The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Metasploit Framework 3.7.2 Released - Download  Metasploit Framework 3.7.2 includes 698 exploit modules, 358 auxiliary modules, and 54 post modules, 11 new exploits, 1 new auxiliary module, and 15 new post modules.This release addresses several issues with updating the framework, adds 11 exploit / auxiliary modules and brings a plethora of new features. Modules included are listed below. Notable modules include the Cisco Anyconnect ActiveX bug (which works against recent versions of the Cisco AnyConnect Windows Client), and the SCADA modules by sinn3r and MC. The multi-platform post-exploitation work continues with new modules for Linux and Solaris included in this release thanks to Carlos Perez. A number of password-stealing post modules are also included, courtesy of David Maloney. The updates to the signed_java_applet module are documented on the Metasploit Blog. Additionally, the cachedump module has been improved and merged thanks to great work by Mubix. New features are equal

UK Serious Organised Crime agency website down after LulzSec Ddos attack The UK Serious Organised Crime agency has taken its website offline after ddos attack by hacking group Lulz Security. Soca said it had taken its website offline to limit the impact attack on clients hosted by its service provider. Soca.gov.uk had been unavailable from 1 day. Lulz Security has said it was behind the denial of service attack which had taken the website offline. LulzSec tweeted: " Tango down - in the name of #AntiSec ".

Blizzard's Mobile Server Database Exposed by Warv0x (AKA Kaihoe) Warv0x (AKA Kaihoe) Hacker today expose the Database structure of one of the biggest Company " Blizzard Mobile ". The exposed data can be seen on a pastebin link .  DATABASES EXPOSED LIST : [*] admin [*] egw [*] glpi [*] information_schema [*] lost+found [*] mboost_forum [*] multivea [*] mysql [*] openads [*] phpcollab [*] phpmyadmin [*] pixcatcher Blizzard's Mobile is Ringtone,Logo,Game, Java,Video,Theme,Mobile,Wallpaper,Screensaver etc. etc. Download Site with  Alexa  World Rank 3800.

Staying Sharp: Cybersecurity CPEs Explained Perhaps even more so than in other professional domains, cybersecurity professionals constantly face new threats. To ensure you stay on top of your game, many certification programs require earning Continuing Professional Education (CPE) credits. CPEs are essentially units of measurement used to quantify the time and effort professionals spend on maintaining and enhancing skills and knowledge in the field of cybersecurity, and they act as points that demonstrate a commitment to staying current. CPEs are best understood in terms of other professions: just like medical, legal and even CPA certifications require continuing education to stay up-to-date on advancements and industry changes, cybersecurity professionals need CPEs to stay informed about the latest hacking tactics and defense strategies. CPE credits are crucial for maintaining certifications issued by various cybersecurity credentialing organizations, such as (ISC)², ISACA, and C

BrainNET ISP/TV Provider hacked by ProDom Security ProDom Security Hackers Hacks into Brain.net.pk an ISP/TV Provider . Hacker dump data on free file hosting sites : URL: https://www.multiupload.com/0KWDE7ZJBB .  There are 3 file in archive : README = Readme File cracked.txt = Login's Cracked so far. shadow.raw.txt = Shadow file from there server.

LulzSec & Anonymous initiates ' Operation Anti-Security ' together LulzSec has issued a declaration virtual war on any government or governmental agency, the top priority of which they say "is to steal and leak any classified government information, including email spools and documentation. Announcement by Lulzsec via Pastebin post : Salutations Lulz Lizards, As we're aware, the government and whitehat security terrorists across the world continue to dominate and control our Internet ocean. Sitting pretty on cargo bays full of corrupt booty, they think it's acceptable to condition and enslave all vessels in sight. Our Lulz Lizard battle fleet is now declaring immediate and unremitting war on the freedom-snatching moderators of 2011. Welcome to Operation Anti-Security (#AntiSec) - we encourage any vessel, large or small, to open fire on any government or agency that crosses their path. We fully endorse the flaunting of the word "AntiSec" o

Sony Pictures France hacked by idahc_hacker Idahc the Lebanese hacker did a duet with his French friend Auth3ntiq on Sony Pictures France ( https://www.sonypictures.fr/ ) . In a pastebin post declared again that they are not black hat hackers. Possibly in a ruch but this time they didn't state that they are gray hat hackers. Using another SQLi, the data breach included the /etc/passwd file dump. According to Hacker, There are 177172 found in database, some of them are posted in pastebin.

