The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

This year marks the 40th anniversary of Creeper, the world’s first computer virus. From Creeper to Stuxnet, the last four decades saw the number of malware instances boom from 1,300 in 1990, to 50,000 in 2000, to over 200 million in 2010. Besides sheer quantity, viruses, which were originally used as academic proof of concepts, quickly turned into geek pranks, then evolved into cybercriminal tools. By 2005, the virus scene had been monetized, and virtually all viruses were developed with the sole purpose of making money via more or less complex business models. In the following story, FortiGuard Labs looks at the most significant computer viruses over the last 40 years and explains their historical significance. 1971: Creeper: catch me if you can While theories on self-replicating automatas were developed by genius mathematician Von Neumann in the early 50s, the first real computer virus was released “in lab” in 1971 by an employee of a company working on building ARPANET, the ...

So what is the difference between Seccubus V2 and Seccubus V2 ? Before you try something new you want to know if it is going to be worth it. This article should give you an idea of why we spend quite a lot of time and energy in rebuilding Seccubus V2 from scratch. I clearly recall the conversation between myself and my coworker Anton Opgenoort that resulted in the first (internal) release of Seccubus. We were discussing the pros and cons of different vulnerability management tools when he challenged me: .Surely you can set up a Cron job to start a Nessus scan yourself?. Anton claimed at one time, and now, more than three years later, it has led to the Seccubus as we know it today. This little history illustrates what is fundamentally wrong with Seccubus V1. While it functions quite well, and has been maintainable for much longer than I expected, it is still in the basis a bunch of shell scripts and some Perl CGI thrown together. ...

Google has warned of politically motivated and targeted attacks against users of its services. According to the company, the attackers are also targeting the users of another undisclosed social network. In a blog posting, the Google security team says that the exploit is based on a security hole in a Windows DLL for rendering MHTML (MIME Encapsulation of Aggregate HTML) which has been known for some time. All versions of Windows are reportedly affected. Google and Microsoft say they are working to solve the problem. Until a solution has been found, Google service users have been advised to install a hot fix supplied by Microsoft. The hot fix can reportedly block the attack until an official patch becomes available. Google also said that it has deployed various server-side defences to make the vulnerability harder to exploit. However, the company added that this is not a tenable long-term solution, and that it can’t be guaranteed to be fully reliable or comprehensive. News Source :...

Indianmicrofinance.com Defaced By HEX786 ! Hacked Site :  www.indianmicrofinance.com Mirror :   http://mirror-az.com/mirror/?id=14910 News Source : HEX786

China Government Site Hacked By Team Grey Hat ! Hacked Site :  www.jssjj.gov.cn News Source : Napster 

17 websites Hacked by Angel 4k4 4d0r4b13  Hacked sites :  http://pastie.org/1670234  

OperationLeakS by Anonymous Hacker leaks Bank of America Emails ! We may soon find out whether it's possible to shame one of the big U.S. banks by exposing its mortgage missteps. A series of  messages  on Twitter Sunday evening promised the release of emails supposedly documenting "fraud and corruption" at Bank of America (BAC). The post, from the anonymous @OperationLeakS handle, said "leaked emails" from the bank would be posted at 5 a.m. London time, which is 1 a.m. in New York. The release will come three and a half months after Wikileaks founder Julian Assange breezily promised to "take down a bank or two" by releasing "either tens or hundreds of thousands of documents." Assange likened the documents to the ones that prosecutors used in bringing top executives of failed energy trader Enron to justice. The bank didn't immediately respond to a request for comment. The document dump, billed in the Twitter posts as " Blac...

