The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

0day Exploit Released : Adobe, HP, Sun, Microsoft Interix & many more Vendors FTP hackable ! Topic : Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon) CVE : CVE-2010-2632 CWE : CWE-NOMAPPING SecurityRisk : Medium (About) Remote Exploit : Yes Local Exploit : Yes Victim interaction required : No Credit : Maksymilian Arciemowicz Affected Software (verified): - - OpenBSD 4.7 - - NetBSD 5.0.2 - - FreeBSD 7.3/8.1 - - Oracle Sun Solaris 10 - - GNU Libc (glibc) Affected Ftp Servers: - - ftp.openbsd.org (verified 02.07.2010: "connection refused" and ban) - - ftp.netbsd.org (verified 02.07.2010: "connection limit of 160 reached" and ban) - - ftp.freebsd.org - - ftp.adobe.com - - ftp.hp.com - - ftp.sun.com - - more more and more Affected Vendors (not verified): - - Apple - - Microsoft Interix - - HP - - more more more Exploit Download :  https://www.exploit-db.com/exploits/15215/

Netherlands-based Rabobank down under DDoS attack ! The internet and mobile banking services of Netherlands-based Rabobank were crippled by a distributed denial of service attack yesterday. The attack sent the banking services offline but did not affect Australian operations, according to the bank. "Currently many of our clients experienced [difficulty] when using internet banking," the bank wrote in a statement. A large range of network traffic [has] to do with an attack in the form of a DDOS." The perpetrators of the attacks were unknown, and the bank has not said if they were behind a seperate DDoS attack in Feburary. A Dutch anarchist group called the Conspiracy Cells of Fire claimed responsibility for the Feburary attacks in a communique but the Dutch domestic intelligence service AIVD said the claim was a hoax. The bank has issued an apology on its Dutch website and moved to assure customers that account information had not been compromised.

Google Hack DB Tool is a database tool with almost 8,000 entries. It allows administrators the ability to check their site for vulnerabilities based on data stored in Google. With this tool you can find out if your website has indexed vulnerabilities in google. This can lead to sensitive information disclosure. This way you can find out what google knows about you. 7974 entries (Including 4203 for SQL Injection) So be sure to scan your IP addresses frequently and eliminate all vulnerabilities. Features of the Google Hack DB Tool: Find information disclosure. Find sensitive files. Find sensitive directories. Find vulnerable software. Find personal information. Download Google Hack Database Tool v1.1 here

Hack your Sony PSP : ISO Tool v1.975 Released ! So I don't know if you're familiar with the latest version of Takka's ISO Tool or not, but I just downloaded it after reading about this "Fake NP data" feature. While I'm not 100% clear, mainly because of the poor Google Translation, it seems v1.975 can patch EBOOT.BIN game files, NPDRM'ing ISOs to appear as downloaded PSN content, letting you load 'em up … possibly without HEN or CFW? And that's what I'm not clear on. I've been playing with ISO Tool v1.975 on my PSPgo… I have a few legitimately purchased games from PSN installed; however, my PSP isn't "activated" (that's another story) and I can't activate it with PSN being down, thus I'm stuck with error 8010850F ("To use this content, you must activate the system."). But here is how it works anyway: Load up ISO Tool Press [Triangle] to bring up the SYS MENU Select "Make fake_np data File." Browse to and press [Cross] on a PSN-downloaded directory Select "Yes" to start the ...

USB Immunizer : Anti-Malware Tool Against Autorun Viruses The USB immunizer is BitDefender's response to this growing issue. Autorun-based malware has been atop of the worldwide e-threat landscape, with notorious representatives such as Trojan.AutorunInf, the Conficker worm (Win32.Worm.Downadup) or Worm.Autorun.VHD. Have to agree on that, many of us get infected buy some silly malware simply by plugin in our friends or neighbours USB , DVD etc… Introduced back in the Windows XP era to facilitate software installations from CD-ROM media for non-technical computer users, the Autorun feature has rapidly become the infection vector of choice for cyber-criminals. The Immunize option allows you to immunize your USB storage device or SD card against infections with autorun-based malware. Even if your storage device has been plugged into an infected computer, the piece of malware will be unable to create its autorun.inf file, thus annihilating any chance of auto-launching itself. Th...

