The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The bug in Microsoft Word 2002, 2003, 2007 and 2010 was patched Nov. 9 as part of Microsoft's monthly security update. Word 2008 and 2011 for the Mac have also been patched, but Microsoft has not yet issued a fix for the same flaw in the older Word 2004. The circulating attacks affect only Windows versions of the suite, however. According to the Microsoft Malware Protection Center (MMPC), the group that investigates attack code and issues signature updates for the company's antivirus software, the first in-the-wild exploits were detected last week. When Microsoft shipped the Word patch last month, it rated the bug as "1" on its exploitability index, meaning it believed a working attack would pop up within 30 days. The attack uses a malicious RTF (Rich Text Format) file to generate a stack overflow in Word on Windows, said MMPC researcher Rodel Finones. Following a successful exploit, the attack code downloads and runs a Trojan horse on the compromised computer...

With the Federal Bureau of Investigations (FBI) treating successful cyber attacks by "Operation Payback" as criminal offenses, a new level of ambiguity is being introduced into the enforcement of cyber crime laws. The FBI was treating efforts by "Anonymous" and "4chan" as an "unauthorized and knowing transmission of code or commands resulting in intentional damage to a protected computer system," according to a search warrant affidavit published online Thursday. Not all distributed denial of service (DDoS) efforts are a crime. This is especially true when systems within the networks staging the attack are placed there voluntarily by their users, with thousands of willing individuals simply flooding a server by asking it to do what it's designed for: loading pages. Botnets of this nature have been compared to cyber "sit-ins": a computer-age echo of civil rights-era protests. However, a newly discovered software exploit in peer-to-pee...

50 more websites Hacked By Tn-V!Rus and salvana !! Hacked Websites : https://browne-smith.com/x.htm https://alanpretsellphotography.co.uk/x.htm https://trinityinvitations.co.uk/x.htm https://tropicsenergyltd.com/x.htm https://sdinst.com/x.htm https://rodiniaglobalproperty.com/x.htm https://showbizinternational.co.uk/x.htm https://rrlpersonnel.com/x.htm https://saawithconfidence.com/x.htm https://provenancecapital.co.uk/x.htm https://quanto.com/x.htm https://pinacle-education.com/x.htm https://pelicanred.com/x.htm https://pedersenhairandbeauty.co.uk/x.htm https://pennyofficial.co.uk/x.htm https://parties2amaze.co.uk/x.htm https://nvmodels.co.uk/x.htm https://noemaltd.co.uk/x.htm https://no-more-escorts.com/x.htm https://mymoaccessories.com/x.htm https://mig7.net/x.htm https://merrillconsultants.co.uk/x.htm https://miadevelopments.com/x.htm https://meredithonline.co.uk/x.htm https://lpi-global-skills.org.uk/x.htm https://loveyouriphone.co.uk/x.htm https://macgregorwilson.co.uk/x.htm...

315 Websites hacked By Tunisian Hacker - The 077 ( HamDi HaCKer ) Websites Hacked : Full List here -  https://pastebin.ca/2035387

"Hexjector is an open-source, multi-platform PHP script to automate site penetration tests for SQL Injection Vulnerabilities." This is the updated change log: * Error_Check, HexDorker, HexaFind, HexDumper, HexaCurD, Hexdumpfile, Hexoutfile, Hexloader, and WAF_Detector have all been updated. * HexaFind is now multithreaded(Credits tDavid Hopkins for his CURL Class). * HexacURL removed. * Information.php is not used anymore. * Code is refined and organized for better view. * Output Buffering removed. * WAF Bypass Module Added. * HTTP Requests are now available. * POST * Interface of Hexjector is changed thanks tJohnburn, and mods from me. * A nonpersistent XSS is patched in HexDorker. * Codename Added. * RCE Test added. * Troubleshoot section added taid users in solving problems. * A new Manual Updater is added. * News Feeds Retriever. * Patch Retriever. * SQL Injection Type Detection is recoded tbe more precise. * Another Series of SQL Injection Type Detection are ...

