The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

LulzSec & Anonymous initiates ' Operation Anti-Security ' together LulzSec has issued a declaration virtual war on any government or governmental agency, the top priority of which they say "is to steal and leak any classified government information, including email spools and documentation. Announcement by Lulzsec via Pastebin post : Salutations Lulz Lizards, As we're aware, the government and whitehat security terrorists across the world continue to dominate and control our Internet ocean. Sitting pretty on cargo bays full of corrupt booty, they think it's acceptable to condition and enslave all vessels in sight. Our Lulz Lizard battle fleet is now declaring immediate and unremitting war on the freedom-snatching moderators of 2011. Welcome to Operation Anti-Security (#AntiSec) - we encourage any vessel, large or small, to open fire on any government or agency that crosses their path. We fully endorse the flaunting of the word "AntiSec" o...

Sony Pictures France hacked by idahc_hacker Idahc the Lebanese hacker did a duet with his French friend Auth3ntiq on Sony Pictures France ( http://www.sonypictures.fr/ ) . In a pastebin post declared again that they are not black hat hackers. Possibly in a ruch but this time they didn’t state that they are gray hat hackers. Using another SQLi, the data breach included the /etc/passwd file dump. According to Hacker, There are 177172 found in database, some of them are posted in pastebin.

Multiple SQL Injection Vulnerabilities on CNN website Exposed Yes ! CNN is also not Secure site, There are Multiple SQL Injection Vulnerabilities on CNN News site exposed by Hacker named " Sec Indi ". CNN.com is among the world's leaders in online news and information delivery. Staffed 24 hours, seven days a week by a dedicated staff in CNN's world headquarters in Atlanta, Georgia, and in bureaus worldwide, CNN.com relies heavily on CNN's global team of almost 4,000 news professionals. CNN.com features the latest multimedia technologies, from live video streaming to audio packages to searchable archives of news features and background information. The site is updated continuously throughout the day. SQL Injection Vulnerable Links : 1.)  http://cgi.money.cnn.com/tools/collegecost/collegecost.jsp?college_id='7966 2.)  http://cgi.money.cnn.com/tools/fortune/compare_2009.jsp?id=11439' Screenshots Submitted By Hacker : SQL Injection Vulnerabili...

Air India unit - Centaur Hotels website insecure - Passports, ID's, credit cards data at Risk Website of Centaur Hotel at IGI airport New Delhi -   http://centaurhotels.com/ used to upload customer data like  passport, pan card, credit card and other forms of personal identification of their guests staying at New Delhi IGI airport property, Data in an hidden indexed directory on the website as shown above. The Centaur Hotels is a unit of the Hotel Corporation of India, which is a wholly owned subsidiary of India's national carrier Air India which in turn is 100% owned by the Government of India. This Security failure is disclosed by Bangalore Aviation. Capt. Samarth Singh claimed the website was under the control of another company for the last year and was handed over him only one week ago. He said " The website has been under the direct control and jurisdiction of S. Naidu Pvt. Ltd. for the last one year. During this period Hybrid Content site credit has ...

Libyan Satellite TV Website Hacked by Ktkoti and Most of Libyan media sites down ! The web site of the Libyan Revolutionary Committees Movement's newspaper Al-Zahaf Al-Akhdar (The Green March) is also offline, as is New Libya TV. A radio station set up and apparently owned by Sayf-al-Islam al-Qaddafi, http://www.allibiya.fm is offline , and the Libyan satellite channel's web site www.allibiya.com has been defaced , and its Facebook page taken over. Allibya.tv another domain for Sayf's media empire is also offline . Sayf-al-Islam's Charity Foundation, which has changed its domain name also at least 3 times and failed to build any audience, the latest listed as being http://www.gicdf.org is also offline, and the Twitter and Facebook accounts of Sayf-al-Islam al-Qaddafi have also been taken over. Many other Libyan web sites are "off air" having been removed either by threats against providers, defections, or various incompetence. All the sites ...

