The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The source code of the ZeuS Botnet is now available for  Download . Derek Jones  (the author this article) imagine there are a few organizations who would like to talk to the author(s) of this code. All developers have coding habits, that is they usually have a particular way of writing each coding construct. Different developers have different sets of habits and sometimes individual developers have a way of writing some language construct that is rarely used by other developers. Are developer habits sufficiently unique that they can be used to identify individuals from their code? I don’t have enough data to answer that question. Reading through the C++ source of ZeuS I spotted a few unusual usage patterns (I don’t know enough about common usage patterns in PHP to say much about this source) which readers might like to look for in code they encounter, perhaps putting name to the author of this code. The source is written in C++ (32.5 KLOC of client source) and...

The Anonymous : Need of  21st century ! Anonymous is the political movement of change for the 21st century. Anonymous can and certainly will accomplish what many other political and peace movements of the past could not. How will they achieve this? Through peaceful protest. When corruption, destruction and mayhem strikes from governments or corporations it is the goal of anonymous to awaken that entity and the public that a change must occur. Given that, many will use the name Anonymous to perform acts of a criminal and malicious nature. By doing this it gives the real " Anonymous " a bad name. In fact, governments and corporations will try to retaliate against the false anon by restricting internet freedom and user capabilities. We must understand that the Anonymous who strives for political change and world peace must be free to work without the mistrust and misdeeds of others who tarnish their good work. As price pritchet once said, " change always c...

New Facebook worm propagating : VERIFY MY ACCOUNT , Video Explanation of Code In the past hour a new application has begun spreading on Facebook which has found an exploit in the existing sharing system. Whatever you do, don’t click the link described below. The system is pretty straight forward. It suggests that you click “VERIFY MY ACCOUNT” within a link which ultimately results in the user posting the same message to all their friends’ walls. The message typically resembles the following one: Scam Signature Message:  In order to PREVENT SPAM, I ask that you VERIFY YOUR ACCOUNT. Click VERIFY MY ACCOUNT right next to comment below to start the process… The result is that thousands of users have seen the message spreading to their profiles in the past hour or so. Our guess is that this message could reach hundreds of thousands of users before it’s shut down (unless Facebook’s security team is up right now). The bottom line is this: don’t click any of the links resembling t...

Preview : Web App Hacker's Handbook 2nd Edition ! The first draft of the new edition of WAHH is now completed, and the lengthy editing and production process is underway. Just to whet everyone's appetite, I'm posting below an exclusive extract from the Introduction, describing what has changed in the second edition. (And in a vain attempt to quell the tidal wave of questions: the book will be published in October; there won't be any more extracts; we don't need any proof readers, thanks.) What’s Changed in the Second Edition? In the four years since the first edition of this book was published, much has changed and much has stayed the same. The march of new technology has, of course, continued apace, and this has given rise to specific new vulnerabilities and attacks. The ingenuity of hackers has also led to the development of new attack techniques, and new ways of exploiting old bugs. But neither of these factors, technological or human, has created a rev...

275 Sites Hacked by jumbo (Umer Rock) Sites: http://pastie.org/1891679 mirror: http://mirror.sec-t.net/hacker/?s=1&user=Umer+Rock

Finally Source code of ZeuS Botnet Version: 2.0.8.9  available for Download ! Download Link :  http://www.multiupload.com/P8QUNF4YJN Rar password : zeus Read More :  Complete ZeuS source code has been leaked ! ' The Hacker News ' Magazine -   Social Engineering Edition  - Issue 02 - May,2011 Released ! Download Now

Wikileaks Founder, Assange gets Sydney Peace Prize ! WikiLeaks founder Julian Assange was Wednesday awarded the Sydney Peace Foundation's top honor for "exceptional courage in pursuit of human rights," joining the likes of Nelson Mandela and the Dalai Lama. Assange, an Australian former computer hacker who is fighting extradition from Britain to Sweden over alleged sex crimes, was praised and rewarded with the Sydney Peace Prize's Gold Medal. Although the Peace Prize is awarded annually by the foundation only three other people in its 14-year history have been awarded the gold award for courage in pursuit of human rights -- the Dalai Lama, Nelson Mandela and Japanese Buddhist leader Daisaku Ikeda. The foundation paid tribute to Assange's determination to seek greater transparency and accountability from governments around the world, having challenged "centuries old practices of government secrecy." "By championing people's right to k...

