The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Nmap 5.61TEST4 released with Web Spidering Feature ! Nmap release today an interesting version nmap 5.61TEST4 with number of interesting features. Also, to improve the user experience, the Windows installer nowinstalls various browser toolbars, search engine redirectors, andassociated adware. a spidering library and associated scripts for crawling websites. 51 new NSE scripts, bringing the total to 297. a substantial decrease in the size of the Mac OS X installer due to the removal of PPC support. a new vulnerability management library which stores and reports found vulnerabilities. Mac OS X packages are now x86-only (rather than universal), reducing the download size from 30 MB to about 17. Change Log can be found here  and Download Here  .

400000 Israeli Credit Cards & Information Leaked by Saudi Arabia Hackers Hacker named " 0xOmar " from group-xp, largest Wahhabi hacker group of Saudi Arabia claim to Hack lot of Israeli servers, lot of information about Israeli people including their name, address, city, zipcode, Social Security Numbers (Israeli IDnumbers), mobile phone number, home phone number, credit card number (including exp year, month and CVV). According to announcements from the credit card companies, 6,600 of the stolen cards belong to Isracard Ltd., 4,000 to Leumi Card Ltd., and 3,000 to Israel Credit Cards-Cal Ltd. (ICC-Cal) (Visa). Hacker says " We daily use these cards to solve our problems, purchasing VPNs, VPSes, softwares, renting GPU clusters, renting cloud servers and much more! ". They Claim themselves as part of Anonymous hacking Group from Saudi Arabian. " my goal is reacing 1 million non-duplicate people, which is 1/6 of Israel's population. " He said. Qu...

ColdFusion Zero day vulnerability : Remote File Disclosure of Password Hashes Yesterday  Blackhatacademy Released Fully automated MySQL5 boolean based enumeration tool . Today Another post expose the most critical ColdFusion vulnerability affects about a tenth of all ColdFusion servers at the present. It chains together multiple exploits, and it provides a 30 second window into the Administrator panel. The ColdFusion Administrator panel can then be used to write out a shell. ColdFusion Markup Language is an interpreted language utilizing a Java backend. It allows direct access to Java via its cfscript tags, while simultaneously offering a simple web wrapper. It is vulnerable to a variety of attacks, but mainly LFD and SQLi. ColdFusion scripts are commonly run as an elevated user, such as NT-Authority\SYSTEM (Windows) or root (Linux), making them especially susceptible to web-based attacks. Patching a ColdFusion instance from the LFD->Bypass->RCE exploit can only ...

30 Pakistan government Sites goes down ! Indian Hacking Group Indishell claiming to hack and Bring down 30 30 Pakistan government websites, Including  Police and Navy Sites also. Hacker attack on webserver located at 50.23.225.39 IP address. List of all Hacked Sites is Here  and Mirror of Deface Pages can be checked Here .

Android mobile internet tethering become undetectable by carriers When the idea that your smartphone’s data connection would be able to be shared by your laptop with no additional charge, everyone seemed to be on board over the past year, carriers have started up extra costs for this and have struck down all attempts by apps to sidestep the process , until now. What one of the most well-known hacker/developers in the world Koushik Dutta, aka Koush, has done is to create a non-market app that allows you to use your smartphone as an internet hotspot, doing so without adding costs to you beyond what that data would cost to you on your smartphone on its own. And it’s completely (nearly) undetectable by carriers. " Over the last month, I've been working on a new app. Tether Alpha is a USB[2] tether solution for Mac, Windows, and Linux that allows you to use your phone's data connection to get internet access on your desktop or laptop. " Koushik Dutta said. " I am...

Japan developing cyber weapons for Counter Attack Japanese technology firm Fujitsu is developing a ‘ seek and destroy ’ virus which could identify and combat hacking and other cyber threats in a more effective way. The weapon is the culmination of a 179 million yen three-year project entrusted by the government to technology maker Fujitsu Ltd to develop a virus and equipment to monitor and analyse attacks, the daily said. The chief snag for the plan is that Japanese law currently forbids the manufacturing of computer viruses. However, we would suspect that a compromise can be reached in due course, given the project is being carried out in the interest of national security. Japan was a notable victim of hacking in 2011, which proved to be a year in which cyber crimes and threats rose to prominence.  Japan’s parliament had its computer system hacked into, while a number of cyber espionage campaigns including one targeting almost 50 US companies were waged on governments an...

