The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Data encryption : PrivateSky Secure Information Exchange platform CertiVox today unveiled a breakthrough in information security: PrivateSky Secure Information Exchange (SIX)(TM) platform . The new service provides fast, easy-to-use protection for email, files and other information sent via the cloud, through a unique two-factor authentication process and a sophisticated, certificateless encryption platform. This encryption process is activated by a click of a button from within Outlook, a web browser or via any browser-based application on a PC, Mac, tablet or smartphone. It is a solution where both encryption and decryption are securely completed with no disruption to a user's workflow. PrivateSky SIX platform solves these legal, regulatory and ethical challenges. The platform: Uses Incognito Keys and certificateless encryption technology to provide a secure information exchange between all users. Departs from other products because the user encrypts his or her information ...

Ani-Shell v1.5 (Final) Released Ani-Shell is a simple PHP shell with some unique features like Mass Mailer , A simple Web-Server Fuzzer , a DDoser etc! This shell has immense capabilities and have been written with some coding standards in mind for better editing and customization Features: Shell Mass Mailer DDos Web-Server Fuzzer Uploader Design Login Mass Code Injector (Appender and Overwriter) Encoded Title Back Connect Bind Shell Lock Mode Customisable Tracebacks (email alerts) PHP Evaluate PHP MD5 Cracker Anti-Crawler Mass Deface New in This Version :- Better CSS Intelligent File Manager Auto Rooter PHP Obfuscater Google Dork Creator Zip Downloader (Download any File or Directory from the web-server) Fixed the Memory Exhausted Error in MD5 Cracker login : lionaneesh pass : lionaneesh Download Here

Embassy of Kazakhstan hacked by Anonymous Supporters The official website of Embassy of Kazakhstan in Delhi having SQL injection Vulnerability, and Hacker with codename -  Abs0luti0n has successfully Extract the database tables info and leak it on a pastebin note  including Admin's Username and Password. Hacker said," Lately we have been experimenting on some new large targets which will be unveiled soon. However today while we were cruising around in our lulzmobile,we set sights momentarily on another outdated weak vehicle and with great ease put the pedal to the metal, ran all the lights and flew straight through our accquired target ." SQL Injection is a type of web application security vulnerability in which an attacker is able to submit a database SQL command which is executed by a web application, exposing the back-end database. Attackers utilize this vulnerability by providing specially crafted input data to the SQL interpreter in such a manner that th...

FBI will Monitor Social Media using Crawl Application The Federal Bureau of Investigation is looking for a better way to spy on Facebook and Twitter users. The Bureau is asking companies to build software that can effectively scan social media online for significant words, phrases and behavior so that agents can respond.A paper posted on the FBI website asks for companies to build programs that will map sentiment and wrongdoing. “ The application must be infinitely flexible and have the ability to adapt quickly to changing threats to maintain the strategic and tactical advantage ,” the Request for Information said, “ The purpose of this effort is to meet the outlined objectives…for the enhancement [of] FBI SOIC’s overall situation awareness and improved strategic decision making. ”The tool would be used in “reconnaisance and surveillance missions, National Special Security Events (NSS) planning, NSSE operations, SOIC operations, counter intelligence, terrorism, and more. Although...

Another Malware from Android Market infect Millions of Users Malware might have infected more than 5 million Android mobile devices via deliberately corrupted apps sold in the Android Marketplace, according to security firm Symantec . They reckoned Android.Counterclank, a slight variant of Android.Tonclank . Symantec explains that the malicious code appears in a package called “ apperhand ”, and a service under the same name can been seen running on the infected device when it’s executed. According to Symantec, the Trojan has been identified in 13 different apps in the Android Marketplace. Symantec’s Security Response Team Director, Kevin Haley said:“ They don’t appear to be real publishers. There aren’t rebundled apps, as we’ve seen so many times before. ” Symantec also noted that this slimy piece of malware has the highest distribution of any malware identified so far this year and may actually be the largest malware infection seen by Android users in the operating syst...

Universal Music Portugal database dumped by Hackers Another Latest Tip come in my Inbox today about the leak of Database of Universal Music Portugal 's website. Hacker did not mention his name,or Codename, But he enumerate the Database and Extract it by Hacking the Site. 100's of Tables from Database and Users Data has been leaked via a pastebin File . It includes the Usernames, Passwords and Emails ID's of Users of Site. Immediate after the Hack, The Universal Group taken down the site for maintenance.

