The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Phone Hacker Forced to Disclose name, Who Told Him to Hack ! Court tells private investigator he must identify 'News of the World' executives who asked him to intercept voicemails. A private detective jailed for illegally intercepting voice-mail messages on behalf of a journalist at one of Rupert Murdoch's British newspapers has been ordered to reveal who asked him to carry out the phone hacking. Coogan's lawyers believe that the release of the names will demonstrate that there was widespread knowledge and authorisation of phone hacking among the defunct Sunday newspaper's senior figures. John Kelly of law firm Schillings told that Mulcaire, who is suing News International himself after it stopped paying his legal fees, would have to answer their questions in a formal document to be filed at the court before September. " He will now have to identify exactly who at the News of the World asked him to access the mobile phones of the named individuals and who ...

JonDoFox 2.5.3 - Browser Optimized for anonymous and secure web surfing The JonDoFox research team has uncovered a new attack on web browsers: Affected are the web browsers Firefox, Chrome and Safari. By a hidden call over of a URL with HTTP authentication data, third party sites could track a user over several web sites, even if the user blocks all cookies and other tracking procedures. JonDoFox now contains an integrated protection against this attack. Third party sites may now no longer receive HTTP authentication data from the browser. Moreover, the protection against cache and referer tracking has been enhanced. Furthermore, some detail enhancements were added, and JonDoFox is now fully compatible with the new Firefox 6. Users may therefore easily update to the new browser version. JonDoFox is both a profile and an extension for the popular Mozilla Firefox web browser. It protects the user's privacy while surfing the web by removing identifying information from the browser. ...

DarkComet-RAT v4.0 Fix1 Released - Fully Cryptable DarkComet-RAT v4.0 Change log - DarkComet-RAT is now compiled on Delphi XE instead of Delphi 2010. - Synthax highlighter added in remote keylogger. - Multithreading is now more efficient, no more freezing, using a new powerfull and stable methode (still using pure Win32 API both side for it) - Get hard drive information added in file manager - Bot logs in main form had change, it is more efficient / fast and user friendly - Whole system parser is now far stable and faster - No-IP was moded and is now better ;) - All global settings were redisigned in a new form that will contain all necessary stuff for Client side - Flags manager has been ported to the main client settings form - Now you can change the default size Width and Height of the users thumbnails - No more menu in the top of the SIN (Main Window - Users list...) so it is more clear - The [+] button is one of the way to add a new port to listen else go to Socket/...

Danish Government database of 1,000,000 companies private info leaked by #Antisec Anonymous Hackers upload a file on Torrent contain of the snapshot the the Danish Government database of companies. The contents of the database is currently browsable on the cvr.dk website, but the database is not available in bulk unless you purchase a license. The snapshot was obtained during the summer of 2011 by systematically harvesting data from the public parts of the cvr.dk website. The Leak Include : CVRfull.zip : Archive containing xml files with company information, including html from cvr.dk CVRCompact: As above, but without html cvr: CVR-number (8-digit unique id, last digit is a checksum) corporationtype: Integer denoting type of company incorporated: Date of registration dissolved: Date of dissolution, if dissolved industry: Code of the company main areas of business documentcontent: Html of company page from cvr.dk (minus header and footer) The other fields are...

350,000 Epson Korea customers data breached Epson Korea Co., Ltd. said that hackers had breached the personal data of its 350,000 registered customers last week. An official at the South Korean affiliate of Seiko Epson Corp. said the company has reported the case to the communications regulator. It said personal information, including phone numbers, email addresses, names and coded data of customers registered on its website had been compromised. " We are still investigating the case and tracking down the attackers, " said the official, who declined to be named. Late last month, hackers who the state-run Korea Communications Commission alleged were from China attacked the Nate Internet portal and the Cyworld blogging site, both run by SK Comms, accessing the personal information of up to 35 million users in the country's biggest cyber attack so far.

