The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A well known hacking group " Nullcrew " once again most active hacking group right now. Dumping database from number of websites daily. Their latest target was World Health Organization (WHO) website. Well, World Health Organization website (who.int) need treatment now, because their admin panel credentials are leaked on internet by hacking crew. Hacker also disclose the Vulnerable link and Vulnerability type was Sql injection. SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today. It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database. Web application security is much more challenging than infrastructure. The top Web application vulnerabilities ...

A spam message is circulating on Facebook that WWE wrestler Rey Mysterio has died in a stunt gone wrong. Social media is now full of spam messages like this. Last week scammers trick users with " John Cena is died " and this week, rumors about the death of Rey Mysterio. The message actually includes a link that supposedly provides more information about the accident, but in real spammer is just tricking users to redirect on survey website using his referral url. Complete message read," ReY Mysterio of WWE was dead on arrival on the hospital, suffering from 6 broken ribs after perfecting thombstone stunt with co-star The BIG SHOW. Local Police are now investigating and looking for evidences. THE Big SHOW is now facing murder charges. Watch the practice video from WWE and how The BIG SHOW failed to execute the stunt. (for 18yrs & above) " " But that's not all. The user is then presented a webpage that promises him/her the chance to win an ...

According to the Center for Copyright Information, the controversial " Copyright Alert System " will hit the U.S. within weeks. A blog post by Jill Lesser, executive director of the Center for Copyright Information, revealed the long-awaited Copyright Alert System (CAS) will begin "in the coming weeks" and provided some details about the partnership with ISPs to deter subscribers from infringement over peer-to-peer networks. AT&T, Cablevision, Comcast, Time Warner Cable, and Verizon are all participating, and will roll out their responses over the next two months. The so-called Copyright Alert System varies by ISP, but calls for gradually more severe responses to each infringement, starting with emailed warnings and escalating to throttled data speeds or temporary suspension of service. However, offenders can request a review of their network activity by paying a $35 billing fee. If the offender is found not guilty, the $35 will be refunded. The Cop...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

Back in 1991, Microsoft released their first version of Windows, a mouse-driven graphical user interface that revolutionized the way we use computers, both at home and in the workplace. Microsoft's newest operating system has a whole new interface and loads of new features. Windows 8 introduces a new type of application: the Windows Store app. Windows Store apps have a brand new look and feel, run on a variety of devices, and you sell them on the Windows Store. Here is a quick Guide for getting up to speed quickly and getting the most out of Windows 8. Whichever device you end up running Windows 8 on, you'll need to know a few things. How are you going to get the data from your current operating system to the new one? You'll probably be wondering where the famous Microsoft desktop has gone. You might be wondering just what is going on: why did Microsoft discard the Start menu, and why does its replacement look like it was designed for children? Downlo...

Symantec has reported an increase in spam messages containing .gov URLs. Cybercriminals are using 1.usa.gov links in their spam campaigns to trick users into thinking the links lead to genuine US government Web sites. Spammers have created these shortened URLs through a loophole in the URL shortening service provided by bit.ly. USA.gov and bit.ly have collaborated, enabling anyone to shorten a .gov or .mil URL into a trustworthy 1.usa.gov URL. The click rate of the campaign has been significant, redirecting more than 16,000 victims over a five day period to a malicious website designed to look like a CNBC news article pushing several work from home scams. According to researchers from security firm Symantec , they simply leveraged an open-redirect vulnerability present on the official government site of Vermont (Vermont.gov) . Therefore, something like 1.usa.gov/…/Rxpfn9 takes you to labor.vermont.gov/LinkClick.aspx?link=[spam site] which then redirects you ...

One of Anonymous hacker groups " FawkesSecurity " who claim responsibility for a DDOS cyber attack on HSBC Bank says that they also manage to get 20,000 debit card details. When HSBC said , " This denial-of-service attack did not affect any customer data , but did prevent customers using HSBC online services, including Internet banking.", Anonymous tweeted on Friday. " We also managed to log 20,000 debit card details ." On asking, is there any proof of this claim , they replied ,"  We're debating whether to release them or not, HSBC knows debit details were intercepted, They probz won't admit it tho, ". On the other hand, A group that calls itself Izz ad-Din Al Qassam  , which has claimed responsibility for recent cyberattacks on at least nine other banks, also took responsibility for the assault on HSBC. Who ever the real hitman behind this, but according to hacker's warnings - RBS, Lloyds TSB and Barclays Banks are next target...

Facebook is continually changing its privacy settings, trying to give users more control over what they want to share and with whom. Two gay college students were outed on Facebook because of a privacy flaw in Facebook Groups. Users can be added to Facebook Groups by friends without the user's permission or approval.  University of Texas students Taylor McCormick and Bobbi Duncan came out to the world via Facebook, but not in ways they ever intended. The Wall Street Journal examined how Facebook changed the lives of two gay college students, when a classmate added them to a public group for other gay choir singers at the school an action that was shared on the students' news feeds.  In another case Bobbi Duncan desperately wanted her father not to know she is lesbian, but Facebook told him anyway. Soon, she learned that another choir member, Taylor McCormick, had been outed the very same way, upsetting his world as well. The two University of Texa...

Two weeks back we reported that Security firm Trend Micro discovered a worm targeting Skype users with spam messages designed to infect machines with the Dorkbot ransomware has been discovered. This malware is spreading through a question/ phrase sent to the users by someone and the question is: " lol is this your new profile pic? " Yesterday Security researchers from Avast have intercepted a currently spreading Darkbot malware campaign, that's affecting millions of Skype users. According to him,"  It targets all the major Web browsers, and is also capable of distributing related malware such as Ransomware/LockScreen, as well as steal accounting data for major social networking services such as Facebook, Twitter, as well as related services such as GoDaddy, PayPal and Netflix ." Some of the infected PCs install the malware known as ransomeware which locks your PC and ask you to pay $200 dollars within 48 hours to retrieve your files. " If you click on ...

A huge hack carried out today ! One of the biggest Peru Domain registrar company (punto.pe) hacked by Lulzsecperu (declared by a tweet ) and Complete database of 207116 websites has been leaked on internet.  Leaked database include Domain panel username, encrypted password, Company descriptions. Hacked domains include all .PU domains ie. Banks , Institutes, computer security companies, corporates, colleges, government, personal websites. " We clarify that we have no malicious purposes, only prove that the security of PERU is bad and should be corrected. Greetings to the computer crimes division of the National Police of Peru from March 2012 is nil activity and fail or be close to where we are now ASBANC for trying. " Hacker said in an statement . He upload the database here :  https://anonfiles.com/file/e14504f5033d2a53457af667b686340f Password for file: lulzsecperu 2-3 Hours after  Lulz...

Rapid7 researcher Juan Vazquez recently uncovered a zero-day security flaw in Novell ZENworks Asset Management 7.5. This Vulnerability ( CVE-2012-4933 ) gives access to any files with system privileges and could also allow an attacker to grab configuration parameters, including the backend credentials in clear text. ZENworks Asset Management provides a Web Console, where the user can access the data collected about network devices and edit some information. This web interface provides some maintenance calls, two of them accessible with hardcoded credentials, allowing a remote attacker to retrieve any file from the remote file system with SYSTEM privileges and to get configuration parameters from the ZENworks Asset Management including the backend credentials in clear text. The vulnerability currently remains unpatched and US CERT recommends that users implement firewall rules that will restrict access to the web interface by unauthorised users. Read here , mor...