The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Codenomicon is a Finland based Information Security company. Recently it has released a universal fuzzer, a fuzz testing solution that combines heuristics and multiple fuzzers with a graphical user interface, automated test executions and reporting features. Fuzzing has been popular between hackers and security researchers to find bugs and0-days in software.This Universal Fuzzer can be used to test everything that can be presented in a file format, such as image files, captured protocol messages, text documents and wireless frames. It creates test cases from sample files, such as pdf-documents, media files and protocol files. The Universal Fuzzer uses heuristics to determine the structure of the sample files, thus it is able to generate more intelligent, targeted test cases and discover more vulnerabilities. The coverage of the tests is further improved by combining the abilities of 15 different fuzzers. The Universal Fuzzer is an easy and flexible solution for performing fuzzing. It...

The OWASP Hackademic Challenges Project is an open source project that helps you test your knowledge on web application security. You can use it to actually attack web applications in a realistic but also controlable and safe environment. On the left menu you can see all attack scenarios that are currently available. You can start by picking one! This is a Customized version of the OWASP Hackademic Challenges only for OWASP Appsec Europe 2011 The competition starts on 21st April and will run for 4 weeks until 15th May. Each week a series of challenges are going to be released according to the schedule below: Week 1 (21st April) Week 2 (28th April) Week 3 (5th May) Week 4 (12th May) Once the competition is over, the winner ( first place in the Top 10 ) will get a free ticket to OWASP Appsec Europe 2011 Let the challenges begin!

A top United States federal lab was the victim of a "silent" cyberattack earlier this month, news outlets are reporting The Oak Ridge National Laboratory in Tennessee was the victim, according to Nextgov.com. The lab is an energy department laboratory that studies nuclear fusion, supercomputing, and other areas. Ironically, "one of the core competencies of the lab is cybersecurity research," according to a quote on Wired. The attack prompted a shutdown of e-mail and Internet access at the facility. The attack vector used to break into Oak Ridge's network is known as an advanced persistent threat, or APT. Nextgov describes it thus: " APTs typically infiltrate a target by e-mailing its employees messages purportedly from legitimate associates that ask the employee to submit personal information, such as passwords, and then harvest this information to access the systems they are after. Once inside the network, the perpetrators often try to extract data -...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

 Former Cisco Engineer Arrested for Hacking ! A former Cisco engineer was arrested last year on charges of hacking into his former employer's network and is currently awaiting extradition in Canada. The charges against Peter Alfred-Adekeye, a British national who worked for Cisco before leaving to start his own company, were reported in local Vancouver media this week. Alfred-Adekeye was arrested in May 2010 in Vancouver, on 97 counts of accessing a protected computer without authorization based on a complaint returned by a Secret Service Special Agent. The networking giant alleged that its former engineer used another employee's credentials to log into one of its restricted websites and download software. In 2008, Alfred-Adekeye's new company, Multiven, based in Redwood City, California, filed an antitrust lawsuit against Cisco, claiming that it is stifling competition by forcing its customers to sign service contracts to receive software bug fixes. Multiven p...

Microsoft discloses vulnerabilities in Chrome and Opera Microsoft has issued two advisories on Chrome and Opera, detailing remote code execution and information disclosure vulnerabilities. The disclosure is the result of the Microsoft Vulnerability Research (MSVR) system going live, which is one of the core items within their Coordinated Vulnerability Disclosure (CVD) program. On Tuesday, Microsoft issued an MSRV Advisory related to use-after-free memory errors in Google's Chrome, which, if exploited, would have triggered a crash and allowed remote code execution in the browsers sandbox. "When attempting to parse specially crafted Web content, Google Chrome references memory that has been freed. An attacker could exploit the vulnerability to cause the browser to become unresponsive and/or exit unexpectedly, allowing an attacker to run arbitrary code within the Google Chrome Sandbox," the advisory explains. Google has addressed the issue in a patch delivered last September. Vers...

German software developer Ashampoo Hit by Data Breach ! German software developer Ashampoo has notified its customers about a data breach incident that resulted in the exposure of their names and email addresses. According to an announcement posted on the company's website, unidentified hackers broke through its security systems and gained unauthorized access to a server. "We discovered the break-in and interrupted it instantly. The security gap through which the hackers gained access was closed immediately," said Ashampoo's CEO Rolf Hilchner. "At the same time we reported this incident to the police. Further investigations are underway. Unfortunately, the traces of the well-concealed hackers currently disperse abroad," he added. Fortunately, the hackers did not obtain access to billing information as this data is not stored on the company's servers. In addition to its software development business, which includes anti-malware, firewall and ...