( #SOE ) Sony hit with second attack, loses 12,700 credit card numbers ! Sony loses 12,700 credit card account numbers, 24.6 million accounts compromised Following up on this morning's news that Sony Online Entertainment servers were offline across the board, Sony Online Entertainment announced that it has lost 12,700 customer credit card numbers as the result of an attack, and roughly 24.6 million accounts may have been breached. The company took SOE servers offline after learning of the attack last evening, and today detailed the unfortunate results: "approximately 12,700 non-US credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, the Netherlands, and Spain" were lost, apparently from "an outdated database from 2007." Of the 12,700 total, 4,300 are alleged to be from Japan, while the remainder come from the aforementioned four European coun...

Hackers exploit Bin Laden death on Facebook ! A tip to the newbies starting out, reads a post from a man at the Black Hat World forums, now's a good time to make some money out of Bin Laden's death. The news is awash with reports about Bin Laden shot by the US and then buried at sea. Twitter and Facebook are full of either jokes, or ghoulish approval of the death of the international terrorist. One poster says it's time to monetise the reports, "NOW!" There are four easy steps, he says. Tap into the collective hive-mind of the patriotic American by starting a fan page, "something like Osama Bin Laden Dead - Rot in Hell". Next, invite people. Watch it go viral, you'll "probably get 90% USA FB users." Then, crucially, save it so you can promote a product later on. Source : https://www.hackinthebox.org

Cyber Detective & Cyber Force Hacked By Shadow008 (PakCyberArmy) Sites Hacked : https://cyber-detective.net/ Mirror :  https://legend-h.org/mirror/155370/cyber-detective.net/ Sites Hacked : https://cyberforce.in/ Mirror :  https://zone-h.com/mirror/id/13600854

300 Sites HAcked by JUMBO ! Hacked Sites https://pastie.org/1857596 mirrors: https://pastie.org/1857705

Source Code is the New Hacker Currency ! No doubt you've been paying attention to the data breaches pile up lately... but have you noticed a trend? If you wade through the hype and hyperbole, dig into the details of the most prolific intrusions in recent history you'll notice one thing that shines like a neon sign. "Source code" is the new hotness on the hacker market. It's quite interesting to see this evolution primarily because many of us are used to defending the 'endpoints'... because that's where the data is, right? I think we may be seeing a shift here. Much like the tectonic plates that cause earthquakes, there are some though-forces that are currently colliding deep under the surface and may cause certain mayhem. "There are no borders" For many years now, much like you I've been reading articles and hearing talks about how the enterprise attack surface is fractured and splintered -causing an ever-increasing opportu...

Hacker posts screenshot of sex video on SPAD website ! The Land Public Transport Commission (SPAD) website was hacked yesterday and a screenshot of the controversial sex video allegedly involving a top politician was posted on its main page. Appearing on the website were two images, one depicting the alleged politician in the sex video and the other of Opposition Leader Datuk Seri Anwar Ibrahim after court proceedings, with the shots time-stamped Feb 21 and Feb 22 respectively. A check by The Star showed that the website, www.spad.gov.my was also inaccessible to users. Accompanying the images was an address link to controversial blogger PapaGomo (Powered by Papa Gomo www.papagomo.com) which featured clips of the sex video after it surfaced on online portal YouTube. It was believed that SPAD was the only government agency website to be hacked and defaced. The website was restored at about 7pm. SPAD chairman Tan Sri Syed Hamid Albar expressed surprise and regret that the ...

Bahrain says Iranian hackers hit government website Bahrain's authorities said late Saturday that Iranian hackers hit a government website. In retaliation, the Bahrain Chamber for Commerce and Industry is urging a boycott of Iranian goods, The Associated Press reported. According to the government Bahrain News Agency, Iranian computer hackers tried to access the official website of the Housing Ministry in attempts to seek data on aid recipients. But the agency gave no further details, although the hacking could be conceivably linked to Shiite allegations that a disproportionate share of housing aid goes to Sunnis. To retaliate, the Bahrain Chamber for Commerce and Industry called for a countrywide boycott of all Iranian goods and services because of "blatant interference in Bahrain's domestic affairs and threats to the kingdom's national security." The chamber also appealed for other nations in the six-member Gulf Cooperation Council to join the proposed embargo. "It will ...