The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Yenepoya University Hacked by The INFERNAL DANTE Hacked Site Link : http://www.yenepoya.edu.in/notice_board.php More Hack Pictures : http://img691.imageshack.us/i/64275385.png/ http://img121.imageshack.us/i/90340593.png/ ​http://img839.imageshack.us/i/51799700.png/ ​http://img833.imageshack.us/i/44978948.png/ ​http://img696.imageshack.us/i/20967849.png/

Cambridge Networks hacked by Shak [PCA] Hacked Site : http://cambridge-networks.co.uk/ Mirror : http://zone-h.org/mirror/id/13556467 Hacked Site : http://cambridgewebworks.com/ Mirror : http://zone-h.org/mirror/id/1355

WordPress 3.1.2 released – Security fixes ! The WordPress team just released a new version of WordPress (3.1.2) to fix a security issue where contributor-level users were allowed to publish posts. It is a small release, and everyone using WordPress should upgrade to it! From the WordPress site: WordPress 3.1.2 is now available and is a security release for all previous WordPress versions. This release addresses a vulnerability that allowed Contributor-level users to improperly publish posts. The issue was discovered by a member of our security team, WordPress developer Andrew Nacin, with Benjamin Balter. We suggest you update to 3.1.2 promptly, especially if you allow users to register as contributors or if you have untrusted users. This release also fixes a few bugs that missed the boat for version 3.1.1. Download 3.1.2 or update automatically from the Dashboard → Updates menu in your site’s admin area. So do what they say and upgrade it asap! Download link: http://...

Mageia 1 Beta 2 released [ Testing Edition ] Three weeks after the first beta arrived, the Mageia development team has announced the release of the second beta for version 1.0 of its Mandriva Linux fork. According to the project roadmap, Mageia 1 Beta 2 will be followed by a release candidate on 17 May – the first stable release is expected to arrive on 1 June. Based on the 2.6.38.4 Linux kernel, Mageia 1 Beta 2 features the latest KDE 4.6.2 desktop environment. Other changes over the previous beta include a variety of package updates, including version 12.0.742.0 of the Chromium web browser, Firefox 4.0 and LibreOffice 3.3.2. The developers also note that they froze the software package versions last week, meaning that "no new, big, upstream code changes will be accepted in Mageia until our final release in June". Moving forward, the developers will focus on fixing bugs and "refining and polishing the user experience". As with all development releases, use in...

253 website defaced by imm0rt4l ( Indian hacking crew ) Imm0rt4l5 defaced 253 site , they are Indian hacking crew , with member names : Cybers4mur41 , C0br4 , T41p4n , rur0u1_bl4d3 The main defaces are :  http://www.pakistanrealestate.net/index.php and  edp.com.pk/update.php Message By them " We are warning to team ZHC not to deface Indian site , or else next defacement will be only off porkis !!!! " List of other websites are :  http://pastebin.com/r57UmqZ0

100's Beijing Government networks are vulnerable to Cyber-attack ! China is known as an aggressor in cyberspace, but hundreds of Beijing’s own government networks are vulnerable to cyber-attack, says one security expert whose hobby is finding back doors into Chinese computer systems. Among the systems that hackers have penetrated is a database containing personal details - including email addresses, cellphone and passport numbers, and even psychological test results - of 11,000 people, including thousands of Americans. The database, maintained by the state agency that recruits foreign specialists to work in China, was breached by hackers last year, according to U.S. security researcher Dillon Beresford. But many of the Americans in the database did not know their details were there and had been accessed by hackers. Source

Hacker Got PlayStation 77 million PSN customers Network Users info ! Sony Corp. said Tuesday a hacker had obtained customer information, possibly including credit-card numbers, of members of its online PlayStation Network, a potential problem for the quickly growing field of online gaming. The Japanese electronics giant said it is informing its 77 million PSN customers that personal information--including names, addresses, billing history and birthdays--was obtained by an "unauthorized person" following a hacking attack that prompted Sony to shut down its Internet gaming service last week.

The Film and Publication Board’s (FPB) website Hacked by  Dr.KroOoZ - By.NeShTeR / TTG ! The Film and Publication Board’s (FPB) website, hosted at http://www.fpb.gov.za , is the latest government website to be hacked. Visitors to the FPB website on Monday were greeted by the message “ Hacked By Dr.KroOoZ - By.NeShTeR / TTG” and the PHP error code “Fatal error: Class 'JConfig' not found in… ” The recent security breaches are often related to software which is not updated, and since the FPB’s website is built on the popular Joomla Open Source Software (OSS) regular security updates are necessary to avoid hacking vulnerabilities. Details about the FPB hacking are as yet unknown, and at the time of publication the hacking message still displayed on all web pages. It is not clear when the website will be restored. The FPB website hacking follows security breaches of the ANC and ANC Youth League websites over the last month. Many ANC Youth League (ANCYL) visitors were surp...

