-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

LUMS University Database Hacked By Hitcher

LUMS University Database Hacked By Hitcher

May 14, 2011
LUMS University Database Hacked By Hitcher Vulnerable link :   http://www.lums.edu.pk/event_detail.php?id='300 Databases links for student info :   http://pastebin.com/TAYcwPd3 Faculty info : http://pastebin.com/1RpBitHf
Pakistan Telecommunication Company (PTCL) Hacked by lionaneesh, users data compromised

Pakistan Telecommunication Company (PTCL) Hacked by lionaneesh, users data compromised

May 14, 2011
Pakistan Telecommunication Company (PTCL)  Hacked by lionaneesh , users data compromised Hacked site :  http://www.ptcl.com.pk/ Hack Proof by Hacker :  http://pastebin.com/eBTR5d5H
13th Friday, Everything Down : Twitter ,You tube & Blogger !

13th Friday, Everything Down : Twitter ,You tube & Blogger !

May 13, 2011
13th Friday, Everything Down : Twitter ,You tube & Blogger ! Twitter is down and fail whales abound. Some users have experienced problems loading the service since about 1:30 ET. Twitter announced that it is aware of the situation on its status log: “ We are currently experiencing site stability issues. There may be intermittent issues loading twitter.com. We’re working to fix it as soon as possible ,” the post says. We’ll continue to update you with more information, as it becomes available. Today Blogger.com was also down from last 48 hours, But Finally, Blogger.com is back !
cyber security

The Systems That Power America Are Under Threat. Is Your ICS/OT Program Ready?

websiteSANS InstituteCritical infrastructure / Webinar
Discover where federal ICS programs are most exposed and what closing the skills gap requires in practice.
cyber security

Inside Device Code Phishing: Live Demos, Real Kits, and What's Next

websitePush SecurityPhishing Attack / Webinar
Device code attacks are up 37x this year, with 18+ kits in the wild. Now available on-demand.
Critical Flash Player Update to fix 11 Security Holes

Critical Flash Player Update to fix 11 Security Holes

May 13, 2011
Critical Flash Player Update to fix 11 Security Holes Adobe  has released another batch of security updates for its ubiquitous  Flash Player software. This “critical” patch fixes at least 11 vulnerabilities, including one that reports suggest is being exploited in targeted email attacks. In  the advisory  that accompanies this update, Adobe said “there are reports of malware attempting to exploit one of the vulnerabilities, CVE-2011-0627, in the wild via a Flash (.swf) file embedded in a Microsoft Word  (.doc) or  Microsoft Excel  (.xls) file delivered as an email attachment targeting the  Windows  platform. However, to date, Adobe has not obtained a sample that successfully completes an attack.” The vulnerabilities exist in Flash  versions 10.2.159.1  and earlier for Windows,  Mac ,  Linux and  Solaris . To learn which version of Flash you have, visit  this link . The new version for most platforms is 10...
Finally, Blogger.com is back !

Finally, Blogger.com is back !

May 13, 2011
Finally, Blogger.com is back ! Blogger.com is back now, Official statement : http://buzz.blogger.com/2011/05/blogger-is-back.html
Hacker getting WordPress Database Dump with Google Query !

Hacker getting WordPress Database Dump with Google Query !

May 13, 2011
Hacker getting WordPress Database Dump with Google Query ! There appear to be multiple WordPress powered sites that are performing an DB->XML dumb of the articles and subsequent pages. The comments section includes originating IP address, datetime, E-Mail address, homepage, etc. These entities are traditionally not exposed to the anonymous Internet via WordPress. Since the XML dump is structured it's quite easy to harvest this data. More alarming is the volume of sites freely exposing this. I'm not certain of the root cause but perhaps it's related to an upgrade procedure. Google is happily indexing and caching these dumps as it appears they're created in the attachment system (URI ?attachment_id=\d+) with an HREF to the actual dump. A simple Google search below will return a multitude of sites. Perhaps someone on the WordPress side can comment on this behavior? Google Query - inurl:uploads ".xml_.txt" wordpress Anoth...
Final Fantasy maker Square Enix hacked, 25,000 email addresses Stolen !

Final Fantasy maker Square Enix hacked, 25,000 email addresses Stolen !

May 13, 2011
Final Fantasy maker Square Enix hacked, 25,000 email addresses Stolen ! Square Enix has confirmed that personal data has been compromised after hackers accessed the Eidos Montreal website. The Deus Ex website was also accessed by the attack from hackers. It’s thought that it took place on Wednesday. The publisher’s now confirmed that personal data has been compromised. “Square Enix can confirm a group of hackers gained access to parts of our Eidosmontreal.com website as well as two of our product sites. We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again,” Square Enix said in a statement sent to VG247. However, the company insists that while personal data such as up to 25,000 email addresses and resumes for jobs at Eidos Montreal – of which 350 were accessed – no credit card data was stolen due to the webs...
Pakistan Cyber Army got hacked by Indian Cyber Army (Indishell)

Pakistan Cyber Army got hacked by Indian Cyber Army (Indishell)

May 13, 2011
Pakistan Cyber Army got hacked by Indian Cyber Army (Indishell) Hacked site :  www.pakcyberarmy.net Mirror :  http://mirror.sec-t.net/defacements/?id=24393 Note By ICA :  http://pastebin.com/ZfNH774F
Microsoft Release Security Intelligence Report !