Indishell.net forum Hacked by Pakistan hackers Indian Hackers forum, Indishell.net has been hacked by Pakistani hackers. This is not that orginal Indishell hackers group of India. The domain is somewhere similar to them. Paki Hackers Provide More details here http://pastebin.com/k0XYZQCW .They also dump the  Database http://www.mediafire.com/?fduf6fltqdsv2f0 . Archive password:- pakistan Other mirrors:  http://mirror.sec-t.net/defacements/?id=42923 http://legend-h.org/mirror/180393/indishell.net/

ADAG Group Chairman Anil Ambani 's email under phishing attack Some Unknown hackers attempted a phishing attack in May on Anil Dhirubhai Ambani Group (ADAG) Chairman Anil Ambani's email ID. The hacking case is now being investigated by the cyber crime cell of Mumbai police after ADAG officials registered a complaint. The incident took place on May 8, when Ambani received an email that appeared to have been sent by a journalist of international newswire service Bloomberg. The hacking attempt was revealed when the corporate communication department got in touch with the reporter and he denied sending any such mail.

Pakhackerz.com hacked by Indishell and database dumped Pakistani Hackers Forum at Pakhackerz.com has been hacked by Indian hackers group " Indishell ". Indishell Release a Message on Pastebin  and also dump the whole database of Pakhackerz.com for download . 

Interview with Anonymous ( Anony_ops OR Anon_Central ) Note : The Interview is taken from The Hacker News Magazine June Edition - Total Exposure .You can Download all THN Magazine editions from here . Anonymous is the political movement of change for the 21st century. Anonymous can and certainly will accomplish what many other political and peace movements of the past could not. When corruption, destruction and mayhem strikes from governments or corporations it is the goal of anonymous to awaken that entity and the public that a change must occur. We must understand that the Anonymous who strives for political change and world peace must be free to work without the mistrust and misdeeds of others who tarnish their good work. Anonymous is the gift we have been waiting for. Honest and trustworthy persons working hard on our behalf for the betterment of mankind.The Anonymous ,Need of  21st century, Let’s Talk with Anony_ops ,Now known as Anon_Central on Twitter : THN : Who i...

Sega Pass customer datails hacked, LulzSec wants to Help Sega ! Sega has told gamers that some of their personal information may have been stolen following an attack on its systems. E-mail addresses and dates of birth stored on the Sega Pass database were accessed by hackers. But payment information, such as credit card numbers, remained safe as it was handled elsewhere, Sega said . The hacking group Lulz Security appeared to deny involvement, despite leading a wave of recent cyber attacks. " @Sega - contact us. We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down, " the hacking group posted on its Twitter feed . No hacker group has claimed responsibility for the attack so far. Although, a number of recent attacks on game companies and their online services are credited with LulzSec, its denial of the credit has brought in a twist of events. " We have identified that a subset of SEGA Pass members' ema...

THC-HYDRA v6.4 - Fast network logon cracker  THC-HYDRA is a very fast network logon cracker which support many different services. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD and OSX. Changelog for thc-hydra v6.4 Update SIP module to extract and use external IP addr return from server error to bypass NAT Update SIP module to use SASL lib Update email modules to check clear mode when TLS mode failed Update Oracle Listener module to work with Oracle DB 9.2 Update LDAP module to support Windows 2008 active directory simple auth Fix to the connection adaptation engine which would loose planned attempts Fix make script for CentOS, reported by ya0wei Print error when a service limits connections and few pairs have to be tested Improved Mysql module to only init/clo...

SAMHAIN v2.8.5  - intrusion detection system The samhain open source host-based intrusion detection system (HIDS) provides file integrity checking and logfile monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. It has been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host. The official change log: For the kernel check, the configure script should now detect if /dev/kmem exists but is dysfunctional. Also, a bug in the samhain_kmem kernel module has been fixed. The LogmonMarkSeverity option has been fixed Timeserver response is cached now for one second The Unix entropy gatherer supports /opt/local/bin now A compile time option has been added to disable the expansion of $(shell command) in the configuration file. Also, the signature of a signed ...

