The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Siemens Assisted with Stuxnet 's Development, claimed by Iran ! A senior Iranian official accuses Siemens of willingly assisting the Stuxnet creators by providing the source code necessary for them to exploit its software. Iran's state news agency, the Islamic Republic News Service (IRNA), quotes Brigadier General Gholam Reza Jalali as saying the German engineering giant played a part in the development of the world's most sophisticated malware. "Siemens should explain why and how it provided the enemies with the information about the codes of the SCADA software and prepared the ground for a cyber attack against us," Jalali told IRNA. "It was a hostile action which could have inflicted serious damage on the country if it had not been dealt with in a timely manner," he added. Jalali's remark might be a result of a The New York Times report that pointed at Israel and the US as likely Stuxnet creators and mentioned that Siemens worked in 2008 ...

DDOS attack on Change.org from China ! Change.org, an online petitioning platform, has come under an ongoing distributed denial of service (DDoS) attack originating from China after the site hosted a call urging Chinese authorities to release artist Ai Weiwei from custody. The attacks, which started late Sunday, have nearly brought down the site, according to Change.org founder Ben Rattray. DDoS attacks work by using hundreds or thousands of hacked computers to send traffic to a website, overwhelming it with data so it becomes inaccessible to normal users. Change.org said the current attack originates from an expanding group of computers primarily based in China, and has yet to stop. This is the first time the site has been hit with a DDoS attack. Change.org has been hosting a online petition calling for the release of Chinese artist Ai Weiwei, who is currently under arrest. The petition has attracted almost 100,000 people from 175 countries, making it one of Change.org'...

Verizon 2011 Data Breach Investigations Report Released ! Data loss through cyber attacks  decreased sharply in 2010, but the total number of breaches was higher than ever, according to the " Verizon 2011 Data Breach Investigations Report ." These findings continue to demonstrate that businesses and consumers must remain vigilant in implementing and maintaining security practices. The number of compromised records involved in data breaches investigated by Verizon and the U.S. Secret Service dropped from 144 million in 2009 to only 4 million in 2010, representing the lowest volume of data loss since the report's launch in 2008. Yet this year's report covers approximately 760 data breaches, the largest caseload to date. According to the report, the seeming contradiction between the low data loss and the high number of breaches likely stems from a significant decline in large-scale breaches, caused by a change in tactics by cybercrim...

BodgeIt Store  : Vulnerable Web Application For Penetration Testing ! Features Easy to install – just requires java and a servlet engine, e.g. Tomcat Self contained (no additional dependencies other than to 2 in the above line) Easy to change on the fly – all the functionality is implemented in JSPs, so no IDE required Cross platform Open source No separate db to install and configure – it uses an ‘in memory’ db that is automatically (re)initialized on start up There is also a ‘scoring’ page where you can see various hacking challenges and whether you have completed them or not. Install All you need to do is download and open the zip file, and then extract the war file into the webapps directory of your favorite servlet engine. Then point your browser at (for example) http://localhost:8080/bodgeit You can download BodgeIt Store here: Download Now Or read more here .

fileinfo-gui - Forensic tool for file information ! A GUI forensic tool for Ubuntu Linux designed to extract information from files. This is a beta version! Meta Data Information String ASCII and Unicode Hash MD5 and SHA1 Detect and Show PE32 Information Detect and Extract Thumbnail from JPEG file Install $ bash fileinfo --install Screenshot Right-click on the file -> Script -> FileInfo Main Menu (Classic) Meta Information String Information Hash MD5 Download Here

Lancaster 25,000 students and 2,500-plus employees personal info hacked ! Lancaster County Schools officials say computer hackers have gotten personal information on the system's 25,000 students and 2,500-plus employees. In a note posted on the school system's website and sent to students and staff, officials said hackers compromised the database sometime in March. The hackers gained access to computers, captured keystrokes, and obtained passwords. That gave them access to the database, which includes names, birthdates, Social Security numbers, addresses and phone numbers. The breach has been fixed, officials said. "We are doing anything we can to prevent this from happening again," Superintendent Gene Moore said. "And we have put new measures in place to better assure that our computers are protected from such attempts."

