The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Hackers steal Michael Jackson 's entire back catalog from Sony Entertainment giant Sony has confirmed that hackers accessed its systems and compromised Michael Jackson's entire back catalogue, including many unreleased songs. Michael Jackson's entire back catalogue has been stolen by Internet hackers. Sony music suffered its second major security breach in a year, with thieves targeting songs and unreleased material by the superstar singer. It's alleged they downloaded more than 50,000 music files worth $253 million in the biggest ever cyberattack on a music company.The news comes just a year after Sony paid $395 million for the seven-year rights to the songs following Jacko's death. The buy-up came with a stash of unreleased tracks including duets Jacko did with the late Queen singer FreddieMercury and Black Eyed Peas star will.i.am, 36. Sony had been planning to release them on up to 10 albums, which would have netted a fortune. It is thought that the hack occ...

The Mole v0.3  Released : Automatic SQL Injection Exploitation Tool Nasel has just released the new version of The Mole, an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. This release has introduced new features compared with the previous one, among these you can find that The Mole is now able to exploit injections thourgh cookie parameters. A new promising feature is that now you can exploit injections that return binary data, to achieve this the mole uses uses HEAD requests and analyzes the headers received (the size of the binary to download usually differs when the query was successful or not) and does not need to download the full binary data. In this release there has been a major change in the The Mole's architecture, and now allows to easily insert filters in order to bypass IPS/IDS rules or mod...

FOCA PRO 3.1  and MetaShield Protector Released Forensic FOCA New latest version of FOCA announced today, in this case a Forensic FOCA. This tool is specially created for forensic analyst, allowing them to crawl metadata from files and to create a powerful time-line of metadata. This information lets you to reconstruct what happen in a machine just analyzing what documents were created between two dates, or what files where created by one user in a period of time, or what users where working in one single machine at one single day. The tool allows to export all the data, even with the hash of the files, to XML reports, that can be easily integrated in any other reporting system. License of Forensic FOCA is only 20 € per year, and you can buy it on line or test the trial version. More info at: http://www.informatica64.com/ForensicFOCA/ New FOCA PRO with Plugins FOCA got new version of FOCA PRO with plugin support. Right now FOCA PRO comes with a set of plugins to analyze .SVN...

GitHub hacked with Ruby on Rails public key vulnerability Github, the service that many professional programmers use to store their work and collaborate on coding, was hacked over the weekend. A young Russian developer Egor Homakov exploited a gaping vulnerability in GitHub that allowed him (or anyone else with basic hacker know-how) to gain administrator access to projects such as Ruby on Rails, Linux, and millions of others. When Github saw what happened, they suspended Homakov’s account, which created a firestorm of protest. A blog post entitled, Github, You Have Let Us All Down . Github has succumbed to a public key vulnerability in Ruby on Rails allowing a user administrator access to the popular Rails Git. Homakov's actions were relatively simple - he merely uploaded his public key to the repository so Git thought he was an approved administrator of that project. This would not only entitle Homakov to commit files but he could effectively wipe the entire project and its ...

Twitter releases data to Law Enforcements   for criminal inquiry Twitter handed over subscriber information yesterday for one Twitter account indirectly tied to the Occupy Boston protest, ending a court battle fought behind closed doors as Boston law enforcement investigated hacking attacks on the Police Department and a police union. as reported by Boston . According to Twitter spokesman Matt Graves, the company provided the subscriber information for @pOisAnON, an account that is associated with the name of Guido Fawkes. “We provided information on a single user,’’ Graves said in a telephone interview yesterday. Twitter ignored the Suffolk D.A.'s request for secrecy, and forwarded the subpoena to @pOiSAnOn in accordance to Twitter's Guidelines for Law Enforcement . A spokesman for the Suffolk County D.A. told The Boston Herald it was satisfied with the information received this week.“ We are not interested in the information of a large number of people who have used t...

