The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

US ,Israel or Russia , Who is Behind Stuxnet ? Initially After Symantec did a little reverse engineering on the now infamous Stuxnet worm, many started pointing the finger at the US and Israel, especially since it was concluded that the piece of malware was designed to target a specific version of the Siemens SCADA programmable logic controls (PLC) operating in certain nuclear facilities from Iran. Ralph Langner told a conference in California that the malicious software was designed to cripple systems that could help build an Iranian bomb.Mr Langner was one of the first researchers to show how Stuxnet could take control of industrial equipment. Dr. Panayotis A. Yannakogeorgos is a cyber defense analyst with the U.S. Air Force Research Institute. He told the Diplomat that the one weak point in the theory that the US and Israel hit the Iranian nuclear problem with Stuxnet is that both sides denied it when they would not have had to. Yannakogeorgos said that the Russians...

Coalition of Law Enforcement Hacked & Agents Information Leaked The Official Website of Coalition of Law Enforcement and Retail Hacked by Exphin1ty, Claiming himself from Anonymous Team. The Database has been hacked using SQL Injection on the website. Passwords, Email ID's, Address & Phone Number of Various Agents leaked by him. The attack resulted in the temporary suspension of the website Hacker Said in a pastebin Note that " The American law enforcement's inhumane treatments of occupiers has caught our attention. You have shown through these actions that you are nothing more than puppets in the hands of your government. We have seen our fellow brothers & sisters being teargassed for exercising their fundamental liberal rights, the exact ones that were bestowed upon them by their Constitution. Due to this and several other reasons we are releasing the entire member database of clearusa.org (The Coalition of Law Enforcement and Retail). An organization wh...

President of Guyana 's Website defaced by Hackers The Official Website of President of Guyana 's Website defaced by some hackers belongs to Group called " The Hackers Army " ."To the ignorant observer Israel may appear modern, vigorous and democratic largely thanks to the outrageous bias in Western media and the $$$ whom have become our leaders...now wake up!!!" The Pakistani hacker also blames the UN for creating out of Israel a country comparable to Nazi Germany. Also earlier The Hackers Army has hacked lots of high profile websites inlcuding ESET antivirus site and many more. The Disaster named hacker from the group is responsible for the Defacements . This is not the first time when Tha Disastar manages to breach the security of a site. Just yesterday he took down one of the websites used by Anonymous to spread their activist messages.

Source Code of Crypo.com Available to Download ! The Source Code of Crypo.com , One of the Famous Free Online Encryption Service is now available to download form a File sharing website . This Script will encrypt your messages using a strong encryption algorithm, and then your information will be secure for sending.  Download Here

Fully Undetectable Backdoor generator for Metasploit Security Labs Experts from Indian launch an automated Anti-Virus and Firewall Bypass Script. Its an Modified and Stable Version in order to work with Backtrack 5 distro. Below you can find the modified version and a simple presentation on how it works: In order to be able to compile the generated payload we must install the following packages ; Mingw32 gcc which you can install by : root@bt:~# apt-get install mingw32-runtime mingw-w64 mingw gcc-mingw32 mingw32-binutils After the installation we must move our shell-script - Vanish.sh - to default Metasploit folder  (/pentest/exploits/framework) and execute it. Recommended Seed Number = 7000 and Number of Encode = 14 . Note:  By default Script Generates Reverse TCP Payload but you can change it some modifications in Script [vanish.sh]. Virus Scan Report of Backdoor shows that its almost undetectable by most of the Antivirus programs. Download Link ...

Russian hackers hit Twitter with automated hashtags tweets Russian hackers have taken aim at Twitter in recent days to hamper communication between opposition activists as outrage against the conduct of last week's general elections grows. The pro-government messages were generated by thousands of Twitter accounts that had little activity beforehand. The hashtag is #триумфальная (Triumfalnaya), the name of the square where many protesters gathered. Maxim Goncharov, a senior threat researcher at Trend Micro, observed that “ if you currently check this hash tag on twitter you’ll see a flood of 5-7 identical tweets from accounts that have been inactive for month and that only had 10-20 tweets before this day. To this point those hacked accounts have already posted 10-20 more tweets in just one hour. ” Brian Krebs, the author of the blog Krebs on Security, noted that the ‘bot accounts he lists them here  appear to follow a single account called @master_boot , as well as following e...

BeEF 0.4.2.12 alpha Browser Exploitation Framework Released The Browser Exploitation Framework (BeEF) is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing. BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors. BeEF provides an easily integratable framework that demonstrates the impact of browser and Cross-site Scripting issues in real-time. Development has focused on creating a modular framework. This has made module development a very quick and simple process. Current modules include metasploit, port sc...

