The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Hacker group Anonymous claims he took down North-side Independent School District's website (www.NISD.net) on Saturday to protest the district's use of tracking badges. On Sunday, Nov. 25, the same hacktivist released a statement via Pastebin giving the school district "1-3 days" to meet with parents and explain the student tracking program in detail. If the district fails to comply with the request, hacktivist promise to "simply shut down" the school district website once again. The hacker group also sent a Twitter message to the NISD account on Thursday, teasingly notifying them that their site was down. " They're tracking students! They have rights too. I want a statement about this, nobody agrees with that, even the parents! " Anonymous said. NISD said it wanted to expand the Student Locator Project to 112 Texas schools and around 100,000 students to curb truancy, apparently a major problem at the school district in question. It was reported that by improv

An Egyptian hacker " TheHell " is selling an exploit in $700 that allows individuals to hijack a Yahoo! email account. The method is shown off in a video that was posted on YouTube. A cross-site scripting (XSS) flaw on Yahoo! Mail creates a means to steal cookies and hijack accounts. In order to work, the victim must click on a malcious link. Upon doing so, the user's cookies will be stolen and he or she will be redirected back to the Yahoo! email home page. " I'm selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers ," "TheHell" explained. " And you don't need to bypass IE or Chrome xss filter as it do that itself because it's stored xss ." Yahoo! has been notified and is looking for the security hole, which it says can be fixed in a few hours once discovered. They says this XSS flaw falls into the category of a stored vulnerability, which inserts malicious code into a file, database, or back-end system. The mali

TripAdvisor Inc., a hotel-review website, recently became a victim of the bug, said Trend Micro Inc., an Internet security solutions provider. Many of TripAdvisor's users received spam mail with booking confirmations for hotels they had checked out on the website , 1.89% of Indian Internet Users have already been affected. The email purporting to be in the name of one of the Hotels has a similar theme to its English counterpart as it contains confirmation and details on an alleged booking reservation.  TripAdvisor, which is among India's top five travel brands as per digital market research firm ComScore Inc., globally has 60 million unique monthly visitors and 2.4 million unique users per month in India. Gamarue is a family of malware that may be distributed by exploit kits, spammed emails or other malware, and has been observed stealing information from an affected user. Trend Micro reported that one of their manager received the spam at his personal e-mail address but the addres

Early in 2024, Wing Security released its State of SaaS Security report , offering surprising insights into emerging threats and best practices in the SaaS domain. Now, halfway through the year, several SaaS threat predictions from the report have already proven accurate. Fortunately, SaaS Security Posture Management (SSPM) solutions have prioritized mitigation capabilities to address many of these issues, ensuring security teams have the necessary tools to face these challenges head-on. In this article, we will revisit our predictions from earlier in the year, showcase real-world examples of these threats in action, and offer practical tips and best practices to help you prevent such incidents in the future. It's also worth noting the overall trend of an increasing frequency of breaches in today's dynamic SaaS landscape, leading organizations to demand timely threat alerts as a vital capability. Industry regulations with upcoming compliance deadlines are demanding similar time-sens

Domain name registrar and website hosting provider Go Daddy is responding to a DNS attack targeting a "small number" of its hosted websites that one security firm said is enabling cyber criminals to spread ransomware.  The DNS (Domain Name System) is what transfers host-names into IP addresses, meaning computers can talk to each other and users can access them online. Godaddy said, " We suspect that the affected customers have been phished or their home machines have been affected by Cool Exploit as we have confirmed that this is not a vulnerability in the My Account or DNS management systems. " The Cool Exploit Kit targets a variety of vulnerabilities, including Java errors, and has been seen spreading via drive-by attack websites. The ransomware served depends on the country of origin. In the UK, it is malware posing as a legitimate message from the Met's Police e-Crime Unit (PCeU). It locks the computer, on the grounds that the computer was guilt

