#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

database software | Breaking Cybersecurity News | The Hacker News

Hacker charged for hacking into U.S. Energy Department

Hacker charged for hacking into U.S. Energy Department

Jun 20, 2012
Hacker charged for hacking into U.S. Energy Department Andrew James Miller, a 23-year-old resident of Devon, Pennsylvania, was arrested on Thursday and charged with one count of conspiracy, two counts of computer fraud, and one count of access device fraud, according to a statement issued by the Justice Department's Criminal Division. According to the indictment, between 2008 and 2011, Miller and others allegedly remotely hacked into computer networks belonging to RNK Telecommunications Inc., a Massachusetts company; Crispin Porter and Bogusky Inc., a Colorado advertising agency; the University of Massachusetts; the U.S. Department of Energy; and other institutions and companies. The indictment alleges that when Miller hacked into the computers, he obtained other users' access credentials to the compromised computers. He and his co-conspirators then allegedly sold access to these computer networks as well as other access credentials. After gaining unauthorized access to these
10000 Twitter User oauth token hacked and Exposed by Anonymous

10000 Twitter User oauth token hacked and Exposed by Anonymous

Jun 12, 2012
Anonymous Hackers, with Twitter account " LulzsecReborn " Hack into TweetGif (https://tweetgif.com) and Hack complete Database, Later they publish that on the Internet also. TweetGif is a website which allows you to use animated GIF image as your twitter picture. LulzSec Reborn, a 3.0 version of the earlier LulzSec, have leaked 10,000 Twitter profiles' passwords,  Usernames, real names, locations, bios, avatars and secret tokens used to authenticate their accounts. Pastebin message posted:  The leaked data was uploaded to embed upload and contains a 4 MB SQL file with all the user details . Users table from https://tweetgif.com/ nothing serious like 10.000 twitters… https://www.embedupload.com/?d=9ZMOMGIIQA How Hackers and Spammer can use this? OAuth is an authentication protocol that allows users to approve application to act on their behalf without sharing their password. If your Twitter oauth Secret Key and Token get compromised , then the application or H
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Online game 'League of Legends' Compromised

Online game 'League of Legends' Compromised

Jun 10, 2012
Online game ' League of Legends ' Compromised A recent slew of security failures have left countless accounts hacked at sites like Linkedin and eHarmoney. Now League of Legends is the latest database to suffer from hackers this week. Riot has sent out a mail to registered League of Legends players in Europe, asking them to change their passwords due to a hackers accessing some player account information. Full details are below, but know that according to Riot," absolutely no payment or billing information of any kind was included in the breach. " but email addresses, encrypted account password, summoner name, date of birth, and for a small number of players – first and last name and encrypted security question and answer. Obviously, this information could be used in phishing scams. Riot Games does encrypt passwords through it warns " our security investigation determined that more than half of the passwords were simple enough to be at risk of easy cracking ". Marc Merr
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Critical Sqli Vulnerability in channel [V] Website

Critical Sqli Vulnerability in channel [V] Website

Jun 10, 2012
Critical Sqli Vulnerability in channel [V] Website A 16 years old White Hat Hacker " Arjun Siyag " from India discover a Critical Sqli Vulnerability in channel [V] Website ( https://www.channelv.in ). Proof of the hack is as shown in above image. Hacker disclose only the admin username and password, which will not effect the admin panel directly,because for login Email ID is required.  SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organisations. It is perhaps one of the most common application layer attack techniques used today. Through SQL Injection, the hacker may input specifically crafted SQL commands with the intent of bypassing the login form barrier and seeing what lies behind it. This is only possible if the inputs are not properly sanitised (i.e., made invulnerable) and sent directly with the SQL query to the database. SQL Injection vulnerabilities provide the means for a hacker to communicate directly to the database.
LinkedIn Confirms Millions of Account Passwords Hacked

LinkedIn Confirms Millions of Account Passwords Hacked

Jun 06, 2012
LinkedIn Confirms Millions of Account Passwords Hacked LinkedIn Wednesday confirmed that at least some passwords compromised in a major security breach correspond to LinkedIn accounts. Norweigan IT website Dagens IT first reported the breach, noting that "Two days ago a package on the 6.5 million encrypted passwords posted on a Russian hacker site. Vicente Silveira, Director at LinkedIn, confirmed the hack on the company's blog Wednesday afternoon and outlined steps that LinkedIn is taking to deal with the situation. He wrote that those with compromised passwords will notice that their LinkedIn account password is no longer valid. "It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases," Linkedn director Vicente Silveira said in the blog post. The file only contains password
SwaggSec gained access to China Telecom and Warner Bros