HP computers FTP hacked by HexCoder UPDATE : We have verified that this is just a anonymous FTP user access to ftp.hp.com . There is nothing like hack. Pakistani hacker HexCoder may try this to get attention. Anyway the access is available for all with : Host : ftp.hp.com Username : anonymous Password : anonymous Just Now we ( The Hacker News ) got a mail from Pakistani hacker named " HexCoder " . He Claim to hack FTP of HP computers at ftp.hp.com .  Statement about this Hack by Hacker  HexCoder, " I have done this by getting access to FTP successfully.All this by just mere stupidity!Oh and I will not share their database because its too big (9 GB) ". About a month before , ACER hacked because of their own stupidity , and this time HP computers.

ClubHack: CHMag Issue 17th, June 2011 Download Contents of this Issue:- Tech Gyan - Pentesting your own Wireless Network Tool Gyan - Wi-Fi tools Mom's Guide - Wireless Security - Best Practices Legal Gyan - Copyrights and cyber space Matriux Vibhag - Forensics with Matriux Part - 2 Poster of the month - Can you cage a Wi-Fi signanl ? Direct Download

XSS attack on CIA (Central Itelligence Agency) Website by lionaneesh After Ddos attack on CIA (Central Itelligence Agency) website by Lulzsec, lionaneesh , an Indian hacker have found XSS Vulnerability on same site as shown. The Vulnerabile link is here  . You can join Loinaneesh on Twitter . 

LulzSec Leaks 62,000 Email/Passwords of writerspace.com LulzSec Leaks 62,000 Email/Password Combo Internet Goodie Bag. Lulz hasn't said where they got the data, Even they are not sure that, these logins are from which site. They tweet the download link as shown :  http://www.mediafire.com/?9em5xp7r0rd2yod According to  Mikko H. Hypponen ,CRO of F-secure - " The list of 62,000 emails/passwords just released by @LulzSec is probably the user database of writerspace.com. " He also give Reason that " Why writerspace.com? Well, the most common passwords include these: mystery, bookworm, reader, romance, library, booklover and..writerspace.So basically that's why I believe the latest Lulzsec password leak originates from writerspace.com. I'm guessing it's their user database "

Anonymous Hackers hit 50 Malaysian government websites Malaysia has been hit by a wave of attacks after the " Anonymous " hacker group accused the government of Internet censorship. More than 50 government websites were hit and 41 of them were closed The Malaysian Communications and Multimedia Commission (MCMC) said in a statement the attacks on websites with the .gov.my domain started shortly before midnight Wednesday and lasted several hours. Little damage was caused and these were denial of service attacks. Apparently most of the websites have already recovered. Anonymous warned on a website that it would target the government portal www.Malaysia.gov.my on Wednesday. It was still down this morning. It is interesting that it has just woken up to this problem. Malaysia's media operate under strict censorship laws. Until now websites have remained relatively free, due to an official pledge not to censor the Internet in a bit to get foreign cash into the countr...

PayPal vulnerability : Hack any Paypal account within 30 seconds UPDATE :  This has been debunked, Paypal accounts are safe.  http://thenextweb.com  have spoken in depth to Matt Langley, the person who discovered the supposed issue, and it’s clear why he assumed there was a serious security breach but the issue is far less serious than initially thought. Matt Langley explains: “ It seems that the ‘victim’ had opened an account using an email address of mine, with extra characters thrown in, which Gmail ignores and accepts as the same email address, so it was gmail which uncorrupted the email address and sent the emails to me, not Paypal. I had previously reported an account set-up with fraudulent email address to Paypal many times in the past, but only yesterday noticed that the email address was different to mine, in a way which on any other email system in the world would be a different email address. ” OLD : A security vulnerability in PayPal’s ...