Indian Institute of Management (IIM-B) Bangalore website hacked The website of the Indian Institute of Management-Bangalore has been hijacked by hackers peddling erectile dysfunction products like Viagra. The website, www.iimb.ernet.in , has been out of service for at least ten days. Cached versions of its home page during the period show the IIM masthead is superceded by ads for purchasing Viagra online without prescriptions.

Pakrail.com database and user details hacked by angel 4k4 4d0r4b13  ! Hacked Database :  http://pastebin.com/y6WQ1Qrr

3 university websites database exploited by FR0664/FCA sci.nu.ac.th - Faculty Of Science - Naresuan University Thaïland http://pastebin.com/Yv8iuUPY frsr.utn.edu.ar - Universidad Tecnológica Nacional - Facultad Regional Santa Fe http://pastebin.com/pXLQYmMH eswap.ca - Where You Swap To Gain http://pastebin.com/RvNLzHYq

Yahoo! PH Purple Hunt 2.0 Ad Compromised ! Earlier the other day, I was browsing through the Yahoo! PH site and the Yahoo! Purple Hunt 2.0 ad caught my attention. Curious as I am, I clicked on the ad and surprisingly my browser downloaded a suspicious file named com.com. Apparently this ad redirected me to a randomly generated URL similar to the following which, unfortunately, led to the malicious download: hxxp://want6.{BLOCKED}.com/se/3da19bea8f9c03e96c9b1acad9cce5a88a2244f0a34d69 c09b8d3198b2797726789be0228c0df3c762ed088a2327b07f4a183fa6fa753b0acfd7f0afc2d2b 13b801ba978269fcda413f53e/960b0a2a/com.com hxxp://nose8.{BLOCKED}.com/se/3da19bea8f9c03e96c9b1acad9cce5a88a2244f0a34d69c 09b8d3198b2797726789be0228c0df3c762ed088a2327b07f4a183fa6fa753b0acfd7f0afc2d2b 13b801ba978269fcda413f53e/960b0a2a/com.com hxxp://letter6.{BLOCKED}.com/se/3da19bea8f9c03e96c9b1acad9cce5a88a2244f0a34d69c0 9b8d3198b2797726789be0228c0f3c762ed088a2327b07f4a183fa6fa753b0acfd7f0afc2d2b13 b801ba978269...

India's Railway Email System hacked by Pakistan Cyber Army ! The Indian Railway Email System is Hacked by Pakistan Cyber Army (pca), They have taken complete backup of all important mails and user-pass of all email id's . Have a look to the images below as HACK PROOF and thier statement on this Hack attack. Statement By Pakistan Cyber Army : Dear All, Answer to Indian hackers for hacking the server of Pakistan Air Force We are Pakistan Cyber Army (Real PCA is Reality). Many times we told Indian hackers out there from various groups that don’t mess with any Pakistani site or server especially systems from government organizations. We observe another attack on 22nd April 2011 at Pakistan Air Force Server backup server and other 8 machines on the same network. We would like to tell you that Pakistan Cyber Army is looking at each and every move you do on the cyber front of Pakistan. Indian hackers were unable to do anything accept taking screenshot of the serv...

Pangolin v3.2.3 Released, Download Now ! “Pangolin is a penetration testing, SQL Injection test tool on database security. It finds SQL Injection vulnerabitlities.Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user”s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.” This is the updated change log: Speed up in fast mode when MySQL database later than 4.x. Speed up when dump Microsoft SQL Server 2005/2008 database. Enhance the injection ability of Informix database. Add feature to manual keywords selection. Fix the bug dump data incomplete in byte-by-byte mode. Enhance the ability in...

Albanian Ministry of Justice Exploited by ATH-Cr3w ATH-Cr3w Hack into Albanian Ministry of Justice's Website and Extract Database + Do Admin access. They Upload data here :  http://pastebin.com/y4nDWBVt

The Social-Engineer Toolkit v1.3.5 Released ! “The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.” This is the official change log: Fixed a bug where create payload and listener wouldn’t work for the new SET interactive shell or RATTE Updated the SET User Manual for version 1.3.5 Fixed the core.log(error) core library to properly log potential errors within SET Updated the SET interactive listener to hold over nearly unlimited connections versus the 30 it was initially limited to Turned the Java Repeater off by default, still a bit buggy, feel free to turn on if you want it Added an automatic selection for the Sun Java Applet2ClassLoader Remote Code Execution to select java meterpreter since it is specific to the java meterpret...