Zulu - Zscaler Malware Scanning Service Zscaler has launched a new freE online service called Zulu that can assess the security risk associated with URLs by analyzing the content they point to, as well as the reputation of their corresponding domain names and IP addresses. Zulu allows security savvy users who investigate various web attacks to choose what User-Agent and Referrer headers the scanner will use when accessing a URL. " A unique benefit of this approach is that we can deliver a risk score even when the page content is no longer available ," said Michael Sutton, vice president of security research at Zscaler. " While we can't access the page, we can still assess the URL and host and when they deliver a high risk score despite a lack of page content, one can often conclude the page was indeed malicious but has since been taken down ," he explained. Depending on the type of content a URL points to, Zulu can perform an antivirus scan using the Vir...

CVE-2012-0056 Linux privilege escalation [Video Demonstration] The Linux kernel is prone to a local privilege-escalation vulnerability.Attackers can exploit this issue to gain escalated privileges and execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.Linux kernel 2.6.39 and later versions are affected. The mem_write function in Linux kernel 2.6.39 and other versions, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper . Read More Here . Video Demonstration: You Can Find Exploit Here .

Video Conferencing Systems Vulnerable To Hackers According to a story published earlier this week by the New York Times , A security expert at Rapid 7 found that common videoconferencing equipment could give hackers access to company conference rooms and boardrooms. An investigation led by chief security officer HD Moore with Rapid 7 began when he wrote a program to scan the Internet for videoconferencing systems. HD Moore and Mike Tuchen of Rapid7 discovered that they could remotely infiltrate conference rooms in some of the top venture capital and law firms across the country, as well as pharmaceutical and oil companies and even the boardroom of Goldman Sachs all by simply calling in to unsecured videoconferencing systems that they found by doing a scan of the internet. Moore's scan covered about 3 percent of the addressable internet and found 250,000 systems using the H.323 protocol, a specification for audio and video calls. Moore said he found more than 5,000 organization...

Cross Site Scripting (XSS) Vulnerability in Google Ucha Gobejishvili Hacker with codename " longrifle0x " discovered another Cross Site Scripting (XSS) Vulnerability in Google's Website. He already reported about the Vulnerability to Google Security Experts. Proof of Concept: Open https://www.google.com/a/cpanel/premier/new3?hl=en  and Click Find Domain . Put xss code: <IFRAME SRC="javascript:alert('XSS');"></IFRAME> Another XSS Vulnerabilities Discovered by longrifle0x  http://xssed.com/archive/author=longrifle0x/special=1/

Hcon’s Security Testing Framework (Hcon STF) v0.4 [Fire base] Hcon respects & salutes to all of the freedom fighters of India, without whom we can never be able get our freedom.A tribute to all of the freedom fighters of all the countries we present HconSTF version 0.4 codename ‘ Freedom ’.Hope this year brings freedom for everyone on the internet form different governments & companies which are making the internet users their slaves.For this purpose HconSTF 0.4 has integrated many functions for anonymity and OSINT. Some Highlight Features : Categorized and comprehensive toolset Contains hundreds of  tools and features and script for different tasks like SQLi,XSS,Dorks,OSINT to name a few HconSTF webUI with online tools (same as the Aqua base version of HconSTF) Each and every option is configured for penetration testing and Vulnerability assessments Specially configured and enhanced for gaining easy & solid anonymity Works for web app testing assessments...

Fake CNBC 's Website for Internet Fraud The beauty of the Internet is that you can make a truckload of money out here. Yes, you really could quit your full time job if you work hard.The bad news is most people either don't want to work at it, or they buy into some scam that causes them to waste money they could have used to invest in a real, legitimate venture. Today I got a mail from some random Email ID and with Subject  Wow ! thehackernews.com : My family sees the money I'm bringing in every week and they're simply proud of me. http://tinyurl.com/7lmetym I just Click the link provided in Email body and Here we notice a website with subdomain www.cnbc.com-exclusive.us , which having same mirror look like original CNBC website. In first sight the site seems to be legit because of Domain resemblance. Actually, the top level domain of this fraud site is  com-exclusive.us and Admin create another subdomain in it with name cnbc . Now complete URL look similar to...

Saudi Presidency of Meteorology & Environment Protection Hacked A hacker with name Yourikan (you-r!-k@n) Deface the Website of Saudi's “ Presidency of Meteorology & Environment Protection ”.  Yourikan perform this Hack to give message to Saudi Hacker  0xOmar , Who leaks the thousands of Israeli credit cards few weeks back. [ Source ]

Tor Vulnerable to Remote arbitrary code Execution According to latest post of Gentoo Linux Security Advisory, There are multiple vulnerabilities have been found in TOR , the most severe ofwhich may allow a remote attacker to execute arbitrary code. TOR is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Using this Vulnerability remote attacker could possibly execute arbitrary code or cause a Denial of Service. Furthermore, a remote relay the user is directly connected to may be able to disclose anonymous information about that user or enumerate bridges in the user's connection. Advisory explain that , Affected Vulnerable packages are < 0.2.2.35 . M ultiple vulnerabilities have been discovered in Tor are listed below: * When configured as client or bridge, Tor uses the same TLS certificate chain for all outgoing connections ( CVE-2011-2768) . * When configured as a bridge, Tor relays ca...