Hacked PlayStation Network to be fully restored by end of May ! Sony said Tuesday it aimed to fully restore its PlayStation Network, shut down after a massive security breach affecting more than 100 million online accounts, by the end of May. Sony also confirmed that personal data from 24.6 million user accounts was stolen in the hacker attack last month. Personal data, including credit card numbers, might have been stolen from another 77 million PlayStation accounts, said Sony Computer Entertainment Inc. spokesperson Satoshi Fukuoka. He said Sony has not received any reports of illegal uses of stolen information, and the company is continuing its probe into the hacker attack. He declined to give details on the investigation. Sony shut down the PlayStation network, a system that links gamers worldwide in live play, on April 20 after discovering the security breach. The network also allows users to upgrade and download games and other content. Sony was under heavy criticism o...

ICSE Guess compromised, over 1 lakh 10 thousand users hacked by lionaneesh ! Admin User/Pass leaked By Indian hacker Loinaneesh. There are more than 1 lakh 10 thousand users data stolen. Big sites, Less Security :P

NCASC & 3 More Nepal Government Sites Hacked By cool_sh4v1k Hacked Sites : http://necan.gov.np/license.html http://epsnepal.gov.np/license.html http://ncasc.gov.np/license.html http://nepalstandards.gov.np/license.html Mirrors : http://www.zone-h.net/mirror/id/13681612 http://www.zone-h.net/mirror/id/13681609 http://www.zone-h.net/mirror/id/13681610 http://www.zone-h.net/mirror/id/13681611

Microsoft Releases Patch Tuesday Fixes for Windows Server and PowerPoint ! Microsoft addressed two security bulletins in May’s Patch Tuesday release. Despite its small size, security experts said administrators should apply the fixes immediately as they addressed significant threats. Microsoft fixed a critical vulnerability affecting Windows Server and an important bug in Microsoft Office PowerPoint, according to the Patch Tuesday advisory released May 10. Microsoft also assigned separate “exploitability” scores for newer versions of the software under the “improved” exploitability index ratings. The team fixed a critical vulnerability (MS11-035) in the WINS component in Windows Server 2003 and 2008. WINS is a name resolution service that resolves names in the NetBIOS namespace and does not require authentication to use. While usually not available by default in Windows Server, it is commonly used in the enterprise for internal network servers. Administrators who have enabled WIN...

The National Strategy for Trusted Identities in Cyberspace aims to help consumers pay for services such as health care more securely and avoid identity theft. Recent guidelines issued by the White House on cyber-security could provide an impetus for secure online bill paying in health care, according to health care industry experts. The National Strategy for Trusted Identities in Cyberspace presented by the White House provides direction on how to protect consumers and businesses from identity theft and fraud in online transactions by creating an identity ecosystem. Under the ecosystem strategy, consumers would maintain their anonymity during transactions by providing one piece of information, such as age, but not name, address, birth date or other information. "The rapid and vastly positive changes that have followed the rise of online transactions—like making purchases or downloading bank statements—have also led to new challenges," President Obama wrote in the str...

BackTrack 5 Released – Penetration Testing Distribution, Download Now ! Download : http://www.backtrack-linux.org/downloads/ Direct Links from FTP :  http://mirrors.rit.edu/backtrack/

Anonymous IRC hacker, Ryan Cleary  Exposed ! The ‘Anonymous’ collective named Ryan Cleary as the person responsible for breaching two of its own sites. The 18-year-old was accused of trying to bring down message boards used by Anonymous members to communicate with each other. Read Here ‘ We regret to inform you today that our network has been compromised by a former IRC-operator and fellow helper named “Ryan” ,’ a post on its AnonOps site said. ‘He decided that he didn’t like the leaderless command structure that AnonOps network admins use. So he organised a coup d’etat.’ Mr Cleary was accused of stealing passwords and targeting the network servers used to keep Anonymous’s websites running. ‘ This is not a joke, this isn’t a lie, this is the truth and we are sorry for that, ’ the post added. A later update showed a screenshot of a ‘ revenge attack ’ that gave the alleged culprit’s full name, address and phone numbers. Anonymous is still under attack. Going to Ano...