Blogger.com vulnerability, Gaining Administrative Privileges on any Account ! In the last 2 months, Nir.Goldshlager  participated in Google reward program and found some High, Serious vulnerabilities. The vulnerability that  Nir.Goldshlager  want to share first, Is a critical vulnerability in Blogger (Google Service). That vulnerability could be used by an attacker to get administrator privilege over any blogger account (Permission Issue). Here are the details regarding the issue in Blogger service, Nir.Goldshlager found a HTTP Parameter Pollution vulnerability in Blogger that allow an attacker to add himself as an administrator on the victim's blogger account, Technical details: Here are the steps for getting admin control permissions over any blogger accounts. 1.) The attacker Use the invite author options in blogger (add authors): Vulnerability location: POST /add-authors.do HTTP/1.1 Request: security_token=attackertoken&blog...

A Thailand-based news website critical of Myanmar's military government says it has been hacked by unknown attackers who posted fake articles on it. The Irrawaddy website is run by exiled  Myanmar  journalists. It said on its home page Sunday that it was trying to fix the problem and prevent further attacks. The Irrawaddy's coverage of Myanmar has included exclusive photos of secret military missions to North Korea . It has been the target of several denial-of-service attacks that are meant to make the site unreachable. The fake articles concerned an alleged feud between Irrawaddy's editor and pro-democracy icon Aung San Suu Kyi , and the purported death of a popular singer.

10 Websites hacked by Xen0n (Bangladesh Cyber Army) Hacked Sites : http://lizzieshotel.com/BCA.html http://ziaresources.com/BCA.html http://www.gianairltd.com/BCA.html http://roydigital.com/BCA.html http://www.apollwnios.gr/BCA.html http://lefemmecafe.com/BCA.html http://uccoss.com/BCA.html http://www.jvp-gracac.hr/BCA.html http://www.newma.net/BCA.html http://mafiamediagroup.com/BCA.html News Source : Xen0n (Bangladesh Cyber Army)

Host-Extract - Host/IP Pattern Extractor Tool ! This little ruby script tries to extract all IP/Host patterns in page response of a given URL and JavaScript/CSS files of that URL. With it, you can quickly identify internal IPs/Hostnames, development IPs/ports, cdn, load balancers, additional attack entries related to your target that are revealed in inline js, css, html comment areas and js/css files. This is unlike web crawler which looks for new links only in anchor tags (<a) or the like. In some cases, host-extract may give you false positives when there are some words like - main-site_ver_10.2.1.3.swf. With -v option, you can ask the tool to output html view-source snippets for each IP/Domain extracted. This will shorten your manual analysis time. Please go to http://host-extract.googlecode.com/ for more info. Download/Update ============== svn co http://host-extract.googlecode.com/svn/trunk/ host-extract Tutorial Wiki ========== Sebastien Damaye from aldeid.com h...

Inbox.com Cross Site Scripting ( XSS ) vulnerability ! Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes. Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in...

Top defense and intelligence officials reiterated their commitment to information-sharing at a Senate hearing Thursday, even as they outlined new safeguards to prevent a repeat of the WikiLeaks breach that has led to the release of thousands of classified military reports and diplomatic cables. The Defense Department, for example, is striving to proceed with needed protections "without reverting to pre-9/11 stovepipes," Chief Information Officer Teresa Takai told the Senate Homeland Security and Governmental Affairs Committee. To stop unauthorized downloading of files to CDs, the department has disabled the "write" function on almost 90 percent of some 220,000 computers with access to the Secret Internet Protocol Router Network, or SIPRNet, she said. The Pentagon is also beefing up information security training while tightening log-in access to SIPRNet machines through the use of "smart cards" in place of unwieldy password systems. At the Office of t...

A former software professional on Saturday was arrested for allegedly hacking the server of a city-based BPO company, where he previously worked, police said. The hacker identified as Shaik Mahammad Ghouse Bhasa allegedly secured unauthorised access to the computer systems of M/s IVOICE Network Private Limited in Hyderabad, which provides BPO services to Singapore-based Networks Pte Ltd for VoIP services and caused Rs6 lakh loss to the BPO firm, they said. He was arrested by the cyber crimes cell of Andhra Pradesh crime investigation department (CID), CID's additional superintendent (cyber crimes) U Ram Mohan said. On a complaint filed by the BPO's managing director Balu Visveswar that their server was hacked and several PINs, which are used for making VoIP calls were created by unknown persons, the cyber crime police station of CID registered a case under relevant sections of Information Technology besides for cheating and took up investigations, he said. During the co...