GCC 4.6.3 Released with 70 bug-fixes The GNU Compiler Collection version 4.6.3 has been released. Jakub Jelinek of Red Hat announced the release this morning of GCC 4.6.3. Over GCC 4.6.2 there's over 70 bug-fixes and other work. However, all of the exciting work meanwhile is going into what will become GCC 4.7. The GNU Compiler Collection (GCC) is a compiler system produced by the GNU Project supporting various programming languages. GCC is a key component of the GNU toolchain. As well as being the official compiler of the unfinished GNU operating system, GCC has been adopted as the standard compiler by most other modern Unix-like computer operating systems, including Linux, the BSD family and Mac OS X. GCC 4.7 will offer some performance improvements, new CPU support, language enhancements, mature Intel Sandy/Ivy Bridge support, and initial Intel Haswell support. GCC 4.7 should be officially released in March or April. Read More here

BackTrack 5 R2 Released, New Kernel, New Tools Hacker are your Ready ? Backtrack 5 R2 finally released with bug fixes, upgrades, and the addition of 42 new tools. With the best custom-built 3.2.6 kernel, the best wireless support available at maximum speed. This release have included Metasploit 4.2.0 Community Edition, version 3.0 of the Social Engineer Toolkit, BeEF 0.4.3.2, and many other tool upgrades. Backtrack also added the following new tools to R2: arduino bluelog bt-audit dirb dnschef dpscan easy-creds extundelete findmyhash golismero goofile hashcat-gui hash-identifier hexorbase horst hotpatch joomscan killerbee libhijack magictree nipper-ng patator pipal pyrit reaver rebind rec-studio redfang se-toolkit sqlsus sslyze sucrack thc-ssl-dos tlssled uniscan vega watobo wcex wol-e xspy Along with this, Backtrack added Wiki about Building a Pyrit Cluster, Creating a John the Ripper Cluster, Enabling PAE in BT5 R2 and ...

#THN Monthly ( February ) News Archive,If you miss Something ! # Censorship - Global Concern, THN Magazine March Edition :  http://goo.gl/bktRz # Forget terrorists attacks here are 2012's Most Vulnerable Cities At Risk for Cyber Crime (Idiots) : http://goo.gl/4VYGf # Slum Dog India demands Real time monitoring on Indian Gmail & Yahoo Emails. Do they really have nothing better to do?   http://goo.gl/iYO5H # Iran will probably drop nuclear development cause they think they need to Develop their own security Software, No more foreign Solution, they might suggest banning the Burka too! : http://goo.gl/QVheH # Three Greek Anonymous hackers arrested for defacing Government Sites. They couldn't make the street protest! : http://goo.gl/EyMux # Facebook Hacking - Student jailed for eight months. They ought to jail Facebook for having such a stupid site : http://goo.gl/PwkHt # FAQ : DNSChanger Trojan, Impact and Solutions :   http://goo.gl/IE2Qh # How Hackers ...

Siemens and Canon 's Databases exploited by Team INTRA Recently a hacker known as " JoinSe7en " from Team INTRA claims to have hacked into subdomains of Canon and Siemens. Apparently, the hacker has found and exploited a Blind SQL Injection vulnerability in Canon's website and a Error based SQL Injection in Siemens. He published a full disclosure on both of the databases on pastebin: Siemens : http://pastebin.com/HBL966wh Canon : http://pastebin.com/fbL0s9aS These pastebin notes include the vulnerable links of respective sites and extracted database info with usernames and passwords of Siemens Users & Canon forum, sites user credentials.

Censorship - Global Concern : THN Magazine March Edition It is March Madness at The Hacker News as we release the latest edition of our magazine which gives internet security a thorough look and and a fascinating read. Pierluigi Paganini gives a great interview on the woes of internet security and Mourad Ben Lakhousa provides you with a comprehensive guide on what tools are available to keep your web activity private. Check out Lee Ives opinion piece on the plethora of DDOS attacks and stand firm with our Editor, Patti Galle as we tell the world we won't stand for internet piracy. Laugh with us as we take a hilarious look at recent internet security news and we promise you won't be disappointed in all the articles touching on matters important to us all. Enjoy! RAR Format  |  PDF Format