Fully automated MySQL5 boolean based enumeration tool Blackhatacademy Developers  releases Fully automated MySQL5 boolean based enumeration tool. By default, this script will first determine username, version and database name before enumerating the information_schema information. When the -q flag is applied, a user can supply any query that returns only a single cell If the exploit or vulnerability requires a single quote, simply tack  %27  to the end of the URI. This script contains  error detection : It will only work on a mysql 5.x database, and knows when its queries have syntax errors. This script uses perl's LibWhisker2 for IDS Evasion (The same as Nikto). This script uses the MD5 algorithm for optimization. There are other optimization methods, and this may not work on all sites. GET TOOL SCRIPT HERE .

Zero Day Reflected Cross Site Scripting vulnerability in wordpress 3.3 Two Indian Security Experts : Aditya Modha & Samir Shah from from Net-Square Solutions reveals Zero Day Reflected Cross Site Scripting vulnerability in latest version of wordpress 3.3 ! Vulnerability exploit the comment feature of Wordpress Blog. Following two Steps mentioned in Exploit . Step 1: Post a comment to the target website. Step 2: Replace the value of author tag, email tag, comment tag with the exact value of what has been post in the last comment. Change the value of comment_post_ID to the value of post (which can be known by opening that post and checking the value of p parameter in the url). For example the if the url is http://192.168.1.102/wordpress/?p=6 then the value of comment_post_ID is 6. Get Complete Exploit  Here

Wait ! It's not just Stuxnet or DuQu , Kaspersky reveals 5 more cousins Russian computer security outfit Kaspersky Lab said that the Stuxnet virus that damaged Iran's nuclear programme was likely to be one of at least five cyber weapons developed on a single platform. The viruses have never been seen 'in the wild' - and it's unclear whether they, like Stuxnet, would be built to cause failures at nuclear plants, or engineered for another purpose. Both Stuxnet and Duqu appear to have been created back in late 2007 or early 2008, and other pieces of malware with similar capabilities were built on the same platform, Gostev said.  Gostev examined two key drivers and variants that were used in both Stuxnet and Duqu, as well as two previously unknown drivers that were similar to the ones used. Not only did the same group of people develop Stuxnet and Duqu, but they likely worked simultaneously on multiple variants, Gostev said. The other pieces may be in the wild an...

Hackers launching own satellites in orbit to beat Censorship Worried about Internet censorship by SOPA and PIPA ? Wait !! This News is for you , Hackers plan to take the internet beyond the reach of censors by putting their own communication satellites into orbit. Good guy hackers plan to launch satellites to fight the Stop Online Piracy Act and create a censorship-free Internet. According to BBC News Technology Reporter David Meyer, the plan, which was detailed this week during the Chaos Communication Congress (CCC) in Berlin, is in response to proposed legislation such as the Stop Online Piracy Act (SOPA), which would allow the U.S. government to block websites believed to violate intellectual property law. “ The first goal is an uncensorable internet in space ,” hacking activity Nick Farr, who initially began soliciting financial support for what has been dubbed the Hackerspace Global Grid , in August, told Meyer on Friday. “ Let’s take the internet out of the control of te...

Facebook Scam : Selena Gomez Caught On Leaked Tape Another Facebook Scam is circulating with the headline " Selena Gomez Caught On Leaked Tape " and Message " you will lost your all respect for Selena Gomez after watching this ". By Clicking the wall post link takes you to the following page designed to look like Facebook. Facebook already declared as " Most Spamy Social Network of the Year " by The Hacker News Awards 2011. Clicking the play button loads a “ share ” box allowing you to spread the scam message to your friends. The following survey scam also loads another Scam as shown below. Scams like this often use multiple domains, so you may see a variation in the landing pages and scam messages. These scams contain click-jacking and like-jacking components and ends in a survey scam. One of the most common types of Facebook spam is a Wall post that encourages you to install a Facebook application. The application will require that you to agree to a...