3 websites Defaced by Team DNA StuXnet ! Hacked Sites : http://www.venemovies.com/ http://somostv.net/ http://www.semillitas.tv/ News Source : ketan singh

PakBugs Defaced by GOD and Whole database available for Download ! Hacked Site :   www.pakbugs.com Database Download : Easy-share.com: http://www.easy-share.com/1914215203/pakbugs.com_db.sql.gz Depositfiles.com: http://depositfiles.com/files/cvrb2xu85 Badongo.com: http://www.badongo.com/file/25197993 News Source : Ketan Singh

Rootyhillmosque.org Hacked by Angel aka 4d0r4b13 ! Hacked site :  http://www.rootyhillmosque.org/

2 websites Hacked by kaMtiEz (INDONESIANCODER TEAM) Hacked Sites : http://www.cbm.sc.gov.br/ina.htm http://www.cb.sc.gov.br/ina.htm

" TeaM DNA StuXnet Shell v1.0 " is ripped copy of " Predator Shell " ! " TeaM DNA StuXnet " have submit us a shell named " TeaM DNA StuXnet Shell v1.0 " to publish as news, They claimed that this is a news and original shell. Shell is created by " Cyb3r Ac3 " . We request  Pakistan Cyber Army (Real PCA is Reality) for some research on a new shell posted by " TeaM DNA StuXnet ". Finally we got whole report that The " TeaM DNA StuXnet Shell v1.0 " is 100% ripped copy of " Predator Shell " Written by " LoFFi & Ls01r " who are said to be some " Russian " freaks.They just find and replace "color=#888888" with "color=#0961d9" .The best part about this shell is " LoFFi & Ls01r " also ripped another shell named " crashblack a.k.a vi0ne " an Indonesian hacker who wrote the shell named " System Shell ". " LoFFi & Ls01r " tran...

We’ve noticed some highly targeted and apparently politically motivated attacks against our users. We believe activists may have been a specific target. We’ve also seen attacks against users of another popular social site. All these attacks abuse a publicly-disclosed MHTML vulnerability for which an exploit was publicly posted in January 2011. Users browsing with the Internet Explorer browser are affected. For now, we recommend concerned users and corporations seriously consider deploying Microsoft’s temporary Fixit to block this attack until an official patch is available. To help protect users of our services, we have deployed various server-side defenses to make the MHTML vulnerability harder to exploit. That said, these are not tenable long-term solutions, and we can’t guarantee them to be 100% reliable or comprehensive. We’re working with Microsoft to develop a comprehensive solution for this issue. The abuse of this vulnerability is also interesting because it represents ...

Dehuajie.gov.cn Hacked by Anarchy Cr3w (Kurdish Hackers) ! Hacked Site :   http://www.dehuajie.gov.cn/ News Source : Anarchy Cr3w (Kurdish Hackers)

Town Council of OGEMBO & MARAGUA Hacked by HEXBOOT3R (Turkish Hacker) ! Hacked sites :  http://www.ogembotown.go.ke/ http://www.maraguatown.go.ke/

Labor woes. Steroids. Corrupt college programs. There are many serious issues facing the sports world. But they all are a distant second to one other. It's someone so skilled, so savvy, that you may not have even heard of him. The Twitter Hacker. Let's start at the beginning. Or what could be the beginning. The Twitter Hacker is so stealthy and subtle that there's no way to know when he began hacking into the accounts of our athletes. But one of the first cases that caught some attention came last May when the following appeared on the Twitter account of Boston Celtics forward Paul Pierce after the Celtics took a 2-0 lead over the Magic in the Eastern Conference finals: "Anybody got a BROOM?" Ha! A confident athlete talking trash. Nothing remotely out of the ordinary there. But soon after, Pierce's digital media rep claimed that tweet did not come from Pierce, claiming the "BROOM" tweet was "courtesy of a hack." And that they were ...