Sandcat Browser 2.0 Released,  Penetration Testing Oriented Browser Sandcat Browser version 2.0 includes several user interface and experience improvements, an improved extension system, RudraScript support and new extensions. What is Sandcat Browser? The fastest web browser combined with the fastest scripting language packed with features for pen-testers. Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team, the same creators of the Sandcat web application security scanner. The Sandcat Browser is built on top of Chromium, the same engine that powers the Google Chrome browser, and uses the Lua language to provide extensions and scripting support. This first Sandcat Browser release includes the following pen-test oriented features: Live HTTP Headers Request Editor extension Fuzzer extension with multiple modes and support for filters JavaScript Executor extension -- allows you to load and r...

Cyber Criminals took over billion dollar of Brazilian companies PricewaterhouseCoopers has revealed in a report that cyber criminals are now shifting their attacks towards emerging markets, especially those engaging with carbon emission trades which promote low carbon technologies but whose security measures have not yet grown to combat online attacks. In Brazil, 8% of the companies under attack of Cyber Criminals and had losses above $ 1 billion of Brazilian companies. A recent survey by PricewaterhouseCoopers (PwC) finding that over one third of Brazilian companies (32%) was the victim of cybercrime last year. The world average is lower, 23% of companies have been targets of cyber attacks in 2011. More than half of Brazilian executives (51%) explained that one of the biggest problems related to awareness and combat electronic crime is the fact that management of their companies adopted only informally or on an ad hoc solutions and security processes. Cyber criminal...

The Killswitch : They can remotely modify your Window 8 Last year,a Finnish software developer, was cruising Google’s Android Market for smartphone apps last year when he noticed something strange. Dozens of best-selling applications suddenly listed the same wrong publisher. Google uses a little known kill switch, to forcibly removing the malicious code from more than 250,000 infected Android smartphones. It’s a powerful way to stop threats that spread quickly, but it’s also a privacy and security land mine. With the rollout of the Windows 8 operating system expected later this year, millions of desktop and laptop PCs will get kill switches for the first time. Microsoft has confirmed that they have remote kill switch installed in to Windows 8 apps. using this access, they can disable and even remove an app entirely from a user’s device. This piece of information was released along with other details of the upcoming Windows Store for Windows 8. Anyone worried about Microso...

Interpol  #TangoDown , Suspected 25 Anonymous arrested Interpol’s Web site (www.interpol.int) went down Tuesday just hours after the international police agency announced the arrest of 25 suspected members of the hacking collective Anonymous in Argentina, Chile, Colombia and Spain. The authorities in Argentina, Chile, Colombia and Spain carried out the arrests and seized 250 items of IT equipment and mobile phones, Interpol says.Those arrested are aged between 17 and 40. A National Police statement said two servers used by the group in Bulgaria and the Czech Republic had been blocked.It said the four included the alleged manager of Anonymous' computer operations in Spain and Latin America, who was identified only by his initials and the aliases " Thunder " and " Pacotron ". Authorities in Europe, North America and elsewhere have made dozens of arrests, and Anonymous has increasingly attacked law enforcement, military and intelligence-linked targets in retal...

$60000 for Exploiting Google Chrome, Hackers at Pwnium  work... Google has offered prizes, totalling $1 million, to those who successfully hack the Google Chrome browser at the Pwn2Own hacker contest taking place next week i.e 7 March 2012. Chrome is the only browser in the contest's six year history to not be exploited like at all.  Therefore Google will hand out prizes of $60,000, $40,000, and $20,000 for contestants able to remotely commandeer a fully-patched browser running on Windows 7. Finding a "Full Chrome Exploit," obtaining user account persistence using only bugs in the browser itself will net the $60k prize. Using webkits, flash, or a driver-based exploit can only earn the lesser amounts. Prizes will be awarded on a first-come-first-serve basis, until the entire $1 million has been claimed. “ While we’re proud of Chrome’s leading track record in past competitions, the fact is that not receiving exploits means that it’s harder to learn and imp...

