database program | Breaking Cybersecurity News | The Hacker News

Facebook is in trouble once again regarding its users' privacy. Facebook is facing a class-action lawsuit in Northern California over allegations that the company systematically scans its users' private messages on the social network without their consent and makes the profit by sharing the data with advertisers and marketers. According to the lawsuit filing, Facebook might have violated federal privacy laws by scanning users' private messages. Facebook routinely scans the URLs within users' private messages for several purposes like anti-malware protection and industry-standard searches for child pornography, but it has been claimed that the company is also using this data for advertising and other user-targeting services. Also Read:   Google to Face a Record $3.4 Billion AntiTrust Fine in Europe The plaintiffs, Matthew Campbell, and Michael Hurley argue that the Facebook is scanning and collecting URLs-related data in a searchable form, violating both the...

" NASA Own3d Again " - NASA Database Leaked by r00tw0rm Hackers from Team  r00tw0rm again hit NASA . According to Latest tweet by Hackers,  They claim to hack the one of the Sudomain of Nasa (Link is not exposed by hackers and claimed to be reported for Fix). Hackers claim to hack GB's of database and they  Leaked sample of database include Users names, emails and Passwords , Contact as shown: Same Hackers Yesterday Hack and Expose the Database of United States Census Bureau and Vulnerable link was also Exposed.

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...

United States Census Bureau Hacked and Vulnerability Exposed A Group of Hackers from  r00tw0rm found SQL injection Vulnerability on  United States Census Bureau and Hackers successfully exploit the Database and Leak it online today. The United States Census Bureau is the government agency that is responsible for the United States Census. It also gathers other national demographic and economic data. As part of the United States Department of Commerce, the Census Bureau serves as a leading source of data about America's people and economy. The Pastebin Note include the complete Database Structure as shown: There is no reason mentioned for this attack yet by Hacker, But Hacker suggest United States Census Bureau to fix their loopholes as soon as possible. The Note include the Greets to other Hacking Groups like Inj3ct0r , TeaMp0isoN and Anonymous, seems that its a collective hack for #Antisec.

63 Vulnerabilities on United Nation Website Exposed Online ! Latest Notification in The Hacker News Vault by a Hacker named " Xenu (Casi) " from r00tw0rm Team that There are  63 Blind SQL injection Vulnerabilities exist on United Nation's Website (www.un.org). Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application rather then getting a useful error message they get a generic page specified by the developer instead. This makes exploiting a potential SQL Injection attack more difficult but not impossible. An attacker can still steal data by asking a series of True and False questions through sql statements. Information purported to be stolen from the organization was posted on the site Pastebin on Thursday morning.  Martin Nesirky , a spokesperson for the Secretary General of the United Nations, confirmed the breach." A case of unauthorized access to the UN website is still being investigated ,...

Hacker Hits the Embassy of Indonesia in Hungary Hacker from Team thec7crew today claim to Hack the Official Website  Embassy of Indonesia in Hungary. Hacker Hack the Database of Site also Expose various Server Parameters on Pastebin . As Database name mentioned " indone01_web " - There are 30 tables and Hacker also Extract and Expose the Admin's Emails and Passwords in Note. Reason of Hacking is Unknown, But this Hack will really effect the Security of officials at Embassy.

Hackers Claims to compromise Intel 's Sensitive Data A security researcher under the name of " WeedGrower ", or " X-pOSed " has been on a roll since the start of 2012. He has ambushed huge sites such as AOL, NASA, Hotmail, Myspace, Xbox, USBank, Yahoo, and VISA, he has also leaked sensitive data on most of those websites. Hackers today Claiming that he compromise Intel's Sensitive Data like User Base & Credit Cards. He found a way to expose sensitive data via the subscriber section on Intel.com and he also has access to the INTEL.com database which reveals Credit Card Numbers, Social Security Numbers, Emails, Passwords, and more. "WeedGrower", or "X-pOSed" has threatened that he's going to be leaking this soon if he doesn't get a response from Intel.com carriers. Hacker said ," I've got to give some applause to all these pseudo-security technicians out there. I cut Intel a break, I have access to a database and a...