The Mole - Another Automatic SQL Injection exploitation tool The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. Features Support for injections using Mysql, SQL Server, Postgres and Oracle databases. Command line interface. Different commands trigger different actions. Auto-completion for commands, command arguments and database, table and columns names. Support for query filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily. Exploits SQL Injections through GET and POST methods. Developed in python 3. Video Demonstration: 1.)  Installation Guide 2.) Tutorial to Use 3.) Download Mole

Note : This Article is taken from Most Comprehensive and Informative IT Security Magazine by The Hacker News - December Edition [ Download Here ] "Be Social" is the imperative of the last years. We live alternative lives, weave dense networks of relationships; we feel the irrepressible urge to be part of a group, to fill the void that we carry within. But this human propensity to aggregation is now the foundation of the concept of "social network", a community of people, each of them defined “node” by researches, which are united by friendship, kinship, passions, interests, religious beliefs. The whole world is represented by a lattice structure that scientists have long taken to study, to achieve the classification of that human "node", classify its customs, and especially to predict the behavior and through it influence the response of the community a particular event. The philosophy is that of the control. In May Pierluigi Paganini defined the ter...

Six arrested for Million Pounds phishing scam Six people from London and the North West were being questioned by police on Friday in connection with a £1 million phishing scam that drained the bank accounts of hundreds of UK students. That is a lot of beer and book money, and the police said that hundreds of students had been caught out by the scammers. Today the Metropolitan Police said its Police Central e-Crime Unit (PCeU) arrested the suspects yesterday after four months of investigation. On Thursday, the police arrested a 38 year old man in Bolton; a 26 year old man and a 25 year old woman in Manchester; a 25 year old man in Deptford, London; and a 49 year old woman and a 31 year old man in Stratford, London. Police also seized computers and equipment from premises in London, Manchester and Bolton. The police said that on average the scammers, four men and two women, took amounts of money ranging from £1,000 to £5,000 at a time. They have been arrested on suspicion of consp...

" Enter at your own Risk " Cyber Security Awareness Campaign Coming this January , For the First time in Cyber History the Best, The Brightest & the Most Daring Come Together For an Information Extravaganza that will blow your Cyber Mind ! It’s a time for us to offer education that increases online security for everyone. ENTER AT YOUR OWN RISK Cyber Security Awareness Campaign   The Hacker News  & 5 Other Top IT Security Sites are Sponsoring a Special Edition January 2012 Magazine, That Features Articles & Commentaries on Cyber Security From : 1.) The Hacker News 2.)   Security-FAQs 3.)   SecManiac 4.)   Korben 5.)  Security-Shell 6.) SecTechno Our goal is to provide the most up-to-date information on a wide variety of topics that address the tricky and complicated world of hackers and hacking. Cyber security is our Shared Responsibility. Everyone has the potential to make a difference and educate others. You can r...

Hack a webcam and a film camera into a USB microscope Have you ever wanted to inspect or photograph something up close, but could not find amagnifying glass or did not have enough light on your subject? Well read on, because this project will do the job for you at little or no cost called “ My Inspector Gadget ”. Most of you probably have a webcam sitting around somewhere, and after all the high voltage projects you’ve done using disposable cameras, we bet you have some camera lenses too. In a contest entry Butch shows  how to make your very own computer enabled microscope out of stuff that many of you will have lying around your house. What is basically involved is tearing apart a web cam, adding additional lighting and a lens assembly from an old film camera. In is project he shows how to harvest the lens from the film camera and mount it, as well as where he added the LED. You can see in the picture above, his results are pretty good. [ Source ]

Biggest Pakistan News site Dawn.com hacked by LuCkY Indian hacking Group " Indishell " hackers once again hit Pakistani cyber space. This time LuCkY from Indishell team deface the biggest Pakistani News site Dawn.com  ( Alexa Rank : 3540 ). He also post Database Info ie. Database Name - archives_wpress Database Name - archives_user2 Database Password - 'B,!R~T-K^L2)'); Deface page message include the possible hack reason " You Wont get kashmir by hacking sites lol , Kashmir is ours will be".  Hackers on both sides have indulged in sporadic attacks against each other ever since 1998 nuclear tests. The Indishell and PCA warriors hide behind coded named such as 'Zombie' , 'Lucky' and are thought to be young IT professionals.