Two Hyundai Capital Services hackers arrested ! Two men who are believed to have hacked into the computer system of Hyundai Capital Services have been arrested. The pair, identified only by their surnames Heo and Yu are believed to be part of a group of five individuals who carried out the hack. The five were part of a gang which met online to carry out the hack. Three accomplices who are believed to be in the Philippines and Korean Police have asked Interpol for help in finding them. According to police, the two suspects met in December and plotted to hack into the company's database. They allegedly stole personal information of 420,000 people or 23 percent of Hyundai Capital's total customers and proved to be a deep embarrissment for the outfit.

Belnet Security Conference , 5 May 2011 in Brussels ! Security on the Internet is one of Belnet's highest priorities. Belnet after all has extensive expertise at its disposal in the area of Internet security. Moreover, with the expansion of its security services, Belnet wishes to raise awareness on the part of the user community with respect to security. Therefore Belnet organizes : What ? Belnet Security Conference When ? Thursday 5 may 2011 Where ? at Marivaux Hotel, Boulevard Adolphe Max 98, 1000 Brussels Accessmap Programme The presentations will address diverse security issues and trends. Among others practical safety tips, solutions and services will be treated. The presentations will be given in English Registrations Online registration is possible until noon on 3 Mei. Note: the number of participants is limited to 110. So register quickly here! Participation fee is : 36 EUR for customers and Belnet network users 98 EUR for others Read More & Regis...

5 Sites hacked by 133t Indian h4x0rs ! Hacked sites + Mirrors :  http://pastebin.com/y7W2X8fj

Atul Dwivedi (Indishell) hack into Kaizen Enterprises (Pak) Hacked Site :  http://www.kaizenenterprises.com.pk Mirror :  http://www.zone-h.com/mirror/id/13490446

Anonymous hacker  broke into wind turbine systems ! Claiming revenge for an "illegitimate firing," someone has posted screenshots and other data, apparently showing that he was able to break a 200 megawat wind turbine system owned by NextEra Energy Resources, a subsidiary of Florida Power & Light. The data was posted to the Full Disclossure security mailing list Saturday anonymously, by someone using the name "Bgr R." In the post, he (or she) wrote, "Here comes my revenge for illegitimate firing from Florida Power & Light Company... ain't nothing you can do with it, since your electricity is turned off !!!" In an e-mail interview, Bgr R said he's a former employee who discovered a vulnerability in the company's Cisco security management software that he then used to hack into the SCADA (supervisory control and data acquisition) systems used to control the turbines. His motive was to embarrass the company, he said. "I want peopl...

China 's Cyber Hackers Target Western Firms ! Sky News has learnt of the growing threat Western governments and corporations are under from hackers based in China. Cyber crime costs the UK tens of billions of pounds every year. The attacks cannot be traced but I have gained access to some of the country's growing number of hackers to discover just how big a risk they pose: The man I meet is 21, he has no technical training and has moved to Beijing from a small town in southern China. But within minutes of our meeting, he's shown me how he can hack into my email account. A few more clicks of his mouse, and he's stolen my credit card details as I make an online purchase. He says he's a "cyber security expert" - not a hacker - but we can't use his name and he refuses to show his face. I ask him whether he could successfully hack into more carefully guarded computer systems: those of government officials and top companies in the West. "Even...

European Space Agency (ESA.INT) Hacked by TinKode ! The European Space Agency (ESA), established in 1975, is an intergovernmental organisation dedicated to the exploration of space, currently with 18 member states. Headquartered in Paris, ESA has a staff of more than 2,000 with an annual budget of about €3.99 billion / $5.65 billion US dollars (2011). ESA’s space flight program includes human spaceflight, mainly through the participation in the International Space Station program, the launch and operations of unmanned exploration missions to other planets and the Moon, Earth observation, science, telecommunication as well as maintaining a major spaceport, the Guiana Space Centre at Kourou, French Guiana, and designing launch vehicles. The main European launch vehicle Ariane 5 is operated through Arianespace with ESA sharing in the costs of launching and further developing this launch vehicle. Text Files: Main informations about server. Click here . Main accounts from ESA.I...

