The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Mysql.com hacked, serving BlackHole exploit malware MySQL.com website is currently hacked and compromised with a JavaScript malware (and serving malware to anyone visiting it). The mysql.com website is injected with a script that generates an iFrame that redirects the visitors to http://truruhfhqnviaosdpruejeslsuy.cx.cc/main.php, where the BlackHole exploit pack is hosted. " It exploits the visitor's browsing platform (the browser, the browser plugins like Adobe Flash, Adobe PDF, etc, Java, ...), and upon successful exploitation, permanently installs a piece of malware into the visitor's machine, without the visitor's knowledge ," say the researchers. " The visitor doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection." It is, of course, impossible to say who the attackers are. The domain reached through the iFrame is registered to one Christopher J Klein from Miam...

USA Today Twitter Account Hacked By Script Kiddie A group calling itself “ The Script Kiddies ” hacked USA Today’s Twitter account this weekend and used it to solicit requests for future targets and even to promote its own Facebook page. Although this recent hack seems like more of a childish prank, this group is being taken seriously by the FBI due to its earlier hacks involving false terrorism claims posted to NBC’s Twitter account. USA Today quickly regained control of the compromised feed. " @usatoday was hacked and as a result false tweets were sent. We worked with Twitter to correct it. The account is now back in our control ," it said. " We apologize for any inconvenience or confusion caused to our readers and thank you for reading @usatoday ." It’s possible that the new USA Today hack involved a spyware Trojan horse, like the earlier NBC hack did. For the NBC hack, NBC News’s director of social media Ryan Osborn could have received a Trojan horse conta...

[Hurry Up] Hacker Halted 2011 Special Offer For The Hacker News Readers Special for all The Hacker News subscribers (Offer ends Sep 30, 2011) Attend EC-Council's signature event in Miami - Hacker Halted USA - and  Get an iPad 2 + 2 nights hotel +  an additional 10% discount , when signing up for the conference pass at public prevailing rates, or for selected training. Held at the Intercontinental Miami from Oct 21 - 27, Hacker Halted USA will feature some of the best infosec superstars including  Bruce Schneier (Internationally acclaimed security guru), Philippe Courtot (Chairman - Qualys), Jeremiah Grossman (CTO - WhiteHat Security),  George Kurtz (Global CTO - McAfee), Dr. Charlie Miller (Accuvant), Moxie Marlinspike, Barnaby Jack and many others. There are a total of more than 70 speakers this year, and a very comprehensive agenda covering the major hot topics surrounding information security across 4 dedicated tracks. There is also a wide sele...

Facebook track your cookies even after logout ! According to Australian technologist Nik Cubrilovic: ' Logging out of Facebook is not enough .' He added, Even after you are logged out, Facebook is able to track your browser's page every time you visit a website. He wrote in his blog ' With my browser logged out of Facebook, whenever I visit any page with a Facebook like button, or share button, or any other widget, the information, including my account ID, is still being sent to Facebook. ' After explaining the cookies behavior he also suggested a way to fix the tracking problem: ' The only solution to Facebook not knowing who you are is to delete all Facebook cookies.'

Official websites of 7 major Syrian city hacked by Anonymous for #OpSyria Official websites of 7 major Syrian city hacked by Anonymous hackers as part of hacktivists Anonymous' Operation Syria (  #OpSyria ). Anonymous has replaced the home pages of official Syrian websites with an interactive map of Syria, showing the names, ages and date of deaths of victims of the Syrian regime since the protests started in March. They call it  Martyrs of Freedom (March - October 2011).  The figure 2,316 commemorates the number of Syrians killed by the Syrian regime since anti-Assad protests started in Syria in March. The victims' names, ages and dates of death appear as you hover over the map of Syria. Hacked sites: http://tartous-city.gov.sy/ http://deirezzor-city.gov.sy/ http://palmyra-city.gov.sy/ http://homs-city.gov.sy/ http://aleppo-city.gov.sy/ http://latakia-city.gov.sy/ http://old-damascus.gov.sy/

Ani-Shell v1.4 Released With Python - Bind Shell , Anti-Crawler Feature and MD5 Cracker Ani-Shell is a simple PHP shell with some unique features like Mass Mailer , A simple Web-Server Fuzzer , a DDoser , A MD5 hash Cracker , Python and PHP Bind-Shells , Anti-Crawler Features etc! This shell has immense capabilities and have been written with some coding standards in mind for better editing and customization! New Features :- MD5 Hash Cracker Python Bind-Shell Anti-Crawler Function Shell Support for some Older Servers Better CSS Whole New Logo Ani-Shell Project Page : http://sourceforge.net/projects/ani-shell/ Ani-Shell Homepage : http://ani-shell.sourceforge.net/ Default login : lionaneesh Default password : lionaneesh

