The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A widespread hack spread across Facebook early Thursday morning and shows no signs of abating as of yet. It comes in the form of a script that posts heavily profanity-laden wall posts continuously, instructing you that the only way to remove the posts is to click a 'Remove This App' link. Unfortunately the link is a hoax and allows the malicious script to access your Facebook account. Your account will then continue to spread the script in the form of similarly formatted wall posts on your friends accounts. The message uses the phrase 'Vote for Nicole Santos', leading some to believe that it is a high school prank related to Prom season. Here is a link  ( https://pastebin.com/u5abvXQi ) to the raw code of the script causing the problems on Facebook. If any of you commenters have any suggestions as to how this might have been injected in the first place please do let us know. Unsurprisingly many are trying to trace the source back to the 'Nicole Santos' that may have originat...

The source code of the ZeuS Botnet is now available for  Download . Derek Jones  (the author this article) imagine there are a few organizations who would like to talk to the author(s) of this code. All developers have coding habits, that is they usually have a particular way of writing each coding construct. Different developers have different sets of habits and sometimes individual developers have a way of writing some language construct that is rarely used by other developers. Are developer habits sufficiently unique that they can be used to identify individuals from their code? I don't have enough data to answer that question. Reading through the C++ source of ZeuS I spotted a few unusual usage patterns (I don't know enough about common usage patterns in PHP to say much about this source) which readers might like to look for in code they encounter, perhaps putting name to the author of this code. The source is written in C++ (32.5 KLOC of client source) and...

The Anonymous : Need of  21st century ! Anonymous is the political movement of change for the 21st century. Anonymous can and certainly will accomplish what many other political and peace movements of the past could not. How will they achieve this? Through peaceful protest. When corruption, destruction and mayhem strikes from governments or corporations it is the goal of anonymous to awaken that entity and the public that a change must occur. Given that, many will use the name Anonymous to perform acts of a criminal and malicious nature. By doing this it gives the real " Anonymous " a bad name. In fact, governments and corporations will try to retaliate against the false anon by restricting internet freedom and user capabilities. We must understand that the Anonymous who strives for political change and world peace must be free to work without the mistrust and misdeeds of others who tarnish their good work. As price pritchet once said, " change always c...

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead , Director of Cybersecurity at Avidity Biosciences, brings a forward-thinking security perspective that reflects the innovation behind Avidity's targeted RNA therapeutics. Last but not least, Michael Francess , Director of Cybersecurity Advanced Threat at Wyndham Hotels and Resorts, leads the charge in protecting the franchise. Each brought a unique vantage point to a common challenge: applying Continuous Threat Exposure Management (CTEM) to complex production environments. Gartner made waves in 2023 with a bold prediction: organizations that prioritize CTEM will be three times less likely to be breached by 2026. But here's the kicker -...

New Facebook worm propagating : VERIFY MY ACCOUNT , Video Explanation of Code In the past hour a new application has begun spreading on Facebook which has found an exploit in the existing sharing system. Whatever you do, don't click the link described below. The system is pretty straight forward. It suggests that you click "VERIFY MY ACCOUNT" within a link which ultimately results in the user posting the same message to all their friends' walls. The message typically resembles the following one: Scam Signature Message:  In order to PREVENT SPAM, I ask that you VERIFY YOUR ACCOUNT. Click VERIFY MY ACCOUNT right next to comment below to start the process… The result is that thousands of users have seen the message spreading to their profiles in the past hour or so. Our guess is that this message could reach hundreds of thousands of users before it's shut down (unless Facebook's security team is up right now). The bottom line is this: don't click any of the links resembling t...

Preview : Web App Hacker's Handbook 2nd Edition ! The first draft of the new edition of WAHH is now completed, and the lengthy editing and production process is underway. Just to whet everyone's appetite, I'm posting below an exclusive extract from the Introduction, describing what has changed in the second edition. (And in a vain attempt to quell the tidal wave of questions: the book will be published in October; there won't be any more extracts; we don't need any proof readers, thanks.) What's Changed in the Second Edition? In the four years since the first edition of this book was published, much has changed and much has stayed the same. The march of new technology has, of course, continued apace, and this has given rise to specific new vulnerabilities and attacks. The ingenuity of hackers has also led to the development of new attack techniques, and new ways of exploiting old bugs. But neither of these factors, technological or human, has created a rev...