Nepal Telecommunications Authority Hacked by w3bd3f4c3r Hacker with name "w3bd3f4c3r" or "T34mT!g3R" today hack into the Nepal Telecommunications Authority website using SQL injection Vulnerability. The Vulnerability Information and screenshot is posted by hacker on pastebin : The Leaked info include the various database and tables of Nepal Telecommunications Authority website and Administrator password in Hashes as shown below:

Skype zero day HTML/(Javascript) code injection Noptri Public Security Advisory has publised a working skype zero day vulnerability with POC for skype. Skype users need be aware of this vulnerability. Affected Software: Software: Skype <= 5.5.0.113 Affected Platforms: Windows (XP, Vista, 7) Problem Description: Skype suffers from a persistent code injection vulnerability due to a lack of input validation and output sanitization of following profile entries:     [+] home     [+] office     [+] mobile Proof of Concept: The following HTML codes can be used to trigger the described vulnerability: --- SNIP ---     [+] Home Phone Number:     <b>INJECTION HERE</b>     [+] Office Phone Number:     <center><i>INJECTION HERE</i></center>     [+] Mobile Phone Number:     <a href="#">INJECTION HERE</a> Impact: An attacker could for ...

Libya Registry & Telecom websites hacked by Electr0n A Hacker with codename " Electr0n " has deface the two Important websites of Libya. One is Domain Registry website and Other one is Telecom Website . Both sites had same deface page as shown above. You can check cache link here . Its not confirm that  Electr0n is in support of Anonymous or not, But According to Defacement page, the hack is performed for some other reason, rather than operation Libya by Anonymous.

Israel Radio is hacked by  Egyptian hacker Egyptian hacker defaced the website of  Israel Radio  , and Write a message on homepage as shown: Hi to greatest son of the bitches of the world ... This Msg From Egypt " Mother Of The World "We Never Forgot And Never Forgive Any Isrealian Bitch3Z you Started The War Attack Us 0n The borders of Egypt For Nothing Reason .. So You Have Bear Our Attacks Fuck To All Isreal ./3x!t

Idea Cellular Web Portal Hacked, Customers Info may be exposed ! Again a critical SQL Injection Vulnerability has been discovered by zSecure Team in a high profile web portal. This time it's Ideacellular web portal which compromises the entire site database. Any malicious smart black hats can create much more devastating attacks using this critical flaw such as: complete access to various database’s as shown in screen-shots under proof of vulnerability which can later be misused to access various confidential information; complete database dump; possibility of uploading shell (not fully certain) and much more. Target Website :  http://www.ideacellular.com Attack Type : Hidden SQL Injection Vulnerability Database Type :   MySql 5.0.27 Alert Level : Critical Threats : Database Access, Database Dump Credit : zSecure Team     Previous Vulnerability Discolsures:  Dukascopy, Sify, TimesofMoney, Sharekhan Proof of Vulnerability : About the Company Ide...

25 Year old UK Student hacker penetrated Facebook‎ A 25 year old Brit allegedly used "considerable technical expertise" to hack into Facebook's servers. The student, from York, faces five charges, including that he “made, adapted, supplied or offered to supply” a computer program to hack into a Facebook server, Westminster magistrates’ court heard. Mangham, a resident of York, was arrested by the e-Crime Unit of the Metropolitan Police in June this year; and has been charged with five offences under the Computer Misuse Act. Mangham is currently on bail, and like all accused hackers has been prohibited from accessing anything even resembling a computer. " The court feels it will be safer if there was no access to the internet which will reduce the temptation for your son to go on to Facebook ," said Judge Evans. As per Facebook, no personal information had been compromised during the hacks attempted by Mangham. The social network also added that it had been ...

PDD - Packet Dump Decode Released PDD is an open-source program created by Srivats.Packet Dump Decode (pdd) is a simple convenient GUI wrapper around the Wireshark/Ethereal tools to convert packet hexdumps into well formatted xml containing the decoded protocols and protocol contents.You need to have Wireshark installed, because PDD is only a wrapper around Wireshark. Convert hexdumps to - Tree-View (within application) Pcap file and open with Wireshark/Ethereal Text description of packet contents XML description of packet contents Download

Cross Site Scripting Vulnerability at Google Appspot The Google Appspot " ClickDesk " login page is vulnerable to Cross Site Scripting attack. Cross Site scripting attack is a critical issue in web application. When an attacker gets a user's browser to execute his/her XSS code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read (keylogging), modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. The vulnerability can easily be amplified by publicly available tools like Cross Site Scripting framework (XSSF), Cross Site Scripting harvest perl (XSS-Harvest) and so on. Proof of concept: The following proof-of concept sample will do a HTTP POST to trigger the XSS vuln...