This Post reviews the newly released ANTI3 version. We've received a platinum account of ANTI3, before its official release, and this is our review: Recently White-Hat Hacker, Itzhak "Zuk" Avraham , the founder of zImperium unveiled its new app in Blackhat / Defcon19, introducing a new concept where both home users and local IT can have the same tools to, at the push of a button, check for their security faults. The new zImperium product, named Android Network Toolkit (or in short - ANTI), allows professional penetration testers, ethical hackers, IT and home users to scan for security issues in their network. In a few simple clicks ANTI covers the most advanced attack vectors in order to check for vulnerabilities, even those that up until now could only be performed by top-notch penetration testers. This means that while you might think that you’re safe because you have a firewall on, with ANTI you can check and prove it (or add it to your penetration testing repor...

Phishing Google Users with the Help of Google ! How Hackers are phishing Gmail/Google users successfully ?  Christy Philip Mathew, an Information Security Instructor from India shared a perfect trick with us. He just exploit human psychology. Lets see how: He Created a phishing Page of Google and Uploaded to :  http://www.keepbacktrack.net84.net/  . Now How to make this URL legit for Victims ? Simple, Using Google translation Tool. Google translation has got a vulnerability that if an attacker plan out translating a fake gmail login page he would get a perfectly crafted link that can be used for malicious purposes or Phishing. Above Shown Image the example of this Trick. New Phishing  URL is Here  after using Translation tool. This is Art of psychological manipulation using Google to Hack Google Users.

Panasonic China website hacked and Redirected Latest notification by DarkDevilz Crew to THN  , They hack  Panasonic's China websites and Redirect users to a Black color Deface Page as shown. " 3spi0n " named Hacker from team take responsibility to perform this Hack. Hacker compromise the URL :  http://pro2.panasonic.cn/autodoor/ , and add Refresh Meta tag in source code to redirect the page to a new location i.e.  http://www.kutanhosting.com/r3.html  . Mirror of Hack is also available, in case Site fixed before you see this , here : Mirror 1 & Mirror 2

CBS Broadcasting Hacked by Anonymous Hackers for #OpMegaUpload Anonymous Hackers are claiming to Hack the official website of CBS Broadcasting (CBS), major US commercial broadcasting television network, which started as a radio network. Hacker hack the server , entire web directory has been deleted and There is only a Single blank file named " foundry.html " as shown. Even Brazil also Under Anonymous Attack, Today Tangara da Serra city site also defaced by them. Get update about all Anonymous Hacks Here . Stay Tuned to Get More Updates on This Hack !

Brazil Under Anonymous Attack - Tangara da Serra city site defaced ! Anonymous Hackers attacked websites of Brazil's federal district and Tangara da Serra city on Sunday as well as one belonging to a Brazilian singer to protest the forced closure of Megaupload.com. The attacks this week, which they call " #opmegaupload " shut down the websites of the FBI and US Justice Department for several hours to protest the closure of Megaupload.com. Hackers succeed in shutting down the website of popular Brazilian singer Paula Fernandes . They posted the image of a grim-faced joker with a message saying, " If Megaupload is down, you are down too ." It was signed " GhostofThreads ". Anonymous use DDoS attacks tools like so-called Low Orbit Ion Cannon  which is a piece of software that volunteer hacktivists download to their PCs and choose to run, whereby it then starts blasting the target website with traffic. Stats says that , in last 7 days LOIC downlo...

For Protest Against #SOPA 68 Website hacked By Dinelson Dinelson deface 68 Websites for Protest Against SOPA and PIPA. List of all Hacked site is posted here . A protest to a Congressional bill called SOPA caused quite a stir on Wednesday as thousands of websites protested SOPA with blacked-out pages. Megaupload, a hugely popular website for sharing files, was a major SOPA target, because it allegedly disobeys copyright laws and legislation. After the SOPA protest, the Department of Justice issued a release stating that federal officials had taken the site down. Following this announcement, a hacking collective called Anonymous launched several attacks on government and entertainment industry websites, including those for the Justice Department, the Federal Bureau of Investigation and Universal Music. 2 days back SOPA and PIPA were dropped by Congress . Both the House and the Senate on Friday backed away from a pair of controversial anti-piracy bills, tossing...