Charlie Miller is a former hacker who has become an information security consultant now working with Department of Defense (DoD) for helping out with cyber security.  He was invited to the conference on cyber conflict held by the NATO Cooperative Cyber Defense Center of Excellence in Tallinn, where he talked about the vulnerability of information systems.  In a recent video released he talks about the ways he works. He spent five years working for the National Security Agency. Miller demonstrated his hacks publicly on products manufactured by Apple. In 2008 he won a $10,000 cash prize at the hacker conference Pwn2Own in Vancouver Canada for being the first to find a critical bug in the ultrathin MacBook Air. The next year, he won $5,000 for cracking Safari. In 2009 he also demonstrated an SMS processing vulnerability that allowed for complete compromise of the Apple iPhone and denial-of-service attacks on other phones. In 2011 h...

Critical Zero-day Vulnerability in Adobe Reader Researchers at the Lockheed Martin Computer Incident Response Team (CRT) and members of the Defense Security Information Exchange informed Adobe that their products were being exploited by hackers. The exploit affects all versions of Adobe Reader and Adobe Acrobat 9.x and higher, including Adobe Reader X and Adobe Acrobat X (10.1.1) for Windows, Macintosh, and UNIX. “ This U3D memory corruption vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system ,” wrote Adobe in their incident report, explaining that this essentially a memory-corruption and privilege escalation exploit. “ There are reports that the vulnerability is being actively exploited in the wild in limited, targeted attacks against Adobe Reader 9.x on Windows. Adobe Reader X Protected Mode and Acrobat X Protected View mitigations would prevent an exploit of this kind from executing. ” According to a blog po...

XSS (Cross site Scripting )  Vulnerability discovered on Google Code website as shown. Claimed to be Discovered by  Vansh Sharma & Vaibhuv Sharma. Proof Of Concept: Just go to http://code.google.com/apis/ajax/playground/  and then click on edit HTML after that remove all the codes and type this script: < img src="< img src=search"/onerror=alert("XSS")//"> And click on DEBUG CODE , and then first it will show you " Sample must have <head> element " click OK and wait for the window to load if nothing happen then try the same thing again or simply you can click on RUN CODE, and you will get a popup which is XSS. Another Similar XSS posted by  +Pirate , as posted on HackForum Community.

Coca-Cola Norway Hacked by Greek Hacking Scene (GHS) An Impressive cyberattack was executed by a ​​Greek hacker against the official website of the multinational company Coca-Cola in Norway with defacement in internal links of the website. In a demonstration of power, the Greek hacker with the pseudonym «Napsterakos», identified weakness in the company's website-giant Coca-Cola, and defaced on purpose to post his own messages. As SecNews was informed by an anonymous reader giving us details about the incident, the attack was made as the first attack of the operation «Greek Hacking Scene vs Corruption», The hacker «Napsterakos», in a message posted on Pastebin states that "when the future is based on lies, then everyone is corrupt ..." and that "~ We were everywhere we see and hear everything in a future based on lies anyone is corrupted, all must pay, and will do so in one way or another. The words acquire value only through their actions. ~ ' See [ here...

Facebook privacy flaw exposes Mark Zuckerberg private photos A flaw in Facebook has granted prying users access to supposedly private photographs, including those of the website’s chief executive, Mark Zuckerberg. In total 14 pictures of Mr Zuckerberg were posted to image site Imgur under the headline: " It's time to fix those security flaws Facebook ".The bug in the website’s photo reporting tool - which Facebook says was only temporary and has now been fixed - meant that users could access others’ pictures even if they were private. The flaw was first reported on the forums of BodyBuilding.com, presumably because the users of that website like taking photos of themselves and putting them online. The bug exploits the way the offensive photograph reporting tool works. Facebook has been heavily criticised in the last few years for matters of privacy and so there are people who will leap on this story as yet another example of how the company simply doesn’t take its u...

DNS cache poisoning attack on Google, Gmail, YouTube, Yahoo, Apple Hacker with nickname AlpHaNiX deface Google, Gmail, Youtube, Yahoo, Apple etc domains of Democratic Republic of Congo. Hacker use strategy so-called DNS cache poisoning. DNS cache poisoning is a security or data integrity compromise in the Domain Name System (DNS). The compromise occurs when data is introduced into a DNS name server's cache database that did not originate from authoritative DNS sources. It may be a deliberate attempt of a maliciously crafted attack on a name server. Hacked websites are : http://apple.cd/ http://yahoo.cd/ http://gmail.cd/ http://google.cd/ http://youtube.cd/ http://linux.cd/ http://samsung.cd/ http://hotmail.cd/ http://microsoft.cd/ [ Source ]