275 Sites Hacked by jumbo (Umer Rock) Sites: https://pastie.org/1891679 mirror: https://mirror.sec-t.net/hacker/?s=1&user=Umer+Rock

Finally Source code of ZeuS Botnet Version: 2.0.8.9  available for Download ! Download Link :  https://www.multiupload.com/P8QUNF4YJN Rar password : zeus Read More :  Complete ZeuS source code has been leaked ! ' The Hacker News ' Magazine -   Social Engineering Edition  - Issue 02 - May,2011 Released ! Download Now

Wikileaks Founder, Assange gets Sydney Peace Prize ! WikiLeaks founder Julian Assange was Wednesday awarded the Sydney Peace Foundation's top honor for "exceptional courage in pursuit of human rights," joining the likes of Nelson Mandela and the Dalai Lama. Assange, an Australian former computer hacker who is fighting extradition from Britain to Sweden over alleged sex crimes, was praised and rewarded with the Sydney Peace Prize's Gold Medal. Although the Peace Prize is awarded annually by the foundation only three other people in its 14-year history have been awarded the gold award for courage in pursuit of human rights -- the Dalai Lama, Nelson Mandela and Japanese Buddhist leader Daisaku Ikeda. The foundation paid tribute to Assange's determination to seek greater transparency and accountability from governments around the world, having challenged "centuries old practices of government secrecy." "By championing people's right to k...

Hacked PlayStation Network to be fully restored by end of May ! Sony said Tuesday it aimed to fully restore its PlayStation Network, shut down after a massive security breach affecting more than 100 million online accounts, by the end of May. Sony also confirmed that personal data from 24.6 million user accounts was stolen in the hacker attack last month. Personal data, including credit card numbers, might have been stolen from another 77 million PlayStation accounts, said Sony Computer Entertainment Inc. spokesperson Satoshi Fukuoka. He said Sony has not received any reports of illegal uses of stolen information, and the company is continuing its probe into the hacker attack. He declined to give details on the investigation. Sony shut down the PlayStation network, a system that links gamers worldwide in live play, on April 20 after discovering the security breach. The network also allows users to upgrade and download games and other content. Sony was under heavy criticism o...

ICSE Guess compromised, over 1 lakh 10 thousand users hacked by lionaneesh ! Admin User/Pass leaked By Indian hacker Loinaneesh. There are more than 1 lakh 10 thousand users data stolen. Big sites, Less Security :P

NCASC & 3 More Nepal Government Sites Hacked By cool_sh4v1k Hacked Sites : https://necan.gov.np/license.html https://epsnepal.gov.np/license.html https://ncasc.gov.np/license.html https://nepalstandards.gov.np/license.html Mirrors : https://www.zone-h.net/mirror/id/13681612 https://www.zone-h.net/mirror/id/13681609 https://www.zone-h.net/mirror/id/13681610 https://www.zone-h.net/mirror/id/13681611

Microsoft Releases Patch Tuesday Fixes for Windows Server and PowerPoint ! Microsoft addressed two security bulletins in May's Patch Tuesday release. Despite its small size, security experts said administrators should apply the fixes immediately as they addressed significant threats. Microsoft fixed a critical vulnerability affecting Windows Server and an important bug in Microsoft Office PowerPoint, according to the Patch Tuesday advisory released May 10. Microsoft also assigned separate "exploitability" scores for newer versions of the software under the "improved" exploitability index ratings. The team fixed a critical vulnerability (MS11-035) in the WINS component in Windows Server 2003 and 2008. WINS is a name resolution service that resolves names in the NetBIOS namespace and does not require authentication to use. While usually not available by default in Windows Server, it is commonly used in the enterprise for internal network servers. Administrators who have enabled WIN...

The National Strategy for Trusted Identities in Cyberspace aims to help consumers pay for services such as health care more securely and avoid identity theft. Recent guidelines issued by the White House on cyber-security could provide an impetus for secure online bill paying in health care, according to health care industry experts. The National Strategy for Trusted Identities in Cyberspace presented by the White House provides direction on how to protect consumers and businesses from identity theft and fraud in online transactions by creating an identity ecosystem. Under the ecosystem strategy, consumers would maintain their anonymity during transactions by providing one piece of information, such as age, but not name, address, birth date or other information. "The rapid and vastly positive changes that have followed the rise of online transactions—like making purchases or downloading bank statements—have also led to new challenges," President Obama wrote in the str...