France official football websites,forums & Zapak Gaming Portals hacked by ZHC High profile france official football websites and forums owned by zhc Hawk with a message of protest against france for banning hijab for muslim women Hacked By ZHC Hawk - ZCompany Hacking Crew - [ZHC] http://www.district-football-club.fr/index.php http://www.zone-h.com/mirror/id/13482696 http://www.ja-drancy.com/ http://www.zone-h.com/mirror/id/13482697 http://www.mi-ascenseur-protect.com/ http://www.zone-h.com/mirror/id/13482698 http://www.portes-et-portails.com/ http://www.zone-h.com/mirror/id/13482699 http://www.robane-portails.com/ http://www.zone-h.com/mirror/id/13482700 http://www.alarmemultiservice.com/ http://www.zone-h.com/mirror/id/13482684 http://www.blancmesnil-sport-football.com/ http://www.zone-h.com/mirror/id/13482685 http://www.dfcimmobilier.com/ http://www.zone-h.com/mirror/id/13482686 http://www.groupe-smtm.com/ http://www.zone-h.com/mirror/id/1348...

Truth About Facebook -  CIA, U.S. government - Everything Related ! The Truth about who owns facebook. In todays world of advanced modern technology, there are billions of people that use Internet as a means of communication. The era of Big Brother is upon us. George Orwell predicted it and, now we live it. Every day just walking down the street for a burger, our faces are recorded on numerous camera's. Even whilst waiting for our burgers to burn, our image is being burned elsewhere. Todays society is a paranoid one, and rightly so. We are never really alone. Business' record every keystroke and every action in an employee's day. International Intelligence agencies scan and flag any messages containing certain buzz words. Why? Because, as Mulder warned us (and Sculley) weekly for many years, "The truth is out there!" The question has been raised that "Face-book" has connections with the CIA. Facebook has a resource that any secret intellige...

DirectoryScanner - Free Directory Server fingerprinting tool ! DirectoryScanner is the FREE Directory Server fingerprinting tool. It can help you to remotely detect the type of Directory servers (such as Microsoft Active Directory, Novell eDirectory etc) running on the local network as well as Internet. Also it can be used in penetration testing while evaluating client environments where multiple Directory servers are deployed. Directory servers are typically used to store crucial data in an organization including employee authentication information. Often getting hold of poorly configured Directory server can be a gold mine for the pentester. In addition to this, it can greatly help administrators to remotely keep tab on Directory Servers running in their network. At a time you can use it to scan single or multiple systems in the network. It can detect following popular Directory Servers Novell eDirectory Microsoft Active Directory Open LDAP Directory Sun One Directory ...

20 china government websites hacked by The 077 ( HamDi HaCker ) Hacked sites List :  http://pastebin.com/YbyS1Ghm

Calling All Hackers - Grand Prize in Sunshine State “ Hacktacular ” Challenge ! Calling all hackers: Data Analyzers, LLC (www.datanalyzers.com) in Orlando, Florida, is hosting the Sunshine State "Hacktacular" Challenge with a big prize for the top competitor – a full-time job with benefits and relocation allowance if you move to Orlando. Data Analyzers has an immediate job opening for a junior data recovery engineer. The four-year old firm specializes in data recovery, computer forensics and ethical hacking, and has enough corporate clients to keep its engineers working overtime to meet deadlines. Trouble is, very few people in the U.S. possess the skills to qualify. No two data recovery problems are ever the same, and security safeguards are evolving almost as fast as hacking technology. “Data recovery skills are so specialized that typical ‘help wanted’ ads, even at colleges and universities that offer graduate degrees in computer sciences, don’t do the job,” said An...

Hackito Ergo Sum 2011 slides available for Download ! HES aims at anticipating the challenges of the security world and gathers together underground or amateur security researchers together with professional security expert researchers and technical decision makers. During three days, HES will feature new research presentations, of the highest technical level, presented by some of the most respected international researchers. Its goal is to support networking and innovation while federating communities and key actors from the industry, from both the public and the private sectors. The topics covered will include : vulnerability analysis, SCADA architectures, reverse engineering, the underground economy, attacks on banking or telecom infrastructures, cloud computing security, botnets, threat intelligence. Slides of the conference are now available on slideshare at  http://www.slideshare.net/event/hackito-ergo-sum-2011/slideshows

Manila Water 's website hacked by Blackrain ! The website of water concessionaire Manila Water was hacked early Sunday, with visitors to the site seeing a small window indicating the breach. "Hacked by Blackrain!" read the message on the smaller window, which pops up when one logs on to the Manila Water site. Users could not access any part of the website until they click on the "Ok" button on the popup window. But aside from the popup, the other parts of the site appeared normal. Manila Water is one of two concessionaires of the Metropolitan Waterworks and Sewerage System, along with Maynilad Water.