700,000 sites on Inmotion Hosting Server hacked by TiGER-M@TE in one shot ! 700,000 websites hosted on InMotion Hosting network hacked by TiGER-M@TE including  Trinity FM, Blast Magazine. It was not just a server hack, actually whole data center got hacked.   List of all hacked 700000 sites are available here .  Hackers copied over the index.php in many directories (public_html, wp-admin), deleted my images directory and added index.php files where they weren’t needed. 2,00,000 websites hack mirror already Submitted to Zone-H by TiGER-M@TE . We ( The Hacker News ) talk with hacker about the hack, He claim " I hack 700000 websites in one shot, this may be a new world Record. After submitting 200,000 domains,zone-h was going down again and again and became almost unresponsive in the end.so i was unable to submit all websites.so i've listed all domains in attachment .   It was not just a server hack, actually whole data center got hacked. " In Moti...

Mac trojan poses as PDF to open botnet backdoor There's another Mac OS X Trojan out in the wild, and it might be heading your way.If you open the file, which could appear as an emailed attachment or as a Web link, the document, written in traditional Chinese ideograms, does indeed display. But a Trojan silently installs itself in the background as you try to sort out centuries-old territorial claims.The Trojan doesn't really do anything yet. But F-Secure, the Finnish security firm that discovered it, notes that it lays the groundwork for much more sophisticated attacks against Macs. The malware in question has been identified as Trojan-Dropper:OSX/Revir.A, which installs a backdoor, Backdoor:OSX/Imuler.A, onto the user's Mac. Currently, however, the backdoor doesn't communicate with anything. The command-and-control center for this particular malware is apparently a bare Apache installation, which has been sitting at its current domain since May of this year. Beca...

Singapore will setup National Cyber Security Centre Singapore has said it will boost its national capability to counter cyber security threats through the setting up of a ' National Cyber Security Centre ' in the coming months. The Centre, which will be headed by the Singapore Infocomm Technology Security Authority, will help the government deal more effectively with cyber security threats and vulnerabilities by enhancing capabilities in early detection and prevention, Deputy Prime Minister Teo Chee Hean said. In his address at the Second Singapore Global Dialogue here yesterday, Teo, who is also coordinating minister for national security and home affairs minister, said a safe and functioning cyberspace was critical to " our society, economy and national security. "

Lulzsec Hacker tracked by Proxy logs, can face 15 years prison The FBI believes that the homeless man they arrested on Thursday was "Commander X", a member of the People's Liberation Front (PLF) associated with Anonymous hacktivism. The logs maintained by HideMyAss.com, in addition to other evidence, has led to the arrest of another LulzSec member in Arizona, The Tech Herald has learned. Cody Kretsinger, 23, allegedly used the anonymity service during his role in the attack on Sony Pictures. According to HideMyAss.com, “ …services such as ours do not exist to hide people from illegal activity. We will cooperate with law enforcement agencies if it has become evident that your account has been used for illegal activities .” The service stores logs for 30-days when it comes to Website proxy services, and they store the connecting IP address, as well as time stamps for those using the VPN offerings. Emails seeking comment on HideMyAss.com’s level of cooperation with the ...

HTTPS SSL encryption Vulnerable To Crypto Attack The secure sockets layer (SSL) and transport layer security (TLS) encryption protocol, used by millions of websites to secure Web communications via HTTPS, is vulnerable to being decrypted by attackers. Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that's passing between a webserver and an end-user browser. Juliano Rizzo and Thai Duong say the vulnerability compromises TLS (Transport Layer Security) 1.0, the encryption mechanism that secures Web sites accessed using HTTPS (Secure Hypertext Transfer Protocol). TLS is the successor to SSL (Secure Sockets Layer) and is widely used at financial sites. Companies, including Google, Facebook, and Twitter, are urging the wider use of TLS on the Web. The exploit – demonstrated with a tool called BEAST – targets a flaw that could leave transactions open to attack a...

Pscan 2.0 - multi threaded TCP Syn port scanner TCP Port scanner Multi threaded with possibility to scan 65535. TCP ports on an IP address.You can specify how many threads to run and the timeout. Further more it will tell you the MAC address of the target and the service runningFor LINUX and Windows. Change Log - Added option -s for Syn scan. - Scanning made faster thanks to Syn scan - Added even more default ports - Improved error handler for Syn scan - Improved text output - Fixed minor bugs: - changed pathname to oui.txt and port-numbers.txt files - added missing call to cleanup function WSACleanup Download multi threaded TCP Syn port scanner 2.0