The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

ServerPro Web Hosting Defaced by Team L0g!cs Web hosting provider ServerPro has been compromised and completely defaced by hacking group named " Team L0g!cs ". ServerPro boasts to have over 200,000 clients over a 10 year stand. Shown Defacement page that showcases information about the hack and the group behind the attack, along with some nice ambient music. The attackers were even nice enough to leave behind a contact email in case you have any questions. While writing this Post , Google showing " Warning,  found malware on the site " on the homepage, as shown below: If we Proceed by ignoring the warning, Visitors can see Deface Page still on the page.

FBI charge Anonymous for stealing CC worth $700000 in  Stratfor attack The FBI has revealed that there were $700,000 worth of fraudulent credit card charges after hacktivist group Anonymous stole nearly 200 gigabytes of data, including credit card numbers, from security firm Stratfor. Anonymous hacked Stratfor back in December and fed the resulting emails to Wikileaks for publication. Anonymous stole a large amount of user names and passwords, in addition to some 60,000 credit card records, after exploiting vulnerabilities to reach Stratfor's servers. At the time, Anonymous said it would use the credit cards to make charitable donations money that would obviously never see the hands of the needy. FBI's Milan Patel said that the $700,000 figure " does not reflect any of the charges that may have been incurred on cards associated with the Stratfor Hack for which records have not yet been reviewed ." In addition to the credit card numbers and other personally identifiab...

Vatican Radio hacked by Anonymous Hackers The hacktivist group Anonymous has taken down the Vatican's website for a second time. The attack is part of the organization's recent declaration of war against religion. The personal data of journalists at Vatican radio was leaked online and the Vatican's website hacked for the second time in several days both attacks believed to be the work of the amorphous Internet activist group Anonymous. Unlike the first hack , which appeared to be a typical Distributed Denial of Service (DDoS) attack, this one is more than just taking down the website. Vatican officials declined to discuss the breach while the attack was still under way. " We regret having to announce that your systems are less secure than what you would like to believe, because, while the hype was directed toward the darkening of vatican.va, we took the liberty to implement a small incursion into your systems, " the statement reads. Anonymous justified its attack by...

Another  DDOS tool  from Anonymous  -  HOIC A new DDoS tool from Anonymous called high-orbit ion canon or HOIC come into light. Attackers are constantly changing their tactics and tools in response to defender's actions. HOIC is an Windows executable file. Once started, you will be presented with the following GUI screen. If the attacker clicks on the + sign under TARGETS they get another pop-up box where you can specify target data. The attacker can then specify the following Target data. After the attacker clicks on the Add button, they are taken back to the main screen. The attacker can then adjust the THREADS number if desired to further increase the strength of the attack. When they are ready to lauch the attack, they click on the "FIRE TEH LAZER!" button. LOIC had both TCP and UDP DDoS attacks in addition to HTTP attacks were as HOIC is strictly an HTTP DoS tool. The real difference, or enhancement, that HOIC has over LOIC is its us...

Pop star KE$HA twitter Hacked Pop star KE$HA has fallen victim to internet pranksters after her Twitter.com blog was hacked on Sunday. Tweet by her account : Single out in a couple hours. Ugh so f**kin stressful… wish I could stay on da (the) beach forever. " It was potentially seen by Kesha's 3.1 million followers, or even more, given that Twitter is a mainly public social network. The singer later spotted the fake message and quickly deleted it after realising her account had been compromised.She tweeted, " Animals!! I love u (sic)! I got hacked. Single is not out yet. Promissse (sic) you'll be the first to know! " According to Zdnet, Kesha's account may be verified, but if someone gains access to a verified Twitter account, it doesn't become unverified. It's currently unclear if someone outside of Kesha's inner circle actually managed to gain access to her account. It's certainly possible that someone she knows and has entrusted her Twitter account password with ...

Finally Google Chrome gets hacked at Pwn2Own Vupen Security and Sergey Glazunov independently managed to penetrate Google Chrome's security defenses at the Pwn2Own and 'Pwnium' contests respectively. The annual competition, which invites ethical hackers from around the world to attempt hacking into the most popular web browsers and in the process expose vulnerabilities and loopholes in the browser's security, while grabbing a handsome reward. At this year's competition, the co-founder and head of research of Vupen, Chaouki Bekrar and his team managed to break into Google Chrome in less than 5 minutes, in the process quashing talks about the browser's unquestionable security. They used "a pair of zero-day vulnerabilities to take complete control of a fully patched 64-bit Windows 7 (SP1) machine." For the successful break-in, Vupen has won itself 32 points. Google Chrome security knew that the Flash Player plugin sandbox is significantly weaker and that...

XSS Vulnerability discovered on Paypal Vansh and Vaibhuv two Indian Hacker found a XSS vulnerability in world famous site Paypal. Paypal is affected by an XSS vulnerability where it fails to validate input. One can add arbitrary javascript with no need for any filter evasion. This is a serious security issue, with potential implications that are only starting to be understood. However, it is critical to realize that this problem does not expose any way to break into the server itself. What it allows is for malicious attackers to potentially take control of the interaction between a user and a website. It is likely that the most serious thing that an attacker can potentially do in this situation is change how a page appears to a particular user. Also Read :  Kevin Mitnick's website open to Cross-Site Scripting ( XSS ) vulnerability

Kevin Mitnick 's website open to Cross-Site Scripting ( XSS ) vulnerability Cross-Site Scripting ( XSS ) vulnerability discovered in official website of Kevin Mitnick (one of the most talented hackers, and the one one most prosecuted by the state. Mitnick's hacker handle was "Condor". He became the first hacker to appear on an FBI "Most Wanted" poster, for breaking into the Digital Equipment Company computer network, Mitnick has become something of a celebrity in hacker circles due to his Hacking talent) by  Fabián Cuchietti . This is a serious security issue, with potential implications that are only starting to be understood. However, it is critical to realize that this problem does not expose any way to break into the server itself. What it allows is for malicious attackers to potentially take control of the interaction between a user and a website. It is likely that the most serious thing that an attacker can potentially do in this situation is chang...

Chinese spied on NATO officials using Facebook Friends An online scam has been exposed in which senior British military and government officials were tricked into becoming Facebook friends with someone masquerading as U.S. Admiral James Stavridis, NATO's Supreme Allied Commander and lead officer on the Libyan mission, thereby exposing their own personal information to unknown hackers. Late last year, senior British military officers, Defense Ministry officials, and other government officials were tricked into becoming Facebook friends with someone masquerading as United States Navy admiral James Stavridis. Nato will not officially say who was behind the cyber-fraud or who accepted friend requests but it is understood that evidence points to Chinese state-sponsored hackers. NATO has advised senior officers and officials, including Admiral Stirvis to open their own social networking pages to prevent a repeat of such incident. the Supreme Headquarters Allied Powers Europe (Shape...

Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37 Ucha Gobejishvili (longrifle0x)  from The Vulnerability Laboratory Research Team  discover Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37. GOM Player (Gretech Online Movie Player) is a 32/64-bit media player for Microsoft Windows, distributed by the Gretech Corporation of South Korea. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In this case, The vulnerability can be exploited by local or remote attackers and Vulnerable module is GomU+0x125cb7. ...

Call for Article - THN Magazine "Cyber Warfare" April Issue As we move through March Madness and the recent arrests of our cyber soldiers, it is time for all good Anons and our faithful readers to take keyboards to Word and send in your articles on the topic of CYBER WARFARE. What do you know of this unconventional method of taking down governments and corporations and what does this mean for the world at large?   Send your articles to  admin@thehackernews.com