This utility provides a Web interface for remote operation c operating system and its service / daemon. Opportunity Description / features: Authorization for cookies Server Information File manager (copy, rename, move, delete, chmod, touch, creating files and folders) View, hexview, editing, downloading, uploading files Working with zip archives (packing, unpacking) + compression tar.gz Console SQL Manager (MySql, PostgreSql) Execute PHP code Working with Strings + hash search online databases Bindport and back-Connect (Perl) Bruteforce FTP, MySQL, PgSQL Search files, search text in files Support for * nix-like and Windows systems Antipoiskovik (check User-Agent, if a search engine then returns 404 error) You can use AJAX Small size. The boxed version is 22.8 Kb Choice of encoding, which employs a shell. Changelog (v2.5.1): Remove comments from the first line . Added option to dump certain columns of tables. the size of large files are now well defin...

LulzSec take down CIA Website The hacker group Lulz Security has claimed it has brought down the public-facing website of the US Central Intelligence Agency. Infamous for a series of high-profile hacks on Sony, Nintendo, the PBS, FBI affiliates, LulzSec claimed on Wednesday its responsibility for hacking the website for the U.S. Central Intelligence Agency. " Tango Down - cia.gov - for the lulz ," the group tweeted at around 6 p.m., June 15 at  http://twitter.com/#!/LulzSec/status/81115804636155906 Over the weekend, a portion of the Senate website was hacked, and the same website was targeted again on Wednesday. LulzSec was unable to access proprietary data due to a firewall, the Senate acknowledged today. The hacker group tweeted an hour ago, "Lulz Security, where the entertainment is always at your expense, whether you realize it or not. Wrecking your infrastructures since 2011." Its Twitter followers have swelled to nearly 160,000. A CIA spokeswom...

Interview with Team Inj3ct0r ( 1337day ) Inj3ct0r provides useful information to people who perform penetration testing, IDS signature development, and exploit research. This project was created to provide information on exploit techniques and to create a useful resource for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only. The project does not belong to the Turkish, American, Russian, Chinese, Ukrainian etc hackers. THN : What is injector Team doing these days , what plans are there about forum and how these things will help beginners ? Inj3ct0r : inj3ct0r is not an institute for beginners.  Forums and all are coming, look out for news alerts. THN : Most of the time we hear that the Injector admin belongs to Pakistan , is it true ? Inj3ct0r : They may be and they may not be from that country.   One of admin says –“ Patriotism is the last refuge of a scoundrel.” ...

Lulzsec Hackers Break Into U.S. Senate Computers The loosely organized hacker group Lulz Security broke into a public portion of the Senate website but did not reach behind a firewall into a more sensitive portion of the network, Martina Bradford, the deputy Senate sergeant at arms.Lulz announced the hack on Monday. Lulz Security, who have hacked into Sony's website and the U.S. Public Broadcasting System, posted online a list of files that appear not to be sensitive but indicate the hackers had been into the Senate's computer network. " We don't like the US government very much, " Lulz Security said at the top of their release. " This is a small, just-for-kicks release of some internal data from Senate.gov - is this an act of war, gentlemen? Problem? " The Senate has been the frequent target of hacking attacks, with tens of thousands thwarted each month, Senate Sergeant at Arms Terrance Gainer told Reuters in early June. Still, the break-in is ...

60 websites defaced by SbZ-GHoST TeaM against Denmark ,USA & Israel SbZ-GHoST TeaM hack almost 60 website with a message on deface page " This Hack iS To DeFend Islam That Has Been Harrased by Denmark and USA and Israel " .  Hacked sites list at  http://pastebin.com/tPDjektH

Video Presentation on Stuxnet by Hungry Beast In June last year, a computer virus called Stuxnet was discovered lurking in the data banks of power plants, traffic control systems and factories around the world. Pandora's box has been opened; on the new battlefield the aggressors are anonymous, the shots are fired without starting wars and the foot soldiers can pull their triggers without leaving their desks. Last week the United States government announced they would retaliate to a cyber-attack with conventional force. The threat is real, and the age in which a computer bug could cost lives has begun.

