The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

#Anonymous : Now is the Time to evolve or Die Anonymous was formed and birthed on the internet message board 4chan in 2003. The moniker Anonymous was derived as homage to 4chan. At the time, if someone posted to 4chan's forums and no name was given then the post was credited to "Anonymous". Seizing onto the premise or the idea that actions can be taken anonymously by the lesser or powerless "Anonymous" moved beyond 4Chan and morphed into sometime larger and more potent. The original premise of "Anonymous" appeared to be a limited but noble idea; attempting to keep the internet open and free because governments and corporations were earnestly trying and demanding limits and restrictions to the freedom of expression on the internet. To date "Anonymous" has remained a banner that many channers, as well as hacktivists and IRC users, post under and are loosely grouped together. Allied under the umbrella of "Anonymous" with no real command structure in the group, "Anonymous" rem...

Bangladesh Supreme Court website hacked The official website of the Supreme Court was hacked yesterday.Information technology experts of the court, however, recovered it around 8:00pm. According to the message posted on the site, the hackers identified themselves as " Bangladeshi UnderGround Hacker 3xp1r3 Cyber Army ".They, however, claimed that all the data is safe and not being tampered with or deleted." Some other hackers are trying to hack Bangladeshi sites!! And delete all the data !! (sic), " they warn. Head of IT department of the apex court Quddus Zaman confirmed the restoration of the site, www.supremecourt.gov.bd. Earlier, Supreme Court registrar A K M Shamsul Islam told , " A person from Singapore called me up in the morning and said the website of the Supreme Court has been hacked. Several others also phoned me later and complained about it ."

Burp Suite Pro v1.4.03 released - CSRF generator, SSL strip Added There is a new CSRF generator, which produces proof-of-concept HTML for generating virtually any HTTP request. You can access this feature by right-clicking any item within Burp, and using the engagement tools context menu to select "generate CSRF PoC". Some useful features are: Support for all form encoding types: standard URL encoding, multipart encoding, and plain text encoding. Auto-detection of the optimal encoding type, with manual override. Ability to edit both the request and response in-place, to fine tune attacks. In-browser testing, by pasting a URL into your browser that will cause Burp Proxy to serve up the CSRF PoC in its response. Download/Buy from here

Possible Credit Card Theft in Steam Website Hacking Valve CEO Gabe Newell has contacted all users of the Steam game distribution platform to let them know that the company has suffered a security breach. Right before going offline, users saw a new category in the forum that directed them to open a site named "Fkn0wned." Many users also complained that their email ids related to Steam accounts were "spammed with ads for the web site. Valve recommends all users to keep closely watched the activity of their credit cards because the hackers had access to that information during the attack. Forums Steam are closed for the moment, but the program itself is running. " We have no evidence that the numbers encrypted credit card or personal identifying information was taken by intruders, or the protection of card numbers or passwords have been cracked . We are still investigating , "Newell wrote. " At the moment we have no evidence of misuse of credit cards b...

Operation Ghost Click by FBI - Online advertising scam taken Down A gang of internet 'cyber bandits' who stole $14 million after hacking into at least 4 million computers in an online advertising scam have been arrested following a joint investigation by the FBI and Nasa. Six men are in custody in Estonia, pending extradition to the United States, following a two-year investigation into an " intricate international conspiracy " that " hijacked " millions of computers around the world and stole more than US$14-million. The FBI's two-year investigation was dubbed "Operation Ghost Click". Computers in more than 100 countries were infected by the "DNSChanger" malware, which redirected searches for Apple's iTunes store to fake pages pretending to offer Apple software for sale, as well as sending those searching for information on the U.S. Internal Revenue Service to accounting company H&R Block, which allegedly paid those behind the scam a fee for each visitor...

myOpenID XSS : One of the Largest OpenID provider is Vulnerable One of the One of the Largest Independent OpenID provider " myOpenID " is Vulnerable to Cross Site Scripting (XSS) ,Discovered by " SeeMe " - Member of Inj3ct0r Team. Cross Site Scripting (or XSS) is one of the most common application-layer web attacks. What Hacker can do - "The attackers can steal the session ID of a valid user using XSS. The session ID is very valuable because it is the secret token that the user presents after login as proof of identity until logout. If the session ID is stored in a cookie, the attackers can write a script which will run on the user's browser, query the value in the cookie and send it to the attackers. The attackers can then use the valid session ID to browse the site without logging in. The script could also collect other information from the page, including the entire contents of the page". Proof Of Concept - Click Here

