The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Qubes OS  : An Operating System Designed For Security Qubes is an open source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers. In the future it might also run Windows apps. Key architecture features: Based on a secure bare-metal hypervisor (Xen) Networking code sand-boxed in an unprivileged VM (using IOMMU/VT-d) No networking code in the privileged domain (dom0) All user applications run in "AppVMs", lightweight VMs based on Linux Centralized updates of all AppVMs based on the same template Qubes GUI virtualization presents applications like if they were running locally Qubes GUI provides isolation between apps sharing the same desktop Storage drivers and backends sand-boxed in an unprivileged virtual machine(*) Secure system boot based on Intel TXT(*) Download Qubes Os

AnDOSid the DOS tool for Android A new product released by SCOTT HERBERT  for Android mobile phones,Its  AnDOSid  - the DOS tool for Android Phones. The rise of groups like Anonymous and LuzSec, as well as constant India / Pakistan cyberwar has raised the issue of cyber-security high(er) in the minds of web owners. Pentesting tools exist to simulate such attacks and help website security people defend against them, however for the most part they currently only exist for desktop computers. Mobile phones have, over the last few years, grown from simple devices that send and receive calls to mobile computing platforms which can be purchased for less than $100 a device. AnDOSid fills that gap, allowing security professionals to simulate a DOS attack (An http post flood attack to be exact) and of course a dDOS on a web server, from mobile phones.  AnDOSid is actively being developed and I welcome feedback from the security community as to how you would ...

XCode SQLi/LFI/XSS and Webshell Scanning tool XCode Exploit – Vulnurable & webshell Scanner help you to gather the dorks Link from Google. then you may check the results if its Vulnurable to exploit with SQL injection commands, LFI,and XSS. And You may hunt the webshells those uploaded. Download Here [ Source ]

Iranian Man-in-the-Middle Attack Against Google certificate Recently discovered attempts of an SSL man-in-the-middle attack against Google users - spotted by a number of Iranian Internet users - have revealed that Dutch Certificate Authority DigiNotar has issued an SSL certificate for all *.google.com domains. What's worse than discovering that someone has launched a man-in-the-middle attack against Iranian Google users, silently intercepting everything from email to search results and possibly putting Iranian activists in danger? Discovering that this attack has been active for two months. " This is a wildcard for any of the Google domains ," said Roel Schouwenberg, senior malware researcher with Kaspersky Lab, in an email interview Monday. " [Attackers] could poison DNS, present their site with the fake cert and bingo, they have the user's credentials ," said Andrew Storms, director of security operations at nCircle Security. As the problems with the ...

South Korean domain registrar Gabia hacked,100000 domains and 350000 users data exposed ! Gabia a South Korean domain registrar was hacked on Saturday, affecting the online connection with 100,000 registered domains, according to a report Monday by the Korea Herald. This hack exposing over 100,000 domains and 350,000 users data. The information included names, user IDS, passwords and registration numbers.The website of HSBC Korea was also hacked, paralysing it for over an hour leaving customers unable to access their online banking. There have been 6,000 hacking incidents reported to the state-run Korea Internet Security Agency this year, according to the report. The hacker, known as ' TG ' defaced pages with their Twitter account and picture. It is thought in some cases, data may have been stolen and widespread disruption to services caused. South Korea has suffered many hacks as of late with many concerned at the security of one of the world's most Internet-connected c...

XSS Vulnerability in MSN.com XSS Vulnerability (Cross Site Scripting) in MSN discovered by TeamDX  . Vulnerable Link  is also shown in image.  Last week One of the Security Researcher "Juan Sacco (runlvl)" - Insecurity Research Labs expose the Cross Site vulnerability (XSS) in Bing.com Search Engine.

A Security expert at Italian security firm AIR Sicurezza Informatica has claimed that Google's servers vulnerability allows a hacker to exploit the search giant's bandwidth to launch a distributed denial-of-service (DDoS) attack on any targeted server. On the IHTeam Security Blog , the author of the discovery demonstrates users can make Google's servers act as a proxy to fetch content on their behalf.  Quatrini has written a shell script that will repeatedly prompt Google's servers to make requests to a site of the attacker's choice, effectively using Google's bandwidth rather than their own, in an effort to prevent it from functioning. The advantage of using Google and make requests through their servers, is to be even more anonymous when you attack some site ( TOR+This method ) and the funny thing is that apache will log Google IP addresses. But beware: gadgets/proxy? will send your ip in apache log, if you want to attack, you'll need ...