Multiple SQL Injection Vulnerabilities on CNN website Exposed Yes ! CNN is also not Secure site, There are Multiple SQL Injection Vulnerabilities on CNN News site exposed by Hacker named " Sec Indi ". CNN.com is among the world's leaders in online news and information delivery. Staffed 24 hours, seven days a week by a dedicated staff in CNN's world headquarters in Atlanta, Georgia, and in bureaus worldwide, CNN.com relies heavily on CNN's global team of almost 4,000 news professionals. CNN.com features the latest multimedia technologies, from live video streaming to audio packages to searchable archives of news features and background information. The site is updated continuously throughout the day. SQL Injection Vulnerable Links : 1.)  https://cgi.money.cnn.com/tools/collegecost/collegecost.jsp?college_id='7966 2.)  https://cgi.money.cnn.com/tools/fortune/compare_2009.jsp?id=11439' Screenshots Submitted By Hacker : SQL Injection Vulnerabili

Air India unit - Centaur Hotels website insecure - Passports, ID's, credit cards data at Risk Website of Centaur Hotel at IGI airport New Delhi -   https://centaurhotels.com/ used to upload customer data like  passport, pan card, credit card and other forms of personal identification of their guests staying at New Delhi IGI airport property, Data in an hidden indexed directory on the website as shown above. The Centaur Hotels is a unit of the Hotel Corporation of India, which is a wholly owned subsidiary of India's national carrier Air India which in turn is 100% owned by the Government of India. This Security failure is disclosed by Bangalore Aviation. Capt. Samarth Singh claimed the website was under the control of another company for the last year and was handed over him only one week ago. He said " The website has been under the direct control and jurisdiction of S. Naidu Pvt. Ltd. for the last one year. During this period Hybrid Content site credit has not be

Libyan Satellite TV Website Hacked by Ktkoti and Most of Libyan media sites down ! The web site of the Libyan Revolutionary Committees Movement's newspaper Al-Zahaf Al-Akhdar (The Green March) is also offline, as is New Libya TV. A radio station set up and apparently owned by Sayf-al-Islam al-Qaddafi, https://www.allibiya.fm is offline , and the Libyan satellite channel's web site www.allibiya.com has been defaced , and its Facebook page taken over. Allibya.tv another domain for Sayf's media empire is also offline . Sayf-al-Islam's Charity Foundation, which has changed its domain name also at least 3 times and failed to build any audience, the latest listed as being https://www.gicdf.org is also offline, and the Twitter and Facebook accounts of Sayf-al-Islam al-Qaddafi have also been taken over. Many other Libyan web sites are "off air" having been removed either by threats against providers, defections, or various incompetence. All the sites

Indishell.net forum Hacked by Pakistan hackers Indian Hackers forum, Indishell.net has been hacked by Pakistani hackers. This is not that orginal Indishell hackers group of India. The domain is somewhere similar to them. Paki Hackers Provide More details here https://pastebin.com/k0XYZQCW .They also dump the  Database https://www.mediafire.com/?fduf6fltqdsv2f0 . Archive password:- pakistan Other mirrors:  https://mirror.sec-t.net/defacements/?id=42923 https://legend-h.org/mirror/180393/indishell.net/

ADAG Group Chairman Anil Ambani 's email under phishing attack Some Unknown hackers attempted a phishing attack in May on Anil Dhirubhai Ambani Group (ADAG) Chairman Anil Ambani's email ID. The hacking case is now being investigated by the cyber crime cell of Mumbai police after ADAG officials registered a complaint. The incident took place on May 8, when Ambani received an email that appeared to have been sent by a journalist of international newswire service Bloomberg. The hacking attempt was revealed when the corporate communication department got in touch with the reporter and he denied sending any such mail.

Pakhackerz.com hacked by Indishell and database dumped Pakistani Hackers Forum at Pakhackerz.com has been hacked by Indian hackers group " Indishell ". Indishell Release a Message on Pastebin  and also dump the whole database of Pakhackerz.com for download . 

