The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

326 Websites Hacked by   Hacked sites list :  https://pastebin.com/Q1er7vKh

OpenStack ' floating Linux kernel ' rides VMware hypervisor ! OpenStack – the open source "infrastructure cloud" project founded by Rackspace and NASA – has released a third version of its platform, offering support for all major hypervisors. With the new release, codenamed "Cactus", developers have added support for VMware's vSphere hypervisor – without help from VMware. The vSphere code was built mostly by Citrix, which had previously coded support for the Xen and XenServer hypervisors. "We're so committed to OpenStack and its hypervisor-agnostic approach that we felt it was important, since VMware wasn't going to contribute vSphere support, that we should do it ourselves," Gordon Mangione, vice president of business development for Citrix's datacenter and cloud division, tells  The Register According to Mangione, VMware has "always been invited" to contribute to the project. But this has yet to happen. The virtuali...

Emergency Adobe Flash Player patch coming today ! Less than a week after warning that hackers were embedding malicious Flash Player files (.swf) into Microsoft Word documents to launch targeted malware attacks, Adobe plans to release an emergency Flash Player patch today to fix the underlying problem. The patch will fix a "critical" vulnerability in Flash Player 10.2.153.1 and earlier versions for Windows, Mac OS X Linux and Solaris. According to this Secunia advisory, the flaw allows a hacker to completely hijack a vulnerable Windows computer: A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when parsing ActionScript that adds a custom function to the prototype of a predefined class. This results in incorrect interpretation of an object (i.e. object type confusion) when calling the custom function, which causes an invalid pointer to be dereferenced. ...

We blogged about the Epsilon data breach to give our customers a heads-up on the situation. Recently, our ThreatSeeker® Network discovered a Web attack that takes advantage of the unfortunate news. As with anything our ThreatSeeker Network discovers, Websense customers are protected by ACE, our Advanced Classification Engine. The attack is hosted on a Web page that has a very professional look and feel, and uses convincing social engineering techniques to lure victims. The attack page is basically a cut-and-paste copy of the HTML code from the original Epsilon press release. This provides the professional appearance of the Epsilon site to lure victims. The big difference is that the attack page provides a malicious binary download. Screenshot of the attack page source code: The attack page tries to get visitors to download the malicious binary by convincing them that there was an update to the press release dated April 8th. The "update" states that Epsilon's inv...

Oracle to release 73 security vulnerabilities security patch update ! Oracle plans to release a large number of security patches for its various software products next week, including six bug-fixes for its flagship database software. All told, there will be 73 security vulnerabilities fixed across Oracle's various product lines. Oracle releases patches quarterly for all of its software, except the Java virtual machine, in a set of patches it calls the Critical Patch Update (CPU). Next week's CPU is due on Tuesday. There are nine fixes set for Oracle Fusion middleware, 14 for the PeopleSoft Suite and eight for the JD Edwards Suite. Two of the database flaws are considered critical, meaning they "may be exploited over a network without the need for a username and password," Oracle said in a statement posted to its website . The updates are set to come one week after Microsoft issued one of the largest collections of security patches it has ever issued. They a...

THC-Amap v5.3 - application protocol detection Released , Download Now ! Amap was innovative - the first tool to perform application protocol detection. Then a better approach was implemented into nmap, this and the large user base of nmap made amap pretty much obsolete. So today, I recommend to rather use nmap -sV for application fingerprinting rather than amap (although in some circumstances amap will yield better results, but these are rare). Still, after 5 years there is an update to amap. The reason for this is IPv6. nmap still does not have a good IPv6 support, e.g. UDP port scanning is not possible. Hence for this v5.3 release in April 2011 that enhances amap to perform better UDP IPv6 support (before only application fingerprinting did work here, now the port scanning feature works too). amap-5.3.tar.gz

Phoenix exploit kit 2.5 leaked, Download Now ! Phoenix exploit kit 2.5 has been leaked . Now U can dowload from given link..  At below here is a some define about Phoenix Exploit Kit. The Phoenix Exploit Kit is a good example of exploit packs used to exploit vulnerable software on the computers of unsuspecting Internet users. Often, cybercriminals drive traffic to the exploit kit by compromising legitimate sites and by inserting iframes that point to the exploit kit or by poisoning search engine results that take users to the exploit kit. When users land on a page injected with the exploit kit, it detects the user's Web browser and OS version then attempts to exploit either the browser or a browser plug-in. The latest version of the Phoenix Exploit Kit currently has payloads for nine different system configurations, including:     * XPIE7: Internet Explorer 7 and either Windows XP, Windows XP SP2, or Windows 2003     * VISTA...

Pakistan president 's website hacking case adjourned ! A court here has adjourned the case of a man who hacked into the Pakistan president's website and uploaded material defaming Asif Ali Zardari. Additional Sessions Judge Tanveer Meer Wednesday adjourned the cyber crime case, reported the Daily Times. According to Federal Investigation Agency (FIA) enquiry, the hacker, Shahbaz Khan, had the username ADIL/Th3-penetrator and defaced the website www.president-of-pakistan.com and uploaded material defaming Zardari and the country. Khan was arrested and he told investigators that the president's website was hacked by some international hackers. He claimed he had added the following lines: " THIS SITE GOT HACKED BY ADIL WHERE IS YOUR SECURITY? HUH DON'T TELL ME TO STOP!" THANKS 2= FBI, MASTERMIND, SALMAN, EJA2SALAM PK, CODE5, SHER, SAIF "

WordPress.Com Hacked, Hacker  Root the Server ! The parent company that operates WordPress, made an announcement this morning that it has hacked, resulting what the company said was a low-level (root) break-in to several of their servers. The company warned that potentially anything on those servers could have been revealed to the attackers, including client source code. WordPress founder, Matt Mullenweg made the following announcement in a blog post this moring. Read here We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access. We presume our source code was exposed and copied. While much of our code is Open Source, there are sensitive bits of our and our partners' code. Beyond that, however, it appears information disclosed was limited. Based on what we've found, we don't have any specific suggestions for our users beyond reiterating these security fund...

Apollohospitals.com is vulnerable to SQL injection Found and Submitted By : Zero Cool

Supreme Court of Canada vulnerable to xss attack ! Vunl Link :  https://sr.scc-csc.gc.ca/ search?client=SCC-CSC&site= Internet&output=xml_no_dtd& proxystylesheet=SCC-CSC&hl=en& oe=latin1&ie=latin1&q=%3E%22% 3E%3CMARQUEE%3EHACKED+BY+ZERO+ COOL%3C%2FMARQUEE%3E&btnG= Search Found n Submitted by : Zero Cool

Main Advertising vulnerable to SQLI by lionaneesh ! One of the best advertising companies in the world which is even used by megaupload is vulnerable to SQLi.   What I can do [Power]:- Loinaneesh found a database in which the hits to a particular link was entered (this is most probably used for counting the revenue). I can change and increase or decrease the ad revenue of a particular site. Target: https://click1.mainadv.com/ad.asp?id=%Inject_Here%609 DATABASE :  MSSQL 2005 Method: GET DATABASE : portals DATABASE : PDATAortals Table Name Columns Formats domain_new Categories domains bannersImp1 sampleAPP bannersImp change articleGroups t_jiaozhu specialTables TablesLinks tabella1 Gestionale contents Luckypot ...