The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

XSS (Cross site Scripting )  Vulnerability discovered on Google Code website as shown. Claimed to be Discovered by  Vansh Sharma & Vaibhuv Sharma. Proof Of Concept: Just go to http://code.google.com/apis/ajax/playground/  and then click on edit HTML after that remove all the codes and type this script: < img src="< img src=search"/onerror=alert("XSS")//"> And click on DEBUG CODE , and then first it will show you " Sample must have <head> element " click OK and wait for the window to load if nothing happen then try the same thing again or simply you can click on RUN CODE, and you will get a popup which is XSS. Another Similar XSS posted by  +Pirate , as posted on HackForum Community.

Coca-Cola Norway Hacked by Greek Hacking Scene (GHS) An Impressive cyberattack was executed by a ​​Greek hacker against the official website of the multinational company Coca-Cola in Norway with defacement in internal links of the website. In a demonstration of power, the Greek hacker with the pseudonym «Napsterakos», identified weakness in the company's website-giant Coca-Cola, and defaced on purpose to post his own messages. As SecNews was informed by an anonymous reader giving us details about the incident, the attack was made as the first attack of the operation «Greek Hacking Scene vs Corruption», The hacker «Napsterakos», in a message posted on Pastebin states that "when the future is based on lies, then everyone is corrupt ..." and that "~ We were everywhere we see and hear everything in a future based on lies anyone is corrupted, all must pay, and will do so in one way or another. The words acquire value only through their actions. ~ ' See [ here...

Facebook privacy flaw exposes Mark Zuckerberg private photos A flaw in Facebook has granted prying users access to supposedly private photographs, including those of the website’s chief executive, Mark Zuckerberg. In total 14 pictures of Mr Zuckerberg were posted to image site Imgur under the headline: " It's time to fix those security flaws Facebook ".The bug in the website’s photo reporting tool - which Facebook says was only temporary and has now been fixed - meant that users could access others’ pictures even if they were private. The flaw was first reported on the forums of BodyBuilding.com, presumably because the users of that website like taking photos of themselves and putting them online. The bug exploits the way the offensive photograph reporting tool works. Facebook has been heavily criticised in the last few years for matters of privacy and so there are people who will leap on this story as yet another example of how the company simply doesn’t take its u...

DNS cache poisoning attack on Google, Gmail, YouTube, Yahoo, Apple Hacker with nickname AlpHaNiX deface Google, Gmail, Youtube, Yahoo, Apple etc domains of Democratic Republic of Congo. Hacker use strategy so-called DNS cache poisoning. DNS cache poisoning is a security or data integrity compromise in the Domain Name System (DNS). The compromise occurs when data is introduced into a DNS name server's cache database that did not originate from authoritative DNS sources. It may be a deliberate attempt of a maliciously crafted attack on a name server. Hacked websites are : http://apple.cd/ http://yahoo.cd/ http://gmail.cd/ http://google.cd/ http://youtube.cd/ http://linux.cd/ http://samsung.cd/ http://hotmail.cd/ http://microsoft.cd/ [ Source ]

MySQL.com Once again Compromised using Sql Flaw A hacker with name " D35M0ND142 " claim to hack MySql.com website using Sql Injection Flaws. In September,  Mysql.com was hacked and it was serving BlackHole exploit malware on the site. In a pastebin dump Hacker Exposes various Admin user credentials and Database info. The Compromised Usernames and Passwords are from  Blog site  of MySql. MySql website is pretty embarrassed for not securing its own database’s properly, Even hacker share that " Robin Schumacher is MySQL's Director of Product Management andhas over 20 years of database experience in DB2, MySQL, Oracle, SQLServer and other database engines. Before joining MySQL, Robin wasVice President of Product Management at Embarcadero Technologies. " Besides the hack on MySQL.com, D35M0ND142 also managed to breach the systems of the Urbino University in Italy and the Universal Language & Computer Institute in Nepal and Stream Database.