There's something about Bank of America that seems to make it a magnet for controversy, anger, and internet activism. Last year Wikileaks' Julian Assange said he had documents on a major bank -- everyone kind of figured that it was Bank of America -- though it now seems that there isn't much to it. Now Gawker's Adrien Chen points out that a member of the hacker group Anonymous going by the handle OperationLeaks on twitter is claiming to have damning docs on the bank that will likely be released Monday. OperationLeaks has been teasing all day on twitter about having received documents on the bank from a disgruntled employee. Chen's own sources within Anonymous suggest there's something real to the leaks. In terms of substance, it's not clear what we might see.  This tweet , regarding  is the closest thing to anything explanatory: He Just told me he have GMAC emails showing BoA order to mix loan numbers to not match it's Documents.. to foreclose on Ame...

102 Websites Hacked By DinelsonUs  for Political reasons ! Hacked Sites List : http://pastebin.com/7pEsyfHE News Source :  Freed

HackAll.Net got hacked by Pakizhackers ! Hacked Site :  http://hackall.net/ Mirror :   http://www.zone-h.org/mirror/ id/13220017 News Source :

Another Free THA live webinar is around the corner – next week, to be exact ! This time around, Mike will be discussing Penetration Testing Reporting. Let us just say – we’ve had OVERWHELMING requests for us to cover this topic – and as always, THA is more than happy to oblige. Mike will cover the importance of reporting, and how it fits in to the work flow for an information security professional. We also want to let you know that we’ve changed our webinar system, as well. Our new platform is easier and more “intuitive” to use, and offers better service and features. You will now have the option of prepping us with some questions upon registering to attend – which will allow us to cater our webinar content for you better, ahead of time. For those of you who have never attended one of our webinars – well, you get to start off with our awesome new system –  bonus!  We hope you enjoy the new system as much as we do! Time/Date details: THA Free Webinar – Pene...

70 Websites  Rooted By The 077 ( Hamdi HaCker ) Tunisian HaCker Hacked Sites :  http://pastebin.com/nzwxJGRf News Source : The 077 ( Hamdi HaCker ) 

Anti-cuts campaigners from  UK Uncut   have hacked into the website of phone giant Vodafone ( http://worldofdifference.vodafone.co.uk/ ) and posted blogs claiming the company has avoided millions of pounds in tax. The group, set up to oppose government cuts and corporate tax avoidance, has staged hundreds of direct action protests against companies and banks since it was formed five months ago, many focusing on alleged tax avoidance. Activists took over the blogs on the  World of Difference  website, the company's corporate and social responsibility initiative, demanding the company "pays its tax". Twenty minutes after activists hacked that section of Vodafone's website, it appeared to have been taken down. The World of Difference programme awards small grants to young people to undertake charity work and each winner has a blog on the website. UK Uncut were leaked the password details by a small group of the winners, who were angry at the fi...

SourceForge , the popular project hosting site, has released  Allura , the software that powers its service, as  Apache 2.0  licensed open source. The project to develop Allura began in 2009 and currently an instance of the software, which has also been known as "New Forge" or "Forge 2.0" during development, runs on SourceForge's servers. Allura is a Python based application which makes use of the NoSQL database MongoDB, the Solr search server and the RabbitMQ messaging platform, to deliver the repositories, wikis, trackers and forums to users allowing them to manage their projects. The developers also use nose to provide a suite of unit tests for the application. By design, Allura is extensible in a number of ways, most notably by basing new tools on  allura.Application  which provides themes, authentication and other pluggable APIs to Allura components. Allura was actually "soft launched" in February, in anticipation of a full launch this month, and...

Blazing Star (Pakistani website) Defaced by Crash Viperr & CyberDog ! Hacked Site :   http://www.blazingstar.com.pk/ News Source : Crash Viperr & CyberDog !