CrySyS Duqu Detector Open source Toolkit Released Two weeks ago Researchers at the Laboratory of Cryptography and System Security (CrySyS) in Hungary confirmed the existence of the zero-day vulnerability in the Windows kernel , according to security researchers tracking the Stuxnet-like cyber-surveillance Trojan. The Laboratory of Cryptography and System Security (CrySyS) has released an open-source toolkit that can find traces of Duqu infections on computer networks.The open-source toolkit, from the Laboratory of Cryptography and System Security (CrySyS), contains signature- and heuristics-based methods that can find traces of Duqu infections where components of the malware are already removed from the system. They make a release that " The toolkit contains signature and heuristics based methods and it is able to find traces of infections where components of the malware are already removed from the system.The intention behind the tools is to find different typ...

w3af v.1.1 - Web Application Attack and Audit Framework Released w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. To read our short and long term objectives. w3af is much more than a piece of software, w3af is a community that breathes Web Application Security. Change Log: * Considerably increased performance by implementing gzip encoding * Enhanced embedded bug report system using Trac's XMLRPC * Fixed hundreds of bugs * Fixed critical bug in auto-update feature * Enhanced integration with other tools (bug fixed and added more info to the file) Download Here Get Video Tutorial and Help to Use w3af here

Cross Site Scripting Vulnerability in Speed Bit Search Engine Debasish Mandal, A hacker from India , Found that there is a XSS through JavaScript Injection vulnerability in the Home page of Speed Bit Search Engine.The XSS filter is filtering normal html /script /iframe tags but XSS can be achieved by injecting JavaScript event "onmouseover()".Technical Description is below. Debasish have reported the vulnerability to the Speed Bit Team but haven't yet got any response from their side. Proof Of Concept: 1) Visit this URL https://search.speedbit.com/?aff=grbr" onmousemove="alert(document.cookie) 2) Bring mouse cursor over the hyperlink shown in the image and you should see a POP up box showing the browser cookies. Submitted By :  Debasish Mandal, India.

Computerized Prison doors hacked with vulnerabilities used by Stuxnet worm Security holes in the computer systems of federal prisons in the United States can effectively allow hackers to trigger a jailbreak by remote control. The discovery of the Stuxnet worm has alerted governments around the world about the possibility of industrial control systems being targeted by hackers. A team of researchers with John Strauchs, Tiffany Rad and Teague Newman presented their findings at a recent security conference. They said the project wasn't really all that difficult -- it just took a little time, some equipment bought online and a basement workspace. The idea for the research came about from work that Strauchs had done previously. " I designed a maximum security prison security system. That is, I did the engineering quite a few years ago and literally on Christmas Eve, the warden of that prison after it was occupied, called me and told me all the doors had popped open, including ...

UMP French Political Party got hacked & personal information leaked The personal data of several political parliamentarians, ministers, Minister of UMP French Political Party employees were released online by an unknown source. The leak contain the details of  Bernard Accoyer, Lionel Tardy, Jean Tiberi, Georges Tron, Christian Vanneste, Jean Luc Warsmann, Laurent Wauquiez, Michèle Alliot-Marie, Patrick Balkany, Jean Francois Cope, etc.. Korben  publish  that , The leak available in 4 files posted on Pastebin under the name " French Right Wing Hacked "which includes personal information on over 1000 frames of the UMP. Database Dumps: -  https://pastebin.com/kpGWv9qD -  https://pastebin.com/WG7Ffh5t -  https://pastebin.com/jWA4RkCG -  https://pastebin.com/9tcqrFBX The first four of these files reveals all the potential variables specified for each record. Status, title, date and place of birth, education, employees, telephone numbers, business ...

Anonymous Hackers hack neo-Nazis website & leak personal info of 16,000 Finns Anonymous Hackers have successfully hacked the neo-Nazi website and published the database of its 16000 membership application database containing personal data of some applicants from all around the country. The hack was motivated by an apparent desire to shame the Finnish government into improving data security. In a Statement Anonymous says " We have no tolerance for any group based on racial, sexual and religion discrimination as well as for all the people belonging to them and sharing their ideologies, which is the reason why we decided to carry out last Monday's attack. ". Authorities are investigating the security breaches, according to an online message attributed to Anonymous Finland. According to the Helsingin Sanomat, the published information seems stolen from several sources: the Work Efficiency Institute, Student Alliance Osku, WinNova Länsirannikon koulutus Ltd, and Adu...