The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

40 websites Defaced by SBZ-GHoST [ Team Tunisian Hacker ] Hacked Sites List : www.samsunggalaxy5forum.com http://www.institut-platon.com/ http://www.sexylingeriesites.com/ http://www.themeslingo.com/ http://www.twinpinesantiques.com/ http://garagesaleradio.com/ http://www.crossroads-rpg.com/ http://coopavance.com/ http://www.institut-platon.com/ www.newyorkgraphics.it/ www.veteransforacademicfreedom.org/wp-content/ www.edoardocroci.it/ www.sharmaguesthouse.net/ www.tomasino.it/ www.rockon.it/ www.sfcrestaurant.com/ www.shawls-stoles.com/ www.windtowerjobs.com www.nevernudeblog.com www.loveandblog.com www.greengreenbusiness.com http://politicallycensored.com/home-2/ http://www.stephenholmesonline.com/?page_id=10 http://www.thesolarguy.com/about/ http://www.pcshock.co.il/catalog/images/

EMAIL SERVICE PROVIDER Microsoft will allow companies to run Javascript code within Hotmail users' mailboxes. Microsoft has said that its Hotmail service will analyse email and present certain forms of content in a way that it believes is the "most common things people do when they receive the email". This means that groups of images will automatically be put into a slideshow or videos will be embedded directly in emails from simple Youtube links. In a bid to keep users on Hotmail's website, Microsoft has launched a sandboxed environment that it says will allow partners to "insert dynamic content that is up to date and interactive with common tasks through the use of Javascript". And here we thought HTML emails were bad enough. Microsoft is labeling this as Active Views, a billion of which, it claims, have already been served. The firm is claiming that Active Views increase user interaction with the contents of an email. According to Microsoft, less th...

University of Regina 's website up and running after apparent hacking ! The University of Regina's website was down for much of Monday. Dale Johnson, spokesperson for the University, says it appears the website was hacked. Some of the essential web services including Web Mail and UR Courses were made available through a temporary website for faculty, staff and students to use. According to a release from the University, it is believed the database that includes student and financial records was not affected.

ANC Youth League 's website hacked ! The ANC Youth League's website has been hacked, with the attackers leaving a message in the name of league president Julius Malema. The fake post said Malema was stepping down as ANCYL leader, iafrica news reported In response to questions about the alleged hacking of the website, youth league spokeswoman Magdelene Moonsamy said: "There is nothing that we are aware of at this point and there is nothing on our website. "We do not have time for things like this." The hoax message gave a number of reasons for Malema's resignation. "I promote Nationalisation even though I have no concept (sic) of how it works or its blacklash (sic) to the economy," one reason read. "I have disrespected my elders and have made a fool out of myself," read another. The message ended with: "It is with great hope that I step down and welcome a new era in the ANCYL, one where thought and vision inspire our coun...

Two more Comodo registration authority accounts compromised ! Certification company’s humiliation drags on as hacker scalps two more Comodo registration authority accounts The Iranian hacker that managed to trick Comodo into issuing nine fraudulent certificates appears to have compromised two more registration authority accounts, raising questions of what exactly is going on at the certificate authority. “Two further RA accounts have since been compromised,” wrote Robin Alden, CTO of Comodo Security, on the mozilla-dev-security-policy mailing list. The partners have had their registration authority privileges withdrawn, Alden said. Comodo Retrofitting Broken Padlocks Alden made the announcement in an email addressing questions posed by the members of the mailing list. “No further mis-issued certificates have resulted from these compromises,” Alden said. The self-identified Comodo hacker (writing under the name Janam Fadaye Rahbar) claimed in a follow-up message on Pastebin to...

The National Security Agency has been called in to help investigate recent hack attacks against the company that runs the Nasdaq stock market, according to a news report. The agency’s precise role in the investigation hasn’t been disclosed, but its involvement suggests the October 2010 attacks may have been more severe than Nasdaq OMX Group has admitted, or it could have involved a nation-state, according to sources that spoke with Businessweek. “By bringing in the NSA, that means they think they’re either dealing with a state-sponsored attack or it’s an extraordinarily capable criminal organization,” Joel Brenner, former head of U.S. counterintelligence in the Bush and Obama administrations, told the publication. He added that the agency rarely gets involved in investigations of company breaches. Last year, the NSA was called in by Google to help the company secure its network after it was targeted in a sophisticated attack. Regarding the Nasdaq breach, in addition to the Secr...

