The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

38 Bangladesh Government sites Defaced by Indian Hackers Indians hacking Group " Indishell " took down 38 Bangladeshi government websites on Saturday, including ministry of  the ministries are communications, youth and sports, primary and mass education , Trading Corporation of Bangladesh. The Deface page include the name of hackers - Love the Risk, Amal Landhe, Lnx Root, Silent Killer . In the hacked pages, between two eyes resembling Indian flags, the hackers wrote, "We have an EYE on you. Indishell is non other that Indian Cyber Army Hacking group, who already deface most of the Pakistani Govt sites in Past.  Most of the Hacker Sites either Restored or Hosting Suspended by Providers, or Under maintenance. The Complete list of Hacked Sites and Mirrors of All hacks are listed below. Hacked Sites: https://www.www.moef.gov.bd/ https://www.mincom.gov.bd/ https://www.cga.gov.bd/ https://www.bdlaws.minlaw.gov.bd/ https://www.mopme.gov.bd/ https://www....

#FuckFBIFriday by Anonymous, cia.gov Tango Down ! Anonymous has struck again at Central Intelligence Agency, The site went down about 3:10 p.m. apparently under a massive distributed denial of service (DDOS) attack. No specific reason for the attack was announced, nor were any specific groups or individuals within Anonymous named as the attackers. Anonymous took credit for crashing the websites of the US Department of Homeland Security, which was quickly revived, and the FBI. CIA's site is still down even two hours after the attack. One of the twitter accounts affiliated with Anonymous issued a statement on the reasons of the attack: " We do it for the lulz, " referring to the popular online abbreviation " for laughs ." Two weeks ago, the online group also released the audio of a conference call between the US Federal Bureau of Investigation and Britain's Scotland Yard counterpart targeting members of the largely untraceable group. It was done as part of th...

BFT- Browser forensic tool Released by DarkCoderSc From the Developer of Famous DarkComet RAT Tool, DarkCoderSc Yesterday Release Another Interesting tool called BFT- Browser forensic tool. Browser forensic tool, is a software that will search in all kind of browser history (even archived) in a few seconds.It will retrieve URLS and Title with the chosen keywords of all matching search.You can use default example profiles or create yours, with thematic search. You can Download it from here :  BFT Download Video Demonstration: 

Iran Shutdown Google ,Yahoo & other Major sites using Https Protocol We Received latest reports from Iran ,Governments has blocked access to the major sites plus websites using certain Https protocol like Gmail, Google ,Yahoo. On the eve of the anniversary of the revolution that overthrew the country's monarchy and replaced it with an Islamic republic. At the same time nobody can even use banking websites in Iran because all of them using "Https" to encode the sensetive data . As well as Yahoo, Gmail, Google and all sites that rely on the search giant's API such as WolframAlpha. Sites such as BMI.ir , BPI.ir and Parsian-Bank.com are also apparently banned. There is Online Service  https://www.blockediniran.com  , where you can check that Is there any site blocked in Iran or Not ? We check the " google.com " as shown,but it showing that site is Working. This Condition until Esfand, next month in Persian calender after the 33rd anniversary of the Islamic Revolu...

Listen to your instincts when it comes to the web Lee Ives from Security-FAQs talk about Internet Security in January Edition of The Hacker News Magazine . When you are on the web the best thing that you can do is to go with your instincts. In real life, when we walk around, we usually go with our gut to make sure that we stay out of danger. If something does not seem right we usually "sense" it for lack of a better term. This is not something that is new. This is how we survived in the wilderness all of those many years ago. We made sure that we stayed safe by following our instincts and doing the right thing. All of these years later and that same advice still holds up to be true. But like we said in the previous paragraph, you have to worry about following your instincts when you are on the web as well. There are many different kinds of pitfalls that you can encounter when you are on the web. It doesn't matter whether it is meeting the wrong type of person or it is downloading...

THC-HYDRA 7.2 - Fast and Flexible network login Bruteforce Tool Updated One of the most famous network logon cracker – THC-HYDRA 7.2 get latest Update . Hydra is a parallized login cracker which supports numerous protocols to attack. New modulesare easy to add, beside that, it is flexible and very fast.Hydra was tested to compile on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX, andis made available under GPLv3 with a special OpenSSL license expansion. Hydra is best for Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support and is part of Nessus. Changelog v7.2 Speed-up http modules auth mechanism detection Fixed -C colonfile mode when empty login/passwords were used (thanks to will(at)configitnow(dot)com for reporting) The -f switch was not working for postgres, afp, socks5, firebird and ncp, thanks to Richard Whitcroft for reporting! Fixed NTLM auth in http-proxy/http-proxy-url module Fixed ...