Third Security breach at Core Security Technologies Possible Security Breach in Website of Core Security Technologies by sncope Hacker. This is 3rd time when sncope hack and Leak the Passwords of Core Security Technologies. The details of Pentest done by  sncope is available on Pastebin . It include the Login details with hashed passwords and IP address of Users as shown below. Last Time Core Security was Hacked in September 2011 by sncope. That time Hacker defaced the Homepage of Site. Update : According to Core Security Technologies Hacker breached an old Server which is not in use from last 8 Years and there is no sensitive or confidential Information stored on it.  Core Security 's Response about above Attack " There is nothing of importance posted here. Core's active servers, websites or networks were not compromised nor did the information recently posted contain information residing on those systems. In fact, the information is from a third-party serve...

Saudi Arabia's King Saud University Database Hacked The Official Website of  King Saud University (KSU) Got hacked by some unknown Hacker.is a public university located in Riyadh, Saudi Arabia. Database of 812 Users hacked from  http://printpress.ksu.edu.sa/  and dumped on Internet by Hacker on a file sharing site  including Mail address list, mobile phones and passwords. Passwords are not encrypted in any hashes. Most of the Students using same Email ID and Password for Facebook and Other Sites. Its not clear weather its Part of Cyberwar b/w of Israel and Saudi Arabia.

DreamHost Hacked - Change Your Passwords Now ! All Dreamhost customers should read this post immediately and change all related passwords (including WordPress ones). Dreamhost said " Last night we detected some unauthorized activity within one of our databases. " They say there's " no evidence that customer passwords were taken ", but they''re pushing out password changes to everyone just to be safe. In addition, you should change any of your other passwords just to be safe that is, if they're at all similar to your DreamHost password.  To edit your password in the panel, please log into the web panel and go to Manage Users . Click edit next to the FTP/shell user on the right and you can change your password there.  This is the second time within week, when hackers targeted to these big websites, Dreamhost don’t give any clue of the hack.

Book Review : Defense against the Black Arts How Hackers Do What They Do and How to Protect against It Ben Rothke  write a review of a   new book on hacking " Defense against the Black Arts: How Hackers Do What They Do and How to Protect against It ". Authors are Jesse Varsalone, Matthew Mcfadden, Michael Schearer and Sean Morrissey. " If there ever was a book that should not be judged by its title, Defense against the Black Arts: How Hackers Do What They Do and How to Protect against It, is that book. Even if one uses the definition in The New Hackers Dictionary of 'a collection of arcane, unpublished, and (by implication) mostly ad-hoc techniques developed for a particular application or systems area', that really does not describe this book. The truth is that hacking is none of the above. If anything, it is a process that is far from mysterious, but rather aether to describe. With that, the book does a good job of providing the reader with the information ne...

Woohooo! After #SopaBlackout , Congress Postpones Action on #SOPA, #PIPA A big hurrah to you!!!!! We’ve won for now SOPA and PIPA were dropped by Congress today. The votes we’ve been scrambling to mobilize against have been cancelled. When the entire Internet gets angry, Congress takes notice. Both the House and the Senate on Friday backed away from a pair of controversial anti-piracy bills, tossing them into limbo and throwing doubt on their future viability. Google Inc. said today it collected more than 7 million signatures from the U.S. for its online petition to Congress during an Internet protest against anti- piracy legislation backed by Hollywood. Visitors to Google, the world’s most popular search engine, were greeted yesterday by a black box covering the company’s familiar icon, and a message that read “ Tell Congress: Please don’t censor the Web! ” The message linked to a page outlining Google’s opposition and an option to join a petition urging Congress to reject the l...

Julian Assange interview on Spy Files “ Give me liberty or give me death ” is a statement made famous by Patrick Henry but could easily have been stated by the new patriot of justice, Julian Assange. Julian Assange is a journalist and activist best known as the founder and public face of WikiLeaks, the Internet based publisher making headlines around the world by releasing secret or suppressed information revealing government and corporate misconduct.Assange and WikiLeaks have, in the words of 60 Minutes “ Rattled the worlds of journalism, diplomacy, and national security. ” In December 2011, WikiLeaks released the documents from a database containing hundreds of documents from contractors in what WikiLeaks calls the “mass surveillance industry.” or " Spy Files ". 1.) According to Spy Files released by WikiLeaks, intelligence agencies, military forces and police authorities "silently... and secretly intercepted calls and had taken over computers without the help ...