The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

BackBox - Linux distribution based website Hacked BackBox is a Linux distribution based on Ubuntu Lucid 10.04 LTS developed to perform penetration tests and security assessments. Designed to be fast, easy to use and to provide a minimal yet complete desktop environment thanks to its own software repositories always been updated to the last stable version of the most known and used ethical hacking tools. Two Days back backbox linux website got hacked by Emperor Hacking Team and 3 subdomains named ' Forum.backbox.org ' & ' wiki.backbox.org ' & ' rafaelle.backbox.org ' also got defaced. mirror link1:  https://zone-h.org/mirror/id/ 14521377   www.backbox.org mirror link2:  https://zone-h.org/mirror/id/ 14521376 forum.backbox.org mirror link3:  https://zone-h.org/mirror/id/ 14521386 raffaele.backbox.org

Mini PHP Shell 27.9 V2 Released According to Developer jos_ali_joe and [ Devilzc0de ] " This is a continuation of PHP Shell Mini 27.9 V1 , Editing Shell c99 and new tools ". Features :  Encoder , Processes , FTP-Brute-Forcer , Server-Information , SQL-Manager and etc. Download :  https://www.megaupload.com/?d=DRHS3AV9 Disclaimer : Use at your own Risk, Shell may have Backdoor.

The Social-Engineer Toolkit v2.0 Released The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It's main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed. This is the official change log: Removed un-needed assignment in core around create random string Added the Binary2Teensy option in the Teensy menu, this will allow you to create a payload and inject alphanumeric shellcode through shellcodeexec in a new technique released at BSIDESLV Changed the path of metasploit to be /opt/msf3/framework3 versus /pentest/exploits/framework3 Added the ability for multiple payloads in binary2teensy attack Added the ability to leverage the SDCard mounted Teensy device with payload generation without mounting the SDCard to the victim machine Fixed a bug where webattack_email turned on would not trigger base...

GFI SandBox - Powerful automated malware analysis GFI SandBox™ (formerly CWSandbox) is an industry leading dynamic malware analysis tool. It gives you the power to analyze virtually any Windows application or file including infected: Office documents, PDFs, malicious URLs, Flash ads and custom applications.Targeted attacks, hacked websites, malicious Office documents, infected email attachments and social engineering are all part of the Internet threat landscape today. Only GFI SandBox™ gives you a complete view of every aspect and element of a threat, from infection vector to payload execution. And GFI SandBox can quickly and intelligently identify malicious behavior using Digital Behavior Traits™ technology. Features Dynamic threat analysis Dynamic and threat analysis shows how applications execute on the desktop, what system changes were made, and the network traffic generated. When coupled with Digital Behavior Traits you get the ability to automatically identify malicious act...

Timesofmoney Database Hacked using Sql Injection Vulnerability General Information About the Vulnerability This is again a critical vulnerability discovery made by zSecure Team in TimesofMoney website. The group claims that there exist a critical SQL Inejction Vulnerability in the timesofmoney's website using which an attacker can gain access to the site's entire database which contains the huge amount of customers confidential information. Even many indian banks are availing the service of the timesofmoney. This vulnerability may prove to be very critical for the company because TimesofMoney is India's one of the leaders in e-payment system. Existence of such a critical flaw in company's web may cause huge to the existing market reputation of the company concerned. At the end of their advisory the zSecure Group left a small message which claims that they have discovered alike vulnerability in HDFC Bank's website and in coming days the group may come up with the...

Orange.es Vulnerable To SQLi - Found by Invectus People have never focused on SQL injection much, They have no clue that its the most common method which big companies are vulnerable to. Hacker with name " Invectus " , Found the SQL injection Vulnerability in  Orange.es . Vulnerability has been exposed via Social Networks.