Siemens Assisted with Stuxnet 's Development, claimed by Iran ! A senior Iranian official accuses Siemens of willingly assisting the Stuxnet creators by providing the source code necessary for them to exploit its software. Iran's state news agency, the Islamic Republic News Service (IRNA), quotes Brigadier General Gholam Reza Jalali as saying the German engineering giant played a part in the development of the world's most sophisticated malware. "Siemens should explain why and how it provided the enemies with the information about the codes of the SCADA software and prepared the ground for a cyber attack against us," Jalali told IRNA. "It was a hostile action which could have inflicted serious damage on the country if it had not been dealt with in a timely manner," he added. Jalali's remark might be a result of a The New York Times report that pointed at Israel and the US as likely Stuxnet creators and mentioned that Siemens worked in 2008 ...

DDOS attack on Change.org from China ! Change.org, an online petitioning platform, has come under an ongoing distributed denial of service (DDoS) attack originating from China after the site hosted a call urging Chinese authorities to release artist Ai Weiwei from custody. The attacks, which started late Sunday, have nearly brought down the site, according to Change.org founder Ben Rattray. DDoS attacks work by using hundreds or thousands of hacked computers to send traffic to a website, overwhelming it with data so it becomes inaccessible to normal users. Change.org said the current attack originates from an expanding group of computers primarily based in China, and has yet to stop. This is the first time the site has been hit with a DDoS attack. Change.org has been hosting a online petition calling for the release of Chinese artist Ai Weiwei, who is currently under arrest. The petition has attracted almost 100,000 people from 175 countries, making it one of Change.org'...

Verizon 2011 Data Breach Investigations Report Released ! Data loss through cyber attacks  decreased sharply in 2010, but the total number of breaches was higher than ever, according to the " Verizon 2011 Data Breach Investigations Report ." These findings continue to demonstrate that businesses and consumers must remain vigilant in implementing and maintaining security practices. The number of compromised records involved in data breaches investigated by Verizon and the U.S. Secret Service dropped from 144 million in 2009 to only 4 million in 2010, representing the lowest volume of data loss since the report's launch in 2008. Yet this year's report covers approximately 760 data breaches, the largest caseload to date. According to the report, the seeming contradiction between the low data loss and the high number of breaches likely stems from a significant decline in large-scale breaches, caused by a change in tactics by cybercrim...

BodgeIt Store  : Vulnerable Web Application For Penetration Testing ! Features Easy to install – just requires java and a servlet engine, e.g. Tomcat Self contained (no additional dependencies other than to 2 in the above line) Easy to change on the fly – all the functionality is implemented in JSPs, so no IDE required Cross platform Open source No separate db to install and configure – it uses an 'in memory' db that is automatically (re)initialized on start up There is also a 'scoring' page where you can see various hacking challenges and whether you have completed them or not. Install All you need to do is download and open the zip file, and then extract the war file into the webapps directory of your favorite servlet engine. Then point your browser at (for example) https://localhost:8080/bodgeit You can download BodgeIt Store here: Download Now Or read more here .

fileinfo-gui - Forensic tool for file information ! A GUI forensic tool for Ubuntu Linux designed to extract information from files. This is a beta version! Meta Data Information String ASCII and Unicode Hash MD5 and SHA1 Detect and Show PE32 Information Detect and Extract Thumbnail from JPEG file Install $ bash fileinfo --install Screenshot Right-click on the file -> Script -> FileInfo Main Menu (Classic) Meta Information String Information Hash MD5 Download Here

Lancaster 25,000 students and 2,500-plus employees personal info hacked ! Lancaster County Schools officials say computer hackers have gotten personal information on the system's 25,000 students and 2,500-plus employees. In a note posted on the school system's website and sent to students and staff, officials said hackers compromised the database sometime in March. The hackers gained access to computers, captured keystrokes, and obtained passwords. That gave them access to the database, which includes names, birthdates, Social Security numbers, addresses and phone numbers. The breach has been fixed, officials said. "We are doing anything we can to prevent this from happening again," Superintendent Gene Moore said. "And we have put new measures in place to better assure that our computers are protected from such attempts."