University of Washington Vulnerable and Database Leaked by Hacker A few days back, a Team INTRA member hacked into the University of Washington database and released much data. Today, N0B0DY and N0LIFE hacked into it again, releasing the most recent passwords on  Pastebin . The root MySQL password was also released, as well as many other MySQL users. The information_schema database was accessed, and they released the COLUMNS table completely, having 6363 records. Hackers also expose the vulnerable links in Pastebin note. University of Washington is a public research university, founded in 1861 in Seattle, Washington, United States. The UW is the largest university in the Northwest and the oldest public university on the West Coast. The exposed vulnerabilities are of SQL injection. It is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take adv...

Joomscan Security Scanner updated to 611 Joomla vulnerabilities Database Another huge update coming from Security Team Web-Center that Joomscan Security Scanner is now updated to 611 Joomla vulnerabilities Database. Last update for this tool was in November, 2011 with 550 vulnerabilities in Database. In joomscan you can check for new updates with command: ./joomscan.pl check or ./joomscan.pl update Download for Windows  (141 KB) Download for Linux  (150 KB )

Embassy of Kazakhstan hacked by Anonymous Supporters The official website of Embassy of Kazakhstan in Delhi having SQL injection Vulnerability, and Hacker with codename -  Abs0luti0n has successfully Extract the database tables info and leak it on a pastebin note  including Admin's Username and Password. Hacker said," Lately we have been experimenting on some new large targets which will be unveiled soon. However today while we were cruising around in our lulzmobile,we set sights momentarily on another outdated weak vehicle and with great ease put the pedal to the metal, ran all the lights and flew straight through our accquired target ." SQL Injection is a type of web application security vulnerability in which an attacker is able to submit a database SQL command which is executed by a web application, exposing the back-end database. Attackers utilize this vulnerability by providing specially crafted input data to the SQL interpreter in such a manner that th...

Universal Music Portugal database dumped by Hackers Another Latest Tip come in my Inbox today about the leak of Database of Universal Music Portugal 's website. Hacker did not mention his name,or Codename, But he enumerate the Database and Extract it by Hacking the Site. 100's of Tables from Database and Users Data has been leaked via a pastebin File . It includes the Usernames, Passwords and Emails ID's of Users of Site. Immediate after the Hack, The Universal Group taken down the site for maintenance.

Zulu - Zscaler Malware Scanning Service Zscaler has launched a new freE online service called Zulu that can assess the security risk associated with URLs by analyzing the content they point to, as well as the reputation of their corresponding domain names and IP addresses. Zulu allows security savvy users who investigate various web attacks to choose what User-Agent and Referrer headers the scanner will use when accessing a URL. " A unique benefit of this approach is that we can deliver a risk score even when the page content is no longer available ," said Michael Sutton, vice president of security research at Zscaler. " While we can't access the page, we can still assess the URL and host and when they deliver a high risk score despite a lack of page content, one can often conclude the page was indeed malicious but has since been taken down ," he explained. Depending on the type of content a URL points to, Zulu can perform an antivirus scan using the Vir...

Hcon's Security Testing Framework (Hcon STF) v0.4 [Fire base] Hcon respects & salutes to all of the freedom fighters of India, without whom we can never be able get our freedom.A tribute to all of the freedom fighters of all the countries we present HconSTF version 0.4 codename ' Freedom '.Hope this year brings freedom for everyone on the internet form different governments & companies which are making the internet users their slaves.For this purpose HconSTF 0.4 has integrated many functions for anonymity and OSINT. Some Highlight Features : Categorized and comprehensive toolset Contains hundreds of  tools and features and script for different tasks like SQLi,XSS,Dorks,OSINT to name a few HconSTF webUI with online tools (same as the Aqua base version of HconSTF) Each and every option is configured for penetration testing and Vulnerability assessments Specially configured and enhanced for gaining easy & solid anonymity Works for web app testing assessments...

Saudi Arabia's King Saud University Database Hacked The Official Website of  King Saud University (KSU) Got hacked by some unknown Hacker.is a public university located in Riyadh, Saudi Arabia. Database of 812 Users hacked from  https://printpress.ksu.edu.sa/  and dumped on Internet by Hacker on a file sharing site  including Mail address list, mobile phones and passwords. Passwords are not encrypted in any hashes. Most of the Students using same Email ID and Password for Facebook and Other Sites. Its not clear weather its Part of Cyberwar b/w of Israel and Saudi Arabia.