Infondlinux - Security tools install script for Ubuntu ! infondlinux is a post configuration script for Ubuntu Linux. It installs useful security tools and firefox addons. Tools installed by script are listed at the beginning of source code. # download: $ wget http://infondlinux.googlecode.com/svn/trunk/infondlinux.sh # install: $ sudo infondlinux.sh Pakages : # debian packages # - imagemagick # - vim # - less # - gimp # - build-essential # - wipe # - xchat # - pidgin # - vlc # - nautilus-open-terminal # - nmap # - zenmap # - sun-java6-plugin et jre et jdk # - bluefish # - flash-plugin-nonfree # - aircrack-ng # - wireshark # - ruby # - ascii # - webhttrack # - socat # - nasm # - w3af # - subversion # - wireshark # - mercurial # - libopenssl-ruby # - ruby-gnome2 # - traceroute # - filezilla # - gnupg # - rubygems # - php5 # - libapache2-mod-php5 # - mysql-server # - php5-mysql # - phpmyadmin # - extract # - p0f # - spikeproxy # - ettercap # - dsniff : # * arpsp...

Mandriva 2011 Beta 2 is Available for Testing ! Mandriva 2011 beta 2 was supposed to be released a week ago, but the release schedule was delayed by last minute defects discovered by the development and testing teams. In order to get hold of beta 2, you can visit your favorite Mandriva mirror and check devel/iso/2011. Beta testers are fortunate enough to lay their hands on new login manager functionalities, a new launcher and welcome application, overall look and feel enhancements, new panel, LibreOffice 3.3.0, and new artwork with a default theme. That is what you all see on the surface. At the core, the release is equipped with the latest kernel 2.6.38.3, gcc 4.6.0, systemd 24, and many more system and application packages. Mandriva beta 2 is available for both 32 bit and 64 bit Intel architectures, in the form of Live CDs, which can be installed in the system on demand. Download: Mandriva.2011-beta2.i586.iso (1,492MB) Mandriva.2011-beta2.x86_64.iso (1,520MB)

CMR Collage  Bangalore Website Hacked by  lionaneesh Hack Proof: Hacked site :  http://www.cmredu.com

PlayStation Network Hacked, Information leaked ! Update :  [THN] The Hacker News Exclusive Report on Sony 3rd Attack Issue ! While the PlayStation Network is down, a lot of gamers are curious as to what have been the reasons to this outrageous downtime. Today, Media Molecule said that the PSN is once again, hacked. According to the post that Media Molecule posted today, the PSN is hacked and it warned users not to enter any personal information including credit card, etc until the PSN website says it’s okay. Here’s what Media Molecule posted: The PSN is still down because of a hack and will remain out of service for another while yet (worst-case scenario would be 1 or 2 more days). DO NOT enter ANY personal information (credit card information etc.) until the PSN website says its OK. Even once the PSN website says it’s OK, please wait at least 2 hours to make sure it’s a legitimate announcement. But for the moment, you should be patient and don’t worry about it. As wha...

10 Site Hacked by Mr.D4NG3R Hacked sites list + Mirrors :   http://pastebin.com/dCApyUDa

Facebook hacker posts stolen pics on porn site ! A 26-year-old man faces 13 felony charges after being accused of hacking into Facebook accounts, stealing photos of young women and posting them on porn sites, reports the Kansas City Star. Along with content belonging to the 13 young women (ages 17 to 25), Timothy P. Noirjean is accused of victimizing, investigators found 92 folders on his computer containing names or photos of women, as well as 235 email addresses with security information. Noirjean confessed to accessing more than 100 Facebook accounts, and told police he was unaware that it's a crime. The shocking thing here isn't that there are predators on the Internet, that Noirjean claims ignorance of the law, that police arrested Noirjean in his parents' basement (which, according to the report, they totally did) or that young ladies of today have porn-worthy photos of themselves in unencrypted files on their computers. It's that Noirjean carried out his crime...

