The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Samsung Data Management Server with Sql Injection Login Bypass vulnerability Here we have one more example of human stupidity. Samsung Data Management Server with Sql Injection Login Bypass vulnerability . Anyone can easy hack into admin panel of server... here a screen shot of admin panel : Sorry ! We can't Disclose the location/URL of Panel just because of security reasons. But Samsung should fix this as soon as possible !

French security firm VUPEN Say New Bugs Can Bypass Google Chrome Sandbox ! Researchers at the French security firm VUPEN say that they have discovered several new vulnerabilities in Google Chrome that enable them to bypass the browser's sandbox, as well as ASLR and DEP and run arbitrary code on a vulnerable machine. The company said that they are not going to disclose the details of the bugs right now, but that they have shared information on them with some of their government customers through its customer program. The vulnerabilities are present in the latest version of Chrome running on Windows 7, VUPEN said. VUPEN published a video (  https://www.vupen.com/demos / ) that demonstrates an attack that exploits the Chrome vulnerabilities, although there is no further clues about the bugs themselves. "The exploit shown in this video is one of the most sophisticated codes we have seen and created so far as it bypasses all security features including ASLR/DEP/Sandbox, it...

Patch for Metasploit that will enhance db_autopwn such that you will be able to Hack almost ANYTHING ! There is a small patch released , that will make your db_autopwn fully loaded and powerful . With which you will be able to hack almost anything... Lets have a look : Index: lib/msf/ui/console/command_dispatcher/db.rb =================================================================== --- lib/msf/ui/console/command_dispatcher/db.rb (revision 12572) +++ lib/msf/ui/console/command_dispatcher/db.rb (working copy) @@ -775,6 +775,9 @@ def cmd_db_autopwn(*args) return unless active? + puts 'https://www.pentest-standard.org/index.php/PTES_Technical_Guidelines' + return + stamp = Time.now.to_f vcnt = 0 rcnt = 0

Ethical Hacking Services - Appin Security hacked By 133t Indian h4x0rs ! Hacked Site 1. :  https://appinlabs.com Mirror 1. :  https://legend-h.org/mirror/157460/appinlabs.com Hacked Site 2. :  https://blog.appinonline.com Mirror 2. :  https://legend-h.org/mirror/158222/blog.appinonline.com

Scammers looking to flog cheap software have hacked Web pages on high-profile websites, including those belonging to NASA and Stanford University. NASA, just a week away from its penultimate space shuttle launch, has now removed dozens of Web pages that popped up on its Jet Propulsion Laboratory website. They were used to flog low-cost versions of Adobe's Creative Suite and other products, according to cached versions of the pages, still viewable on Google. The scammers loaded up the Web pages with nonsense text (a sample: "Edit buy adobe premiere pro cs4 some callouts and balloons to make this time it took you and saved you a long time") and links to many other hacked pages. Affected sites included those for NASA, Stanford University, Syracuse University and Northeastern University. NASA had cleaned up its site Monday, but others, including Stanford, had not. Visitors to those sites could encounter the hacked pages even if they weren't looking for cheap softwar...

Hackers release usernames, passwords of several FOX.com affiliate employees ! Hackers Post complete Usernames/Password of Fox.com users at : https://pastebin.com/zDMHmmAr

0p3nH4x #1 2011 has began - Ezine Out !

50 sites Hacked by Error boy ! Hacked sites list : https://pastebin.com/AbxTBhuE

Chambers of Milton Commerce Canada, Nribahrain online forum & YQWORLD Education Portal hacked by lionaneesh Hack Proof + Database : https://pastebin.com/fSftCzPq

SWFRETools 1.1.0 - Adobe Flash SWF file reverse engineering ! SWFRETools package contains three different tools. The most advanced tool is called Flash Dissector. It is a Java-based GUI tool you can use to inspect the binary content of SWF files. The second tool is a Java-based command-line tool called Minimizer. This tool is useful for vulnerability researchers that have a SWF file that crashes Flash Player and now they want to get rid of all parts of the SWF file that are not related to the crash. The third tool is a primitive Python-based debugger that can be used to hook and trace the Flash Player executable. Download :  version 1.1.0 of the SWFRETools on GitHub

Lahore High court to Consider Permanent Ban on Facebook ! In Pakistan, blanket bans and censorship have been a regular feature. Since 2006, there have been instances where YouTube has been blocked, and more recently, Facebook. While the pretext is national security, the protection of Islam or the interest of the greater good, political motives have almost always been behind these acts. There were many critics of those lobbying against the ban on Facebook ban in May 2010, the constant criticism being: It's just a ban on Facebook, get over it. But actually, it wasn't "just a ban." It was about how we react to blasphemy, it was about the prevalent tendency to lynch others for what they say without hearing them out properly, without verifying, without giving second chances. It was about political appeasement, the use of religion for political purposes, and it was about the unconstitutional overstepping of authority by state institutions and departments. So it was not just about Faceboo...

The Internet Systems Consortium released an advisory ( https://www.isc.org/CVE-2011-1907 ) today informing BIND users that certain types of queries to name servers can cause the servers to crash and create a denial-of-service condition. This remotely exploitable bug only affects BIND users with the Response Policy Zones (RPZ) feature configured for RRset replacement, and has a high severity rating. The RPZ feature was initially built into 9.8.0 as a mechanism for modifying DNS responses from recursive servers according to local rules or those imported from a reputation provider. RPZ is generally used for forcing NXDOMAIN responses from untrusted names or RRset replacement. When RPZ is in use, queries from RRSIG for names configured for RRset replacements will trigger assertion failures and cause the name server process to exit. There is no active exploit here, but certain DNSSEC validators are known to send RRSIG queries, which then trigger the failure. A work-around for this issu...