Symantec recently identified a database-corrupting piece of malware targeting systems mostly in Iran, but despite early speculation that it could be related to the likes of Stuxnet and Flame, it appears to be targeting small businesses rather than the country's infrastructure. Malware Dubbed W32.Narilam , is predominantly active in the Middle East, and it has also been detected in the USA and UK. The worm looks for particular words in Microsoft SQL databases and overwrites them. The worm specifically targets SQL databases with three distinct names, alim, maliran, and shahd. Once the targeted databases are found, Narilam looks for specific objects and tables and either deletes the tables or replaces items with random values. On Monday an alert was published on tarrahsystem.com warning of the W32.Narilam threat to its customers. The bulk of the infections thus far have been found in the Middle East, particularly Iran and Afghanistan. Kaspersky Lab took issue with repo

Official website of President of Sri Lanka (president.gov.lk)  breached by hacker going by name " Broken-Security ", using Blind Sql Injection vulnerability. Vulnerability also posted by hacker on a pastebin note with database dump including table and column names. Dump include the Username and Encrypted password of admin also as shown in screenshot. Hacker didn't mention any reason of hacking. 

Several weeks ago we reviewed Incapsula , a Cloud-based Security service which can significantly enhance the security of your website, while also boosting its performance. Following this review we've received many responses from our readers who wanted to learn more about Incapsula protection services. Specifically, we were asked to explain more about Incapsula Enterprise plan features. To answer these questions, today we are going to take a look at Incapsula DDoS Protection services. Distributed Denial of Service attacks If your business has a web presence, chances are that you've already heard about Distributed Denial of Service attacks. In case you didn't, a Distributed Denial of Service (DDoS) attack is a DoS attack that is usually carried out by a "botnet", a network of computers acting in concert to overwhelm the server by depleting all available resources. Recently we all witnessed a large DDos attacks on U.S. banks by Muslim hacker group , an attack which crippled th

The news is sensational, according the French magazine L'Express the offices of France's former president Sarkozy were victim of a cyber attack, but what is even more remarkable is that for the offensive was used the famous malware Flame. On the origin of the malware still persist a mystery, many security experts attribute it to joint work of Israel and US development team. Let's remind that according the analysis on Flame source code conducted by Kaspersky the malware is linked to Stuxnet, a version of the famous virus shared a module with the spy toolkit. Frame is considered one of the most complex spy tool produced by a state sponsored project and its use in the attacks against French government suggests the existence of a cyber espionage campaign to collect sensible information. An official declaration coming from spokesmen of the Elysee Palace and reported by the magazine states: "Hackers have not only managed to get to the heart of French political power,&

Internet hacktivist group Anonymous has declared cyberwar on Israel, posting personal data of five thousand Israeli officials online. " It has come to our attention that the Israeli government has ignored repeated warnings about the abuse of human rights, shutting down the internet in Israel and mistreating its own citizens and those of its neighboring countries ," the hackers wrote in a statement. The document contains names, email addresses and ID numbers apparently belonging to Israeli officials. The group also said " Israeli Gov. this is/will turn into a cyberwar. " Earlier, the group hacked over 700 hundred Israeli websites, including the Bank of Jerusalem, the Israeli Defence Ministry, the IDF blog, the President's official website and many others. The Israel's finance minister has acknowledged the recent wave of attacks, saying the government is now waging a war on a "second front."

Protesting against attacks taking place on Gaza, Anonymous hackers attempts to hack most of the Israel websites in the past few days. " government and private websites are under siege from hackers, who have mounted 44 million cyberattacks in less than a week" , the government said. Today Pakistani   Hackers also deface Israeli Bing , MSN, Skype, Live and other big sites and In counter-attack  Israeli Hackers Leak Credit Card  Data from Palestine ISP website. Finance Minister Yuval Steinitz said just one hacking attempt was successful on a site he did not want to name, but it was up and running after 10 minutes of downtime. Israel said that it generally experiences a few hundred hacking attempts per day. The attacks are reportedly coming from around the world. Defence force sites have been the hardest hit, while the president's site has been hit 10-million times, the foreign ministry seven-million times and the prime minister three-million times. Both sides have been act