The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Facebook  bypass of the cache servers , Check who visits your profile ! Summary Let me explain a security flaw in Facebook in relation to their cache servers, which form a layer between the Internet and internal multimedia content (photos and videos uploaded). This ruling, allows access to raw browser requests of our friends, allowing private information of these people ( web-bug ), or use as a bridge to take advantage of other external vulnerability ( CSRF ). Facebook and intermediate layer Many times you have seen this "use this application and find out who visits your profile, right?, Well, this will always be a  fake,  because Facebook is designed in a way that makes it impossible. If you look, when you go up a photo like the profile, it is resized, compressed, and stored on Facebook's own server. Actually, there are hundreds of servers, which form what is called a CDN . An example of profile photo: https://profile...

3 Brazilian Government sites hacked by " kinG oF coNTroL " KSA Hacker Hacked sites : https://campinagrande.pb.gov.br/ https://guarai.to.gov.br/ https://camaradeitapuranga.go.gov.br/ News Source : Kai Farmer

Hackers took down the website of a Tennessee nonprofit that was collecting donations for Japan and replaced the home page with profanity. Japan-America Society of Tennessee executive director Leigh Weiland said hackers broke into the site sometime Wednesday night. The group's web-hosting company was able to get the site back up Thursday morning. Before that, anyone trying to go to the group's home page encountered a mostly blank screen with an offensive phrase at the top. Weiland said her group, which promotes goodwill for and understanding of Japan, has established a relief fund for Japanese victims of Friday's earthquake and tsunami. The site has been getting a lot of traffic from people who want to donate money.

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

Jessica Alba, Scarlett Johansson, Christina Aguilera Reportedly Hit; Some Had Nude Photos FBI agents are reportedly closing in on a ring of hackers thought to be responsible for stealing nude photos and videos from at least 50 female celebrities. According to TMZ.com, the ring broke into the accounts of stars' cell phones and other computerized devices to obtain the compromising photos and videos. Among the celebrities reportedly hacked: Jessica Alba, Selena Gomez, Demi Lovato, Christina Aguilera, Vanessa Hudgens, Scarlett Johansson, Ali Larter, and Miley Cyrus. TMZ reported that Hudgens met with FBI agents on Thursday to discuss the hacking of her Gmail account. The FBI declined ABCNews.com's requests for comment; representatives for Hudgens did not immediately respond. One report suggested that Alexa Nikolas, an actress on the now-canceled Nickelodeon TV series "Zoey 101," is responsible for leaking one of the personal photos, a shot of her kissing Hudgens. ...

Breaking in to an encrypted router and using the WiFi connection is not an criminal offence, a Dutch court ruled. WiFi hackers can not be prosecuted for breaching router security. A court in The Hague ruled earlier this month that it is legal to break WiFi security to use the internet connection. The court also decided that piggybacking on open WiFi networks in bars and hotels can not be prosecuted. In many countries both actions are illegal and often can be fined. The ruling is linked to a case of a student who threatened to shoot down everyone at the Maerlant College in The Hague, a high school. He posted a threat on the internet message board 4chan.org using a WiFi connection that he broke into. The student was convicted for posting the message and sentenced to 20 hours of community service, but he was acquitted of the WiFi hacking charges. The Judge reasoned that the student didn't gain access to the computer connected to the router, but only used the routers internet con...

Uhispam.edu.ni hacked by Hackers Security Team – 2011 Hacked site :  https://www.uhispam.edu.ni/

England cricket board XSS vunrebility found by Rishabh Das !   Link :  https://www.ecb.co.uk/search.html?q=%3Cimg+src%3D%22https://img199.imageshack.us/img199/1189/sigjzf.jpg%22%3E

I'm assuming everyone reading already knows about Ophcrack – the awesome time/memory trade-off password cracker. Well here is a nifty web-based interface for it. Rainbow Tables are really useful when cracking password hashes, but one major disadvantage of these tables is their size which can be hundreds of gigs for complex tables. The author thought it would be extremely useful to have a personal web interface for your rainbow tables which you can access from anywhere on the web anywhere without having to carry the large tables with you everywhere you go. And well here we are, Wophcrack (Web) Ophcrack. When cracking LM or NTLM hashes Ophcrack is a great tool as we discussed recently, it provides both a GUI and CLI options along with some free and paid tables. The author basically wrote a quick and dirty PHP based web frontend for Ophcrack. Wophcrack was designed to work on Backtrack 4 R2, Although it can be install on any Linux distribution with some small adj...

OpenDNSSEC 1.2.1 latest version Released ! Version 1.2.1 of OpenDNSSEC has now been released. ldns 1.6.9 is required for bugfixes. dnsruby-1.52 required for bugfixes. Bugfixes: Auditor: 'make check' now works when srcdir != builddir. Auditor: Include the 'make check' files in the tarball. Enforcer: Fix the migration script for SQLite. Enforcer: Increase size of keypairs(id) field in MySQL to allow more than 32767 keys; see MIGRATION for details. Enforcer: Minor change to NOT_READY_KEY error message. libhsm: Increase the maximum number of attached HSM:s from 10 to 100. ods-ksmutil: Send trivial MySQL messages to stdout when exporting zonelist etc. Otherwise the resulting XML needs to be edited by hand. ods-control: Fix for Bourne shell. Signer Engine: Prevent race condition when setting up the workers and the command handler. Signer Engine: Check if the signature exists before recycling it. Signer Engine: Quit when there are errors in the configuration. Sign...

Update : The PHP Group has confirmed the compromise of their server ! : The Hacker News ~ https://www.thehackernews.com/2011/03/php-group-has-confirmed-compromise-of.html Php.net was compromised and php source backdoored ! The picture show that some php.net site was compromised,and hacker backdoored php source.

Just now Top security firm RSA Security revealed by extremely sophisticated hack, Read complete Story here - https://www.thehackernews.com/2011/03/top-security-firm-rsa-security-revealed.html Now, RSA Release Open Letter to RSA Customers , as given below : Like any large company, EMC experiences and successfully repels multiple cyber attacks on its IT infrastructure every day. Recently, our security systems identified an extremely sophisticated cyber attack in progress being mounted against RSA. We took a variety of aggressive measures against the threat to protect our business and our customers, including further hardening of our IT infrastructure. We also immediately began an extensive investigation of the attack and are working closely with the appropriate authorities. Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extra...

Roboo uses advanced non-interactive HTTP challenge/response mechanisms to detect and subsequently mitigate HTTP robots, by verifying the existence of HTTP, HTML, DOM, Javascript and Flash stacks at the client side. Such deep level of verification weeds out the larger percentage of HTTP robots which do not use real browsers or implement full browser stacks, resulting in the mitigation of various web threats: HTTP Denial of Service tools - e.g. Low Orbit Ion Cannon Vulnerability Scanning - e.g. Acunetix Web Vulnerability Scanner, Metasploit Pro, Nessus Web exploits Automatic comment posters/comment spam as a replacement of conventional CAPTCHA methods Spiders, Crawlers and other robotic evil You can find the first public version  here