Secunia PSI 3.0 : Automatic Patching Of Insecure Applications Secunia Personal Software Inspector (PSI) is a free program that scans the system for programs that are installed in an outdated version.The developers have just released the first beta version of Secunia PSI 3.0 for Windows. A new version of the Personal Software Inspector (PSI) tool from vulnerability management firm Secunia automates the updating of third-party programs that don’t already have auto-updaters built-in. When you start the program for the first time after installation, you are asked to run a scan on the system. Secunia compares the list of installed software with the latest versions stored in their database. A list of outdated programs are then displayed in the program interface. Though most software vendors release patches, its tedious for users to find these updates and download them, where Secunia inspector tool identifies vulnerable programs and plug-ins in your Computer, download and installs all t...

Irongeek 's Shared hosting MD5 Change Detection Script Adrian Crenshaw aka  Irongeek  just release another great tool for web admins that will monitor the files on a website, and report any changed via email. Actually " irongeek.com " was hacked few days back which is hosted on a shared hosting. There is an awesome article posted by him on his blog " How I Got Pwned: Lessons in Ghetto Incident Response ". I think after that  Adrian decide to make a handy tool/script to help web admins so that they can easily monitoring there files on a shared server. This simple shell Script user can run on a shared server. Let suppose once hackers get into your website either by exploiting known vulnerabilities in any of the installed programs OR by getting FTP access to your server, the first thing they usually do is to plant backdoor scripts to log them in again at a later date. They need some executable script on the server to gain access to MySQL passwords, installatio...

r00tw0rm leak United Nations Environment Programme database r00tw0rm group of Hackers hack and leak the complete 82.8 MB database from The united nations environment programme ( UNEP ), which is the voice for the environment in the united nations system. Via a tweet, r00tw0rm shout ," United nations environment programme http://pastebin.com/pXXNv2rH @inj3ct0r @AntiSecOp @sanjar_satsura @Oblivi0u5 @AnonymousIRC @OpCensorThis_ " Hackers leaks data on various file hosting sites such as rapidshare . According to leak, 5 databases and 100's of tables with admin logins and users data.  The united nations environment programme ( UNEP ) website is currently down while writing this post. Other Hacks by r00tw0rm can be seen here .

Occupy Obama’s Google+ ,Chinese Internet Users Flood G+ Page Many Chinese have taken up a call to “ Occupy Obama’s Google+ ” over the weekend in the style of Occupy Wall Street in order to feel “close” to the popular world leader as well as air some of their views. Hundreds of Chinese have flooded US President Barack Obama's Google+ page, apparently taking advantage of a glitch in China's censorship system to post about human rights and green cards. At first glance, it looks like the official Google+ page is being spammed, but taking a look at some of the comments left in English, you’ll realise that it’s Chinese citizens who have taken to the social network to decry their government’s appalling human rights track record. Some netizens urged Obama to help free activists such as blind lawyer Chen Guangcheng, who is currently under house arrest, or Liu Xiaobo, the jailed Nobel Peace Prize winner. Some comments left by the Chinese called for free speech and human rights. Other...

Ascend D quad : World's fastest Android by Huawei Huawei has introduced what it calls the world's fastest quad-core smartphone, the Huawei Ascend D quad. Powered by Huawei's K3V2 quad-core 1.2GHz/1.5GHz processor the beast comes with Android 4.0. In an aggressive presentation at the Mobile World Congress Show in Barcelona, Huawei repeatedly compared its new product to Samsung’s Galaxy Nexus and Apple’s latest iPhone. Huawei also unveiled the Ascend D quad XL and Ascend D1. Both devices include 32-bit true color graphic processors, an 8-megapixel rear-facing camera with 1080p full HD video capture and a 1.3-megapixel front-facing camera with 720p video capture. The phone also has Dolby 5.1 Surround Sound and Audience earSmart voice technology and an 8-megapixel BSI rear-facing camera, 1.3 megapixel front-facing camera, and 1080p full HD video-capture and playback capabilities. Ascend D Quad is much faster, too- 20 percent to 30 percent faster, in fact, than one running...

