The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Meggit Database Hacked - US Military and Law Enforcement equipment supplier for #Antisec Database of www.meggitttrainingsystems.com a US Military and Law Enforcement equipment supplier has been hacked and exposed by Anonymous ( The Bash Crew ) .  Hackers said " People of the USA your government puts there trust and your money into these people and we got into there database useing a google dork and a simple sql injection.Any ways we hope this will cause many lulz atleast in spamming heads of the corp's and government that choose such a poorly secured site. " vUNL link :  http://www.meggitttrainingsystems.com/main.php?id=119 Hackers Release database on Pastebin :  http://pastebin.com/0r4A9DVR

Mesa Arizona Fraternal Order of Police website hacked, Data exposed ! Anonymous Hackers deface Mesa Arizona Fraternal Order of Police website -  http://mesafop.com/  . This hack is done for Operation Antisec. The Post a message and All data of  Arizona Police on the deface page. Alternate you can see written part on :  http://pastebin.com/RakyZgJE  . Hackers claim to deface following domains : azfop.com, azfop78.com, azfop5.com, tucsonfop.com, mesafop.com,azfop32.com, azfop50.com, azfop44.com, azfop62.com, azfop58.com Hackers expose Credit Card details and Email/Passwords of lots of officers Not only this, They also expose the usernames and passwords for 1200 FOP members in deface page.

SQL Injection Vulnerability in Google Lab Database System Very Big & Critical Vulnerability detected in Google Lab System. Vendor is already reported by hackers, But they don’t take positive step in this case, so finally hackers exposed  the vulnerability in public by  Bangladesh Cyber Army Admin - Shadman Tanjim on their Forum . Google Lab Website has SQL Injection Vulnerability and Dangerous thing is this Vulnerability is Exploitable. Hackers are able to get Tables, columns and data from Database. Google Lab Database has his own customize DB system. But Interesting things is their database system is Similar as Ms Access database. In this case Ms Access SQL Injection System is Also Work on Google Lab Database system. Statement By Hacker : I already contact with Google Corporation but they don’t give positive response, I think this is their big fault,  and will suffer for that. But if they give Positive response t...

MasterCard downed by ISP, not Anonymous hackers Two days before Anonymous declare that MasterCard again down by Ddos attack in support of Wikileaks & Anonymous via twitter . It was shortly after MasterCard went down that someone on Twitter, known as ibomhacktivist, promoted “ MasterCard.com DOWN!!! ”, adding the site was down for messing with WikiLeaks and Anonymous. But in actual, MasterCard.com was offline, and shortly after the outage was noticed by the public, someone on Twitter claimed credit. In a statement, MasterCard blamed the outage on an ISP issue, without discounting that they were attacked upstream. " MasterCard's corporate, public-facing Website experienced intermittent service disruption, due to a telecommunications/Internet Service Provider outage that impacted multiple users. It is important to note that no cardholder data has been impacted and that cardholders can continue to use their cards securely. We are continuing to monitor the situation c...

Indonesian and Australian police launched Cyber Crime Investigation Center Indonesian and Australian police officially launched a joint project called the Cyber Crime Investigation Center. The center was officiated by Indonesian National Police chief Gen. Timur Pradopo and Australian Federal Police chief Comr. Tony Negus at the National Police Headquarters in Jakarta on Thursday. Timur said the center had been planned since six months ago. " Today, we launch the center, which will be equipped with tools needed to carry out cyber crime investigation ," Timur said, adding that its communication technology equipment was being provided by the Australian government." Of course, this [center] will improve our capacity to detect and [investigate cyber] crimes, particularly transnational crimes ," he said. Negus said the center would allow the Indonesian National Police to deal with technology and IT-related crimes. He added that the Australian police force was looki...

OpenSSH 3.5p1 Remote Root Exploit for FreeBSD OpenSSH 3.5p1 Remote Root Exploit for FreeBSD has been shared by kcope on twitter . The Released note is as given below : OpenSSH 3.5p1 Remote Root Exploit for FreeBSD Discovered and Exploited By Kingcope Year 2011 -- The last two days I have been investigating a vulnerability in OpenSSH affecting at least FreeBSD 4.9 and 4.11. These FreeBSD versions run OpenSSH 3.5p1 in the default install. The sshd banner for 4.11-RELEASE is "SSH-1.99-OpenSSH_3.5p1 FreeBSD-20060930". A working Remote Exploit which spawns a root shell remotely and previous to authentication was developed. The bug can be triggered both through ssh version 1 and ssh version 2 using a modified ssh client. During the investigation of the vulnerability it was found that the bug resides in the source code file "auth2-pam-freebsd.c". http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/Attic/auth2-pam-freebsd.c This file does not exist in Fre...