Korean HSBC bank hacked TurkGuvenligi (TG) TurkGuvenligi (TG) Hacker Hack and deface the  Korean HSBC bank website. Mirror of Hack is also available here . Same hacker deface the Websites of Free Gary McKinnon Campaign last week.

Biggest ISP in Kuwait Qualitynet Side-Server Database Leaked AnonKuwait claim to hack the Biggest ISP in Kuwait " Qualitynet " and leaked  14MB of data in sql format  server-side database. Penetration of one of Qualitynet servers working for Ministry of Education having a database containing high school graduating students information. The server is moe.qualitynet.net . Hacker have hacked the whole server and extracted an SQL dump. Qualitynet is the biggest internet service provider in Kuwait. It owns a very big network connected to other countries in Middle East. Qualitynet shocked us all in InfoConnect exhibition when it increased the pricing of their services by 70% and it shocked us again by applying the unfair downstream cap policy. Qualitynet is one of the major factors in setting the decision of cap policy which angered people of Kuwait toward these unlawful unacceptable decisions. Qualitynet does not provide the perfect security so we encourage differen...

THC-ipv6 Toolkit – Attacking the IPV6 Protocol A complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library. Please note to get full access to all the available tools you need to develop IPV6 tools yourself or submit patches, tools and feedback to the thc-ipv6 project. Tools Included : parasite6: icmp neighbor solitication/advertisement spoofer, puts you as man-in-the-middle, same as ARP mitm (and parasite) alive6: an effective alive scanng, which will detect all systems listening to this address dnsdict6: parallized dns ipv6 dictionary bruteforcer fake_router6: announce yourself as a router on the network, with the highest priority redir6: redirect traffic to you intelligently (man-in-the-middle) with a clever icmp6 redirect spoofer toobig6: mtu decreaser with the same intelligence as redir6 detect-new-ip6: detect new ip6 devices which join the network, you can run a script to automatically scan t...

BackTrack 5 R1 Released - Penetration Testing Distribution BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. Regardless if you’re making BackTrack your primary operating system, booting from a LiveDVD, or using your favorite thumbdrive, BackTrack has been customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester. Official BackTrack 5 R1 change log: This release contains over 120 bug fixes, 30 new tools and 70 tool updates. The kernel was updated to 2.6.39.4 and includes the relevant injection patches. According to the guys at OffSec, This release is their best one yet! Some pesky issues such as rfkill in VMWare with rtl8187 issues have been fixed, which provides for a much more solid experience with BackTrack.We’ve have Gnome and KDE ISO images for 32 and 64 bit (no arm this release),...

78000 Indian Blogs Hacked by ZHC Each and every blog hosted on  Blog.co.in  has been hacked by ZCOMPANY HACKING CREW. There are around 78000 blogs hosted on this service , Represent Indian blogs Service.  Reason of Hacking By hackers : ZCompany Hacking Crew Observes Black Day with the people of Indian occupied Kashmir on 15th August.  Free Kashmir .. Freedom is our goal..// End the Occupation. . . . List of all the websites that were hacked: http://www.2shared.com/document/pneC3OHn/blogcoin.html Mirror of Hacks available here :  http://mirror.sec-t.net/hacker/?s=1&user=ZCompanyHackingCrew

#OpBart : BART Police database hacked by Anonymous A database belonging to the BART Police Officers Association appears to have been hacked by Anonymous Hackers and the names, postal and email addresses of officers posted online HERE . Some say it was Anonymous, some say it was a n00b mademoiselle wielding a +1 SQL injection. This is the second attack was launched on the San Francisco Bay Area Rapid Transit (BART) yesterday that led to the personal details of 102 police officers being leaked. Anonymous appeared to remove itself from the blame, saying on one of its Twitter feeds that ‘ no one claimed responsibility for the hack ' and that ‘some random Joe joined a channel and released the data to the press'. It said: “ The leak today of BART officer data could be the work sanctioned by those who truly support Anonymous, or agent provocateurs.   People who are against Anonymous know they can do things under the name ‘Anonymous' and never be questioned. This is Anonym...