MySQL.com Once again Compromised using Sql Flaw A hacker with name " D35M0ND142 " claim to hack MySql.com website using Sql Injection Flaws. In September,  Mysql.com was hacked and it was serving BlackHole exploit malware on the site. In a pastebin dump Hacker Exposes various Admin user credentials and Database info. The Compromised Usernames and Passwords are from  Blog site  of MySql. MySql website is pretty embarrassed for not securing its own database’s properly, Even hacker share that " Robin Schumacher is MySQL's Director of Product Management andhas over 20 years of database experience in DB2, MySQL, Oracle, SQLServer and other database engines. Before joining MySQL, Robin wasVice President of Product Management at Embarcadero Technologies. " Besides the hack on MySQL.com, D35M0ND142 also managed to breach the systems of the Urbino University in Italy and the Universal Language & Computer Institute in Nepal and Stream Database.

Android Bloatware , Another Serious Android Privacy Issue Researchers have found that some Android smartphones are more vulnerable to attacks than others, thanks to add-on software and skins that get installed by handset makers before they ship their smartphones to subscribers. It’s not just Carrier IQ that Android users need to be worried about. A team of researchers from North Carolina State University discovered the security vulnerability on eight different smartphones from Google, HTC, Motorola and Samsung. Black hat hacker can exploit these vulnerabilities to record phone calls (see proof of concept video below), wipe out your phone, call or text premium rate numbers, and read your private messages and emails, all without your permission, of course. According to the paper published by the team. " Our results with eight phone images show that among 13 privileged permissions examined so far, 11 were leaked, with individual phones leaking up to eight permissions. By exploi...

Protecting Your BlackBerry Smartphone with Security Wipe The BlackBerry device is a wonderful thing. We load our BlackBerries with various softwares and applications to increase our productivity and customize them with interesting themes and ringtones. We watch movies and play games and track day to day activities. All of these things require passwords and usually involve storing data on our devices that is sensitive in nature. So what if you want to wipe your BlackBerry clean? There are a number of reasons why you might want to wipe out your Blackberry. Perhaps you have switched jobs and need to submit your BlackBerry into your new IT department so they can set it up for their network. You wouldn’t want them to have access to your previous employers data would you? Perhaps you have purchased a new model of BlackBerry and would like to gift your previous model to a friend or sell it on ebay. The same rule applies, you do not want them to see what you were using your Blackberry...

Another United Nations Web Site Hacked, Barack Obama info Leaked ! Hackers of Team Sector 404 have breached the Spanish Web site for the United Nations Refugee Agency ACNUR . Group claims to be working with Anonymous. Hackers was able to breach site with SQL Injection vulnerability . They leaked Barack Obama’s email address, username, password (not in clear text), personal phone number and a login ID as shown. Other individuals whose information was leaked are Dirk Wildt from Die Netzmacher and Schaffstein from a non-profit organization called TYPO3 .Info of Other United Nation members also leaked from database. The team of hackers include  PHANTOM, RAWR, IO93, V, ZD4P50N, SPECTRUS, ANONGUS, FIBO,HACKW32, ADREX,NEKA, JJ, & ESCUADRON SPY PEOPLE Y HACKERSMX219 involve in this Hack as  Sector 404.

Cain & Abel v4.9.43 Released Cain & Abel is a password recovery tool for Microsoft operating systems.It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using dictionary and brute force attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. Change Log : Added SAP R/3 sniffer filter for SAP GUI authentications and SAP DIAG protocol decompression. Added support for Licensing Mode Terminal Server connections to Windows 2008 R2 servers in APR-RDP sniffer filter. Added support for MSCACHEv2 Hashes (used by Vista/Seven/2008) in Dictionary and Brute-Force Attacks. Added MSCACHEv2 Hashes Cryptanalysis via Sorted Rainbow Tables. Added MSCACHEv2 RainbowTables to WinRTGen v2.6.3. MS-CACHE Hashes Dumper now supports MSCACHEv2 hashes extraction from Windows Vista/Seven/2008 machines and offline registry files. Fixed a bug (crash) in Certificate Collector wit...

Biggest Independent Russian Election site Hacked on election day Popular Russian media websites, the major LiveJournal social network and the website of the country’s biggest independent election watchdog, were inaccessible in hacking attacks for several hours on Sunday in what their employees said was an attempt to jam information on parliamentary elections. “ The attack on the website on election day is apparently tied to an attempt to publish information about violations ,” chief editor of the independent-minded Ekho Moskvy radio Aleksei Venediktov wrote in his Twitter blog. Websites of Forbes Russia, Bolshoi Gorod and New Times magazines, Slon.ru news portal, Golos election watchdog and its Kartanarusheniy.ru website that was supposed to map vote fraud were down throughout most of Sunday.These media organizations and the watchdog have pledged to report voting violations from all over Russia live.Independent and opposition media, as well as the LiveJournal social network that ha...