Facebook users be warned: If you see a second search box at the top of your personal page, don’t use it. “ We are not testing the placement of a separate Web search field and have no plans to do so ,” a Facebook representative told the blog Search Engine Land. An image of a Facebook page with two search boxes has been making its way around the Internet for the past few days. In the image, the standard box that lets you search Facebook is visible at the top of the page, but just to the right of it is another search box reading “Search the Web.” Some tech news sites and blogs speculated that Facebook was testing out its own search engine, perhaps to challenge Google or to partner with a Google competitor such as Blekko or Microsoft’s Bing. The Facebook representative, however, said it’s likely a hack. “We believe the second search field or ‘ Search the We b’ box appeared on people’s accounts as the result of unknown actions by a third party targeting the browser (potentially a ...

The Recording Industry Association of America (RIAA) website was hit by a distributed denial-of-service (DDoS) attack at the hands of the hacktivist group Anonymous. The DDoS attack was launched to protest the RIAA’s demand for $75 trillion in damages from the peer-to-peer music-sharing network LimeWire, the security firm Sophos reported. The attack occurred last Friday (March 25) at 7 p.m. EDT and brought down the RIAA site for about five hours. The site is back online now. According to Computerworld, Judge Kimba Wood of the U.S. District Court for the Southern District of New York rejected the RIAA’s lawsuit against LimeWire earlier this month, calling it “absurd” that the RIAA asked for up to $150,000 for 11,000 copyrighted songs made available for free on LimeWire. (Last October, Judge Wood ordered LimeWire to be taken down due to copyright infringement). The $75 trillion figure would be “more money than the entire music industry has made since Edison’s invention of the phono...

NASA’s internal computer network is full of holes and is extremely vulnerable to an external cyberattack, an audit by the Office of the Inspector General has found. Even worse, it appears several of the vulnerabilities have been known for months, yet remained unpatched. “Six computer servers associated with IT [information technology] assets that control spacecraft and contain critical data had vulnerabilities that would allow a remote attacker to take control of or render them unavailable,” the audit report released today (March 28) by Inspector General Paul K. Martin said. “The attacker could use the compromised computers to exploit other weaknesses we identified, a situation that could severely degrade or cripple NASA’s operations,” the report continued. “We also found network servers that revealed encryption keys, encrypted passwords, and user account information to potential attackers.” It is not unusual for previously unknown network security holes to be found in large orga...

20 pakistan sites defaced by APH defacers: hell hax0r, hell b3ind3r and crash viper ( must put these names) Sites defaces: here are the mirrors  http://ates-hatti.com/attack/? id=4096 http://ates-hatti.com/attack/? id=4097 http://ates-hatti.com/attack/? id=4098 http://ates-hatti.com/attack/? id=4099 http://ates-hatti.com/attack/? id=4100 http://ates-hatti.com/attack/? id=4101 http://ates-hatti.com/attack/? id=4102 http://ates-hatti.com/attack/? id=4103 http://ates-hatti.com/attack/? id=4104 http://ates-hatti.com/attack/? id=4105 http://ates-hatti.com/attack/? id=4106 http://ates-hatti.com/attack/? id=4107 http://ates-hatti.com/attack/? id=4108 http://ates-hatti.com/attack/? id=4109 http://ates-hatti.com/attack/? id=4110 http://ates-hatti.com/attack/? id=4111 http://ates-hatti.com/attack/? id=4112

University of Regina 's web server hacked by SecurityBus On Monday an intruder to the University of Regina's main web server was detected. As a result, the U of R took immediate steps to deal with the situation and the institution's website is currently unavailable. Some essential services are available for faculty, staff and students through a temporary website at www.uregina.ca. In a press release, the U of R stated that after an initial assessment it's believed that house, personal and student records including financial records have not been affected.