Mobius Forensic Toolkit v0.5.8 Released Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tool Change Log : The Hive (registry viewer) features three new reports:email accounts, TCP/IP interfaces, and computer descriptions. All registry reports can be exported as CSV and the user password report can be exported in a format suitable for John the Ripper as well. Minor improvements were made Installation As root, type: python setup.py install Usage Run mobius_bin.py. Download Here

TDSS rootkit infects 1.5 million US computers Millions of PCs around the world infected by the dangerous TDSS ‘super-malware’ rootkit as part of a campaign to build a giant new botnet. The report is presented by researchers from security firm Kaspersky Lab. TDSS also known as ‘TDL’ and sometimes by its infamous rootkit component, Alureon. It has grown into a multi-faceted malware nexus spinning out ever more complex and dangerous elements as it evolves. Kaspersky Lab researchers were able to penetrate three SQL-based command and control (C&C) servers used to control the activities of the malware’s latest version, TDL-4, where they discovered the IP addresses of 4.5 million IP PCs infected by the malware in 2011 alone. Almost 1.5 million of these were in the US.If active, this number of compromised computers could make it one of the largest botnets in the world, with the US portion alone worth an estimated $250,000 (£155,000) to the underground economy. The researchers noti...

FBI searches LulzSec suspect home in Hamilton, Ohio The investigation into the LulzSec hacking team continues, with news that FBI agents have searched a house in Hamilton, Ohio. FBI investigation believed to have been fuelled by interviews with Ryan Cleary, but did not lead to charges. Federal agents are said to have searched a teenager's home in Jackson Road, Hamilton on Monday 27 June, although no-one was charged after the search warrant was served. Ohio teenager was known within LulzSec as " m_nerva ", who leaked text logs of discussions between the group after they had hacked into the website of an FBI affiliate at the beginning of June. After that, m_nerva's case address was listed by LulzSec as being in Hamilton, Ohio  Last week FBI agents searched the house of a woman in Iowa and questioned her about links with the group. LulzSec said in a statement that it had six members, though it never stated their gender.

Hackers target Al-Qaida Internet communications systems Computer hackers shut down Al-Qaida's ability to communicate its messages to the world through the Internet. Al-Qaida's online communications have been temporarily crippled.The attack was carried out within the past few days by unknown hackers targeting al-Qaida's Internet communications systems. According to Kohlmann," My guess is that it will take them at least several days more to repair the damage and get their network up and functioning again ,". A year ago, Al-Qaida's Internet communications suffered a similar hacker attack. British newspapers reported earlier this month that the the UK government hacked into an al-Qaida website last year and inserted recipes for making cupcakes in place of instructions on how to build bombs. The target was the group's English language magazine, "Inspire," intended for Muslims in the West. The magazine is the product of al-Qaida in the Arabian P...

President Obama release National Strategy for Counter terrorism Today President Obama’s release National Strategy for Counterterrorism, which was presented by John Brennan, Assistant to the President for Homeland Security and Counterterrorism in a speech at SAIS named “ Ensuring al-Qa’ida’s Demise ”.  The strategy articulates the United States’ broad, sustained and integrated campaign against al-Qa’ida, its affiliates and its adherents, consistent with the President’s enduring commitment to protect the American people. Download the 26 pages PDF released

Anonymous Antisec leaks Zimbabwe, Australia and Brazil governments data dumps Anonymous Hackers have published a mass of data including passwords that appears to have been stolen from the governments of Brazil, Zimbabwe, Australia and the Caribbean island Anguilla. One of the files released via Twitter appears to contain usernames and encrypted passwords for different areas of the Zimbabwean government's website. These login details include Gmail accounts, as well as gov.zw email accounts. Anonymous also released a file which appears to contain login details to Brazilian government websites. The rest of the release consists of SQL database files from Australian, Zimbabwean and Anguillan government websites, which appear to contain personal details of various individuals. 1.) Zimbabwean government dumps : Click Here  via Tweet 2.) Password files from various Brazilian Government servers : Click Here via Tweet 3.) Australia governments data dumps : Click H...