Complete ZeuS source code has been leaked On the 23rd of March 2011 we posted a blog about the source code for the infamous crime kit ZeuS (Wsnpoem/Zbot) being sold on at least two dark market forums (see: http://www.csis.dk/en/csis/blog/3176/). This weekend we found the complete source code for this crime kit being leaked to the masses on several underground forums as well as through other channels. We already collected several addresses from where it is being distributed in a compressed zip archive. We even compiled it in our lab and it works like a charm. When unzipped it looks like this: We can hereby confirm that the complete ZeuS/Zbot source code is freely available for inspection, inspiration or perhaps to be compiled and used in future attacks. ZeuS/Zbot is already considered as being amongst the most pervasive banking Trojan in the global threat landscape. It is an advanced crime kit and very configurable. With the release and leakage of the source code the ZeuS/Zbot co...

Channel [V] INDIA website HacKeD By MaDnI ( Pak Cyber Army ) Hacked Site : http://www.channelv.in/forum/ Mirror : http://www.zone-h.com/mirror/id/13675949

You got owned, Exposure about privacy on facebook ! If you had any doubts regarding privacy on facebook, here is a list containing hundreds of user and password, how can this be ? Easy, any application that asks for permission can get your credentials! And then do not say that we had not warned :P WikiLeaks founder Julian Assange says Facebook is Spying on You and Your Loved Ones “Here we have the world's most comprehensive database about people, their relationships, their names, their addresses, their locations and the communications with each other, their relatives, all sitting within the United States, all accessible to U.S. intelligence.” Read More News Regarding Facebook on THN : Assange says Facebook is spying tool for US intelligence ! A Syrian Man-In-The-Middle Attack against Facebook Facebook is not Exclusion, XML Vulnerability ! Truth About Facebook -  CIA, U.S. government - Everything Related ! Vulnerability in Facebook Email feature Exposed ! Face...

Linux kernel 2.6.38.6 ( stable) has been released ! The latest -Stable kernel has been raised again after Greg released a new version : 2.6.38.6. This is a maintenance update, so no new feature are included, only bug fixes and minor changes. Even though Greg urges users to upgrade to this version, it's wiser to look at the  ChangeLog  to decide whether you really need to upgrade to this version or not. Personally, i don't really see any important updates in this release, so if you have no problem with your current kernel (2.6.38.x series), you can stay with it until 2.6.39 comes up in probably a week or two. Download :  http://www.kernel.org/

India’s Rajasthan State Co-operative Marketing Federation Ltd (http://rajfed.gov.in/) has been infected with a malicious script tag. This government site promotes the objectives of procuring agricultural produce from farmers through the member societies on support prices declared by the Govt. of India. Here is the home page of this site: The malicious script has been injected at the bottom of this page. Here is the screenshot of source page, Below, you can see a decoded version of the script using Malzilla. ( http://malzilla.sourceforge.net/ ) The decoded script tag leads to JavaScript from “ hxxp://cs.cskick.cn/cs/sc.js ”. Currently, this malicious site is down. A quick Google search for this domain shows that it has been involved with malicious activity in the past. Trend Micro has issued a report for a separate threat hosted at that same domain. Submitted by :  Umesh

Sony 3rd massive leak - 100 million user's personal info hacked in Japan ! Personal information on a total of 100 million people has possibly been hacked and leaked from online game and other Internet services provided by the Sony Group worldwide, sparking fears that it could develop into the worst information leakage case ever. Sony has been under fire for being slow to announce the incident. It is essential for the electronics and entertainment giant to clarify the whole picture of the damage as quickly as possible and gather itself together to follow up the case in order to recover consumers' confidence. According to the revelation, personal information including the names, IDs and passwords of about 77 million people in some 60 countries -- mainly in North America -- was hacked and leaked from Sony's Internet services that provide game software for PlayStation 3 and other game consoles and distribute movies and music for TV viewers. Furthermore, private inform...