Facebook Vulnerability - Beware of A New XSS on Facebook ! Url :   https://m.facebook.com/connect/prompt_feed.php?display=wap&user_message_prompt=%3Cscript%3Ealert%281 %29%3C/script%3E New Cross-site scripting vulnerability has been detected on Facebook and widely exploited in the mobile API version, this vulnerability allows a malicious user to include JavaScript content into a website and redirect victim’s browser to the prepared URL. I have already saw this flaw in the last few days, many of my friend list are posting some strange things on the wall and by Just visiting the infected website is enough to post a message that the attacker has chosen. Therefore it should be of no surprise that some of those messages are spreading very fast through Facebook. Some are posting links to infected websites, creating XSS worms that spread from user to user. There is no user interaction required, so the messages are spreading through Facebook at a fast pace. Facebook’s securit...

Multiple Vulnerability in McAfee Website , XSS and Other Attacks ! Researchers at the YGN Ethical Hacker Group have revealed multiple security vulnerabilities found in the McAfee.com website that leaves the company's portal susceptible to attacks and data leakage. The group found that the McAfee website contains flaws that also pose a threat to users, such as a cross-site scripting (XSS) vulnerability in the site where customers can download software. XSS vulnerabilities allow attackers to bypass controls and inject script, meaning a hacker could potentially lead users to download malicious files when they believe they are accessing approved McAfee software. The YGN Ethical Hacker Group also found eighteen instances of source code disclosure which gives attackers an advantage in preparing attacks, as they can search for flaws in how the application handles data in the user interface, as well as allow the attacker to set up a practice version of the application for experimenta...

Following on the heels of a sophisticated cyber assault against the European Union's Commission and External Action Service, reports have surfaced that the EU Parliament's information systems are also being targeted in an attack. Officials indicate that the attacks have successfully penetrated the Parliament's networks in what appears to be an effort at “snooping around” for information. “Information technology services are working day and night to investigate and have put in place some security measures,”  a spokesperson for the Parliament said. The security measures mentioned include the disabling of any access to email services. “This is not a couple of teenage boys hacking into the [EU] institutions,”  another official stated. It is not yet known if the Parliament attacks are connected with the assault on the Commission, though it appears to be a coordinated effort. Last week the Commission experienced a "serious" cyber attack as officials were preparing for ...

8 Websites Hacked By Albanian Hackers Team (Teo DownTurn & Unknown Hacker) Hacked Sites : 1) http://www.yjwz.com/index.html 2) http://ossonetwork.com/index.html 3) http://www.schoolshopper.com.au/aht.html 4) http://snoillim.com/Aht.html 5) http://www.getfitdonotquit.com/Aht.html 6) http://organicjewelries.com/Aht.html  7) http://unitedventuresinc.com/aht.html 8) http://tps-advertise.com/aht.html

Google, proving the efficacy of Chrome's built-in Flash Player and its early, insider access to Adobe's developer builds, has fixed the zero-day vulnerability that emerged last week. The hole will be plugged on other platforms and browsers by a new version of Flash 10.1 and 10.2 that should've been released by now. If you've restarted Google Chrome in the last few days, you should now have the updated Flash Player. Otherwise, go ahead and restart your browser now and it will automatically update. 

#OperationPayback Next Traget : Warnerbrosrecords.com ! The Next Target of Anonymous Hackers is Warnerbrosrecords.com, They Release a note with reason of it, as given below ... Reason : Limewire has been sued for 75 TRILLION Dollars by 13 record companies. Every single US household would have to spend all of its income buying nothing but music for over 13 years in order to arrive at what the music industry has deemed a reasonable settlement. To put that number into perspective the U.S. GDP is around $14 trillion -- less than one fifth of what the music industry is requesting. Heck, the GDP of the entire world is between 59 and 62 trillion. That's right, the music industry wants LimeWire to pay more money than exists in the entire world. Limewire, the plaintiffs allege, owes them between US$400 billion and US$75 trillion. The latter, written out, comes to 75,000,000,000,000. Even the lower figure of $400 billion still amounts to seven percent of total hous...

20 Hosting website hacked by The 077 ( Hamdi HaCker ) Tunisian Hacker Hacked Sites and Mirrors :   http://pastebin.com/tKjp0EpU

The rogue hacktivist movement Anonymous is apparently breaking out the Low Orbit Ion Cannon again for a reprise of the Operation Payback campaign, this time setting their distributed denial of service (DDoS) attack sites on the Recording Industry Association of America (RIAA). The campaign to disrupt the RIAA website is reminiscent of Anonymous' earlier missions to protest actions taken by anti-piracy interests seeking to enforce copyright infringement sanctions. The RIAA is seeking trillions of dollars in damages from the P2P file-sharing network LimeWire for facilitating copyright infractions. Federal Judge Kimba Wood has already indicated she believes that the logic behind the RIAA calculations of the damages sought in the case is flawed, according to Computerworld. "If Plaintiffs were able to pursue a statutory damage theory based on the number of direct infringers per work, Defendants' damages could reach into the trillions," Judge Wood wrote. Nonethele...

Chinese hackers suspected in compromise of Australian PM ’s computer The parliamentary computers of Prime Minister Julia Gillard and at least two other senior ministers are suspected of being hacked. Ms Gillard's parliamentary computer, along with those of several cabinet ministers including Foreign Minister Kevin Rudd and Defence Minister Stephen Smith were believed to have been compromised, News Ltd newspapers report. Thousands of emails are believed to have been accessed in the cyber attacks. Advertisement: Story continues below Four Australian government sources confirmed with the newspapers they had been told Chinese intelligence agencies were part of a list of suspected hackers. US intelligence officials alerted their Australian counterparts and News Ltd believes ASIO has started an investigation. The cyber attacks are believed to be on the Australian Parliament House email network, the less secure of two networks used by MPs. Ministers use a departmental network for more ...

Jordan's opposition Islamic Action Front party said Sunday its website has been hacked, a day after it called for the ouster of the prime minister over a deadly crackdown on protesters. "The content of the website has been replaced with slogans and statements, clearly showing that an official party is behind the hacking," IAF chief Hamzah Mansur told AFP. He did not identify who hacked the website. "We condemn this action, but we in Jordan are used to such attacks against freedom of expression and the press." Calling themselves "JH-Team," the hackers have posted a picture of King Abdullah II, quoting a 2009 address of the monarch as saying that "those who talk about threatening Jordan, its identity, stability and national unity do not know the kingdom, its people and their history." "We will continue to hack the website and all sites for your lying, loser and mean party," said a statement on the Islamists' website. On F...

New Zealand Government ’s sites bringing down by Anonymous ! Online hacktivists Anonymous have been accused of bringing down the New Zealand Government’s Department of Internal Affairs last week – or perhaps they haven’t. The main website : http://www.dia.govt.nz/ has now been restored to service, with some other related sites also affected. The Department described the outages as “very unusual” but has yet to identify the problem behind the downtime. On Friday the Department of Internal Affairs Deputy Chief Executive Stephen Crombie hosed down speculation that it was a DDoS attack from Anonymous, as widely speculated. “There are always threats and risks to websites. We have no reason to believe that the problem is linked to any particular threat, or even that it involves any hostile action at all,” he said. In February Anonymous posted a video denouncing the New Zealand government’s decision to implement an internet filter and threatened to initiate a coordinated DDoS attack...

Comodo Hacker - " Comodogate " Iranian hacker claims all internet is insecure Message By Comodo Hacker :  Hello I'm writing this to the world, so you'll know more about me.. At first I want to give some points, so you'll be sure I'm the hacker: I hacked Comodo from InstantSSL.it, their CEO's e-mail address mfpenco@mfpenco.com Their Comodo username/password was: user: gtadmin password: [trimmed] Their DB name was: globaltrust and instantsslcms GlobalTrust.it had a dll called TrustDLL.dll for handling Comodo requests, they had resellers and their url was: http://www.globaltrust.it/reseller_admin/ Enough said, huh? Yes, enough said, someone who should know already knows...Am I right Mr. Abdulhayoglu? Anyway, at first I should mention we have no relation to Iranian Cyber Army, we don't change DNSes, we  just hack and own. I see Comodo CEO and others wrote that it was a managed attack, it was a planned attack, a group of  cyber criminals did i...