Vanguard Defense Industries (VDI) Hacked for #Antisec Operation AntiSec is targeting defense contractors again. Continuing their beef with law enforcement, and organizations that offer them support, they have targeted Richard Garcia, the Senior Vice President of Vanguard Defense Industries (VDI) . AntiSec plans to release nearly 4,713 emails and thousands of documents taken during the breach. AntiSec targeted VDI’s website due to their relationship with several law enforcement agencies from Texas and other parts of the U.S., as well as their relationship with the FBI, the DHS, and U.S. Marshals Service. Moreover, with this hack Antisec (in)directly targeted FBI since Richard Garcia is the former Assistant Director in Charge of the FBI’s field office in Los Angeles. To those supporting AntiSec, this alone is reason enough to target VDI and release Garcia’s corporate email to the public. “ Any private corporation supporting US military or law enforcement operations are legitimate...

Samsung hires Android hacker Cyanogen Steve ‘Cyanogen’ Kondik is best known as the creator of the CyanogenMod for Android, an after market customised firmware bringing new features and functionality to the Android platform. There’s no information yet on whether Samsung is interested in CyanogenMod, or more in Kondik himself, but the programmer and hacker has said the move will allow him to use his talents in “ the real world ,” while development of CyanogenMod continues as usual. The Cyanogen firmware caters to more than 40 different Android devices and brings such functionality as native theming, Free Lossless Audio Codec (FLAC), an OpenVPN client, USB tethering, and claims increased performance and reliability over official firmware releases. Kondik has on occasion received input from Google on the development of the platform and as of mid-July it had been downloaded and installed on more than half a million devices. [ source ]

#OpSPCAwake : Operation SPCAwake leaks large number of users data of Spcala.com Anonymous Hackers with name FutureSec hack Spcala.com and mass release of spcala Customer/Supporter/Members Names, Emails, Phone Numbers. Hackers have plan to Mass E-mail/Call as many of supporters as possible. According to FutureSec " They support a sick and twisted agency that only cares about the profit and not true Animal Rights. You are to be as discreet as possible for obvious reasons, use the phone blocking code *67 if calling and use an anonymous e-mail address setup by proxy.So if you've ever had an Animal of ANY kind you truly loved, this mission if for you. ". FutureSec Leak complete database here .

Iframe Vulnerability in Google App Engine ( Appspot ) An Indian Hacker " Ethical Mohit " have found in Iframe Vulnerability in Contact Desk page of Google App Engine (Appspot). #1 Proof of Concept : Click Here #2 Proof of Concept : Click Here Google App Engine lets you run your web applications on Google's infrastructure. App Engine applications are easy to build, easy to maintain, and easy to scale as your traffic and data storage needs grow. With App Engine, there are no servers to maintain: You just upload your application, and it's ready to serve your users.Google App Engine makes it easy to build an application that runs reliably, even under heavy load and with large amounts of data.

Defence.pk Gets Hacked pr0tect0r A.K.A. mrNRG Defence.pk  (An independent defence organization committed to the research and analysis of Pakistan's security and strategic affairs) Hacked by Indian Hacker pr0tect0r A.K.A. mrNRG. Defence.PK, one of the largest and most active Pakistani forum on internet, reportedly got hacked earlier today by an independent Indian hacker.Hacker claims that he has got access to main database of defence.pk and a 2 GB file has been dumped and saved with him. He aims to release the whole dump, that contains user information of some 38,000 members, sometime later. Hacked Link was :  http://www.defence.pk/advanced.html

8 China Website Government Defaced By Bekasi0d0nk (Indonesian Hacker) Bekasi0d0nk an Indonesian Hacker deface and Hack 8 China Government websites. Hacked sites list : http://www.bzcg.gov.cn/66.html http://www.ahgjj.gov.cn/66.html http://sggl.gov.cn/66.html http://www.bzcg.gov.cn/66.html http://www.bzqx.gov.cn/66.html http://qhkj.gov.cn/66.html http://gzdjg.gov.cn/66.html http://www.hbfxb.gov.cn/66.html

Get Ready for Hacker Halted 2011 , Miami 21-27 October Hacker Halted returns to Miami for the 3rd year in a row. Following last year's success, we are expecting this year to be bigger and better. Hacker Halted will feature 4 focus tracks: 1.What’s Hot – Featuring cutting-edge presentations on key topics and aspects of information security, including policies and management issues. 2.Cut the Crap, Show Me The Hack - highly technical track featuring no-nonsense technical security experts who demonstrate the latest hacks, reveal new zero-days, and showcase the most current threats and vulnerabilities. 3.Securing SCADA and Critical Infrastructures - Following the 2010 appearance of the groundbreaking Stuxnet worm, SCADA security has become an issue of growing concern. This track will feature high-level presentations from noted experts in the field. 4.Up in the Clouds – Focused on cloud computing and the security elements surrounding it. Since 2004, Hacker Halted has been held ...