Android Bloatware , Another Serious Android Privacy Issue Researchers have found that some Android smartphones are more vulnerable to attacks than others, thanks to add-on software and skins that get installed by handset makers before they ship their smartphones to subscribers. It’s not just Carrier IQ that Android users need to be worried about. A team of researchers from North Carolina State University discovered the security vulnerability on eight different smartphones from Google, HTC, Motorola and Samsung. Black hat hacker can exploit these vulnerabilities to record phone calls (see proof of concept video below), wipe out your phone, call or text premium rate numbers, and read your private messages and emails, all without your permission, of course. According to the paper published by the team. " Our results with eight phone images show that among 13 privileged permissions examined so far, 11 were leaked, with individual phones leaking up to eight permissions. By exploi...

Protecting Your BlackBerry Smartphone with Security Wipe The BlackBerry device is a wonderful thing. We load our BlackBerries with various softwares and applications to increase our productivity and customize them with interesting themes and ringtones. We watch movies and play games and track day to day activities. All of these things require passwords and usually involve storing data on our devices that is sensitive in nature. So what if you want to wipe your BlackBerry clean? There are a number of reasons why you might want to wipe out your Blackberry. Perhaps you have switched jobs and need to submit your BlackBerry into your new IT department so they can set it up for their network. You wouldn’t want them to have access to your previous employers data would you? Perhaps you have purchased a new model of BlackBerry and would like to gift your previous model to a friend or sell it on ebay. The same rule applies, you do not want them to see what you were using your Blackberry...

Another United Nations Web Site Hacked, Barack Obama info Leaked ! Hackers of Team Sector 404 have breached the Spanish Web site for the United Nations Refugee Agency ACNUR . Group claims to be working with Anonymous. Hackers was able to breach site with SQL Injection vulnerability . They leaked Barack Obama’s email address, username, password (not in clear text), personal phone number and a login ID as shown. Other individuals whose information was leaked are Dirk Wildt from Die Netzmacher and Schaffstein from a non-profit organization called TYPO3 .Info of Other United Nation members also leaked from database. The team of hackers include  PHANTOM, RAWR, IO93, V, ZD4P50N, SPECTRUS, ANONGUS, FIBO,HACKW32, ADREX,NEKA, JJ, & ESCUADRON SPY PEOPLE Y HACKERSMX219 involve in this Hack as  Sector 404.

Cain & Abel v4.9.43 Released Cain & Abel is a password recovery tool for Microsoft operating systems.It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using dictionary and brute force attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. Change Log : Added SAP R/3 sniffer filter for SAP GUI authentications and SAP DIAG protocol decompression. Added support for Licensing Mode Terminal Server connections to Windows 2008 R2 servers in APR-RDP sniffer filter. Added support for MSCACHEv2 Hashes (used by Vista/Seven/2008) in Dictionary and Brute-Force Attacks. Added MSCACHEv2 Hashes Cryptanalysis via Sorted Rainbow Tables. Added MSCACHEv2 RainbowTables to WinRTGen v2.6.3. MS-CACHE Hashes Dumper now supports MSCACHEv2 hashes extraction from Windows Vista/Seven/2008 machines and offline registry files. Fixed a bug (crash) in Certificate Collector wit...

Biggest Independent Russian Election site Hacked on election day Popular Russian media websites, the major LiveJournal social network and the website of the country’s biggest independent election watchdog, were inaccessible in hacking attacks for several hours on Sunday in what their employees said was an attempt to jam information on parliamentary elections. “ The attack on the website on election day is apparently tied to an attempt to publish information about violations ,” chief editor of the independent-minded Ekho Moskvy radio Aleksei Venediktov wrote in his Twitter blog. Websites of Forbes Russia, Bolshoi Gorod and New Times magazines, Slon.ru news portal, Golos election watchdog and its Kartanarusheniy.ru website that was supposed to map vote fraud were down throughout most of Sunday.These media organizations and the watchdog have pledged to report voting violations from all over Russia live.Independent and opposition media, as well as the LiveJournal social network that ha...