SwaggSec gained access to China Telecom and Warner Bros

Jun 04, 2012
SwaggSec gained access to China Telecom and Warner Bros A hacking group is claiming to have breached the networks of Warner Bros. and China Telecom, releasing documents and publishing login credentials. Swagg Security, or SwaggSec, the same hacker collective that breached Foxconn a few months ago to highlight the poor working conditions, has made its comeback. The hacking group posted on their Twitter account (under the name Swagg Security) that they had acquired access to the databases of both sites, as well as posted a statement on Pastebin . The group has allegedly stolen documents and login credentials, which were then posted to Pirate Bay . The torrent file posted by SwaggSec on The Pirate Bay doesn't contain only the administrator details from China Telecom, but also some other information taken from their databases. SwaggSec said the China Telecom data is 900 user names and passwords for administrators on the company's network. The information was obtained through an in
UGNazi hackers attack on CloudFlare via a flaw in Google

UGNazi hackers attack on CloudFlare via a flaw in Google

Jun 04, 2012
UGNazi hackers attack on CloudFlare via a flaw in Google After the FBI arrested Cosmo, the alleged leader of the UGNazi hacking group, the hackers attacked CloudFlare via a flaw in Google's two-factor authentication system. The CloudFlare hack allowed UGNazi to change the DNS for 4chan, so visitors to the site were redirected to a UGNazis Twitter account. Hackers were able to infiltrate the personal Gmail account of CloudFlare CEO Matthew Prince. "The attack was the result a compromise of Google's account security procedures that allowed the hacker to eventually access to my CloudFlare.com email addresses, which runs on Google Apps," CloudFare's CEO Matthew Prince shared . According to the statement on Pastebin , the hackers are not sorry for attacking 4chan.  4chan.org is the playground that allows pedophiles to share their "collections" and the disgusting bronies to hang out. The site is loosely monitored and child porn threads are allowed to &quo
Anonymous hacks Bureau of Justice and leaks 1.7GB of data

Anonymous hacks Bureau of Justice and leaks 1.7GB of data

May 22, 2012
Anonymous hacks Bureau of Justice and leaks 1.7GB of data Anonymous has apparently hacked the United States Bureau of Justice Statistics and posted 1.7GB of data belonging to the agency on The Pirate Bay . This is a Monday Mail Mayhem release. Online statements attributed to Anonymous said they were responsible for the security breach and that the files they obtained include emails. " Today we are releasing 1.7GB of data that used to belong to the United States Bureau of Justice, until now, said Anonymous in a statement. The Department of Justice acknowledged that their webservers had indeed been breached, adding that their website as well as justive.gov had remained operational throughout the security breach. Department of Justice has been attacked multiple times since becoming a target for the hacking group after the shutdown of Megaupload. "  Within the booty you may find lots of shiny things such as internal emails, and the entire database dump. We Lulzed as they
GFI WebMonitor - Web monitoring and Security

GFI WebMonitor - Web monitoring and Security

May 20, 2012
GFI WebMonitor - Web monitoring and Security With all the threats that Internet access can present to your users and your data, web security software is one of the most valuable investments you can make in your information security. Any solution should offer the following key protections: 1.       Site blocking 2.       Antivirus 3.       Reporting and logging GFI WebMonitor offers all that and more. GFI WebMonitor Unified Security includes both the web filtering and anti-malware capabilities, and can be installed as a standalone server or as an add-on to ISA or TMG. This web security suite can be installed on its own server or as a plug-in for TMG, and GFI offers a free 30-day-trial so you can evaluate it risk-free. Installation:  The installer for the TMG plug-in is straight-forward only requires a service restart, not a reboot. During the installation, you can choose to enable the optional HTTPS traffic inspection, which functions by dynamically creating certificates and acting a
BitCoin hacked, More than 18,000 Bitcoins Stolen

BitCoin hacked, More than 18,000 Bitcoins Stolen

May 12, 2012
Bitcoinica , a Bitcoin exchange started by a 17-year old teenager Zhou Tong, has been shut down for security investigations. It's believed that at least 18,000 BTC ($90,000 or 68,000 EUR) have been stolen. News of the hack was posted this morning by Bitcoinica's founder, Zhou Tong: " Today, we have discovered a suspicious Bitcoin transaction that doesn't seem to be initiated by any one of the company owners. Some of them are not online at the moment so this is not conclusive. Suspicious transaction: { "account" : "", " address " : "182tGyiczhXSSCTciVujNRkkMw1zQxUVhp", " category " : "send", " amount " : -18547.66867623, " fee " : 0.00000000, " blockhash " : "00000000000003f6bfd3e2fcbf76091853b28be234b5473a67f89b9d5bee019c", " blockindex " : 1, " txid " : "7a22917744aa9ed740faf3068a2f895424ed816ed1a04012b47df7a493f056e8", " time " : 13
Un-Patched PHP-CGI remote code execution vulnerability can expose Source Codes

