The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Multiple SQL Injection Vulnerabilities on CNN website Exposed Yes ! CNN is also not Secure site, There are Multiple SQL Injection Vulnerabilities on CNN News site exposed by Hacker named " Sec Indi ". CNN.com is among the world's leaders in online news and information delivery. Staffed 24 hours, seven days a week by a dedicated staff in CNN's world headquarters in Atlanta, Georgia, and in bureaus worldwide, CNN.com relies heavily on CNN's global team of almost 4,000 news professionals. CNN.com features the latest multimedia technologies, from live video streaming to audio packages to searchable archives of news features and background information. The site is updated continuously throughout the day. SQL Injection Vulnerable Links : 1.)  https://cgi.money.cnn.com/tools/collegecost/collegecost.jsp?college_id='7966 2.)  https://cgi.money.cnn.com/tools/fortune/compare_2009.jsp?id=11439' Screenshots Submitted By Hacker : SQL Injection Vulnerabili...

Air India unit - Centaur Hotels website insecure - Passports, ID's, credit cards data at Risk Website of Centaur Hotel at IGI airport New Delhi -   https://centaurhotels.com/ used to upload customer data like  passport, pan card, credit card and other forms of personal identification of their guests staying at New Delhi IGI airport property, Data in an hidden indexed directory on the website as shown above. The Centaur Hotels is a unit of the Hotel Corporation of India, which is a wholly owned subsidiary of India's national carrier Air India which in turn is 100% owned by the Government of India. This Security failure is disclosed by Bangalore Aviation. Capt. Samarth Singh claimed the website was under the control of another company for the last year and was handed over him only one week ago. He said " The website has been under the direct control and jurisdiction of S. Naidu Pvt. Ltd. for the last one year. During this period Hybrid Content site credit has ...

Libyan Satellite TV Website Hacked by Ktkoti and Most of Libyan media sites down ! The web site of the Libyan Revolutionary Committees Movement's newspaper Al-Zahaf Al-Akhdar (The Green March) is also offline, as is New Libya TV. A radio station set up and apparently owned by Sayf-al-Islam al-Qaddafi, https://www.allibiya.fm is offline , and the Libyan satellite channel's web site www.allibiya.com has been defaced , and its Facebook page taken over. Allibya.tv another domain for Sayf's media empire is also offline . Sayf-al-Islam's Charity Foundation, which has changed its domain name also at least 3 times and failed to build any audience, the latest listed as being https://www.gicdf.org is also offline, and the Twitter and Facebook accounts of Sayf-al-Islam al-Qaddafi have also been taken over. Many other Libyan web sites are "off air" having been removed either by threats against providers, defections, or various incompetence. All the sites ...

Indishell.net forum Hacked by Pakistan hackers Indian Hackers forum, Indishell.net has been hacked by Pakistani hackers. This is not that orginal Indishell hackers group of India. The domain is somewhere similar to them. Paki Hackers Provide More details here https://pastebin.com/k0XYZQCW .They also dump the  Database https://www.mediafire.com/?fduf6fltqdsv2f0 . Archive password:- pakistan Other mirrors:  https://mirror.sec-t.net/defacements/?id=42923 https://legend-h.org/mirror/180393/indishell.net/

ADAG Group Chairman Anil Ambani 's email under phishing attack Some Unknown hackers attempted a phishing attack in May on Anil Dhirubhai Ambani Group (ADAG) Chairman Anil Ambani's email ID. The hacking case is now being investigated by the cyber crime cell of Mumbai police after ADAG officials registered a complaint. The incident took place on May 8, when Ambani received an email that appeared to have been sent by a journalist of international newswire service Bloomberg. The hacking attempt was revealed when the corporate communication department got in touch with the reporter and he denied sending any such mail.

Pakhackerz.com hacked by Indishell and database dumped Pakistani Hackers Forum at Pakhackerz.com has been hacked by Indian hackers group " Indishell ". Indishell Release a Message on Pastebin  and also dump the whole database of Pakhackerz.com for download . 