Cyberhackers.org - Hacked by GriAdamlar (Turkish Hackers Group) Hacked site : http://www.cyberhackers.org Mirrors http://zone-h.org/mirror/id/13526679 http://zero-h.com/mirror/id/65782

A Georgia man has pleaded guilty to fraud and identity theft after authorities found him in possession of more than 675,000 credit card numbers, some of which he obtained by hacking into business networks Rogelio Hackett Jr., 26, pleaded guilty on Thursday to one count each of access device fraud and aggravated identity theft after authorities executed a search warrant at his home and discovered the card numbers, used to conduct fraudulent transactions totaling more than $36 million, on his computers and storage devices. According to the indictment, authorities hunted Hackett down after monitoring his activity in internet relay chat (IRC) rooms and on underground forums, where he sold stolen card numbers, usually at $20 to $25 each to buyers around the world. He used the proceeds to make high-end purchases, such as a 2001 BMW X5 and a pair of $450 Louis Vuitton shoes. In addition, Hackett was charged with obtaining devices used to create counterfeit credit cards. According to p...

A federally funded U.S. lab that is suspected to have been involved in finding the vulnerabilities in Siemens SCADA systems used by the Stuxnet worm has shut down the Internet connection for its employees following the discovery of a breach into the facility's systems. The Oak Ridge National Laboratory - located in Tennessee and funded by the U.S. Department of Energy - is known for performing classified and unclassified research for federal agencies and departments on issues crucial for national security. Among other things, the lab also does cybersecurity research on malware, vulnerabilities and phishing. It is somewhat ironic, then, that the breach was the result of two employees falling for a malicious email containing a link to a page that exploited a remote-code execution vulnerability in the Internet Explorer browser. According to Wired, the email was sent to about 530 lab employees, of which 57 believed that the email was coming from the institution's human resour...

Pakistan Air Force Server Hacked by Code Breaker/Lucky (Indishell) Indishell, group of some Indian Hackers hacked PAF (Pakistan Air Force) server with 8 more server in LAN. They claimed that all those 8 more servers were in LAN with that PAF server. Here’s a screenshot of RDP.  'Code Breaker' claims to have backed up all the data using remote desktop protocols. Source

FBI cracks International Bot Network ! The Department of Justice and FBI declared that it has cracked a network of hackers, who have infected almost 2 million computers with a harmful "bot" program, Coreflood that steals private and monetary data from computers. Identified as a "bot" network- as the malware can be managed distantly like a robot- it compromises machines with a software program called Coreflood, which downloads itself by finding out the vulnerability in systems, that are running Windows operating systems. The legal actions are the key components of the "most complete and inclusive enforcement action ever taken by the U.S. authorities to put out of action an international botnet", as per the statement from the Department of Justice, reports cnet News on April 13, 2011. As per a request from a temporary restraining order that was granted, it's the first time USA law enforcement has taken consent from a court for controlling a botne...

Cyber jihadists could use Stuxnet worm to attack the west ! ACCORDING TO Mikko Hypponen , F-Secure’s chief security researcher, there has been a revolution in malware with Stuxnet. “ The worst case scenario is that Al-Qaeda or another organisation could gain access to this type of knowledge and information, and make use of it to launch attacks on critical infrastructure – like blow up nuclear power plants or do something to our food chain. ”

McAfee study  - India is fourth lowest in security adoption ! McAfee and the Center for Strategic and International Studies (CSIS) revealed the findings from a global report ‘In the Dark, Crucial Industries Confront Cyber attacks’ that reflects the cost and impact of cyber attacks on critical infrastructures. Critical infrastructure refers to computer systems of vital economic assets such as power grids, railways, nuclear energy plants, etc. that make strong targets for criminal threats, industrial espionage and politically motivated sabotage. According to the report findings, India ranked fourth in terms of lowest levels of security adoption after Brazil, France and Mexico, adopting only half as many security measures as leading countries such as China, Italy and Japan. Concurrently, China and Japan were also among the countries with the highest confidence levels in the ability of current laws to prevent or deter attacks in their countries. The report states that currently ...

Scada systems are found in a variety of industrial plants ranging from water and waste treatment to food and pharmaceuticals and even nuclear power plants.Their scurity of these systems is getting worse and is big concern today. Application security management firm Idappcom reported 52 new threats in March targeted at supervisory control and data acquisition (Scada) systems of the sort hit by the infamous Stuxnet worm. “We quickly realised this was too much of a significant blip to be an anomaly. It may be an indicator towards a worrying trend,” said Haywood.Our records go back to 2004 and I’ve never recorded any sort of significant blip on the radar in an area like this previously.” said Tony Haywood, chief technology officer at Idappcom. Some of the xploits founded arecausing DOS (Denial Of Service), bringing system to halt. Scada systems are often at greater risk because they are connected to legacy operating systems such as Windows 95 for which there are no service packs or autom...

