hacking tool | Breaking Cybersecurity News | The Hacker News

Yahoo! has open-sourced Gryffin – a Web Application Security Scanner – in an aim to improve the safety of the Web for everyone. Currently in its beta, Project Gryffin has made available on Github under the BSD-style license that Yahoo! has been using for a number of its open-sourced projects. Gryffin is basically a Go & JavaScript platform that helps system administrators scan URLs for malicious web content and common security vulnerabilities, including SQL Injection and Cross-Site Scripting (XSS) . Yahoo! describes Gryffin as a large-scale Web security scanning platform, which is more than just a scanner, as it is designed to address two specific problems: Coverage Scale Scale is obviously implied for large Web, while Coverage has two dimensions – Crawl and Fuzzing . Crawl's ability is to find as much of the Web application's footprint as possible, whereas Fuzzing involves testing each part of the application's components for an applied se...

The leaked internal emails from the Italian surveillance software company Hacking Team have revealed that the spyware company developed a robotic aircraft designed to attack computers and smartphone devices through Wi-Fi networks. Over a year ago, some security researchers developed a drone called ' Snoopy ' that was capable to intercept data from users' Smartphones through spoofed wireless networks. Now, the email conversations posted on WikiLeaks website reveal that both Boeing and Hacking Team want unmanned aerial vehicles (UAVS) called Drones to carry out attacks that inject spyware into target computers or mobile phones via WiFi. After attending the International Defense Exposition and Conference (IDEX) in Abu Dhabi in February 2015, the U.S. drone company Boeing subsidiary Insitu become interested in using surveillance drones to deliver Hacking Team's Remote Control System Galileo for even more surveillance. Among the emails, co-founder Ma...

Last Week someone just hacked the infamous Hacking Team , The Italy-based cyber weapons manufacturer and leaked a huge trove of 400GB internal data , including: Emails Hacking tools Zero-day exploits Surveillance tools Source code for Spyware A spreadsheet listing every government client with date of purchase and amount paid Hacking Team is known for its advanced and sophisticated Remote Control System (RCS) spyware , also known as Galileo , which is loaded with lots of zero-day exploits and have ability to monitor the computers of its targets remotely. Today, Trend Micro security researchers found that the Hacking Team " uses a UEFI  (Unified Extensible Firmware Interface)  BIOS Rootkit to keep their Remote Control System (RCS) agent installed in their targets' systems ." That clearly means, even if the user reinstalls the Operating System, formats the hard disk, and even buys a new hard disk, the agents are implanted after Microsoft Windows is...

Yes, sometimes even the Hackers get Hacked. Hacking Team , one of the most controversial spyware and malware providers to governments and law enforcement agencies all around the world, allegedly been hacked, with some 500 gigabytes of internal data leaked over the Internet . The leaked data indicates that despite its denials, the spyware company did sell powerful spyware tools to oppressive regimes in Sudan, Bahrain, Ethiopia and Saudi Arabia . Massive Data Breach at Hacking Team The unknown hackers not only managed to make 500 GB of client files , financial documents, contracts and internal emails, publicly available for download, but also defaced Hacking Team's own Twitter account, replacing the company's logo to "Hacked Team." Hacking Team , also known as HT S.r.l, is an Italian company known for providing powerful surveillance software Remote Code System (RCS) to Governments and law enforcement agencies. The company previously claimed to o...

A critical remote code execution vulnerability has been reported in the eBay owned global e-commerce business PayPal that could be exploited by an attacker to execute arbitrary code on the PayPal's Marketing online-service web-application server. The remote code execution flaw, discovered by an independent security researcher, Milan A Solanki , has been rated Critical by Vulnerability Lab with a CVSS count of 9.3 and affected the marketing online service web-application of PayPal. The vulnerability resides in the Java Debug Wire Protocol (JDWP) protocol of the PayPal's marketing online service web-server. Successful exploitation of the PayPal vulnerability could result in an unauthorized execution of system specific codes against the targeted system in order to completely compromise the company's web server, without any privilege or user interaction. JDWP is a protocol that used for communication between a debugger and the Java virtual machine that i...