Interview with Anonymous ( Anony_ops OR Anon_Central ) Note : The Interview is taken from The Hacker News Magazine June Edition - Total Exposure .You can Download all THN Magazine editions from here . Anonymous is the political movement of change for the 21st century. Anonymous can and certainly will accomplish what many other political and peace movements of the past could not. When corruption, destruction and mayhem strikes from governments or corporations it is the goal of anonymous to awaken that entity and the public that a change must occur. We must understand that the Anonymous who strives for political change and world peace must be free to work without the mistrust and misdeeds of others who tarnish their good work. Anonymous is the gift we have been waiting for. Honest and trustworthy persons working hard on our behalf for the betterment of mankind.The Anonymous ,Need of  21st century, Let's Talk with Anony_ops ,Now known as Anon_Central on Twitter : THN : Who i...

Sega Pass customer datails hacked, LulzSec wants to Help Sega ! Sega has told gamers that some of their personal information may have been stolen following an attack on its systems. E-mail addresses and dates of birth stored on the Sega Pass database were accessed by hackers. But payment information, such as credit card numbers, remained safe as it was handled elsewhere, Sega said . The hacking group Lulz Security appeared to deny involvement, despite leading a wave of recent cyber attacks. " @Sega - contact us. We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down, " the hacking group posted on its Twitter feed . No hacker group has claimed responsibility for the attack so far. Although, a number of recent attacks on game companies and their online services are credited with LulzSec, its denial of the credit has brought in a twist of events. " We have identified that a subset of SEGA Pass members' ema...

THC-HYDRA v6.4 - Fast network logon cracker  THC-HYDRA is a very fast network logon cracker which support many different services. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD and OSX. Changelog for thc-hydra v6.4 Update SIP module to extract and use external IP addr return from server error to bypass NAT Update SIP module to use SASL lib Update email modules to check clear mode when TLS mode failed Update Oracle Listener module to work with Oracle DB 9.2 Update LDAP module to support Windows 2008 active directory simple auth Fix to the connection adaptation engine which would loose planned attempts Fix make script for CentOS, reported by ya0wei Print error when a service limits connections and few pairs have to be tested Improved Mysql module to only init/clo...

SAMHAIN v2.8.5  - intrusion detection system The samhain open source host-based intrusion detection system (HIDS) provides file integrity checking and logfile monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. It has been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host. The official change log: For the kernel check, the configure script should now detect if /dev/kmem exists but is dysfunctional. Also, a bug in the samhain_kmem kernel module has been fixed. The LogmonMarkSeverity option has been fixed Timeserver response is cached now for one second The Unix entropy gatherer supports /opt/local/bin now A compile time option has been added to disable the expansion of $(shell command) in the configuration file. Also, the signature of a signed ...

HP computers FTP hacked by HexCoder UPDATE : We have verified that this is just a anonymous FTP user access to ftp.hp.com . There is nothing like hack. Pakistani hacker HexCoder may try this to get attention. Anyway the access is available for all with : Host : ftp.hp.com Username : anonymous Password : anonymous Just Now we ( The Hacker News ) got a mail from Pakistani hacker named " HexCoder " . He Claim to hack FTP of HP computers at ftp.hp.com .  Statement about this Hack by Hacker  HexCoder, " I have done this by getting access to FTP successfully.All this by just mere stupidity!Oh and I will not share their database because its too big (9 GB) ". About a month before , ACER hacked because of their own stupidity , and this time HP computers.

ClubHack: CHMag Issue 17th, June 2011 Download Contents of this Issue:- Tech Gyan - Pentesting your own Wireless Network Tool Gyan - Wi-Fi tools Mom's Guide - Wireless Security - Best Practices Legal Gyan - Copyrights and cyber space Matriux Vibhag - Forensics with Matriux Part - 2 Poster of the month - Can you cage a Wi-Fi signanl ? Direct Download