Sony Hiring Information Security Engineers After 14 Hacks, Finally Sony open  job recruitment for " Sr Application Security Analyst ". Sony Estimates 171 Million Dollar Loss due to PSN Hack. Also Sony CEO sorry for PSN hack, offers data theft insurance. Social network Facebook has hired a computer hacker who was recently sued by Sony for hacking the online game system PlayStation 3. Facebook did not reveal what 21-year-old George Hotz will do for the firm.  Hotz - also known by the alias "GeoHot" - gained notoriety in 2008 when he developed a software for unlocking the iPhone and allowing it to be used by other networks. He also released instructions on Sony PlayStation 3 that helped owners modify their consoles to run unauthorized applications and pirated games. It's been two months since the personal details of 100 million PSN and SOE users were stolen and Sony is still dealing with the fall-out. From SONY (Taleo): You will act as a S...

Indian shopping website  Groupon  leaks Email/Passwords of 300,000 Users Groupon subsidary – Sosata.com  leak the e-mail addresses and plain-text passwords for 300,000 users and also the sql file is index on Google. SoSasta.com offers its services in 11 cities - Kolkata, Hyderabad, Pune, Ahmedabad, Delhi/NCR, Chandigarh, Jaipur, Nagpur, Mumbai, Chennai and Bengaluru - and has mailed customers stating that they were made aware of a security breach. The email sent to the customers says: " Over this weekend, we've been alerted to a security issue potentially affecting subscribers of Sosasta. We wanted to let you know that the issue has been brought under control and your accounts are secure. However, as a precautionary measure, we recommend that you change your SoSasta password immediately, by visiting the SoSasta website (Sign-In using your existing password, then click on Profile followed by Change Password). If you use the same email/password combination at oth...

Anonymous Hackers target Orlando websites & #OpOrlando Press Release The next target for the hacktivist group known as Anonymous will be the city of Orlando. Anonymous has reportedly shut down the Orlando Chamber of Commerce website. In One Press Release Anonymous Call To Arms In Op Orlando Greetings Everyone -- Well the City of Orlando violated the cease fire with gusto,arresting not only two more FNB volunteers but additionallyarresting Keith McHenry the world wide President of Food Not Bombs.They are still holding Keith, and we are going to tear up Orlandobut good. Below you will find the latest Press Release. Please joinirc.anonops.li #OpOrlando for the assault at 10:00 AM Eastern Time. YOURS --  Commander X PLF Field Commander Last Press Release was : Anonymous Press Release - Operation  Orlando June 27, 2011 The City of  Orlando  has ignored our warnings, and our generous offer of a cease fire. On Wednesday last you not onl...

WWF's Philippine  website hacked Hackers attacked the website of the World Wildlife Fund 's Philippine,They replacing the home page with a YouTube video as shown. Visitors to the WWF Philippines site ( http://www.wwf.org.ph/ ) saw a video and a message that suggested a connection with an attack on the Bureau of Customs website. Message Posted by Hacker " This country is run by mahou shoujo... Powered by: Contract; Puella Magi Madoka Magica Squad ". The " mahou shoujo " was the same anime referred to in the page of a hacker who defaced the Bureau of Customs website earlier this month.

13 Years Jail for Phishing Attack A 27 year old man " Kenneth Joseph Lucas II " from Los Angeles has been sentenced to 13 years in prison for allegedly playing an active role in a phishing attack, aimed at stealing money from consumer bank accounts during the operation “Phish Phry” in 2009. The two year long Operation Phish Phry saw US Federal Bureau of Investigation, the Electronic Crimes Task Force and the US Attorney’s Office working in unison with the Egyptian law enforcement agencies. The US District Court for the Central District of Los Angeles had sentenced Lucas to 11 years in prison late last week. Read More Here

u MasterCard again down by Ddos attack in support of Wikileaks & Anonymous Today ibomhacktivist tweet " MasterCard.com DOWN!!!, thats what you get when you mess with @wikileaks @Anon_Central and the enter community of lulz loving individuals :D " We have check that is  MasterCard.com is really down & YEAH , Its down (  Via  ). The Ddos Attack is in support of Wikileaks & Anonymous by Hackers. This can be the part of Operation Antisec started by Lulzsec and Anonymous Together. It’s irrelevant if the ip's are traceable or not. It will not be possible for any police or court differentiate between the users who voluntered to the task and the ones who had their computer hijacked (with a virus). This is 2nd time MasterCard becomes the target of Anonymous.