Un-Patched PHP-CGI remote code execution vulnerability can expose Source Codes

May 03, 2012
Un-Patched PHP-CGI remote code execution bug can expose Source Codes A serious remote code execution vulnerability in PHP-CGI disclosed. PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. The developers were still in the process of building the patch for the flaw when it was disclosed Wednesday, But the vulnerability can only be exploited if the HTTP server follows a fairly obscure part of the CGI spec. According to advisory (CVE-2012-1823) , PHP-CGI installations are vulnerable to remote code execution. You can pass command-line arguments like the " -s " switch " show source " to PHP via the query string. For example, You could see the source via " https://localhost/test.php?-s " . A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server. The team that found the bug, known as Eindbazen . They said that it had
Hacker claims to hack European Space Agency, NASA, US Air Force and Military, French Ministry of Defence

Hacker claims to hack European Space Agency, NASA, US Air Force and Military, French Ministry of Defence

May 02, 2012
Hacker claims to hack  European Space Agency , NASA, US Air Force and  Military , French Ministry of Defence Hackers with group name " The Unknowns " claimed to Hack European Space Agency, NASA, US military, US Air Force, Harvard.Renault Company, French Ministry of Defence, Bahrain Ministry of Defecene and Thai Royal Navy and Many more. Lots of Data, Screenshot and Login Credentials exposed via a Pastebin Notes : Part 1 and Part 2 . Hackers comment on these hacks " We have hacked this with a reason.The security of those important sites are low.It was very easy to infiltrated the sites.We hope the sites will improve their defence. " Full Message Posted by Hackers: We are The Unknowns; Our Knowledge Talsk and Wisdom Listens... Victims, we have released some of your documents and data, we probably harmed you a bit but that's not really our goal because if it was then all of your websites would be completely defaced but we know that within a week or two, the
Oracle Database new zero day exploit put users at risk

Oracle Database new zero day exploit put users at risk

May 01, 2012
Oracle Database new zero day exploit put users at risk Oracle has recommended workarounds for a zero-day Oracle Database flaw that was not fixed in the company's April critical patch update. Oracle issued a security alert for Oracle TNS Poison, the vulnerability, disclosed by researcher Joxean Koret after he mistakenly thought it had been fixed by Oracle, allows an attacker to hijack the information exchanged between clients and databases. Koret originally reported the vulnerability to Oracle in 2008, four years ago! and said he was surprised to see it had been fixed in Oracle's most recent Critical Patch Update without any acknowledgment of his work. " This vulnerability is remotely exploitable without authentication, and if successfully exploited, can result in a full compromise of the targeted Database ," the company warned.  " This security alert addresses the security issue CVE-2012-1675, a vulnerability in the TNS listener which has been recently disclosed as 'TNS
Hacker deface T&T Parliament website to warn about security holes

Hacker deface T&T Parliament website to warn about security holes

Apr 23, 2012
Hacker deface T&T Parliament website to warn about security holes The Government's parliamentary website, www.ttparliament.org, was taken offline yesterday after a computer software hacker apparently breached the security codes of the site and left a mischievous message announcing the security break. Under the name "CoD3X", the hacker reassured the parliamentary site administrator that all the files and the system's database remained intact. " Greatz to admin your website hacked due to security vulnerabilities, patch your website, keep it updated. Don't worry all your files and your database are still here. This is a warning, what other hackers can do to your website. Keep it in mind...CoD3X ." Minister of Government Business and Acting Attorney General Dr Roodal Moonilal, though, was not concerned with the breach and in fact denied that the Parliament site was taken offline to deal with that specific issue. Corporate communications manager, Jason Elcock, yester
Advance Ethical Hacking and Cyber Security Boot Camp at Delhi, India

Advance Ethical Hacking and Cyber Security Boot Camp at Delhi, India

Apr 21, 2012
Have you ever wondered how Hackers or Black Hats hack into a computer system ? Our Hacker Boot Camp training session will teach you how this can be done. You will be shown the techniques, tools and methods that the hacker uses. This insight will help you understand how to better protect your IT architecture and identify the vectors of attack that hackers use. The Hacker News organising an Advance Ethical Hacking and Cyber Security Boot Camp at Delhi, India. All of our instructors are experts in their field and maintain respected reputations within the security community. CCSN is a revolutionary new certification in the field of information security training program for amateurs and professionals to help you gain the skills you need to become an expert in the field of information security. This specialized certification assures potential employers and customers that you have a level of advanced knowledge to detect and offer support for some of the most advanced security
Joomscan 4.4.2012 Security Scanner - 623 Vulnerabilities Added