Turkey police arrests 32 Anonymous hackers for DDOS attack Turkey have detained 32 more suspects that the authorities believe are linked to Anonymous. The Turkish state-run news agency reports that the suspect were taken into custody by police after raids in dozens of cities it’s not clear how the police linked the 32 people to the hacker group. The arrests in Turkey came after the hacker group targeted the Turkish websites of the prime minister’s office and parliament in what the group called a protest against the plans of the Turkish government to place filters on the internet. Anonymous also issued a statement that said, “Regardless of how many times you are told, you refuse to understand. There are no leaders of Anonymous. Anonymous is not based on personal distinction,” the group posted in a statement. “You have not detained three participants of Anonymous. We have no members and we are not a group of any kind. You have, however, detained three civilians expressing themselv...

26,000 Porn websites passwords exposed by LulzSec LulzSec hacking group has published login passwords for almost 26,000 users of an x-rated porn website via there Twitter Account. LulzSec drew particular attention to various government and military email addresses (.mil and .gov) that appeared to have accounts with the porn website . Read More at NakedSecurity

Samurai Web Testing Framework LiveCD The Samurai Web Testing Framework is a LiveCD focused on web application testing. We have collected the top testing tools and pre-installed them to build the perfect environment for testing applications. Download

3 suspected Sony PlayStation Network hackers arrested in Spain Sony has stated that they dont know who the PSN hackers are, but Spanish police seem to think it is a group of local hackers, who the claim to be the Spanish wing of the hacktivist group Anonymous New York Times is reporting that 3 suspects have been arrested by the Spanish police for their alleged involvement in the attack on the Sony PlayStation Network in April. According to the statement, Anonymous is made up of people from various countries organized into cells that share common goals. The activists operate anonymously, but in a coordinated fashion. After analyzing chat logs and Web pages, the police was able to trace the source of the Sony PlayStation online gaming store outage to one of the suspect’s server, which operates out of his apartment in Gijón. If proven guilty, the hackers could face up to three years in jail for forming an illegal association to attack public and corporate Web sites.It is un...

Ani-Shell v1.1 - Back-Connect and Bind-Shell Features by lionaneesh New Features in this version [0x01A] Bind Shell [0x01B] Back Connect [0x01C] Fixed Some Coding errors! [0x01D] Rename Files [0x01E] Encoded Title Download  or Read More

Motorola (Croatia) Website hacked Motorola's Croatia domain   http://motorola.hr  is vulnerable to hackers.  Croatia  officially the Republic of Croatia is a country in Central Europe. The Website is hacked and defaced by various hackers 2-3 times yesterday. First it was defaced by Cocain  Underground hacking team and currently a hacker from Turkey  named " TeRoRisTe_Mc " have his deface page on the site. There is Mirror of hack also at  http://www.zone-h.org/mirror/id/14167870

CitiBank hacked & large number of customer data stolen Security breaches happen, they’re going to continue to happen … the mission of the banking industry is to keep the customer base safe and customers feeling secure about their financial transactions and payments Citigroup said today that hackers breached the bank's network and may have gained access to the personal data of hundreds of thousands of bank card customers. Customer names, account numbers, and contact information, including e-mail addresses, were reportedly accessed during the breach, which was discovered in May during routine monitoring. However, no Social Security numbers, birthdates or security codes were accessed. According to Citibank's website they are the world's largest provider of credit cards, issuing more than 150,000,000 cards globally. Based on these numbers, information for 1,500,000 or more individuals may have been compromised. Citi told the newspaper that the breach affected about...