Codenomicon is a Finland based Information Security company. Recently it has released a universal fuzzer, a fuzz testing solution that combines heuristics and multiple fuzzers with a graphical user interface, automated test executions and reporting features. Fuzzing has been popular between hackers and security researchers to find bugs and0-days in software.This Universal Fuzzer can be used to test everything that can be presented in a file format, such as image files, captured protocol messages, text documents and wireless frames. It creates test cases from sample files, such as pdf-documents, media files and protocol files. The Universal Fuzzer uses heuristics to determine the structure of the sample files, thus it is able to generate more intelligent, targeted test cases and discover more vulnerabilities. The coverage of the tests is further improved by combining the abilities of 15 different fuzzers. The Universal Fuzzer is an easy and flexible solution for performing fuzzing. It...

The OWASP Hackademic Challenges Project is an open source project that helps you test your knowledge on web application security. You can use it to actually attack web applications in a realistic but also controlable and safe environment. On the left menu you can see all attack scenarios that are currently available. You can start by picking one! This is a Customized version of the OWASP Hackademic Challenges only for OWASP Appsec Europe 2011 The competition starts on 21st April and will run for 4 weeks until 15th May. Each week a series of challenges are going to be released according to the schedule below: Week 1 (21st April) Week 2 (28th April) Week 3 (5th May) Week 4 (12th May) Once the competition is over, the winner ( first place in the Top 10 ) will get a free ticket to OWASP Appsec Europe 2011 Let the challenges begin!

A top United States federal lab was the victim of a "silent" cyberattack earlier this month, news outlets are reporting The Oak Ridge National Laboratory in Tennessee was the victim, according to Nextgov.com. The lab is an energy department laboratory that studies nuclear fusion, supercomputing, and other areas. Ironically, "one of the core competencies of the lab is cybersecurity research," according to a quote on Wired. The attack prompted a shutdown of e-mail and Internet access at the facility. The attack vector used to break into Oak Ridge's network is known as an advanced persistent threat, or APT. Nextgov describes it thus: " APTs typically infiltrate a target by e-mailing its employees messages purportedly from legitimate associates that ask the employee to submit personal information, such as passwords, and then harvest this information to access the systems they are after. Once inside the network, the perpetrators often try to extract data -...

 Former Cisco Engineer Arrested for Hacking ! A former Cisco engineer was arrested last year on charges of hacking into his former employer's network and is currently awaiting extradition in Canada. The charges against Peter Alfred-Adekeye, a British national who worked for Cisco before leaving to start his own company, were reported in local Vancouver media this week. Alfred-Adekeye was arrested in May 2010 in Vancouver, on 97 counts of accessing a protected computer without authorization based on a complaint returned by a Secret Service Special Agent. The networking giant alleged that its former engineer used another employee's credentials to log into one of its restricted websites and download software. In 2008, Alfred-Adekeye's new company, Multiven, based in Redwood City, California, filed an antitrust lawsuit against Cisco, claiming that it is stifling competition by forcing its customers to sign service contracts to receive software bug fixes. Multiven p...

Microsoft discloses vulnerabilities in Chrome and Opera Microsoft has issued two advisories on Chrome and Opera, detailing remote code execution and information disclosure vulnerabilities. The disclosure is the result of the Microsoft Vulnerability Research (MSVR) system going live, which is one of the core items within their Coordinated Vulnerability Disclosure (CVD) program. On Tuesday, Microsoft issued an MSRV Advisory related to use-after-free memory errors in Google’s Chrome, which, if exploited, would have triggered a crash and allowed remote code execution in the browsers sandbox. “When attempting to parse specially crafted Web content, Google Chrome references memory that has been freed. An attacker could exploit the vulnerability to cause the browser to become unresponsive and/or exit unexpectedly, allowing an attacker to run arbitrary code within the Google Chrome Sandbox,” the advisory explains. Google has addressed the issue in a patch delivered last September. Vers...

German software developer Ashampoo Hit by Data Breach ! German software developer Ashampoo has notified its customers about a data breach incident that resulted in the exposure of their names and email addresses. According to an announcement posted on the company's website, unidentified hackers broke through its security systems and gained unauthorized access to a server. "We discovered the break-in and interrupted it instantly. The security gap through which the hackers gained access was closed immediately," said Ashampoo's CEO Rolf Hilchner. "At the same time we reported this incident to the police. Further investigations are underway. Unfortunately, the traces of the well-concealed hackers currently disperse abroad," he added. Fortunately, the hackers did not obtain access to billing information as this data is not stored on the company's servers. In addition to its software development business, which includes anti-malware, firewall and ...