social Engineering which is just ours and yours level of interest.   If a guy that can stay one step ahead of big business, catching them with their pants down and their hands in the Cookie jar, then this is the book for you.  If you admire a person who can squeeze blood from a turnip, you have the right read waiting for you.
President Obama release National Strategy for Counter terrorism

President Obama release National Strategy for Counter terrorism

Jun 29, 2011
President Obama release National Strategy for Counter terrorism Today President Obama's release National Strategy for Counterterrorism, which was presented by John Brennan, Assistant to the President for Homeland Security and Counterterrorism in a speech at SAIS named " Ensuring al-Qa'ida's Demise ".  The strategy articulates the United States' broad, sustained and integrated campaign against al-Qa'ida, its affiliates and its adherents, consistent with the President's enduring commitment to protect the American people. Download the 26 pages PDF released
ClubHack: CHMag Issue 17th, June 2011 Download

ClubHack: CHMag Issue 17th, June 2011 Download

Jun 17, 2011
ClubHack: CHMag Issue 17th, June 2011 Download Contents of this Issue:- Tech Gyan - Pentesting your own Wireless Network Tool Gyan - Wi-Fi tools Mom's Guide - Wireless Security - Best Practices Legal Gyan - Copyrights and cyber space Matriux Vibhag - Forensics with Matriux Part - 2 Poster of the month - Can you cage a Wi-Fi signanl ? Direct Download
Total Exposure - The Hacker News [THN] Magazine - June 2011 | Issue 03

Total Exposure - The Hacker News [THN] Magazine - June 2011 | Issue 03

Jun 06, 2011
Total Exposure - The Hacker News [THN] Magazine - June 2011 | Issue 03 The Hacker News ,June Month Magazine is Released Now ! GET YOUR COPY TODAY. Its our Issue 03 with theme " Total Exposure " . We hope this monthly magazine will keep you update in Cyber World. Content : - Total Exposure - Wikileaks : Exposure in true way - Guide about selecting your Computer Security Consultant - In the Realm of Cyber Breach - Exploit Writers : Challenging Cyber Security - Interview with Team Inj3ct0r - IT Security Incident Management - Interview with Core Anonymous Member : Anony_ops - Exposure of Password secrets of Apple Safari - Sony Hacked , Again hacked & Again Hacked - Hacking News Highlights of the Month - Hackers Toolkits Updates - Security Tool : Buffer Zone Download THN Magazine -- Rar File | PDF file (7.78 Mb) Also Get Previous Issue 01 & 02 here
What is Zeus - Technical paper Zeus by SophosLabs !

What is Zeus - Technical paper Zeus by SophosLabs !

May 21, 2011
What is Zeus - Technical paper Zeus by SophosLabs ! Zeus or Zbot is one of the most notorious and widely-spread information stealing Trojans in existence. Zeus is primarily targeted at financial data theft; its effectiveness has lead to the loss of millions worldwide. The spectrum of those impacted by Zbot infections ranges from individuals who have had their banking details compromised, to large public order departments of prominent western governments. We will explore the various components of the Zeus kit from the Builder through to the configuration file; examine in detail the functionality and behaviour of the Zbot binary; and assess emerging and future trends in the Zeus world. Download Paper : Click Here Download Zeus : Source code of ZeuS Botnet Version: 2.0.8.9
CHMag Issue 16th, May 2011 Download !

CHMag Issue 16th, May 2011 Download !

May 14, 2011
CHMag Issue 16th, May 2011 Download ! Here we are again with the latest issue of ClubHack Magazine. This time also the issue is dedicated to Browser security. Contents of this Issue:- Tech Gyan - First ever public disclosure of Password secrets of "Apple Safari". Tool Gyan - BeEF (Browser Exploitation Framework) Mom's Guide - User Agent on my Header. Legal Gyan - New Rules under Information Technology Act. Matriux Vibhag - Forensics with Matriux Part - 1 Poster of the month - How safe you are while surfing? Direct Download: https://chmag.in/issue/may2011.pdf Hope you'll enjoy the magazine. Keep sending the bouquets and brickbats!
Understanding The Concept of Bypassing Antivirus,by Internet Security Team

Understanding The Concept of Bypassing Antivirus,by Internet Security Team

May 14, 2011
Understanding The Concept of Bypassing Antivirus ,by Internet Security Team Anti-Virus manufacturers nowadays implements more and more complex functions and algorithms in order to detect the latest and newest viruses along with their variants. There is however simple methods that can be used to by-pass most of these, especially those that doesn't use heuristics and similar techniques at all. Download guide :  https://www.multiupload.com/P8YWVINAIQ Rar file password : thn
Cybersecurity Resources