Facebook : ' No more anonymous on Internet ' The sister of Facebook CEO , Randi Zuckerberg  wants to put an end to online anonymity.Fcaebook wants to force people to use their real names on Profiles. Randi Zuckerberg is Facebook's marketing director, believes users would act much more responsibly on the Internet if real names at all times were compulsory. Randi Zuckerberg was speaking during a presentation hosted on Tuesday by Marie Claire magazine on cyberbullying and social media. She said " the use of real names online could help curb bullying and harassment on the web.I think anonymity on the Internet has to go away... People behave a lot better when they have their real names down. ... I think people hide behind anonymity and they feel like they can say whatever they want behind closed doors. " She added, " There's so much more we can do...We're actively tying to work with partners like Common Sense Media and our safety advisory committee. ...

50 More Websites Hacked By PCA (BanneD™ And <=Shak=>) Pakistan Cyber Army once again target 50 more Indian websites . This Time the hacked sites include the most domains from Mumbai. List of Hacked sites and Mirrors are posted by hacker here . Visitor to these sites can see Pakistani Flag on the Homepage. The Reason of this Hack given by hacker as " Big Birthday Gift At The End Of 15 August By All Pakistani Hackerz.. " . Its all about the Cyber war B/w Indian and Pakistan we have from last few years. The Cyber war b/w both countries always suffer websites and Servers of Innocent people. Well Yesterday other Pakistani hackers also deface more than 1000+ Indian Websites. In comparison Indian hackers are Silent yet. May be - The Silence Before the Storm.

SSDownloader : 50 Free Essential Security Tools SSDownloader is an easy-to-use tool which allows you to download up to 50 major security applications in just a few clicks. If you're setting up a new PC, for instance, then normally you might visit the websites of your favourite security vendors, locate the tools you need and download each one individually. Here, though, you just click a tab - Free AntiVirus, say - and check the box next to your preferred program (free solutions from Avast!, AVG, Comodo, Avira, Panda and Microsoft are on offer). Click Download, and SSDownloader will automatically figure out the version you need (XP, Vista/ 7, 32 or 64-bit), and download the necessary setup file for you. Download Here

45 Indian Websites hacked By Shadow008 One more Pakistani Hacker Shadow008 from " Pakistan Cyber Army "defaces 45 Indian Websites as listed here . Today 100's of Indian Government , Education and Corporate websites was also Hacked By ZCompany Hacking Crew.

6542 websites mass defaced by The 077 (Hamdi Hacker) The 077 (Hamdi Hacker)  Tunisian Hacker Hack and Deface 6542 large number of sites as mass hack. List of all Sites and Mirror is available  here . Hamdi is one of the youngest hacker . All Past hacks of Hamdi is here .

Linux Kernel 3.1 RC2 Released Linus Torvalds has announced the release of Linux kernel 3.1 rc2. There isn't too much to see and Linus notes that this is a fairly calm release for coming just one week after the close of the Linux 3.1 kernel merge window.  As LKML is down at the moment, below is the 3.1-rc2 release announcement from Linus: Hey, nice calm first week after the merge window. Good job. Or maybe people are just being lazy, and everybody is on vacation. Whatever. Don't tell me. I'm reasonably happy, I want to stay that way. That said, I would be happy if it calmed down further. 300+ commits for -rc2 is good, but please make me even happier for -rc3 by ONLY sending me real fixes. Think of it as "fairly late in the -rc series", because I really want to compensate for the merge window being fairly chaotic. Linus

30 North Korean hackers steal millions of dollars from online gaming sites North Korea stands accused by its southern rival of operating an elaborate hacking network that allegedly broke into online sites hosted in South Korea and stole prize points worth almost £3.7m ($6m).South Korean police claim $6m was stolen after 30 hackers from the North infiltrated online game servers in Seoul. Whereas North Korea has denied allegations by South Korea that it engaged in a computer hacking scheme to steal millions of dollars from online gaming sites. South Korean police recently arrested five suspects they say were recruited to work in China alongside more than 30 hackers from North Korea. The hackers allegedly broke into gaming sites and stole gaming points worth around $6 million. The North has been accused several times in recent years of mounting cyber attacks on the South. Pyongyang has denied all the allegations.