Microsoft Release Security Intelligence Report !

May 12, 2011
Microsoft Release Security Intelligence Report ! The Security Intelligence Report (SIR) is an investigation of the current threat landscape. It analyzes exploits, vulnerabilities, and malware based on data from over 600 million systems worldwide, as well as internet services, and three Microsoft Security Centers. Volume 10 (SIR v10) is the most current edition covering 2010 and contains five sections: Key Findings provides data and analysis produced by Microsoft security teams. Reference Guide gives additional information for topics covered in the Key Findings. Featured Intelligence spotlights the latest threat topic. Global Threat Assessment provides deep dive telemetry by specific country or region. Managing Risk offers methods for protecting your organization, software, and people. Download Here
Facebook Security Update, Protection from Untrustworthy Websites With Web Of Trust (WOT)

Facebook Security Update, Protection from Untrustworthy Websites With Web Of Trust (WOT)

May 12, 2011
Facebook Security Update , Protection from Untrustworthy Websites With Web Of Trust (WOT) Web of Trust (WOT), the worlds leading crowd-sourced website reputation rating service, and Facebook, the Internets leading social platform, begin collaboration today to give Facebooks over 500 million users reliable protection against dubious web links. When a Facebook user clicks a link that leads to a page with a poor reputation rating given by the WOT community, Facebook shows a warning message. WOTs global community has reported five million sites for phishing, untrustworthy content, fraudulent services or various scams. Facebooks ability to protect its users from malicious links is significantly improved with the use of WOT reputation ratings. Whenever a Facebook user navigates to an untrustworthy site a warning will appear allowing the person to avoid the link, learn more about the rating or continue forward. Web users have rated more than 31 million websites with the free WOT add-on. WO...
White House Unveils Cybersecurity Legislative Agenda

White House Unveils Cybersecurity Legislative Agenda

May 12, 2011
The White House proposed Thursday reforming the Federal Information Security Management Act by formalizing the Department of Homeland Security role in managing cybersecurity for the federal government's civilian computers and networks. What the Obama administration does not propose is the establishment of an Office of Cyberspace with a Senate confirmed director in the White House, as proposed in a number of bills before Congress. In addition, the proposal would give DHS more flexibility in hiring cybersecurity professionals and permit the government and business to temporarily exchange experts, so that both can learn from each others' expertise. The comprehensive proposal, outlined in a White House blog, also calls for a federal data breach notification law and criminal penalties for cybercrimes. Besides establishing a new framework aimed at protecting individuals' privacy and civil liberties, the White House proposal also would codify practices that allows DHS to hel...
Script that gives hackers access to user accounts floods Facebook !

Script that gives hackers access to user accounts floods Facebook !

May 12, 2011
A widespread hack spread across Facebook early Thursday morning and shows no signs of abating as of yet. It comes in the form of a script that posts heavily profanity-laden wall posts continuously, instructing you that the only way to remove the posts is to click a ‘Remove This App’ link. Unfortunately the link is a hoax and allows the malicious script to access your Facebook account. Your account will then continue to spread the script in the form of similarly formatted wall posts on your friends accounts. The message uses the phrase ‘Vote for Nicole Santos’, leading some to believe that it is a high school prank related to Prom season. Here is a link  ( http://pastebin.com/u5abvXQi ) to the raw code of the script causing the problems on Facebook. If any of you commenters have any suggestions as to how this might have been injected in the first place please do let us know. Unsurprisingly many are trying to trace the source back to the ‘Nicole Santos’ that may have originat...
Fingerprinting the author of the ZeuS Botnet !

Fingerprinting the author of the ZeuS Botnet !

May 12, 2011
The source code of the ZeuS Botnet is now available for  Download . Derek Jones  (the author this article) imagine there are a few organizations who would like to talk to the author(s) of this code. All developers have coding habits, that is they usually have a particular way of writing each coding construct. Different developers have different sets of habits and sometimes individual developers have a way of writing some language construct that is rarely used by other developers. Are developer habits sufficiently unique that they can be used to identify individuals from their code? I don’t have enough data to answer that question. Reading through the C++ source of ZeuS I spotted a few unusual usage patterns (I don’t know enough about common usage patterns in PHP to say much about this source) which readers might like to look for in code they encounter, perhaps putting name to the author of this code. The source is written in C++ (32.5 KLOC of client source) and...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources