The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Metasploit Framework 4.2.0 : IPv6, VMware, and Tons of Modules! Since last release in October, Metasploit added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads.  Metasploit 4.2 now ships with thirteen brand new payloads, all added to support opening command sessions and shells on IPv6 networks. In addition, Metasploit’s existing arsenal of payloads has been updated to support IPv6 as well. With this release comes a pile of new modules targeting VMware vSphere/ESX SOAP interface, as well as a pair of new brute force modules to audit password strength for both vmauthd and Virtual Web Services. Metasploit 4.2 now ships with fourteen new resource scripts, nearly all of which were provided by open source community contributors. These scripts demonstrate the power of Metasploit’s extensible architecture, allowing programmatic Metasploit module usage through the powerful Ruby scripting language. Download Metasploit Framework 4.2....

PacketFence 3.2.0 released The PacketFence development team has published version 3.2.0 of its open source network access control (NAC) system. PacketFence allows organisations to increase control over their network by enforcing authentication and registration for newly connected devices. It also enables abnormal network activity detection and the isolation of troublesome devices. New features in 3.2.0 OpenVAS Vulnerability Assessment integration for client-side policy compliance Bandwidth violations based on RADIUS accounting information Billing engine integration for allowing the use of a payment gateway to gain network access. PacketFence 3.2.0  fix Reflected Cross-site scripting (XSS) in Web Admin printing system. Further information about the update, including a full list of changes, can be found in the official release announcement and in the change log . PacketFence 3.2.0 Download

Minister's email hacked by Socialist Workers Party The employment minister claims his email has been hacked by campaigners against a Government work experience scheme, which is continuing to attract controversy. Chris Grayling accused a group of socialist activists of pressuring firms to quit the scheme amid accusations that it was "slave labour" because youngsters worked for nothing, while keeping their benefits. But his claim that his email was hacked as part of the campaign clearly sent alarm bells ringing across Whitehall, and a retraction was hastily issued. He also claimed that firms reportedly pulling out of the programme, including supermarket giant Sainsbury's, had never formally been involved in the Government initiative because they ran their own scheme.  [ Source  to read more]

Skype Cross Site Vulnerabilities , user accounts can be Hijacked The independent security researcher Ucha Gobejishvili has detected a cross site scripting (XSS) vulnerabilities affecting shop.skype.com and api.skype.com . According to a blog post on 1337 Blog , the XSS flaw discovered on these sites could allow an attacker to hijack cookies if he manages to convince the potential victim to click on a specially designed link. If exploited successfully, a hacker could hijack the user’s session and even steal his/her account. Skype has been informed of the vulnerabilities and is currently investigating. Other XSS discovered by him are listed  here .

Crime with $50 GPS jammer increasing rapidly in UK Too many are using illegal GPS jamming devices on UK roads, according to a study, and are putting critical emergency systems at risk of failure and it's at extreme risk from criminals, terrorist organizations and rogue states and even someone with a rudimentary GPS jammer that can be bought on the Internet for $50. It's thought that those using GPS jammers could be doing so to block tracking systems installed on the vehicles, suggesting that they might be stolen. Initial findings using six months' worth of data from 20 probes suggests that between 50 and 450 incidents of deliberate GPS jamming take place every day across the UK. Jammers vary wildly in effectiveness and power output. A recent study by GPSWorld of 18 commercially available receives showed an effective range that varied from 300 meters up to 6 kilometers. The danger of such devices affecting critical safety systems is obvious. In 2009 investigators discov...

Lebanese Yellow Pages database Compromised Lebanese Yellow Pages website (http://www.yellowpages.com.lb/) database compromised by Hacking Group known as Mad HackerZ Team. Hackers manage to hack database of site and leaked it on internet.  Leaked database include the usernames, Password hashes and Email Id's of Admin and Few accounts as shown. All this data posted on a pastebin note :  http://pastebin.com/dvBzWCF6 Most probability hackers uses Sql Injection Exploit to get the database . According to Softpedia report, They also gained unauthorized access to other domains which they defaced to host their protest messages. The defaced sites include the ones of a political figure called Rafic Al Hariri, an online store named Dunes, Frontpage-lb, a computer company, and the site of a football team.

