The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Most of you knows the power of Nmap, When used properly, Nmap helps protect your network from invaders. One of the best tool for hackers, penetration testers and Security  researchers. Officially Nmap a desktop tool, can be used as web version but should be under some limitations. When someone does Nmap scan against a target to find out the open ports, enumerating system details and installed services versions, most obvious if  used improperly, Nmap can get you sued, fired, expelled, jailed, or banned by your ISP for scanning a target under hacking attempt. Hacker can be tracked back via the IP address from where one perform the scanning, but what if a web version of Nmap available on a website, where one just need to enter the target IP/website address and that website will do a free scan against your target ? Seems easy and one can use Proxy to access that website and which will do a simple and fast scan for you ! Yes, a service called "...

The Russian anti-virus vendor Doctor Web has found a new malicious program for Android which allows hacker groups to carry out mobile denial of service attacks. While it’s not entirely clear how the Trojan is spread, researchers suspect that the attackers use social engineering tactics since the malware appears to disguise itself as a Google Play clone. This malware works in the background without your knowledge. Once it is activated it searches for its command and control center and sends out information regarding your device there. One piece of information that will be sent is your phone number. The criminals will be using this number to send text messages to your phone to control the malware. Dubbed TheAndroid.DDoS.1.origin, creates an application icon, similar to that of Google Play. If the user decides to use the fake icon to access Google Play, the application will be launched. When it receives a DDoS attack command, the malware starts to send data packets ...

Thamatam Deepak (Mr.47™) reported a Cross site scripting (XSS) Vulnerability and cookie handling in HTC website, that allow an attacker to HTC website hijack accounts. Mr. Deepak is a 16 years old whitehat hacker, listed in Apple Hall of Fame with 'The Hacker News' researcher Mohit Kumar this month. Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. The malicious script can access any cookies, session tokens, or other sensitive information retained by your browser. This vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross site scripting is very common web application vulnerability, Yesterday our security researcher, Christy Philip Mathew reported about multiple xss in official latest versions of cPanel and WHM . As reported by Whitehat hacker Deepak, there are multiple xss in HTC website, that a...

Most of the crazy readers always demand for some solution to turn their Android Smartphone into a Hacking Machine. There are various solutions, like installing some penetration testing android based tools like ANTI, dSploit, FaceNiff etc and also Installing ARM version of Backtrack OS. Today I found another solution for same purpose i.e.UbnHD2, a Ubuntu based Pen-testing OS. UbnHD2 is a security and pentest focused ubuntu/debian system that runs natively on the HTC HD2 phone. The product right now in beta versions and various options may not work. Installations steps are described by developer . Features Based on Ubuntu 10.10 Maverick Meerkat, Kernel 2.6.32.15 (ARM) X.org 7.5, GNOME 2.32.0 & Cairo-Dock 2.2.0 USB-OTG, 3G Network & WiFi (Drivers not included, proprietary, check XDA Forum) Perl 5.10.1, Ruby 4.5, Python 2.6.6 and more than 170 Pentest Tools preloaded Download From Sourceforge

cPanel is a Unix based  fully featured popular web based hosting account control panel that helps webmasters to manage their domains through a web browser. The latest version of  cPanel & WHM is 11.34, which is  v ulnerable  to multiple cross site scripting. During my bug hunting process, today I ( Christy Philip Mathew )  discovered some serious XSS v ulnerabilities in  official cPanel, WHM. It also impact on the  latest version of software. This week, Rafay Baloch (Pakistani white hat hacker) also discovered another reflective cross site scripting vulnerability in  cPanel at manage.html . The interesting part would be the whole demonstration I done with the Official cPanel Demo located at http://cpanel.net/demo/ location, can be accessed via demo user & password provided by cPanel website itself i.e.  http://demo.cpanel.net:2086/login/?user=demo&pass=demo These  vulnerabilit...

One of the most popular Wordpress Plugin called " W3 Total Cache " which is used to Improve site performance and user experience via caching, having potential vulnerability. On Christmas day, someone disclose it on full-disclosure site that how a plugin misconfiguration leads to possible Wordpress cms hack. The loophole is actually activated on the fact that how W3TC stores the database cache. Jason disclosed that cache data is stored in public accessible directory, from where a malicious attack can can retrieve password hashes and other database information. Default location where this plugin stores data is " /wp-content/w3tc/dbcache/ " and if directory listing is enabled, attacker can browse and download it. He said," Even with directory listings off, cache files are by default publicly downloadable, and the key values / file names of the database cache items are easily predictable. " Because the plugin is very famous ,so thi...