Hacking a Facebook Account using Facebook Many of us know that phishing is also a trick to hack a facebook and session hijicking but hacker can do both at a same time. This vulnerability was happened on Facebook (static FBML) .Example here  . Here you can get that Facebook FBML script :  https://pastebin.com/REmvjkRN What user will do ?? 1. Checks for the URL. 2. Checks for which year the page was create. Is it easy to fool the people? Yes, by creating a new page in facebook in such way that user has to beliveness. How its work?? 1.Once the user clicks the link the session(cookies) where stolen by the hacker using That he can login any users account without a username and password 2. usually the users will check for the URL once it was known 1 they can enterning a userename and password. 3.After hitting the button Test your Password , Page will reflect a Thankyou Msg and it will popup with a paswd Rank 4. Check ur email spam there must a email on this and ...

19 years old iPhone hacker Nicholas Allegra (comex) joins Apple 19 years old iOS hacker Nicholas Allegra, better known online as comex, has taken up an internship position at Apple, the company whose devices he has helped jailbreak for the past several years. Comex is most well known for building the one click iPhone jailbreaking site JailBreakMe.Com . This allows iPhone users to simply visit the site and click "install" to jailBreak and install Cydia . Allegra tweeted the news on Thursday, saying that he'd been pretty bored lately and that he'll start at Apple in two weeks. Jailbreakers say that they want to have more control over their phones, and programs like those Comex produces help iPhone users circumvent some of the strictures of Apple's iOS system. The programs also can cause security issues if programmers with more sinister intentions use them. From that angle, it's a great idea for Apple to take Comex on board. He definitely knows the holes in Apple's systems a...

Morto Worm spreading via Remote Desktop Protocol Organizations large and small often make use of Remote Desktop or Terminal Services to remotely connect to Windows computers over the Internet and internally. These tools use Microsoft's RDP protocol to allow the user to operate the remote system almost as if sitting in front of it. Such capabilities are helpful for not only legitimate users, but also for attackers. F-Secure is reporting that the worm is behind a spike in traffic on Port 3389/TCP. Once it's entered a network, the worm starts scanning for machines that have RDP enabled. Vulnerable machines get Morto copied to their local drives as a DLL, a.dll, which creates other files detailed in the F-Secure post. The emergence of this worm correlates with the increased volumes of TCP port 3389 traffic, reported by SANS Internet Storm Center a few days prior to the F-Secure report: The propagation approach employed by " Morto " is often used by penetration testers and human at...

INSECT Pro 2.7 - Penetration testing tool download INSECT Pro 2.7 - Ultimate is here! This penetration security auditing and testing software solutionis designed to allow organizations of all sizes mitigate, monitor and manage the latest security threats vulnerabilities and implement active security policies by performing penetration tests across their infrastructure and applications. This is a partial list of the major changes implanted in version 2.7 - Available targets now has a submenu under right-click button - Check update function added in order to verify current version - Threading support for GET request - Module log added and functional - Sniffer support added - 50 Remote exploits added - Project saved on userland - Application Data special folder - Executed module windows added and functionality for it - AgentConnect now use telnetlib DOWNLOAD INSECT Pro 2.7

Orange.fr hacked, Database and site source code leaked Anonymous Hacker Hack Orange.Fr and upload the database and Site source code backup on file sharing site. Data leaked on twitter. Orange is the brand used by France Télécom for its mobile network operator and Internet service provider subsidiaries. It is the fifth largest telecom operator in the world, with 210 million customers as of 2010. The brand was created in 1994 for Hutchison Telecom's UK mobile phone network, which was acquired by France Télécom in August 2000. In 2006, the company's ISP operations, previously Wanadoo, were also rebranded Orange. Orange is now the unique commercial façade of almost all France Telecom services. Orange France was incorporated in 2005 and has its headquarters in Arcueil, France. Today UK Police has Charge another alleged Anonymous member in Hacking Cases. A student has been charged with involvement in cyber attacks by the hacking group Anonymous against companies that wi...