SkidHacker.com , Underground-Hacking.Net & IndoCoder.or.id Hacked by Shadow008 (PakCyberArmy) Sites Hacked: Forum: http://www.indocoder.or.id/community/ Blog: http://www.indocoder.or.id/journal/ Mirror: Forum: http://www.k0-ka.in/attack/?id=1498 Blog: http://zone-h.com/mirror/id/13632754 ___________________________________________________ Sites Hacked: http://underground-hacking.net/ Mirror: http://zone-h.com/mirror/id/13667406 ___________________________________________________ Sites Hacked: http://www.skidhacker.com/ Mirror: http://zone-h.com/mirror/id/13668102

Cbseguess.com   4243  users data compromised ! http://cbseguess.com/ Hacked By Indian Hacker 'Akash Jain', and almost 4243 users data Compromised .

Samsung Data Management Server with Sql Injection Login Bypass vulnerability Here we have one more example of human stupidity. Samsung Data Management Server with Sql Injection Login Bypass vulnerability . Anyone can easy hack into admin panel of server... here a screen shot of admin panel : Sorry ! We can't Disclose the location/URL of Panel just because of security reasons. But Samsung should fix this as soon as possible !

French security firm VUPEN Say New Bugs Can Bypass Google Chrome Sandbox ! Researchers at the French security firm VUPEN say that they have discovered several new vulnerabilities in Google Chrome that enable them to bypass the browser's sandbox, as well as ASLR and DEP and run arbitrary code on a vulnerable machine. The company said that they are not going to disclose the details of the bugs right now, but that they have shared information on them with some of their government customers through its customer program. The vulnerabilities are present in the latest version of Chrome running on Windows 7, VUPEN said. VUPEN published a video (  http://www.vupen.com/demos / ) that demonstrates an attack that exploits the Chrome vulnerabilities, although there is no further clues about the bugs themselves. "The exploit shown in this video is one of the most sophisticated codes we have seen and created so far as it bypasses all security features including ASLR/DEP/Sandbox, it...

Patch for Metasploit that will enhance db_autopwn such that you will be able to Hack almost ANYTHING ! There is a small patch released , that will make your db_autopwn fully loaded and powerful . With which you will be able to hack almost anything... Lets have a look : Index: lib/msf/ui/console/command_dispatcher/db.rb =================================================================== --- lib/msf/ui/console/command_dispatcher/db.rb (revision 12572) +++ lib/msf/ui/console/command_dispatcher/db.rb (working copy) @@ -775,6 +775,9 @@ def cmd_db_autopwn(*args) return unless active? + puts 'http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines' + return + stamp = Time.now.to_f vcnt = 0 rcnt = 0

Ethical Hacking Services - Appin Security hacked By 133t Indian h4x0rs ! Hacked Site 1. :  http://appinlabs.com Mirror 1. :  http://legend-h.org/mirror/157460/appinlabs.com Hacked Site 2. :  http://blog.appinonline.com Mirror 2. :  http://legend-h.org/mirror/158222/blog.appinonline.com

Scammers looking to flog cheap software have hacked Web pages on high-profile websites, including those belonging to NASA and Stanford University. NASA, just a week away from its penultimate space shuttle launch, has now removed dozens of Web pages that popped up on its Jet Propulsion Laboratory website. They were used to flog low-cost versions of Adobe's Creative Suite and other products, according to cached versions of the pages, still viewable on Google. The scammers loaded up the Web pages with nonsense text (a sample: "Edit buy adobe premiere pro cs4 some callouts and balloons to make this time it took you and saved you a long time") and links to many other hacked pages. Affected sites included those for NASA, Stanford University, Syracuse University and Northeastern University. NASA had cleaned up its site Monday, but others, including Stanford, had not. Visitors to those sites could encounter the hacked pages even if they weren't looking for cheap softwar...

Hackers release usernames, passwords of several FOX.com affiliate employees ! Hackers Post complete Usernames/Password of Fox.com users at : http://pastebin.com/zDMHmmAr