Egypt-based security researcher reported that Facebook Camera App for mobiles are Vulnerable to Man in The Middle Attack , that allow an attacker to tap the network and hijack Camera users accounts and information like email addresses and passwords can be stolen . Mohamed Ramadan trainer with Attack-Secure, who previously reported us about similar vulnerability in Etsy app for iPhone Mohamed explains " The problem is that the app accepts any SSL certification from any source, even evil SSL certifications, and this enables any attacker to perform man in the middle attacks against anyone who uses the Facebook Camera app for IPhone. This means that the application doesn’t warn the user if someone in the same (Wi-Fi network) is trying to hijack his or her Facebook account. " Facebook suggest users to upgrade the Camera application To Version 1.1.2. A statement released by the company says “ We applaud the security researcher who brought...

Iran claims to have repelled a fresh cyber attack on its industrial units in a southern province. In the last few years, various Iranian industrial, nuclear and government bodies have recently come under growing cyber attacks, widely believed to be designed and staged by the US and Israel . A power plant and other industries in southern Iran have been targeted by the Stuxnet computer worm , an Iranian civil defense official says. Iran's news agency reported that the worm attacked the Culture Ministry's Headquarters for Supporting and Protecting Works of Art and Culture and was reportedly sent from Dallas via switches in Malaysia and Vietnam. This recent Stuxnet attack was successfully defeated, according to local Iranian civil defense chief Ali Akbar Akhavan. " We were able to prevent its expansion owing to our timely measures and the cooperation of skilled hackers ," Akhavan said. The sophisticated worm spreads via USB drives and through four prev...

One of the biggest security holes are passwords, as every password security study shows. A very fast network logon cracker which support many different services, THC-Hydra is now updated to 7.4 version. Hydra available for Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX, Currently supports AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP. Change Log New module: SSHKEY - for testing for ssh private keys (thanks to deadbyte(at)toucan-system(dot)com!) Added support for win8 and win2012 server to the RDP module Better...

Trojan.Stabuniq geographic distribution by unique IP address Security researchers from Symantec have identified a new Trojan that appears to be targeting financial institutions. Dubbed Trojan.Stabuniq , the malware has been collecting information from infected systems potentially for the preparation of a more damaging attack. According to researchers , roughly 40 IP addresses infected with the Stabuniq Trojan, 40% per cent belong to financial institutions who are mostly based in Chicago and New York. The malware appears to be spread by a phishing attack through spam e-mail containing a link to the address of a server hosting a Web exploit toolkit . Such toolkits are commonly used to silently install malware on Web users' computers by exploiting vulnerabilities in outdated browser plug-ins like Flash Player , Adobe Reader , or Java. These attacks can be very simple, such as a written email from a prince in Nigeria asking for bank account...

We have seen for the past couple years the cyber wasteland become something that is not dominated by young ambitious hackers anymore. The age of the Wild West is over and the big boys want a piece of the action. With so many infrastructures connected to the web these days it is only natural for more powerful and interested concerns to take their skills to the web. We are seeing the beginnings of true cyber war and it is something that is not going to be stop anytime soon. In the past, what we have seen mostly is governments stay behind the scenes and do defense when it comes to the cyber war. If the government did go on the offensive it would be in secret only discovered when some security firm would get lucky and find some code that would hint to government influence . But these days it is not like that anymore. Everyone knows that the governments of the world are going all out when it comes to cyber war. And the worst part about it is that when it comes to regular civilian...

(DDI) Vulnerability Research Team (VRT) for reported a critical vulnerability in VMware View Server , that  is a directory traversal vulnerability that allows an unauthenticated remote attacker to retrieve arbitrary files from affected View Servers. Exploitation of this issue may expose sensitive information stored on the server. VMware has issued a patch for its VMware View product. It is listed as ' VMSA-2012-0017 ' in security advisory. This vulnerability affects both the View Connection Server and the View Security Server; VMware recommends that customers immediately update both servers to a fixed version of View. The Common Vulnerabilities and Exposures project has assigned the name CVE-2012-5978 to this issue. VMware's update to VMware View is available for free to license holders of the product and can be downloaded here . Disabling the Security Server will prevent exploitation of this vulnerability over untrusted remote networks or It m...