WikiLeaks suspect Bradley Manning nominated for Nobel Peace Prize 2012 A spokesman for the Nobel Peace Prize jury says 231 nominations have been submitted for this year's award, with publicly disclosed candidates including WikiLeaks whistle-blower Bradley Manning may be among the hundreds of nominees for the 2012 Nobel Peace Prize, rights activists say. Bradley Manning, a 23-year-old Army intelligence analyst, is accused of leaking a video showing the killing of civilians, including two Reuters journalists, by a US Apache helicopter crew in Iraq. He is also charged with sharing the documents known as the Afghan War Diary, the Iraq War Logs, and embarrassing US diplomatic cables, with the anti-secrecy website WikiLeaks. The video and documents have illuminated such issues as the true number and cause of civilian casualties in Iraq, human rights abuses by U.S.-funded contractors and foreign militaries, and the role that spying and bribes play in international diplomacy. Among th...

#WikiLeaks publishes millions of Hacked Stratfor E-mails #gifiles WikiLeaks today began publishing more than five million confidential e-mails from US-based Intelligence firm Stratfor.  About 5.5m emails obtained from the servers of Stratfor, a US-based intelligence gathering firm with about 300,000 subscribers and has been likened to a shadow CIA. The emails, snatched by hackers, could unmask sensitive sources and throw light on the murky world of intelligence-gathering by the company known as Stratfor, which counts Fortune 500 companies among its subscribers. Stratfor in a statement shortly after midnight said the release of its stolen emails was an attempt to silence and intimidate it. The Online organisation claims to have proof of the firm's confidential links to large corporations, such as Bhopal's Dow Chemical Co and Lockheed Martin and government agencies, including the US Department of Homeland Security, the US Marines and the US Defense Intelligence Agency....

Internet censorship in Pakistan , National Filtering and Blocking System A Pakistan government department has called for proposals for the development, deployment and operation of a national level URL Filtering and Blocking System. The proposal request states that each box of the system “ should be able to handle a block list of up to 50 million URLs with a processing delay of not more than 1 millisecond. ” According to a request for proposals from the National ICT (Information and Communications and Technologies) R&D Fund, the Pakistani government is struggling to keep a lid on growing Internet and Web use and is looking for a way to filter out undesirable Web sites. The 'indigenous' filtering system would be 'deployed at IP backbones in major cities, i.e., Karachi, Lahore and Islamabad,' the RFP . According to a post on EEF , Ever since the Pakistan Telecommunication Act, passed in 1996, enacted a prohibition on people from transmitting messages that are “ fals...

Hackers leak objectionable  Photos from LA cops inbox CabinCrew group of Hackers, that claims to have found, and reported, objectionable photos of children in an officer's private e-mail account, anonymously posted hacked police data to a website. More than 100 local law enforcement officers had their private information pilfered and published on a public website prompting a response from the FBI " Over the past three weeks, we in the cabin have been targeting law enforcement sites across the United States, be it for injustices they have allowed through ignorance or naivety, taken part in, or to point out the fact that their insecurity failed to protect the safety of those they took an oath to serve, " the hacker statement on the Pastebin site said. The hackers posted officers' property records, campaign contributions, biographical information and, in a few cases, the names of family members, including children. Authorities said the current intrusion is different ...

Facebook app spreading Android Malwares Even though Google recently introduced a malware-blocking system called Bouncer to keep the Android Market safe from malicious software, crafty spammers and fraudsters are still managing to find ways around the restrictions to get their software onto users’ phones. Security firm, Sophos have reported that there is malware going around via the Facebook application. The malicious software disguises itself as an Android app named “any_name.apk” or “allnew.apk” and is sent to Android phones via Facebook’s mobile app.  An Android user may receive a Facebook friend request and if the user goes to the requester’s profile to check them out, they could be diverted to another web page instead, where the malicious app will be automatically downloaded. Although Android doesn’t by default allow apps to be automatically downloaded, some users choose to turn off this protection in order to have access to apps distributed outside of the Android Market. ...