A State-sponsored Cyber Espionage Group -- most likely linked to the Chinese government becomes the first group to target the so-called " Air-Gapped Networks " that aren't directly connected to the Internet. What are Air-Gapped systems? Air-gapped systems are known to be the most safest and secure systems on the earth. These systems are isolated from the Internet or any other Internet-connected computers or external networks. Air-gapped systems are generally used in the critical situations that demand high security like in payment networks to process debit and credit card transactions, military networks, and in industrial control systems that operate critical infrastructure of the Nation. Why Air-Gapped? It is very difficult to siphon data from Air-Gapped systems because it requires a physical access to the target system or machine in order to do that and gaining physical access is possible only by using removable devices such as a firewire cab...

We have seen a series of Ransomware tended to be simple with dogged determinations to extort money from victims. But with the exponential rise in the samples of Ransomware last year, we saw more subtle in design, including " Cryptolocker " that was taken down along with the " Gameover ZeuS " botnet last June. As a result, another improved ransomware packages have sprung up to replace it — CryptoWall . Ransomware is an emerging threat in the evolution of cybercriminals techniques to part you from your money. Typically, the malicious software either lock victim's computer system or encrypt the documents and files on it, in order to extort money from the victims. Since last year, criminals have generated an estimated US$1 million profits. Now, the infamous Cryptowall ransomware is back with the newest and improved version of the file-encrypting ransomware program, which has been spotted compromising victims by researchers early this week, security research...

Security researcher has developed a cheap USB wall charger that is capable to eavesdrop on almost any   Microsoft   wireless  keyboard . MySpace mischief-maker Samy Kamkar has released a super-creepy keystroke logger for Microsoft wireless keyboards cunningly hidden in what appears to be a rather cheap, but functioning USB wall charger. The stealthy Arduino-based device, dubbed " KeySweeper ", looks and functions just like a generic USB mobile charger, but actually sniffs, decrypts, logs, and reports back all keystrokes from a Microsoft wireless keyboard. " KeySweeper is a stealthy Ardunio-based device camouflaged as a wall charger that wirelessly sniffs, decrypts, logs and reports-back all keystrokes from any Microsoft wireless keyboard in the vicinity," Kamkar said. The security researcher has also released instructions on how to build the USB wall charger online and surprisinglyits is cheap to build and quite capable. KeySweeper includes a web...

Hackers have a great start of new year 2015, giving a public threat to Apple's online iCloud service. A hacker using the handle " Pr0x13 " has released a password-hacking tool to GitHub website that assures attackers to break into any iCloud account, potentially giving them free access to victims' iOS devices. The tool, dubbed iDict , actually makes use of an exploit in Apple's iCloud security infrastructure to bypass restrictions and two-factor authentication security that prevents brute force attacks and keeps most hackers away from gaining access to users' iCloud accounts. Yes, the brute force security flaw in Apple's iCloud file storage service that was responsible for celebrity nude photos leak , including Kim Kardashian , Vanessa Hudgens , Jennifer Lawrence , Rihanna , Kristin Dunst and Kate Upton , late last year. Pr0x13 claims iDict to be a "100 percent" effective and simple to use method of cracking individual iCloud account login credentials. So, t...

Security researchers at Kaspersky Lab have unearthed new capabilities in the BlackEnergy Crimeware weapon that has now ability to hacking  routers , Linux systems and Windows, targeting industry through Cisco network devices. The antivirus vendor's Global Research & Analysis Team released a report Monday detailing some of the new " relatively unknown " custom plug-in capabilities that the cyber espionage group has developed for BlackEnergy to attack Cisco networking devices and target ARM and MIPS platforms. The malware was upgraded with custom plugins including Ciscoapi.tcl which targets The Borg's kit, and According to researchers, the upgraded version contained various wrappers over Cisco EXEC-commands and " a punchy message for Kaspersky , " which reads, " F*uck U, Kaspersky!!! U never get a fresh B1ack En3rgy. So, thanks C1sco 1td for built-in backd00rs & 0-days. " BlackEnergy malware program was originally created and used by cy...

Once again USB has come up as a major threat to a vast number of users who use USB drives – including USB sticks and keyboards. Security researchers have released a bunch of hacking tools that can be used to convert USB drive into silent malware installer. This vulnerability has come about to be known as " BadUSB ", whose source code has been published by the researchers on the open source code hosting website Github , demanding manufacturers either to beef up protections for USB flash drive firmware and fix the problem or leave hundreds of millions of users vulnerable to the attack. The code released by researchers Adam Caudill and Brandon Wilson has capability to spread itself by hiding in the firmware meant to control the ways in which USB devices connect to computers. The hack utilizes the security flaw in the USB that allows an attacker to insert malicious code into their firmware. But Wait! What this means is that this critical vulnerability is now ava...