Iran Cyber Army in Action, Azerbaijani TV Down ! As we reported Yesterday that Azerbaijan Arrests a Iranian terror group and in response Iranian Hackers hits many Azerbaijan Sites like, Azerbaijan airlines (http://azerbaijanairlines.org/) and National Olympic Committee Of Azerbaijan (http://noc-aze.org) . Today Iran Cyber Army also come into Action for supporting Iran and deface the Azerbaijan State Television & Radio Company, AzTV websites also. A message in English from the hackers popped up in place of the AzTV website when it was opened.“ Life is Game"Game OVER..!!! ”, the message read and was signed " the Iranian Cyber Army ".The website has already been restored. The attacks came a month after anti-Israeli hackers broke into the sites of several ministries and the governing party, leaving messages calling the Azerbaijani authorities "servants of the Jews". Relations between the two countries are tense at present.Iran has accused Baku of helping...

Variant of Zeusbot/Spyeye Botnet uses p2p network model Cybercriminals are using a modified version of the Zeusbot/Spyeye, which is using a peer-to-peer (P2P) network architecture, rather than a simple bot to command-and-control (C&C) server system, making the botnet much harder to take down, Symantec warned. ZeuS is very popular in the cybercriminal world because it's capable of stealing a wide variety of information, documents and login credentials from infected systems. For many years it was the weapon of choice for most fraudsters targeting online banking systems.The Trojan's source code was published on Internet underground forums last year, paving the way for many third-party modifications and improvements. Previously, P2P was used to communicate between bots any change in the C&C server's URL. Other techniques have also been used, such as programmatically determining the URLs to be used on particular dates in the event that a bot loses contact completely...

Azerbaijan Arrests  Iranian terror group , Iranian Hackers hit Azerbaijan Sites The National Security Ministry of Azerbaijan said Tuesday that it had disrupted a suspected terrorist group working for Iran’s secret services. The people were gathering intelligence and had acquired a large number of weapons and explosives, the ministry said. The group, led by a Sepah officer called Hamid and Hezbollah operative Hadji Abbas, was planning to stage attacks against the Israeli embassy and a Jewish cultural center in the Azeri capital Baku. To response this,Iranian Hacking Group "Cocain TeaM" attack on the websites of Azerbaijan airlines (http://azerbaijanairlines.org/) and National Olympic Committee Of Azerbaijan (http://noc-aze.org) and manage to collect lot of info and sent that to Iranian Governments to show their patriotic responsibility towards country. Cocain TeaM deface the websites also. Mirror of Hacks: 1.)   http://zone-h.com/mirror/id/17070956 2.) ...

Mirage Anti-Bot 2.0 : Protection against ZeuS, SpyEye Malwares Jean-Pierre aka DarkCoderSc and Fred De Vries Develop and Release the second version of Another great security tool named " Mirage Anti-Bot 2.0 ". Zeus and SpyEye were the two main families of botnet software. These types of malware are spread mainly through drive-by downloads and phishing schemes. They are so-called Trojan horses which are designed to steal credentials from various online services like social networks (such as Facebook, Hi5, Yahoo, Netlog), online banking accounts (phising), ftp-accounts, email-accounts and other. They are part of botnets that are estimated to include millions of compromized computers. Because your antivirus program is not always giving you enough protection against these types of malware, so Experts at http://unremote.org/  create this program for you, that can be used as an extra layer of security. Mirage Anti-Bot will be downloading and installing one or more blockli...

2012 Most Vulnerable Cities At Risk Of Cyber Crime Norton's study showed the city was one of the ten worst for hacking. Each city was ranked by the prevalence of PCs and smartphones in addition to social media use with risk factors like unsecured Wi-Fi hotspots and malware attempts. Manchester was found to be the riskiest city and Vancouver is the third most vulnerable city in Canada for cyber-crime. The Top 10 Riskiest Online Cities in the U.S. are: #1 – Washington, D.C. #2 – Seattle #3 – San Francisco #4 – Atlanta #5 – Boston #6 – Denver #7 – Minneapolis #8 – Sacramento, Calif. #9 – Raleigh, N.C. #10 – Austin, Texas The Top 10 Riskiest Online Cities in Canada are: #1 - Burlington, ON #2 - Port Coquitlam, BC #3 - Vancouver, BC #4 - Langley, BC #5 - Calgary, AB # 6 - Fredericton, NB #7 - Toronto, ON #8 - New Westminster, BC #9 - Edmonton, AB #10 - Victoria, BC Cyber crime expert Simon Ellson said there are a numer of steps people can take to stay sa...