XSS Vulnerability On Twitter Found by 15 Years Old Expert A 15 years old XSS Expert " Belmin Vehabovic(~!White!~) " discovered XSS Vulnerability On Twitter and report us. The Vulnerable link is here . Even He also Discovered XSS Vulnerability in Facebook also as tweeted by him Yesterday  &Facebook is offering him $700 as Bounty.

Invitation for DEF-CON Chennai January Meet 2012 (DC602028) We like to invite all of you for our 4th meet which is going to held on 29th January 2012. DEF-CON Chennai is a registered group of DEF-CON, our group id is DC602028. [ Tickets for the Meet] For General Public : 700 INR For Students: 600 INR To book the tickets mail to dc602028@gmail.com [ Time of the Meet ] On 29th January 2012 From 2 PM to 7 PM Do make sure that your at the venue by 1:45 PM [ Venue of the Meet ] The Venue is going to be at Le Waterina Hotel, a 4 Star Resort. Le Waterina – The Boutique Hotel No 35 Kaveri Nagar (near Bella Ciao) Waterland Drive,Thiruvanmiyur Kottivakkam Beach.Chennai 600041. Refer: http://www.defcontn.com/DC602028/invitation-for-the-january-meet-2012/

THN December Magazine Released ! Who We are at The Hacker News ?  It is hard to re-cap the past year and all the excitement and hard work we have experienced launching an online magazine.  The subject, Hacking, is even more exciting as the technology world awakens to the security issues facing all internet users from government, large corporations and personal users. We have tried very hard to keep the readers informed and up to date regarding security threats and security breaks world wide.  Our daily news aims to give business and personal PC users an understanding of what is happening in computer security developments and what criminal activity is breaching security systems. Mostly, we understand the importance of disseminating information and keeping the internet free of restrictions.  We believe that information and opinion are the foundation of a healthy society and we strive constantly to address the political and social issues facing our new world of ele...

Voodoo Carrier IQ detector application released for Android An Android developer recently discovered a clandestine application called Carrier IQ built into most smartphones that doesn't just track your location; it secretly records your keystrokes, and there's nothing you can do about it. A new Android app to identify whether your smartphone has any Carrier IQ tracking/monitoring software installed on it has been released, the Voodoo Carrier IQ detector , giving users a simple way to put their minds to rest on privacy. The handiwork of Android app developer supercurio, the tool is only a few hours old and only partially finished, with the consequent warning that the results can’t be entirely relied on yet. supercurio has offered up the source code under an open-source license for those who want to help refine the tool, so we’re guessing the rough edges and reliability will be polished off in short order. Download Application Download Source Code

McAfee drafted Five Steps to Avoiding bad apps on Pc & Mobile Malicious applications are one of the most serious threats to smartphone users today. Not only can a dangerous app infect your phone and steal your personal information, it can even spy on you. Read our five easy tips for avoiding bad apps, and keep your device and information safe. An Android developer recently discovered a clandestine application called Carrier IQ built into most smartphones that doesn't just track your location; it secretly records your keystrokes, and there's nothing you can do about it. In this digital age, privacy is more important than ever. Just because you “ don’t have anything to hide ,” does not mean that you shouldn’t value your privacy or fight for it when companies do things like this, especially with something as personal as your cell phone. McAfee has come up with five “ Common sense ” practices that you might not have thought about before, but they actually do make sense fo...

The Spy Files: Wikileaks expose Mobile Phone, Email Hacking capability Wikileaks has released  ( http://spyfiles.org/ ) dozens of new documents highlighting the state of the once covert, but now lucrative private sector global surveillance industry. According to Assange, over 150 private sector organisations in 25 countries have the ability to not only track mobile devices, but also intercept messages and listen to calls also. Site founder Julian Assange has held a press conference, revealing the secrets of the industry.­ The whistleblowing site has published some 287 documents from its huge database, collected from 160 international intelligence contractors. The database includes internal documents of such companies like Gamma corporation in the UK, Ipoque of Germany, Amesys and Vupen in France, VASTech in South Africa, ZTE Corp in China, Phoenexia in the Czech Republic, SS8 and Blue Coat in the US, among others. From the press release: " The Wikileaks Spy Files reveal the de...