Joomscan 4.4.2012 Security Scanner - 623 Vulnerabilities Added

Apr 06, 2012
Joomscan 4.4.2012 Security Scanner - 623 Vulnerabilities Added Security Team Web-Center just released an updated for Joomscan Security Scanner. The new database Have vulnarbilities 623. Joomla! is probably the most widely-used CMS out there due to its flexibility, user friendlinesss, extensibility to name a few.So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity.It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites. Check for new updates with command: ./joomscan.pl or check ./joomscan.pl update . A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site. Download for Windows (141 KB) Download for Linux (150 KB)
#GlobalRevolution : Chinese Government sites defaced by Anonymous China

#GlobalRevolution : Chinese Government sites defaced by Anonymous China

Mar 30, 2012
Chinese Government sites defaced by Anonymous China @AnonymousChina Hackers taking down and defacing various Chinese government web sites. Hack is the part of operation #GlobalRevolution by Anonymous. The page is like other defacements with ASCII text, a message to the government in question and other Anonymous trademarks. This defacement is far more entertaining than past hacks, however, because they autoplay The Who's classic song Baba O'Riley. Also it have one Chinese phrase, "患难见真情." According to Google Translate, it means " A friend in need is a friend indeed ." Deface sites include :  https://www.qnwqdj.gov.cn/ https://www.dzwqb.gov.cn/ https://www.bbdj.gov.cn/ https://tygtzy.gov.cn/index.php And with this, Hackers also leak the database info of https://www.wnpop.gov.cn/ and https://www.meda.gov.cn. Leaks are posted on Pastebin 1 and 2 .
Why Hackers Can't take down DNS root servers ?

Why Hackers Can't take down DNS root servers ?

Mar 30, 2012
Why Hackers Can't take down DNS root servers ? Interpol Chief Ronald Noble on Friday warned that a group of hackers might try to shut down internet service tomorrow. The hacking group, Anonymous, is protesting against several reasons including the crash of Wall Street and irresponsible leaders. There are 13 DNS servers that host the core databases for translating IP addresses. Anonymous hackers have announced " Operation Global Blackout ", promising to cause an Internet-wide blackout by disabling the core DNS servers. Anonymous  Hackers wants to bombard those 13 servers with traffic using a distributed denial of service attack. If the servers get too overloaded, they'll crash and therefore be unable to fulfil DNS lookups rendering all domain names useless. But there are lots of Limitations in this type of attack : There are 13 Root Servers out there, It it not possible to shut down every of them. Even every root server is under control of various companies and they h
Chinese hacker arrested for leaking 6 million logins from CSDN

Chinese hacker arrested for leaking 6 million logins from CSDN

Mar 26, 2012
In the biggest hacking case in China's Internet history, police have arrested a man suspected of leaking personal information about more than six million users. The suspect, surnamed Zeng , was nabbed in Wenzhou, east China's Zhejiang Province, on February 4 after an investigation into the case, Beijing News reported. Surnamed Zeng suspected of leaking personal information belonging to more than 6 million users of the China Software Developer Network (CSDN) . Zeng has been detained on charges of illegal acquisition of computer data. Police said the leaked information contained user IDs, passwords and e-mail addresses in clear text. The leak had a rippling effect on other websites, including online shopping, gaming, social networking and even financial service websites. Police noticed that most of the leaked data dated from July 2009 to July 2010, indicating the CSDN server was hacked before July 2010. Zeng caught the police's attention because he claimed in an online po
eToro Vulnerable to Database Dump

eToro Vulnerable to Database Dump

Mar 26, 2012
eToro Vulnerable to Database Dump Security Experts at Zsecure.net discover a serious Vulnerability in eToro, which is a financial trading company based in Cyprus and one of the top ranked Forex Trading Service Provider Worldwide. It provides personal online financial services in forex, commodities and stock indices through its own electronic trading platform. eToro is primarily a platform and a software provider; it is not itself a financial broker. Rather, it connects its customers with third party brokerage services provided by various brokers. About the Vulnerability zSecure team has detected detected an active vulnerability in eToro's web-portal which allows the complete access to their database and even the complete database can be dumped/downloaded. Since the company is handling the portfolio thousands of trader's keeping their database vulnerable to outside attack is a shame on the part of the company which is said to carrying millions of value of transactions every
Cybersecurity Resources