The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

#RefRef - Denial of Service ( DDoS ) Tool Developed by Anonymous Anonymous is developing a new DDoS tool which is said to exploit SQL vulnerabilities to support the group's future campaigns. So far, what they have is something that is platform neutral, leveraging JavaScript and vulnerabilities within SQL to create a devastating impact on the targeted website. Previously, Low Orbit Ion Canon (LOIC) was the go to weapon for Anonymous supporters during various Operations .However, LOIC is also the reason scores of people have been arrested in the last year, so many feel its time is at an end. According to Developer " RefRef is a revolutionary DoS java site. Basically, by using an SQL and .js vulnerability, you can send a page request packet from your home computer with embedded .js file, because of the vulnerability in the SQL/Javascript engine on MOST websites, the site actually TEMPs the .js file on its own server. So now the .js is in place on the host of the site. Next s...

Department of Homeland Security (DHS) Emails leaked by #Antisec Anonymous One of the Anonymous - @AnonWorldUnite today leaked the DHS emails on internet. He tweeted “ A Wild Leak Has Appeared! : http://wp.me/p1JyTn-f #AntiSec #AnonOps #Leak #LulzSec #Anonymous http://wp.me/p1JyTn-f ” The link given in the Twitter post is a link to a WordPress blog . The blog post said : You Asked – And You Shall Recieve #DHS Emails – *all emails and files were obtained legally. - http://www.mediafire.com/?zidv26ppown4u0s <3″ The article shows a Mediafire link download link with a PDF file ogc ap redacted foia process 301 350.pdf (8.04 MB) , in which the e-mails are capsuled in. UPDATE: As Anonymous Said that, They got this File in Legal Way, We try to find out and Get that this PDF is available on the DHS site at  http://www.dhs.gov/xlibrary/assets/foia/ogc_ap_redacted_foia_process_301-350.pdf  and  http://www.dhs.gov/xlibrary/assets/foia/ogc_ap_redacted_foia_p...

Nicolas Sarkozy 's official Elysee Palace website Hacked for ' Get Him Out ' Game Hackers have attacked Nicolas Sarkozy's official Elysee Palace website to create a game video game called ' Get Him Out '. Under the formal banner introducing the site, a cartoon image of the French president was pictured on a go-kart heading towards the gates of the palace. For each click on a Facebook 'like' button beside the game, the French leader moved one step closer out into the street. The instructions to the game read: " The more you click, the faster we can get little Nicolas out! ". The Elysee palace confirmed a hacking attack had taken place on Tuesday night, but that the 'problem' had been fixed by 7am on Wednesday. A spokesman added: " The hackers took advantage of an old software system to temporarily re-route the welcome page. " [ Source ]

South Korean social network hacked, 35 million users Data at risk 35 million users Personal information of a South Korean social network site may have been exposed. Local authorities were quick to blame hack attacks against the Cyworld social networking website and the Nate web portal – both of which are run by SK Telecom – on Chinese hackers. Names, phone numbers, email addresses, and other details may have been exposed through the Cyworld hack, which follows previous attacks against South Korean government sites and financial service firms. North Korea has been implicated in some of these hacks. South Korean police are reportedly investigating the cyberattack against Cyworld – a social network with a SIMS-like environment featuring avatars and virtual apartments – and Nate, which offers webmail. Mark Darvill, director at security appliance firm AEP Networks, commented: " By any standard this is a massive attack and one of many in recent months where the finger...

SQueRT 0.9.0 - New version released CHANGELOG: * tabbed interface * date ribbon * CSS/JS fixes and cleanup * Bunch of new stuff Download SQueRT 0.9.0

Window AutoPwn (WINAUTOPWN) - Auto Hacking/shell Gaining Tool Autohack your targets with least possible interaction. winAUTOPWN Features : - Above 500 vulnerability exploits for softwares applications. - Custom-compiled executables of famous and effective exploits alongwith a few original exploits. - Exploits available in the form of PE-exe, ELF, php, perl, python. - A smart multi-threaded PortScanner. - A exploit loading framework to test effectiveness of IDS/IPS winAUTOPWN is a set of exploits wich are publicly available. The source of these exploits is modified only when required to enable a missing feature or to remove hard-coded limitations. winAUTOPWN would otherwise maintain the original exploit writer's source code intact just as it was and uses it. winAUTOPWN preserves the exploit writer's credits and originality in the source, keeps the Names, Website/Blogs, emails, other contact details intact. Binaries of perl, php, python and cygwin DLLs (included) ...

ICQ vulnerable to account theft using JavaScripts In security advisories for ICQ ( http://noptrix.net/advisories/icq_cli_xss.txt )and the ICQ web site ( http://noptrix.net/advisories/icq_web_xss.txt ), security researcher Levent Kayan warns that both the ICQ instant messenger for Windows and the ICQ web site contain vulnerabilities that potentially allow attackers to take control of a user's ICQ account. According to Kayan ICQ doesn't adequately check user's profile information and fails properly to analyse status messages, which can be freely chosen by users, to see if they contain executable code. Kayan recently discovered a similar hole in the Skype client. Heise Security was able to reproduce the flaw discovered by Kayan using the current 7.5 version of ICQ. ICQ told that it was in the process of developing and testing a security fix.

Paypal gives FBI the list of IP Address of 1,000 Anomymous hackers Paypal collected 1000 IP addresses of those carrying out Anonymous' DDoS attacks against PayPal last December. To be fair the names on the list will probably be the bottom feeding script kiddies rather than the hackers at the top of Anomymous's greasy pole. The clever hackers know to mask their IP addresses first. An FBI affidavit suggests the Untouchables may have lots more people to arrest. FBI agent Chris Thompson says PayPal security officials were in close contact with the bureau beginning 6 December, two days after PayPal froze WikiLeaks' donation account and the first day it began receiving serious denial-of-service traffic. FBI agents began monitoring Anonymous press releases while PayPal collected traffic logs on a Radware intrusion prevention system installed on its network. Paypal gave the feds a USB thumb drive containing the Radware reports, which documented " approximately 1,000 ...

SPINN - Secure Personal Information Notification Network Hacked By Inj3ct0r Official website of  SPINN - Secure Personal Information Notification Network has been hacked and Defaced by Team Inj3ct0r. Screenshot is as shown above.

War Texting : Hackers Unlock Car Doors Via SMS Don Bailey and Mathew Solnik, Two hackers have found a way to unlock cars that use remote control and telemetry systems like BMW Assist, GM OnStar, Ford Sync, and Hyundai Blue Link. These systems communicate with the automaker’s remote servers via standard standard mobile networks like GSM and CDMA — and with a clever bit of reverse engineering, the hackers were able to pose as these servers and communicate directly with a car’s on-board computer via “ war texting ” — a riff on “war driving,” the act of finding open wireless networks. Don Bailey and Mathew Solnik, both employees of iSEC Partners, will deliver their findings at next week’s Black Hat USA conference in Las Vegas in a briefing entitled “ War Texting: Identifying and Interacting with Devices on the Telephone Network. ” The exact details of the attack won’t be disclosed until the affected manufacturers have had a chance to fix their systems, and the hackers are not expected ...

Iframe Injection Vulnerability on FileHippo - Popular software download site One of the most Popular Freeware Software download website "FileHippo" is Vulnerable to Iframe Injection. This Vulnerability is Found and submitted by  n3t phir3 . Here is the  Vulnerable Link  and Screenshot as shown above.