The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

10 Websites hacked by Xen0n (Bangladesh Cyber Army) Hacked Sites : https://lizzieshotel.com/BCA.html https://ziaresources.com/BCA.html https://www.gianairltd.com/BCA.html https://roydigital.com/BCA.html https://www.apollwnios.gr/BCA.html https://lefemmecafe.com/BCA.html https://uccoss.com/BCA.html https://www.jvp-gracac.hr/BCA.html https://www.newma.net/BCA.html https://mafiamediagroup.com/BCA.html News Source : Xen0n (Bangladesh Cyber Army)

Host-Extract - Host/IP Pattern Extractor Tool ! This little ruby script tries to extract all IP/Host patterns in page response of a given URL and JavaScript/CSS files of that URL. With it, you can quickly identify internal IPs/Hostnames, development IPs/ports, cdn, load balancers, additional attack entries related to your target that are revealed in inline js, css, html comment areas and js/css files. This is unlike web crawler which looks for new links only in anchor tags (<a) or the like. In some cases, host-extract may give you false positives when there are some words like - main-site_ver_10.2.1.3.swf. With -v option, you can ask the tool to output html view-source snippets for each IP/Domain extracted. This will shorten your manual analysis time. Please go to https://host-extract.googlecode.com/ for more info. Download/Update ============== svn co https://host-extract.googlecode.com/svn/trunk/ host-extract Tutorial Wiki ========== Sebastien Damaye from aldeid.com h...

Inbox.com Cross Site Scripting ( XSS ) vulnerability ! Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes. Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in...

Top defense and intelligence officials reiterated their commitment to information-sharing at a Senate hearing Thursday, even as they outlined new safeguards to prevent a repeat of the WikiLeaks breach that has led to the release of thousands of classified military reports and diplomatic cables. The Defense Department, for example, is striving to proceed with needed protections "without reverting to pre-9/11 stovepipes," Chief Information Officer Teresa Takai told the Senate Homeland Security and Governmental Affairs Committee. To stop unauthorized downloading of files to CDs, the department has disabled the "write" function on almost 90 percent of some 220,000 computers with access to the Secret Internet Protocol Router Network, or SIPRNet, she said. The Pentagon is also beefing up information security training while tightening log-in access to SIPRNet machines through the use of "smart cards" in place of unwieldy password systems. At the Office of t...

A former software professional on Saturday was arrested for allegedly hacking the server of a city-based BPO company, where he previously worked, police said. The hacker identified as Shaik Mahammad Ghouse Bhasa allegedly secured unauthorised access to the computer systems of M/s IVOICE Network Private Limited in Hyderabad, which provides BPO services to Singapore-based Networks Pte Ltd for VoIP services and caused Rs6 lakh loss to the BPO firm, they said. He was arrested by the cyber crimes cell of Andhra Pradesh crime investigation department (CID), CID's additional superintendent (cyber crimes) U Ram Mohan said. On a complaint filed by the BPO's managing director Balu Visveswar that their server was hacked and several PINs, which are used for making VoIP calls were created by unknown persons, the cyber crime police station of CID registered a case under relevant sections of Information Technology besides for cheating and took up investigations, he said. During the co...

3 websites Defaced by Team DNA StuXnet ! Hacked Sites : https://www.venemovies.com/ https://somostv.net/ https://www.semillitas.tv/ News Source : ketan singh

PakBugs Defaced by GOD and Whole database available for Download ! Hacked Site :   www.pakbugs.com Database Download : Easy-share.com: https://www.easy-share.com/1914215203/pakbugs.com_db.sql.gz Depositfiles.com: https://depositfiles.com/files/cvrb2xu85 Badongo.com: https://www.badongo.com/file/25197993 News Source : Ketan Singh

Rootyhillmosque.org Hacked by Angel aka 4d0r4b13 ! Hacked site :  https://www.rootyhillmosque.org/

2 websites Hacked by kaMtiEz (INDONESIANCODER TEAM) Hacked Sites : https://www.cbm.sc.gov.br/ina.htm https://www.cb.sc.gov.br/ina.htm

" TeaM DNA StuXnet Shell v1.0 " is ripped copy of " Predator Shell " ! " TeaM DNA StuXnet " have submit us a shell named " TeaM DNA StuXnet Shell v1.0 " to publish as news, They claimed that this is a news and original shell. Shell is created by " Cyb3r Ac3 " . We request  Pakistan Cyber Army (Real PCA is Reality) for some research on a new shell posted by " TeaM DNA StuXnet ". Finally we got whole report that The " TeaM DNA StuXnet Shell v1.0 " is 100% ripped copy of " Predator Shell " Written by " LoFFi & Ls01r " who are said to be some " Russian " freaks.They just find and replace "color=#888888" with "color=#0961d9" .The best part about this shell is " LoFFi & Ls01r " also ripped another shell named " crashblack a.k.a vi0ne " an Indonesian hacker who wrote the shell named " System Shell ". " LoFFi & Ls01r " tran...

We've noticed some highly targeted and apparently politically motivated attacks against our users. We believe activists may have been a specific target. We've also seen attacks against users of another popular social site. All these attacks abuse a publicly-disclosed MHTML vulnerability for which an exploit was publicly posted in January 2011. Users browsing with the Internet Explorer browser are affected. For now, we recommend concerned users and corporations seriously consider deploying Microsoft's temporary Fixit to block this attack until an official patch is available. To help protect users of our services, we have deployed various server-side defenses to make the MHTML vulnerability harder to exploit. That said, these are not tenable long-term solutions, and we can't guarantee them to be 100% reliable or comprehensive. We're working with Microsoft to develop a comprehensive solution for this issue. The abuse of this vulnerability is also interesting because it represents ...