The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Wireless Penetration Testing Series Part 1 : Getting Started with Monitoring and Injection We had promised a while back that we would start a Wireless Security and Penetration testing series based on the SecurityTube Wi-Fi Security Expert (SWSE) course! This course is based on the popular and much appreciated book – " Backtrack 5 Wireless Penetration Testing ", So here we go . In the first two videos, the instructor gets us up and running with our lab setup – access points, victim and attacker machines, wireless cards etc. We then learn that there are 2 essential concepts which one needs to be aware of when dealing with security – ability to monitor and ability to actively prevent attacks. For monitoring, we need to be able to put our wireless cards into "promiscuous mode" so that it can gather all the packets in the air. This is called monitor mode in wireless and we can do this by using a utility called airmon-ng. For active prevention, we need the ability to inject arbitrary pac...

M86 Security detected Web exploitation attacks using AJAX Security researchers from Web filtering vendor M86 Security have detected Web exploitation attacks that use AJAX to fragment the payload into small pieces of code that are harder to detect by antivirus programs and intrusion prevention systems. The attack starts on a page that contains an unsuspicious piece of JavaScript code that is similar to that commonly found on legitimate AJAX-using websites. This code is responsible for fetching the payload in multiple chunks and assembling it back together on the client before executing it. Different pages found by M86 on the attack server exploited vulnerabilities in unpatched versions of Flash Player and Internet Explorer. Bogdan Botezatu, an e-threats analyst at antivirus vendor BitDefender said " This attack scenario definitely has its advantages: by passing the payload in several distinct chunks, the offending packets would likely avoid interception as they pass throug...

Hackers selling cheap BOTNETs and DDOS on forums The Internet has revolutionized shopping around the world. Security researchers F-Secure reported recently in a post that hackers are Selling Cheap DDOS services on Various Forums. Hackers are offering services like distributed denial of service attacks (DDoS), which can be used to knock website offline in just 1 - 2 hours / 2$ per hour. They Posted a Youtube Video in which a young woman advertises DDoS services. " We are here to provide you a cheap professional ddos service.We can hit most large websites/forums game servers.We will test the website/server before accepting your money.Due to the nature of the business we dont offer refunds. " Offer said . There is another Interesting Hacker's Shop ! Moreover, for their assaults, the hackers chiefly utilize botnets, while ignorant operators of computers remain unaware that they've gotten contaminated with malware as also being controlled remotely. " Do you wan...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

Next Microsoft Patch Tuesday include BEAST SSL fix Microsoft's first batch of patches for 2012 will include fixes for security vulnerabilities in the Windows operating system and Microsoft Developer Tools and Software. The patches will be released next Tuesday (Jan 10, 2012) at approximately 1:00 PM EST. The solitary critical bulletin in the batch fixes a remote code execution issue in Media Player. The remaining six important bulletins due next Tuesday handle the BEAST SSL issue and various information disclosure bugs, escalation of privilege issues and an update to Microsoft's SEHOP (Structured Exception Handler Overwrite Protection) technology to enhance the defence-in-depth capability that it can offers to legacy applications.  The BEAST/SSL patch was supposed to have been included in December's Patch Tuesday release but had been pulled at the last minute due to some testing problems involving a third-party vendor, according to Microsoft. Henry noted that despite all ...

Ramgen-Janelle Scandal video posted on deface page of Philippines  Premiere Bank A defaced linked of the website of the Premiere Bank Philippines which contains a video of Ramgen-Janelle Sex Video Scandal is the talk of the town and widely spread in the IRC and Facebook today. The defacer who uploaded the video claims to be kenjie miranda of h4ckz0n3.The defacer who uploaded the video claims to be kenjie miranda of h4ckz0n3 . Regarding with the case of this video which violates the ANTI- VOYEURISM LAW OF 2009, Senator Revilla Jr. already asked the National Bureau of Investigation to investigate the spread of Ramgen-Janelle intimate video. The video is already viral in torrent sites and forums sites. [ Source ]

Ping.fm vulnerable to Clickjacking (Video Demonstration)  Two Indian Hackers Aditya Gupta(@adi1391) and Subho Halder (@sunnyrockzzs) have discovered Clickjacking vulnerability in one of the famous website " Ping.FM ". Clickjacking is a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. This is based on a technique known as clickjacking ( or UI Redressing ) where an attacker could perform actions on the behalf of user by tricking the user to click on a button or perform some other action. This vulnerability was earlier seen in Twitter where it allows the status to be loaded through the GET method, and an attacker could frame the twitter webpage and trick the user to click on the tweet button, with the user thinking that its a part of the attacker's webpage. This can be disabled by setting the X-FRAME-ORIGIN method to SAME ORIG...