Urdumela.com Database owned By KiLLerMiNd ! Login as Admin: Database: Vip Account:

Starting with January 1st, 2011, Indian banks will require an additional security code in order to authorise phone banking transactions, according to regulatory guidelines issued by the Reserve Bank of India (RBI). Known as one-time passwords (OTP), these codes are part of what is known as two-factor authentication systems and provide an extra layer of security. The RBI directive is mandatory for all banks that offer phone banking services, including those based on Interactive Voice Response (IVR) systems. IVR refers to technology which offers customers to perform actions via their phone's keypad and get confirmation through pre-recorded audio messages. As their name implies, OTPs can only be used once, meaning that a new code must be generated for each separate transaction. This can be done by the bank and sent to the customer's mobile phone number or via an electronic device called a hardware token, which is supplied to the client in advance. In both cases the cus...

Sonic.net today announced it has been selected to operate and support the trial fiber-to-the-home network Google is building at Stanford University. This experimental project will test new fiber construction and operation methods, while delivering full gigabit speeds to approximately 850 faculty and staff owned homes on campus. Sonic.net will manage operation of the network, provide customer service and support and perform on-site installation and repair. Sonic.net is Northern California's leading independent Internet service provider. The Stanford trial network is completely separate from the community selection process for Google's Fiber for Communities project, which is still ongoing. Google's ultimate goal is to build a fiber-to-the-home network that reaches at least 50,000 and potentially up to 500,000 people, and it plans to announce its selected community or communities by the end of the year. Sonic.net currently operates California's largest open Internet access network, offer...

In China, a trojan has popped up that uses escalated rights to read out information such as the address book in Android cell phones, and sends the information via the internet to remote servers. As the Lookout blog reports, the contaminant called Geinimi is the most refined method of collecting personal data yet, as it not only acts independently, but can also be remotely controlled by a server. Geinimi hides itself by encrypting the data it needs to run and by using an obfuscator for Java byte code. In addition to the address book, the trojan can also read out the cell phone's position data, device ID (IMEI), SIM card number (IMSI), and a list of the installed apps. It is not yet clear what the developers of Geinimi are ultimately trying to do. Geinimi comes as an add-on for common apps, most of them games sold in third-party app catalogues. According to the Lookout blog, the following applications are affected: Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and...

At the 27th Chaos Communication Congress ( 27C3 ) hacker conference, security researchers demonstrated how open source software on a number of revamped, entry-level cell phones can decrypt and record mobile phone calls in the GSM network. Using a normal laptop and a homemade monitoring device, team leader Karsten Nohl of Berlin's  Security Research Labs  explained that GSM mobile communications can be decrypted in "around 20 seconds." He said his team was able to record and playback entire conversations in plain text. Last year, Nohl and his team showed how they managed to crack the A5/1 encryption algorithm used in GSM, in three months using 40 distributed computers. Since then, he says his team has considerably improved the rainbow tables needed for the attack; the tables are once again available from the BitTorrent peer-to-peer network. Nohl says he has also made a lot of progress with the other hardware and software needed for the attack. Furthermore, the scenar...

It's a scene from an as-yet-unmade thriller: Across a country, tens of thousands of cellphones all blink white at the same, and turn themselves off. Calls are lost, phones are rendered useless, and the affected mobile operator is forced to pay a ransom or lose customers. It hasn't happened yet. But speaking at the Chaos Computer Club Congress here, German researchers showed how vulnerabilities in some the simplest, but most common phones in the world could conceivably lead to just such a scenario. Mobile phone security has been a growing concern due to the increasing popularity of smartphones, whose web-browsing and app-running capabilities allow attacks similar to those made against computers. Yet more than 85 percent of the world's cellphones are feature phones — simple devices with the ability to play MP3s or browse the web, but without the power of the iPhone or Android-based handsets. Vulnerabilities have been found in this type of phone before, but new open sou...