Linux News | Breaking Cybersecurity News | The Hacker News

One of the biggest security holes are passwords, as every password security study shows. A very fast network logon cracker which support many different services, THC-Hydra is now updated to 7.4 version. Hydra available for Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX, Currently supports AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP. Change Log New module: SSHKEY - for testing for ssh private keys (thanks to deadbyte(at)toucan-system(dot)com!) Added support for win8 and win2012 server to the RDP module Better...

Security researchers have discovered what appears to be an experimental Linux rootkit designed to infect its highly select victims during a classic drive-by website attack. The malware allows hackers to inject code directly in any infected web page. The new malware, discovered on November 13 of this year, was written especially for servers that run Debian Squeeze and NGINX, on 64 bits. About Rootkit :  Rootkit.Linux.Snakso.a is designed to infect the Linux kernel version 2.6.32-5-amd64 and adds an iframe to all served web pages by the infected Linux server via the nginx proxy.  Based on research, the rootkit may have been created by a Russia-based attacker. The recently discovered malware is very dangerous because it does not infect a specific website. It infects the entire server and this can endanger all websites hosted on that server. Drive-by-downloads expose web surfers to malicious code that attempt to exploit unpatched software vulnerabilities in the...

Are you running Linux just because you think it's safer than Windows? Think again. Sure, security is a built-in   feature and extends right from the Linux kernel to the desktop, but it still leaves enough room to let someone muck about with your /home folder. Linux might be impervious to viruses and worms written for Windows, but that's just a small subset of the larger issue. Attackers have various tricks up their sleeves to get to those precious bits and bytes that make up everything from your mugshot to your credit card details. Computers that connect to the internet are the ones most exposed to attackers, although computers that never get to see online action are just as vulnerable. We have a small and enough very fast solution for Hardning the security of your Linux machine in few seconds using  Server Shield , It is a lightweight method of protecting and hardening your Linux server. It is easy to install, hard to mess up, and makes your server instantly and effortl...

A Universal Cross-site scripting vulnerability in Opera browser was disclosed today on a Russian forum rdot.org . The flaw has the ability to be triggered by exploiting flaws inside browsers, instead of leveraging the vulnerabilities against insecure web sites. " Vulnerable versions Opera for Windows, Mac and Linux to 2.12 inclusive (the latest version as of today). On versions prior to 9.50 check is not performed. advise after referring to the following opera when redirecting to a site on data: URL via HTTP -header Location property document.domain has a value in the last redirecting site " The vulnerability actually use the Data URI Scheme in combination with another flaw called " Open Redirection " which happens when an attacker can use the webpage to redirect the user to any URI of his choice. Even one don't have "Open Redirection" flaw in his site, still this XSS can be triggered using various short url services like bit.ly and tinyurl.com....

Roberto Suggi Liverani , founder of the OWASP (Open Web Application Security Project) New Zealand chapter discover a vulnerability in Cisco CallManager AKA Unified Communications Manager. It is a software-based call-processing system developed by Cisco Systems. He described on his blog " During a security review, I have found a quick way to perform PIN brute force attack against accounts registered with a Cisco Unified Communications Manager (CallManager). " Researcher target the HTTP GET requests used by CallManager to initiate the login process. :  https://x.x.x.x/ccmpd/pdCheckLogin.do?name=undefined He Demonstrated the idea with Burp Suite (Penetration testing Framework). He showed the html form parameter used for login as shown below: https://x.x.x.x/ccmpd/login.do?sid=_sid_value_&userid=_userid_&pin=_PIN_ The sid token is required to perform the PIN brute force attack. So first get a valid...

Raphael Mudge (Creator of Cobalt Strike ) announced Another Advance Payload for Cobalt Strike called " Beacon ". In a conversation with The Hacker News  Raphael said " A big gap in the penetration tester's toolbox are covert command and control options, especially for long engagements. Beacon is a new feature in Cobalt Strike to remedy this problem ." Cobalt Strikes's graphical user interface offers direct control of the 700+ exploits and advanced features in the open source Metasploit Framework. Beacon is a Cobalt Strike payload for long-term asynchronous command and control of compromised hosts. It works like other Metasploit Framework payloads. You may embed it into an executable, add it to a document, or deliver it with a client-side exploit. Beacon downloads tasks using HTTP requests. You may configure Beacon to connect to multiple domains. For extra stealth, Beacon may use DNS requests to check if a task is available. This limits the comm...

Security researchers are expected to disclose new vulnerabilities in near field communication (NFC), mobile baseband firmware, HTML5 and Web application firewalls next week at the Black Hat USA 2012 security conference. The Black Hat session aim to expose sometimes shocking vulnerabilities in widely used products. They also typically show countermeasures to plug the holes. Two independent security consultants will give a class called " Advanced ARM exploitation ," part of a broader five-day private class the duo developed. In a sold-out session, they will detail hardware hacks of multiple ARM platforms running Linux, some described on a separate blog posting. The purpose of the talk is to reach a broader audience and share the more interesting bits of the research that went into developing the Practical ARM Exploitation and presenters Stephen Ridley and Stephen Lawler demonstrate how to defeat XN, ASLR, stack cookies, etc. using nuances of the ARM architecture on Linux. I...

The latest release of Google's Android mobile operating system has finally been properly fortified with an industry-standard defense. It's designed to protect end users against hack attacks that install malware on handsets. Android 4.1 Jelly Bean includes several new exploit mitigations and a more extensive implementation of ASLR to help defeat many kinds of exploits. ASLR is an exploit mitigation method that randomizes the positions of key data areas such as libraries, heap, stack, and the base of the executable, in a process's address space, and that makes it near impossible for malware authors and hackers to predict where their malicious payloads will be loaded. " As we mentioned in our previous post on Android ASLR, the executable mapping in the process address space was not randomized in Ice Cream Sandwich, making ROP-style attacks possible using the whole executable as a source of gadgets. In Jelly Bean, most binaries are now compiled/linked with the PIE fla...

Quebec Liberal Party and Education Ministry websites take down in massive Cyber Attack Two provincial government websites as well as Quebec Liberal Party and Education Ministry websites went down early Saturday morning and remained inaccessible for most of the day. No one has claimed responsibility for the downed sites but Twitter was full of rumours on Saturday pointing to Anonymous, the loose group of cyber activists. The cyber troubles began just hours after a new law, Bill 78, passed in the National Assembly. It requires any group of 50 or more people holding a demonstration in the province to inform police eight hours in advance of their planned route and other pertinent details such as the start and end times. One of Anonymous' Twitter accounts tweeted on Friday: " Quebec Considers Draconian Anti-Protest Law ... Expect us ." Anonymous also threatened the website belonging to the province's National Assembly. While some reported that the legislature's website had been ta...

Cyber Attacks on gas pipeline linked to China The spear-phishing attacks laying siege to networks in the natural gas pipeline industry apparently are being carried out by the same group that hacked RSA security last year. The attacks, which have been occurring since late this past March, have targeted several of the country's natural gas pipeline companies. According to U.S. officials, it's unclear if a foreign power is trying to map the gas systems or if hackers are attempting to harm the pipelines. A previous attack on the oil and gas sector seemed to originate in China. DHS supplied the pipeline industry and its security experts with digital signatures, or "indicators of compromise" (IOCs). Those indicators included computer file names, computer IP addresses, domain names, and other key information associated with the cyberspies, which companies could use to check their networks for signs they've been infiltrated. DHS officials and a spokesman have acknowled...