63 Vulnerabilities on United Nation Website Exposed Online ! Latest Notification in The Hacker News Vault by a Hacker named " Xenu (Casi) " from r00tw0rm Team that There are  63 Blind SQL injection Vulnerabilities exist on United Nation's Website (www.un.org). Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application rather then getting a useful error message they get a generic page specified by the developer instead. This makes exploiting a potential SQL Injection attack more difficult but not impossible. An attacker can still steal data by asking a series of True and False questions through sql statements. Information purported to be stolen from the organization was posted on the site Pastebin on Thursday morning.  Martin Nesirky , a spokesperson for the Secretary General of the United Nations, confirmed the breach." A case of unauthorized access to the UN website is still being investigated ,...

Trixd00r v0.0.1 - An Invisible TCP/IP based backdoor for UNIX systems NullSecurity Team Releases " Trixd00r v0.0.1 " an advanced and invisible TCP/IP based userlandbackdoor for UNIX systems. It consists of a server and a client. The server sits and waits for magic packets using a sniffer. If a magic packet arrives, it will bind a shell over TCP or UDP on the given port or connecting back to the client again over TCP or UDP.  The client is used to send magic packets to trigger the server and get a shell. You can  Download and Use trixd00r-0.0.1.tar.gz  from NullSecurity Website. Video Demonstration : 

Hacker Hits the Embassy of Indonesia in Hungary Hacker from Team thec7crew today claim to Hack the Official Website  Embassy of Indonesia in Hungary. Hacker Hack the Database of Site also Expose various Server Parameters on Pastebin . As Database name mentioned " indone01_web " - There are 30 tables and Hacker also Extract and Expose the Admin's Emails and Passwords in Note. Reason of Hacking is Unknown, But this Hack will really effect the Security of officials at Embassy.

Android.Bmaster Exploits root access to connect to Botnet A new piece of Android malware named Android.Bmaster , first highlighted by researcher Xuxian Jiang at North Carolina State University, was uncovered on a third-party marketplace and is bundled with a legitimate application for configuring phone settings, Symantec researcher Cathal Mullaney wrote in a blog . This Malware is estimated to affect between 10,000 and 30,000 phones on any given day. The malware, mostly found on Chinese phones, works by using GingerBreak, a tool that gives users root access to Android 2.3 Gingerbread.  RootSmart is designed to escape detection by being named " com.google.android.smart, " which the same name as a settings app included by default with Android operating systems. Mullaney explained that once the malware is installed on the Android phone, an outbound connection from the infected phone to a remote server is generated." The malware posts some user and phone-specific data to t...

Hackers Claims to compromise Intel 's Sensitive Data A security researcher under the name of " WeedGrower ", or " X-pOSed " has been on a roll since the start of 2012. He has ambushed huge sites such as AOL, NASA, Hotmail, Myspace, Xbox, USBank, Yahoo, and VISA, he has also leaked sensitive data on most of those websites. Hackers today Claiming that he compromise Intel's Sensitive Data like User Base & Credit Cards. He found a way to expose sensitive data via the subscriber section on Intel.com and he also has access to the INTEL.com database which reveals Credit Card Numbers, Social Security Numbers, Emails, Passwords, and more. "WeedGrower", or "X-pOSed" has threatened that he's going to be leaking this soon if he doesn't get a response from Intel.com carriers. Hacker said ," I've got to give some applause to all these pseudo-security technicians out there. I cut Intel a break, I have access to a database and a...

Apple Supplier Foxconn 's Servers Hacked, Exposing Vendor Usernames and Passwords Apple supplier Foxconn has reportedly been hacked, exposing the usernames and passwords of the company's clients and employees. Hacker group SwaggSec just released a dump of Foxconn internal information, including a mail server login/password dump and logins to various online procurement sites and Intranets. " We encourage media, security experts, and other interested individuals to explore our leaks. Foxconn did have an appropriate firewall, but fortunately to our intent, we were able to bypass it almost flawlessly. Of course with funding ourselves we did have our limitations. But with several hacking techniques employed, and a couple of days in time, we were able to dump most of everything of significance. " Hacker said. The group made a 6.04MB file available earlier this evening first on Demonoid, and then on The Pirate Bay   which purported to contain login and password information for F...