The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Another Free THA live webinar is around the corner – next week, to be exact ! This time around, Mike will be discussing Penetration Testing Reporting. Let us just say – we've had OVERWHELMING requests for us to cover this topic – and as always, THA is more than happy to oblige. Mike will cover the importance of reporting, and how it fits in to the work flow for an information security professional. We also want to let you know that we've changed our webinar system, as well. Our new platform is easier and more "intuitive" to use, and offers better service and features. You will now have the option of prepping us with some questions upon registering to attend – which will allow us to cater our webinar content for you better, ahead of time. For those of you who have never attended one of our webinars – well, you get to start off with our awesome new system –  bonus!  We hope you enjoy the new system as much as we do! Time/Date details: THA Free Webinar – Pene...

70 Websites  Rooted By The 077 ( Hamdi HaCker ) Tunisian HaCker Hacked Sites :  https://pastebin.com/nzwxJGRf News Source : The 077 ( Hamdi HaCker ) 

Anti-cuts campaigners from  UK Uncut   have hacked into the website of phone giant Vodafone ( https://worldofdifference.vodafone.co.uk/ ) and posted blogs claiming the company has avoided millions of pounds in tax. The group, set up to oppose government cuts and corporate tax avoidance, has staged hundreds of direct action protests against companies and banks since it was formed five months ago, many focusing on alleged tax avoidance. Activists took over the blogs on the  World of Difference  website, the company's corporate and social responsibility initiative, demanding the company "pays its tax". Twenty minutes after activists hacked that section of Vodafone's website, it appeared to have been taken down. The World of Difference programme awards small grants to young people to undertake charity work and each winner has a blog on the website. UK Uncut were leaked the password details by a small group of the winners, who were angry at the fi...

SourceForge , the popular project hosting site, has released  Allura , the software that powers its service, as  Apache 2.0  licensed open source. The project to develop Allura began in 2009 and currently an instance of the software, which has also been known as "New Forge" or "Forge 2.0" during development, runs on SourceForge's servers. Allura is a Python based application which makes use of the NoSQL database MongoDB, the Solr search server and the RabbitMQ messaging platform, to deliver the repositories, wikis, trackers and forums to users allowing them to manage their projects. The developers also use nose to provide a suite of unit tests for the application. By design, Allura is extensible in a number of ways, most notably by basing new tools on  allura.Application  which provides themes, authentication and other pluggable APIs to Allura components. Allura was actually "soft launched" in February, in anticipation of a full launch this month, and...

Blazing Star (Pakistani website) Defaced by Crash Viperr & CyberDog ! Hacked Site :   https://www.blazingstar.com.pk/ News Source : Crash Viperr & CyberDog !

The  European Network and Information Security Agency (ENISA) , Europe's Cyber security agency, issued a report focused on botnets this week titled, " Botnets: Measurement, Detection, Disinfection and Defence. " The report discusses the reliability of botnet size estimates and provides recommendations and strategies to help organizations fight against botnets. In addition, ENISA published a list of what it considers the top 10 key issues for policymakers in ' Botnets: 10 Tough Questions. ' The 154 page " Botnets: Measurement, Detection, Disinfection and Defence " report includes different types of best practices to measure, detect and defend against botnets from all angles. The countermeasures are divided into 3 main areas: neutralizing existing botnets, preventing new infections and minimizing the profitability of cybercrime using botnets. The recommendations cover legal, policy and technical aspects of the fight against botnets and give targeted recommendations ...

A total of 35,000 websites on the Chinese mainland were attacked by hackers in 2010, including 4,635 government websites, according to the Internet security report released by the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) on March 9. The report shows that the IP addresses of 5 million domestic host computers were infected with a trojan horse or corpse virus. According to the report, government websites are vulnerable to hacker attacks and websites of financial institutions have become the main targets of hackers. According to the monitoring by the CNCERT/CC, 35,000 websites on Chinese mainland were victims of hackers in 2010, a decrease of 22 percent from 2009. Of them, however, 4,635 were government websites, an increase of 68 percent from a year earlier. Around 60 percent of ministerial-level websites have potential security risks to various degrees. "Hackers use two main means to attack government websites. One means i...

CHINESE blogger and activist Michael Anti wants to know why he is less worthy of a Facebook account than company founder Mark Zuckerberg's dog. Anti, a popular online commentator whose legal name is Zhao Jing, said his Facebook account had been suddenly cancelled in January. Company officials told him by e-mail that Facebook had a strict policy against pseudonyms and that he must use the name issued on his government ID. Anti said his professional identity as Michael Anti has been established for more than a decade, with published articles and essays. Anti, a former journalist who has won fellowships at both Cambridge University and Harvard University, said he set up his Facebook account in 2007. By locking him out of his account, Facebook had cut him off from a network of more than 1,000 academic and professional contacts who knew him as Anti, he said. "I'm really, really angry. I can't function using my Chinese name. Today, I found out that Zuckerberg's...

BlackBerry OS fell during the second day of the Pwn2Own hacking competition as a result of a drive-by download attack that chained together several exploits. The trio that managed to hack RIM's mobile operating system, Vincenzo Iozzo, Willem Pinckaers and Ralf Philipp Weinmann, exploited two vulnerabilities in the open-source WebKit layout engine in order to do it. The attack was launched from a specially crafted web page that stole information like contacts and images from the device and also wrote a file to the storage system. The hackers chained together an exploit for an information disclosure bug and one for an integer overflow vulnerability, but what's most impressive is that they did it without any documentation. They didn't have access to any debugging tool, like the ones available for other systems, that could have helped them determine how the attack code interacts with the system. Instead, they had to rely on exploiting a separate bug to read the device...

Microsoft Windows Picture and Fax Viewer Library  Vulnerability ! I. BACKGROUND The Windows Picture and Fax Viewer "shimgvw.dll" library is used by Windows Explorer to generate thumbnail previews for media files. II. DESCRIPTION Remote exploitation of a buffer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows could allow attackers to execute arbitrary code on the targeted host. An integer overflow vulnerability exists in the "shimgvw" library. During the processing of an image within a certain function, a bitmap containing a large "biWidth" value can be used to cause an integer calculation overflow. This condition can lead to the overflow of a heap buffer and may result in the execute arbitrary code on the targeted host. III. ANALYSIS Exploitation could allow attackers to execute arbitrary code on the targeted host under the privileges of the current logged-on user. Successful exploitation would require the attacker to e...

It's pretty bold and a cunning coup; criminals have installed a trojan in the Android Market Security Tool that Google is distributing to delete the contaminated apps that recently popped up on the Android Market. As users have been told to expect to see the application running on their phones clearing up the damage the Droiddream trojan did, there's a good chance they won't be suspicious of it. According to reports though, at present, the trojan-infested version of the tool is only in circulation on an "un-regulated third-party Chinese marketplace" and appears to only affect users of a particular Chinese mobile network. According to an initial analysis by Symantec, the trojan contacts a control server and is able to send text messages if commanded to do so. According to F-Secure, BGServ (as the contaminant is called) also sends user data to the server after being installed. Apps from sources other than the Android Market cannot, however, be installed unintent...

Stephen Fewer won Pwn2Own ! The annual Pwn2Own contest at the CanSecWest conference kicked off Wednesday and one of the winners this year was Stephen Fewer, who exploited Internet Explorer 8 on Windows 7. Dennis Fisher spoke with him about the contest, the challenge of attacking IE 8 and the utility of memory protections.