Millions of pcAnywhere users still Vulnerable to hijacking 3 weeks before we reported that Symantec releases patch to address pcAnywhere source code exposure, because attackers had obtained the remote access software's source code. But According to H.D. Moore, chief security officer at Rapid7, estimated 150,000 to 200,000 PCs are running an as-yet-unpatched copy of the Symantec software. While Symantec said it had patched all the known vulnerabilities in pcAnywhere. Symantec has released new information and a patch to address the recent code exposure incident. According to Computerworld report, PCs connected to the Internet, including as many as 5,000 running point-of-sale programs that collect consumer credit card data, could be hijacked by hackers exploiting bugs in the troubled program. Symantec released a patch that eliminates known vulnerabilities affecting pcAnywhere 12.0 and pcAnywhere 12.1.At this time, Symantec recommends that all customers upgrade to pcAnywh...

Zero-day Smartphone Vulnerability exposes location and User Data Smartphones are increasingly becoming the preferred device for both personal and professional computing, which has also attracted hackers to increase their focus on creating malware and other security vulnerabilities for these devices. A former McAfee researcher " Dmitri Alperovitch " has used a previously unknown hole in smartphone browsers to plant China-based malware that can record calls, pinpoint locations and access user texts and emails. He conducted the experiment on a phone running Android operating system, although he saysApple Inc.'s iPhones are equally vulnerable. Android is particularly vulnerable because it has become the main operating system for mobile devices. Today most smartphones are android-based therefore there is a huge dividend for hackers to write Android-targeted malware compared to other operating systems. Alperovitch, who has consulted with the U.S. intelligence community, is...

Another #FuckFBIFriday , Anonymous hack FBI partner Infragard As Anonymous has promised that it will attack government, corporate and law enforcement web sites every Friday, So Anonymous has attacked the FBI affiliate Infragard for the second time, this time taking over and defacing the web site of its Dayton, Ohio chapter. Hackers give message " Greetings Pirates! Another #FuckFBIFriday is here and once again we emerge from the hacker underground to wreak havoc upon the 1%'s institutions of repression " . InfraGard is a private non-profit organization serving as a public-private partnership between the U.S. businesses and the FBI. However, Anonymous has its own definition - " the sinister alliance between law enforcement, corporations, and white hat wannabees, " the group wrote in a note it posted onto the homepage of InfraGard Dayton, Ohio. Mirror link of hack is here .

Spain Police under Anonymous attacks after another Arrests in Spain Anonymous attacks Official Site of the National Police ( http://policia.es/ ) after the arrests of suspected Anonymous hacktivists . The Spanish branch of the group has reported that six hacktivists have been arrested in Spain over the past few days. The police did not confirm the identity of the suspects, but claimed the force's technological investigation brigade is conducting a large operation. Anonymous Tweet : " @AnonOps 6 #Anonymous were caught by the police in spain. They're talking about a big anti-hack operation" We know. Expect uspolicia.es DOWN | #Anonymous #Spain " . Last week, Following the arrest of three young Anonymous hackers in Greece, the collective carried out a second assault on the ministry of justice's website, defacing its homepage. Last June Anonymous launched #OpPolicia, a successful DDoS attack against the Spanish National Police website. The attack was a direc...

Metasploit Framework 4.2.0 : IPv6, VMware, and Tons of Modules! Since last release in October, Metasploit added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads.  Metasploit 4.2 now ships with thirteen brand new payloads, all added to support opening command sessions and shells on IPv6 networks. In addition, Metasploit’s existing arsenal of payloads has been updated to support IPv6 as well. With this release comes a pile of new modules targeting VMware vSphere/ESX SOAP interface, as well as a pair of new brute force modules to audit password strength for both vmauthd and Virtual Web Services. Metasploit 4.2 now ships with fourteen new resource scripts, nearly all of which were provided by open source community contributors. These scripts demonstrate the power of Metasploit’s extensible architecture, allowing programmatic Metasploit module usage through the powerful Ruby scripting language. Download Metasploit Framework 4.2....