Kuwait ISP FastTelco Defaced by Anonymous Hackers Anonymous claimed responsibility for the defacement of the Fast Telecommunications company website FastTelco , a major ISP (internet service provider) in Kuwait. The Anonymous hacktivists identify themselves as AnonKuwait , and claim to be fighting corporate greed and fraud as well as government corruption and censorship. On their website AnonKuwait claims FastTelco, in collusion with the government “ Ministry of Communications and Transport Minister ,” have broken agreements and been dishonest about pricing, caps on internet speed, and a draconian government download policy. AnonKuwait managed to hack FastTelco’s Internet portal, defacing the website with the usual type of Anonymous cyber graffiti, and after a pause of several seconds redirecting the visitor to their twitter page: @AnonKuwait.

Matriux Krypton security distribution Released The Matriux is a fully featured security distribution consisting of a bunch of powerful, open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, and much more. It is a distribution designed for security enthusiasts and professionals, although it can be used normally as your default desktop system. With Matriux, you can turn any system into a powerful penetration testing toolkit, without having to install any software into your hardisk. Matriux is designed to run from a Live environment like a CD / DVD or USB stick or it can easily be installed to your hard disk in a few steps. Matriux also includes a set of computer forensics and data recovery tools that can be used for forensic analysis and investigations and data retrieval. Current features Matriu...

#OpBART and #Bart-Action : Anonymous hacks myBART, Leaks BART User Info In reaction to BART’s shutdown of cell phone service Thursday, Anonymous has taken to the Internet and begun #opBART and #opMuBARTek (a reference to the Egyptian president’s shutting down that country’s Internet service during protests) a multi-pronged series of actions designed to protest the Bay Area Rapid Transit’s stifling of free speech. There will be a peaceful Anon-organized protest Monday at BART Civic Center Station at 5pm. Attendees are requested to wear either a red shirt or clothes with fake blood stains, and to bring video cameras. On Sunday afternoon, it defaced myBART.org and leaked a myBART user info database.In a press release accompanying the data leak, Anonymous accused BART police of killing innocent passengers, violating people’s right to protest, and preventing bystanders from using emergency services during the cell phone shutdown. BART has issued a Press Release: Press Releas...

100's of Indian Government, Education and Corporate websites Hacked By ZCompany Hacking Crew One of the Famous Pakistani hackers Group " ZCompany Hacking Crew " Once again Hit Large number of Indian websites and Deface. Hacked Websites and Their Mirrors of Hack are listed Here . These are  Indian Government, Education and Corporate websites. The Hack is done for the event of Indian and Pakistan independence day. Both Countries Hack Cyber war from last few years. Message and Reason of Hack mentioned by Hackers " This message is not for Indian government but common Indian people who dont know what their government hides. For those of your politicians who boast of Kashmir being an integral part of India read your own law books:" Indian Penal Code(Act No. 45 of 1860) CHAPTER-II SEC 18: “India”.- “India” means the territory of India excluding the State of Jammu and Kashmir."The 15th of August is special for you because you got freedom on this day yet you shou...

BlackBerry Enterprise Server vulnerable to malicious image file There are remotely and easily exploitable vulnerabilities in the BlackBerry Enterprise Server that could allow an attacker to gain access to the server by simply sending a malicious image file to a user's BlackBerry device. The vulnerabilities are in several version of BES for Exchange, Lotus Domino and Novell GroupWise, and Research in Motion said that an attacker who is able to exploit one of the bugs might also be able to move from the compromised BES server to other parts of the network. The company has issued a patch for the BES flaws and says that they are at the top of the severity scale in terms of exploitability. The vulnerability in both the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent is related to the way that the components handle PNG and TIFF image files. Exploiting the vulnerabilities can be as easy as sending a malicious PNG or TIFF file to a BlackBerry user. In some scena...