Interview with Anonymous ( Anony_ops OR Anon_Central ) Note : The Interview is taken from The Hacker News Magazine June Edition - Total Exposure .You can Download all THN Magazine editions from here . Anonymous is the political movement of change for the 21st century. Anonymous can and certainly will accomplish what many other political and peace movements of the past could not. When corruption, destruction and mayhem strikes from governments or corporations it is the goal of anonymous to awaken that entity and the public that a change must occur. We must understand that the Anonymous who strives for political change and world peace must be free to work without the mistrust and misdeeds of others who tarnish their good work. Anonymous is the gift we have been waiting for. Honest and trustworthy persons working hard on our behalf for the betterment of mankind.The Anonymous ,Need of  21st century, Let's Talk with Anony_ops ,Now known as Anon_Central on Twitter : THN : Who is Ry

Sega Pass customer datails hacked, LulzSec wants to Help Sega ! Sega has told gamers that some of their personal information may have been stolen following an attack on its systems. E-mail addresses and dates of birth stored on the Sega Pass database were accessed by hackers. But payment information, such as credit card numbers, remained safe as it was handled elsewhere, Sega said . The hacking group Lulz Security appeared to deny involvement, despite leading a wave of recent cyber attacks. " @Sega - contact us. We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down, " the hacking group posted on its Twitter feed . No hacker group has claimed responsibility for the attack so far. Although, a number of recent attacks on game companies and their online services are credited with LulzSec, its denial of the credit has brought in a twist of events. " We have identified that a subset of SEGA Pass members' ema

THC-HYDRA v6.4 - Fast network logon cracker  THC-HYDRA is a very fast network logon cracker which support many different services. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD and OSX. Changelog for thc-hydra v6.4 Update SIP module to extract and use external IP addr return from server error to bypass NAT Update SIP module to use SASL lib Update email modules to check clear mode when TLS mode failed Update Oracle Listener module to work with Oracle DB 9.2 Update LDAP module to support Windows 2008 active directory simple auth Fix to the connection adaptation engine which would loose planned attempts Fix make script for CentOS, reported by ya0wei Print error when a service limits connections and few pairs have to be tested Improved Mysql module to only init/close w

SAMHAIN v2.8.5  - intrusion detection system The samhain open source host-based intrusion detection system (HIDS) provides file integrity checking and logfile monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. It has been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host. The official change log: For the kernel check, the configure script should now detect if /dev/kmem exists but is dysfunctional. Also, a bug in the samhain_kmem kernel module has been fixed. The LogmonMarkSeverity option has been fixed Timeserver response is cached now for one second The Unix entropy gatherer supports /opt/local/bin now A compile time option has been added to disable the expansion of $(shell command) in the configuration file. Also, the signature of a signed configura

HP computers FTP hacked by HexCoder UPDATE : We have verified that this is just a anonymous FTP user access to ftp.hp.com . There is nothing like hack. Pakistani hacker HexCoder may try this to get attention. Anyway the access is available for all with : Host : ftp.hp.com Username : anonymous Password : anonymous Just Now we ( The Hacker News ) got a mail from Pakistani hacker named " HexCoder " . He Claim to hack FTP of HP computers at ftp.hp.com .  Statement about this Hack by Hacker  HexCoder, " I have done this by getting access to FTP successfully.All this by just mere stupidity!Oh and I will not share their database because its too big (9 GB) ". About a month before , ACER hacked because of their own stupidity , and this time HP computers.

ClubHack: CHMag Issue 17th, June 2011 Download Contents of this Issue:- Tech Gyan - Pentesting your own Wireless Network Tool Gyan - Wi-Fi tools Mom's Guide - Wireless Security - Best Practices Legal Gyan - Copyrights and cyber space Matriux Vibhag - Forensics with Matriux Part - 2 Poster of the month - Can you cage a Wi-Fi signanl ? Direct Download

XSS attack on CIA (Central Itelligence Agency) Website by lionaneesh After Ddos attack on CIA (Central Itelligence Agency) website by Lulzsec, lionaneesh , an Indian hacker have found XSS Vulnerability on same site as shown. The Vulnerabile link is here  . You can join Loinaneesh on Twitter . 

LulzSec Leaks 62,000 Email/Passwords of writerspace.com LulzSec Leaks 62,000 Email/Password Combo Internet Goodie Bag. Lulz hasn't said where they got the data, Even they are not sure that, these logins are from which site. They tweet the download link as shown :  https://www.mediafire.com/?9em5xp7r0rd2yod According to  Mikko H. Hypponen ,CRO of F-secure - " The list of 62,000 emails/passwords just released by @LulzSec is probably the user database of writerspace.com. " He also give Reason that " Why writerspace.com? Well, the most common passwords include these: mystery, bookworm, reader, romance, library, booklover and..writerspace.So basically that's why I believe the latest Lulzsec password leak originates from writerspace.com. I'm guessing it's their user database "