774 Websites hacked by ZCOMPANY HACKING CREW (ZHC) Pakistani hackers Group " ZCOMPANY HACKING CREW (ZHC)" Hack 774 more websites. They leave a message on every deface page as shown.  The list of hacked sites , mirrors and Message is posted by them on Pastie at  http://pastie.org/2132590

Double nibble URI decoding XSS Vulnerability on   EC Council website What EC Council is ? They offers certifications in certified ethical hacker ceh, Computer Security, network security, internet security program and computer forensics and penetration testing. Information Security, Ethical Hacking, Computer Forensics, Advanced Penetration Testing, Application Security, Disaster Recovery and other critical Information Security Topics and Security Courses. XSS POC : Link : Click Here Submitted By :  Nulled Byte

2000 Websites defaced by The 077 ( Hamdi HAcKer ) Tunisian HaCker 17 Years old The 077 ( Hamdi HAcKer ) from Tunisia strike again to 2000 websites with mass defacement. List/Mirror of hacked sites are here :  http://www.zone-h.com/archive/notifier=The%20077   (Use proxy to open link, if your are not able to open it directly)

Operations AntiSec : Anonymous takes down Tunisian government site As LulzSec calling it quits, but the hacking via Operations AntiSec continues. Hacker group Anonymous claimed responsibility of taking down Tunisian government's official website moments ago.The seized domain now displays text posted by Anonymous, along with a masked image that signifies the hacker collective as shown. Anonymous said " The internet is the last frontier and we will not let corrupt governments spoil it.We are Anonymous, We are LulzSec, We are People from around the world who are stepping in the name of freedom. " Tunisian government blocks social networking sites Facebook and YouTube. Several other sites filtered which include, porn sites, gay and lesbian sites, dating sites etc.

ThePiratebay removes  50 Days Of Lulz Yesterday Hacker group LulzSec has announced that after 50 days of hacking companies and organizations, it is finally done. The group confirmed its retirement . With this they also Released a Torrent file : http://thepiratebay.org/torrent/6495523/50_Days_of_Lulz Thepiratebay just deleted the lulzsec torrent " 50 days of lulz " , reason theres some virus in it. Check Virus Details here . Thepiratebay does not allow files that are mislabeled, or contain virus/trojan's, or child pornography. Being as how this torrent was extremely popular, it may have infected 100's of thousands of people already. Lulzsec's account on thepiratebay was not banned so they are cleared to upload the same torrent again without the alleged "trojan". @AnonymousIRC said, " We will see to get a clean torrent up ASAP. #AntiSec " . We do have to wonder, what happens now ? Does the Internet go back to normal with websites ...

Toggle.com [ forum & blog ] hacked by   CYB-IMP [ Cyber Impossibilities ] One of the biggest Software download website  Toggle.com with world rank 10,000 got hacked by a new hackers group called CYB-IMP [ Cyber Impossibilities ]  . They Deface   forum.toggle.com and blog.toggle.com  as shown (Mirrors of hack given below) The groups members are : L0ckreader'z the one who done the most of work & other are : masterSELL ; Oldfacce ; PretoriaN. ; Snnuzz  This Hack was done by 16 P.M. Today and this was as a presentation of new group CYB-IMP ,in the deface page there is shown the Albanian flag so they represented themselves as ALBANIANS . Hackers also leak the database and Server Info on Pastie : //// ### FORUM & BLOG TOGGLE.COM OWNED ### \\\\ blog.toggle.com db : define('DB_NAME', 'blogtog_wordpress'); /** Tu nombre de usuario de MySQL */ define('DB_USER', 'blogtog_blogtog'); /** Tu contraseГѓВ±a de MySQL */ defin...

Lulzsec Exposed, Long Live Anonymous ! Lulz war ! Today Hacking group "Lulzsec" completed their 50th day and also announce the retirement of Lulz boat . What are the Reasons behind this ? Lulz Security's rise to prominence has been extraordinarily fast.The hacking group first emerged in May and in the past few weeks has attacked the websites of some of the world's leading corporations and governments. The group specialises in locating websites with poor security and then stealing information from them and posting it online via Twitter account, well They have 278,429 Followers]in 50days. To understand who/what lulzsec is, you need to understand where they came from. Everything originates from the chan (4chan/711chan/etc.) culture. It's a culture built around the anonymity of the internet. If your anonymous no one can find you. No one can hurt you, so your invincable. According to Anonymous " The problem with Lulzsec is that they lack the skills to kee...