Hackers leak the Source Code for Symantec Product A group calling itself the Lords of Dharmaraja posted an Adobe document online Wednesday that it claimed was a glimpse of the source code for the internet security software. But Symantec spokesman Cris Paden said "no source code was disclosed" in the post, which was a 12-year-old document describing how the software worked, but not the code. Paden said Symantec continues to investigate the hackers' claim that they have source code. But now Symantec, the makers of Norton AntiVirus, has confirmed that a hacking group has gained access to some of the security product's source code. " Symantec can confirm that a segment of its source code has been accessed. Symantec's own network was not breached, but rather that of a third party entity.We are still gathering information on the details and are not in a position to provide specifics on the third party involved.Presently, we have no indication that the code disclosure...

FreeDOS 1.1 released after being in development for several years FreeDOS 1.1 has been released after being in development for several years. FreeDOS is an opensource operating system aiming to provide the same (or better) functionality as Microsoft'sold MS-DOS. Right now the main use is running old games and software, but you might encounter it on somefreshly sold computers, motherboard setup CDs, BIOS flashing diskettes, embedded hardware and other uses. Bernd Blaauw has been hard at work, updating FreeDOS distribution to include the latest packages. Bernd writes: " In its current form this new distribution is best suited as a CD-ROM disk to install FreeDOS from onto harddisk. Sources are included. It might be considered as replacement for the current 'base-only' 1.0 distributions as created by Blair and Jeremy, however it's less functional as it's missing the Live Environment part (\FDOS directory on CD). " New Version include the FreeDOS 2040 ke...

Facebook 2012 Hacker Cup announced Facebook today announced open registration for its second annual Hacker Cup, an annual algorithmic programming contest open to engineers from around the world. Programmers will be judged on accuracy and speed as they race to solve algorithmic problems to advance through up to five rounds of programming challenges. The winner will receive the title World Champion for Facebook's 2012 Hacker Cup. " Programmers from around the world will be judged on accuracy and speed as they race to solve algorithmic problems to advance through up to five rounds of programming challenges ," Facebook mobile engineer David Alves wrote. Interested participants must solve at least one problem correctly in an online qualifying round that will take place on 20 January. Three subsequent rounds will follow on 28 January, 4 February and 11 February. The top 25 will then be flown to Facebook's headquarters in Palo Alto, California, for the final round. There a...

Sony Pictures Facebook Page & Website Hacked again ! The hacking group Anonymous has confirmed that they have once again hacked Sony Pictures, gaining access to their Facebook account and website. Anonymous did threaten Sony for supporting the controversial SOPA bill and now it seems that the threats materialized. The hack hit the Sony Pictures Facebook page and its web site homepage, according to reports and tweets from those involved. Comments were left on the web pages, but have since been removed. The attacks carry the name Op Sony and were noted through the @s3rver_exe Twitter account. " #OpSony SonyPictures Hacked! by s3rver.exe , Anonnerd and N3m3515 ," says a tweet from that user, who continued, " I uploaded a @YouTube video (link removed) Sony Pictures Hacked By Anonymous. " " Your support of the act is a signed death warrant to Sony Company and Associates. Therefore, yet again, we have decided to destroy your network. We will dismantle your phanto...

From the In-Security Land to Security in the Cloud " This article aims to share with you some thoughts and concepts associated with Cloud Computing and the risks involved for those who want to venture into the benefits it offers " --  Mariano M. Río " From the In-Security Land to Security in the Cloud " will try to reflect how true it is that the cloud is dangerous or more dangerous than "land" and in turn how much of what is required to the cloud is rarely seen implemented on the ground. When companies begin their assessment to go to the cloud, the first comments are generally related to the "dangers" associated with privacy and confidentiality of information, the availability of services and other issues that represent the cloud as an undesirable place to visit. This turns out to be real, but as real as could be the situation of exposure of the information in an organization that does not have security program information or at least care with...

BackBox Linux 2.01 released The BackBox team is proud to announce the release 2.01 of BackBox Linux.The new release include features such as Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8.0. The ISO images (32bit & 64bit) can be downloaded from the following location: https://www.backbox.org/downloads What's new System upgrade Performance boost New look Improved start menu Bug corrections New sections such as Forensic Analysis, Documentation & Reporting and Reverse Engineering New Hacking tools and updated tools such as dradis 2.8, ettercap 0.7.4.2, john 1.7.8, metasploit 4.2, nmap 5.51, set 2.5.2, sleuthkit 3.2.1, w3af 1.0, weevely 0.5, wireshark 1.6.3, etc. System requirements 32-bit or 64-bit processor 256 MB of system memory (RAM) 4.4 GB of disk space for installation Graphics card capable of 800×600 resolution DVD-ROM drive or USB port