This week Microsoft announced the next version of its Operating system, dubbed WIndows 10, providing Windows 10 Technical Preview release under its " Insider Program " in order to collect feedback from users and help shape the final version of the operating system, but something really went WRONG! " Inside Microsoft's Insider Program you'll get all the latest Windows preview builds as soon as they're available. In return, we want to know what you think. You'll get an easy-to-use app to give us your feedback, which will help guide us along the way ." Microsoft website reads . Well, how many of you actually read the " Terms of Service " and " Privacy Policy " documents before downloading the Preview release of Windows 10? I guess none of you, because most computer users have habit of ignoring that lengthy paragraphs and simply click " I Agree " and then " next ", which is not at all a good practise. Also Read:   Deep Web Search Engines . ...

Tails , a Linux-based highly secure Operating System specially designed and optimized to preserve users' anonymity and privacy, has launched its new release, Tails version 1.1.2. Tails, also known as ' Amnesiac Incognito Live System ', is a free security-focused Debian-based Linux distribution, which has a suite of applications that can be installed on a USB stick, an SD card or a DVD. It keeps users' communications private by running all connectivity through Tor, the network that routes traffic through various layers of servers and encrypts data. The operating system came into limelight when the global surveillance whistleblower Edward Snowden said that he had used it in order to remain Anonymous and keep his communications hidden from the law enforcement authorities. The new version 1.1.2 addresses a single but critical vulnerability which arises because the Network Security Services (NSS) libraries parser used by Firefox and other browsers is capable of being tricke...

The developers of one of the most advance open source operating system for penetration testing, ' KALI Linux ' have announced yesterday the release of a new Kali project, known as NetHunter , that runs on a Google Nexus device. Kali Linux is an open source Debian-based operating system for penetration testing and forensics, which is maintained and funded by Offensive Security, a provider of world-class information security training and penetration testing services. It comes wrapped with a collection of penetration testing and network monitoring tools used for testing of software privacy and security. After making its influence in hacker and security circles, Kali Linux has now been published with Kali Nethunter, a version of the security suite for Android devices. The tool is a mobile distribution designed to compromise systems via USB when installed and run on an Android phone. Kali Linux NetHunter project provides much of the power to Nexus users, those runni...

There is a good news for all Security researchers, Penetration testers and Hackers. The developers of one of the most advance open source operating system for penetration testing, ' KALI Linux ' have announced yesterday the release of its latest version of Kali Linux 1.0.7 with some interesting features. Kali Linux is an open source Debian-based distribution for penetration testing and forensics that is maintained and funded by Offensive Security, a provider of world-class information security training and penetration testing services. In the beginning of this year, Offensive Security released Kali Linux 1.0.6 with Kernel version 3.12, and also added the Self Destruct feature that allows Kali users to encrypt the full hard disk to make the data inaccessible in an emergency case by entering a secret password at boot time. This latest Kali Linux 1.0.7 version added some more features to the last version, along with many new penetration testing and hacking too...

On Friday, we reported about the large-scale operation of International raids launched by the FBI and other law enforcement officials in countries around the world to arrest the targeted customers of a popular Remote Administration Tool (RAT) called ' Blackshades ,' which is designed to take over the remote control of the infected computers and steal information. The news broke when various announcements on underground forums by hacking group members claimed that FBI especially going after all of them who purchased the hacking tool using PayPal as payment option. Today, the UK's National Crime Agency announced that the raids took place in more than 100 of countries and they have arrested more than 100 people worldwide involved in the purchasing, selling or using the Blackshades malware. More than half million computers in more than dozens of countries were infected by this sophisticated malware that has been sold on underground forums since at least 2010 to seve...

When it comes to crime, whether it's an online or offline, FBI doesn't spare anyone. According to the French media reports and various announcements on underground forums by hacking groups, the FBI has started a large-scale operation of International raids with the help of local law enforcement authorities to arrest a particular group of cyber criminals and Hackers. The FBI has targeted the customers of a popular Remote Administration Tool (RAT) called ' blackshades ', which allows them to connect and manage thousands of remotely infected computers over the Internet. WHAT IS BLACKSHADES RAT?? ' Blackshades ' is a remote administration tool (RAT) which allows an attacker to control several clients from around the world.  Blackshades  malware   is fully equipped with Drive-by attacks, Java exploits, keylogger and it allows an attacker to steal usernames and passwords for email and Web services, instant messaging applications, FTP clients and lot...