DreamHost Hacked - Change Your Passwords Now ! All Dreamhost customers should read this post immediately and change all related passwords (including WordPress ones). Dreamhost said " Last night we detected some unauthorized activity within one of our databases. " They say there's " no evidence that customer passwords were taken ", but they''re pushing out password changes to everyone just to be safe. In addition, you should change any of your other passwords just to be safe that is, if they're at all similar to your DreamHost password.  To edit your password in the panel, please log into the web panel and go to Manage Users . Click edit next to the FTP/shell user on the right and you can change your password there.  This is the second time within week, when hackers targeted to these big websites, Dreamhost don't give any clue of the hack.

Julian Assange interview on Spy Files " Give me liberty or give me death " is a statement made famous by Patrick Henry but could easily have been stated by the new patriot of justice, Julian Assange. Julian Assange is a journalist and activist best known as the founder and public face of WikiLeaks, the Internet based publisher making headlines around the world by releasing secret or suppressed information revealing government and corporate misconduct.Assange and WikiLeaks have, in the words of 60 Minutes " Rattled the worlds of journalism, diplomacy, and national security. " In December 2011, WikiLeaks released the documents from a database containing hundreds of documents from contractors in what WikiLeaks calls the "mass surveillance industry." or " Spy Files ". 1.) According to Spy Files released by WikiLeaks, intelligence agencies, military forces and police authorities "silently... and secretly intercepted calls and had taken over computers without the help ...

 Zappos a division of Amazon got Hacked A notification mail from Zappos is circulating in Customers that a division of Amazon " Zappos.com " got Hacked by Unknown Hackers. Notification mail indicated that names, email addresses, mailing addresses, and the last four digits of customer's social security numbers have been compromised. Also the databases that contain sensitive billing information, such as credit card numbers, was not accessed by hackers. According to messages from Zappos CEO Tony Hsieh to employees and customers: Zappos are currently working with law enforcement for an investigation.

Fully automated MySQL5 boolean based enumeration tool Blackhatacademy Developers  releases Fully automated MySQL5 boolean based enumeration tool. By default, this script will first determine username, version and database name before enumerating the information_schema information. When the -q flag is applied, a user can supply any query that returns only a single cell If the exploit or vulnerability requires a single quote, simply tack  %27  to the end of the URI. This script contains  error detection : It will only work on a mysql 5.x database, and knows when its queries have syntax errors. This script uses perl's LibWhisker2 for IDS Evasion (The same as Nikto). This script uses the MD5 algorithm for optimization. There are other optimization methods, and this may not work on all sites. GET TOOL SCRIPT HERE .

Tianya,  China's biggest online forum 40 million users data leaked Tianya.cn , China's biggest online forum confirmed on Sunday that private information for 40 million users had been leaked, three days after the country's largest programmers' website CSDN reported a similar leak . Tianya is one of the most popular sites in China; it's the nexus of China's online communications, a collection of simple forums, blogs, and groups; due to uber-popularity Tianya is the best place in China's web to find public opinion on social issues, cultural experience, and original fresh content from millions of Chinese users. Based on netizen comments, the Tianya community meets the need for personal interaction, creation and expression. In a family oriented society, Tianya is China's dinner table, where news of the day is discussed in an open, personal fashion. The user account information of several other popular websites in China such as Dodonew.com, 7K7K, Duowan.com, and 178.com ...

Stratfor hacked by Anonymous Hackers for #AntiSec Stratfor who provides strategic intelligence on global business, economic, security and geopolitical affairs just now has been defaced by Anonymous Group of Hackers. Mirror of Hack is available here . Lulzsec Leader, SABU tweeted that " Over 90,000 Credit cards from LEA, journalists, intelligence community and whitehats leaked and used for over a million dollars in donations ". Private Clients List of Stratfor is also leaked on a Pastebin note. For all this clients have been exposed sensible information including credit cards (which supposedly have been used to make $1 million in "donations"), as well as over 200 GB of email correspondence. As a result of this incident the operation of Stratfor's servers and email have been suspended. Anonymous has now exposed two lists of credit card details belonging to people who have subscribed to STRATFOR services, the first one containing 3956 card details and the second one...