JD-GUI - Fast Java Decompiler Download JD-GUI is a standalone graphical utility that displays Java source codes of ".class" files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields. JD-GUI is free for non-commercial use. This means that JD-GUI shall not be included or embedded into commercial software products. Nevertheless, this project may be freely used for personal needs in a commercial or non-commercial environments. Download : jd-gui-0.3.3.windows.zip Size : 691.67 KB jd-gui-0.3.3.linux.i686.tar.gz Size : 973.8 KB jd-gui-0.3.3.osx.i686.dmg Size : 1.37 MB

OllyDbg 2.01 alpha 4 released Other new features in this version: - Patch manager, similar to 1.10 - Shortcut editor, supports weird things like Ctrl+Win+$ etc. Now you can customize and share your shortcuts. I haven't tested it on Win7, please report any found bugs and incompatibilities! - Instant .udd file loading. In the previous versions I've postponed analysis, respectivcely reading of the .udd file till the moment when all external links are resolved. But sometimes it took plenty of time, module started execution and was unable to break on the breakpoints placed in the DLL initialization routine - Automatic search for the SFX entry point, very raw and works only with several packers. Should be significantly more reliable than 1.10. If you tried it on some SFX and OllyDbg was unable to find real entry, please send me, if possible, the link or executable for analysis! - "Go to" dialog lists of matching names in all modules - Logging breakpoints can proto...

Microsoft BlueHat Security contest - Mega Prize $250,000 Microsoft today launched a $250,000 contest for researchers who develop defensive security technologies that deal with entire classes of exploits. The total cash awards for Microsoft's " BlueHat Prize " contest easily dwarfs any bug bounty that's been given by rivals. The company announced the contest as this year's Black Hat security conference got under way today in Las Vegas. " We want to make it more costly and difficult for criminals to exploit vulnerabilities, " said Katie Moussouris, a senior security strategist lead at Microsoft, in a news conference today. " We want to inspire researchers to focus their expertise on defensive security technologies. "  " Overall, it seemed to us that to take an approach to block entire classes was the best way to engage with the research community and protect customers ," said Moussouris. WHAT IS THE CONTEST? The inaugural Microsof...

British police issue warning to Anonymous , Lulzsec and other internet hacktivists The Metropolitan Police have taken the unusual step of using Twitter to send a message to anyone considering supporting internet attacks against companies and governments.A message posted on the Met Police's official Twitter account cautioned would-be hacktivists that engaging in denial-of-service (DDoS) attacks, defacing websites or breaking into corporate databases is illegal.In the past, hacktivists have compared their activities to legitimate civil disobedience - but such a view is not a defence if suspected hackers are brought to court. Sophos Notice this tweet first. The full warning posted by the Met Police reads as follows: The investigation into the criminal activity of so-called "hacktivist" groups #Anonymous and #LulzSec continues. We want to remind people of the law in this area: The Law Against Computer Misuse Anyone considering accessing a computer without autho...

Cross Application Scripting vulnerability in Android browser  Recently IBM researchers detected a security vulnerability in Android's Browser which can be exploited by a non-privileged application in order to inject JavaScript code into the context of any domain.This vulnerability has the same implications as global XSS, albeit from an installed application rather than another website. Android 2.3.5 and 3.2 have been released, which incorporate a fix for this bug. Patches are available for Android 2.2.* and will be released at a later date. The complete advisory can be found here . The browser holds sensitive information such as cookies, cache and history, and injected JavaScript could make it possible to extract that information, indirectly breaking the Android sandbox architecture. The attack exploits flaws in how the browser reacts to calls to view web pages from other applications. IBM demonstrates the proof of concept for Android Cross Application scripting ...

Operation Shady RAT - Biggest Cyber Attacks in history uncovered When the history of 2011 is written, it may well be remembered as the Year of the Hacks. McAfee publish a new report that it says is one of the most comprehensive analysis ever revealed of victim profiles from a five-year long targeted operation by a specific actor dubbed Operation Shady RAT. McAfee released a 14-page report that details the largest coordinated cyber attack recorded to date. This particular attack, possibly orchestrated by China, broke into 72 organizations over the course of five years.The targets include the US, Canada, Taiwan, India, South Korea, and Vietnam. The attack also hit the UN, the International Olympic Committee, the World Anti-doping agency, defense contractors, tech companies and more. Most attacks lasted less than a month, but some, like that on the UN Secretariat, lasted for almost two years. McAfee say learned of the extent of the hacking campaign in March this year, when it...

PythonLOIC - Python Low Orbit Ion Cannon Ddos Tool Released Low Orbit Ion Cannon for all platforms to test the resistance of the server or ddos servers.  Presentation of pythonloic running on iphone os: Download PythonLOIC