Monash University website hacked by yaser007 Monash University has reported to "specialist agencies" the hacking of its website home page, which on Saturday displayed the words "Hacked by yaser007" in red above a picture of the Iranian flag within the outline of a map of the country. In an emailed statement on Sunday, Monash University chief information officer, Mr Ian Tebbett, said the site "was subject to an external hacker breach on Saturday" but that "the situation was quickly identified and dealt with". He said no university data had been compromised and that the effects were "limited to the publishing of non-Monash material on the externally-facing website". Advertisement: Story continues below It appeared, Mr Tebbett said, that neither Monash, nor the wider Australian higher education community, were a "specific target of the attack". Monash's own investigations of the matter were "ongoing", he said...

Lahore University,Shail Vac Engineers,Strengthening Democracy - SQLi Vulnerable found by Lionaneesh Lahore University of Management Sciences(LUMS) : Site : http://econ.lums.edu.pk Vulnerable URL : http://econ.lums.edu.pk/people_detail.php?id=%Inject_Here%6 Shail Vac Engineers website Site : http://www.vacuumsystem.co.in/ Target : http://www.vacuumsystem.co.in/product.php?prod_id=%Inject_Here%13 Strengthening Democracy through Parliamentary Development (sdpd) Site : http://www.sdpd.org.pk Vulnerable URL : http://www.sdpd.org.pk/news_detail.php?ID=’82 Found by : Lionaneesh

326 Websites Hacked by   Hacked sites list :  http://pastebin.com/Q1er7vKh

OpenStack ' floating Linux kernel ' rides VMware hypervisor ! OpenStack – the open source "infrastructure cloud" project founded by Rackspace and NASA – has released a third version of its platform, offering support for all major hypervisors. With the new release, codenamed "Cactus", developers have added support for VMware's vSphere hypervisor – without help from VMware. The vSphere code was built mostly by Citrix, which had previously coded support for the Xen and XenServer hypervisors. "We're so committed to OpenStack and its hypervisor-agnostic approach that we felt it was important, since VMware wasn't going to contribute vSphere support, that we should do it ourselves," Gordon Mangione, vice president of business development for Citrix's datacenter and cloud division, tells  The Register According to Mangione, VMware has "always been invited" to contribute to the project. But this has yet to happen. The virtuali...

Emergency Adobe Flash Player patch coming today ! Less than a week after warning that hackers were embedding malicious Flash Player files (.swf) into Microsoft Word documents to launch targeted malware attacks, Adobe plans to release an emergency Flash Player patch today to fix the underlying problem. The patch will fix a “critical” vulnerability in Flash Player 10.2.153.1 and earlier versions for Windows, Mac OS X Linux and Solaris. According to this Secunia advisory, the flaw allows a hacker to completely hijack a vulnerable Windows computer: A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to an error when parsing ActionScript that adds a custom function to the prototype of a predefined class. This results in incorrect interpretation of an object (i.e. object type confusion) when calling the custom function, which causes an invalid pointer to be dereferenced. ...

We blogged about the Epsilon data breach to give our customers a heads-up on the situation. Recently, our ThreatSeeker® Network discovered a Web attack that takes advantage of the unfortunate news. As with anything our ThreatSeeker Network discovers, Websense customers are protected by ACE, our Advanced Classification Engine. The attack is hosted on a Web page that has a very professional look and feel, and uses convincing social engineering techniques to lure victims. The attack page is basically a cut-and-paste copy of the HTML code from the original Epsilon press release. This provides the professional appearance of the Epsilon site to lure victims. The big difference is that the attack page provides a malicious binary download. Screenshot of the attack page source code: The attack page tries to get visitors to download the malicious binary by convincing them that there was an update to the press release dated April 8th. The "update" states that Epsilon's inv...

Oracle to release 73 security vulnerabilities security patch update ! Oracle plans to release a large number of security patches for its various software products next week, including six bug-fixes for its flagship database software. All told, there will be 73 security vulnerabilities fixed across Oracle's various product lines. Oracle releases patches quarterly for all of its software, except the Java virtual machine, in a set of patches it calls the Critical Patch Update (CPU). Next week's CPU is due on Tuesday. There are nine fixes set for Oracle Fusion middleware, 14 for the PeopleSoft Suite and eight for the JD Edwards Suite. Two of the database flaws are considered critical, meaning they "may be exploited over a network without the need for a username and password," Oracle said in a statement posted to its website . The updates are set to come one week after Microsoft issued one of the largest collections of security patches it has ever issued. They a...

THC-Amap v5.3 - application protocol detection Released , Download Now ! Amap was innovative - the first tool to perform application protocol detection. Then a better approach was implemented into nmap, this and the large user base of nmap made amap pretty much obsolete. So today, I recommend to rather use nmap -sV for application fingerprinting rather than amap (although in some circumstances amap will yield better results, but these are rare). Still, after 5 years there is an update to amap. The reason for this is IPv6. nmap still does not have a good IPv6 support, e.g. UDP port scanning is not possible. Hence for this v5.3 release in April 2011 that enhances amap to perform better UDP IPv6 support (before only application fingerprinting did work here, now the port scanning feature works too). amap-5.3.tar.gz

Phoenix exploit kit 2.5 leaked, Download Now ! Phoenix exploit kit 2.5 has been leaked . Now U can dowload from given link..  At below here is a some define about Phoenix Exploit Kit. The Phoenix Exploit Kit is a good example of exploit packs used to exploit vulnerable software on the computers of unsuspecting Internet users. Often, cybercriminals drive traffic to the exploit kit by compromising legitimate sites and by inserting iframes that point to the exploit kit or by poisoning search engine results that take users to the exploit kit. When users land on a page injected with the exploit kit, it detects the user’s Web browser and OS version then attempts to exploit either the browser or a browser plug-in. The latest version of the Phoenix Exploit Kit currently has payloads for nine different system configurations, including:     * XPIE7: Internet Explorer 7 and either Windows XP, Windows XP SP2, or Windows 2003     * VISTA...

Pakistan president 's website hacking case adjourned ! A court here has adjourned the case of a man who hacked into the Pakistan president's website and uploaded material defaming Asif Ali Zardari. Additional Sessions Judge Tanveer Meer Wednesday adjourned the cyber crime case, reported the Daily Times. According to Federal Investigation Agency (FIA) enquiry, the hacker, Shahbaz Khan, had the username ADIL/Th3-penetrator and defaced the website www.president-of-pakistan.com and uploaded material defaming Zardari and the country. Khan was arrested and he told investigators that the president's website was hacked by some international hackers. He claimed he had added the following lines: " THIS SITE GOT HACKED BY ADIL WHERE IS YOUR SECURITY? HUH DON'T TELL ME TO STOP!" THANKS 2= FBI, MASTERMIND, SALMAN, EJA2SALAM PK, CODE5, SHER, SAIF "

WordPress.Com Hacked, Hacker  Root the Server ! The parent company that operates WordPress, made an announcement this morning that it has hacked, resulting what the company said was a low-level (root) break-in to several of their servers. The company warned that potentially anything on those servers could have been revealed to the attackers, including client source code. WordPress founder, Matt Mullenweg made the following announcement in a blog post this moring. Read here We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access. We presume our source code was exposed and copied. While much of our code is Open Source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited. Based on what we’ve found, we don’t have any specific suggestions for our users beyond reiterating these security fund...

Apollohospitals.com is vulnerable to SQL injection Found and Submitted By : Zero Cool

Supreme Court of Canada vulnerable to xss attack ! Vunl Link :  http://sr.scc-csc.gc.ca/ search?client=SCC-CSC&site= Internet&output=xml_no_dtd& proxystylesheet=SCC-CSC&hl=en& oe=latin1&ie=latin1&q=%3E%22% 3E%3CMARQUEE%3EHACKED+BY+ZERO+ COOL%3C%2FMARQUEE%3E&btnG= Search Found n Submitted by : Zero Cool