The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Automated HTTPS Vulnerability Testing by Qualys SSL Labs One of main problem in HTTP protocol is encrypting traffic and verifying data security, securing the web application against any threat is very important especially that if hackers conduct a Man-in the middle attack he can get all users information while data are transferred in a clear text form. HTTPS is a combination of the HTTP with SSL/TLS protocol to provide encrypted communication and secure identification of a network web server. HTTPS connections are often used for payment transactions, social network websites and for sensitive transactions in corporate information systems. HTTPS is a huge step forward for website user's safety, but it can also be a huge challenge for the security teams, here we need to test our server to be sure that our users and customers are secure for this purposes we can use Qualys SSL server test SSL Server Test is a free online service that performs a deep analysis of the configuration of ...

F-Secure : Chinese Government Launching Online Attacks According to F-Secure Chinese military documentary shows footage of gov't systems launching attacks against US target. China is often blamed for launching online attacks, but the evidence is almost always circumstantial. Many of the targeted espionage Trojans seem to come from China, but we can't actually prove it. However, some new evidence has just surfaced. On 17th of July, a military documentary program titled "Military Technology: Internet Storm is Coming" was published on the Government-run TV channel CCTV 7, Millitary and Agriculture (at military.cntv.cn ). The program seems to be a fairly standard 20-minute TV documentary about the potential and risks of cyber warfare. However, while they are speaking about theory, they actually show camera footage of Chinese government systems launching attacks against a U.S. target. This is highly unusual. The most likely explanation is that this footage ended ...

Turkish government website Hacked by kurdish hacker for bombarding Kurdistan Regions Today a kurdish hacker " Mn Peshmargem " deface the website of  Turkish government for protest against the bombarding done by the Turkish Military planes in Kurdistan Regions. Message Posted by Hacker : Fuck racism Turkish, fuck acursed Ataturk, fuck you Turkish the fad ended of the Mongolians wait for your non honored soldiers, that they are embarrassed in front of a Peshmarga like me. If a Kurd die, 100 honorless Turks must go to hell afterwards. You coward Turks are always honorless and lost in front of a Peshmarga like me in the battle fronts. Do you want to hide your honorlessness and cowardice by bombing the mountains in Kurdistan??? Be sure that you must pay back a debt for bombing the mountains in Kurdistan. Fuck the honorless Turks, viva Kurds and Kurdistan, viva Peshmarga.

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

Kathmandu Metropolitan City website database hacked by  T34mT!g3R Hackers of Team "T34mT!g3R" today expose the SQL injection Vulnerability in Kathmandu Metropolitan City website and extract the database of site. Hacker post the Database info and  Vulnerable  Link   at pastebin .

Uniscan 4.0 vulnerability scanner Released The Uniscan vulnerability scanner is aimed at information security, which aims at finding vulnerabilities in Web systems and is licensed under the GNU GENERAL PUBLIC LICENSE 3.0 (GPL 3). The Uniscan was developed using the Perl programming language to be easier to work with text, has an easy to use regular expressions and is also multi-threaded. Uniscan Features Identification of system pages through a Web Crawler. Use of threads in the crawler. Control the maximum number of requests the crawler. Control of variation of system pages identified by Web Crawler. Control of file extensions that are ignored. Test of pages found via the GET method. Test the forms found via the POST method. Support for SSL requests (HTTPS). Proxy support. Official Change Log : - Uniscan is now Modularized. - Added directory checks. - Added file checks. - Added PUT method enabled check. - Bug fix in crawler when found ../ directory. - Crawle...

Metropolitan UK Police hacked for #Antisec by  CSL Security  using SQL injection Vulnerability One of the Anonymous Hacker " CSL Security " expose SQL Injection Vulnerability  in Metropolitan UK Police website via Twitter . He posted the stuff on Pastebin .  Vulnerable link is also posted by hacker. Where as no data has been published or leaked by Anonymous hackers yet. Yesterday  Danish Government database of 1,000,000 companies private info leaked by Hackers for Antisec Operation. Last week for OpBart - BART Police database hacked by Anonymous also.

Call for Papers from DefCon Chennai (DC602028) Background: We are the Official DEF-CON Chennai Group [DC602028] The Event is taking place on 11th September 2011 at a resort in ECR Road Chennai,India. We will be having a Private conference room for the meet. Regarding Paper Submission We require uniqueness when it comes to Paper submission for DEF-CON Chennai DC602028. Uniqueness as Follows: -> Papers can be on your own research with proof of concept. -> Paper should be of current subject and not more than 1 year old. -> Topics of interest includes everything related to Security. -> Topics related to mobile security or Anroid Security . -> Any new methods of hacking or any 0day/tool disclosure Some of the Sample Topics = New threats faced by Corporate = Threats faced by Normal user from a Malicious person = Mobile security and Mobile Application = Denial of Service attack = Cyber laws = Forensics = Webapp Vulnerabilities = Online Fraud and Soci...

Nokia website Hacked by pr0tect0r AKA mrNRG NOKIA , One of the biggest Telecommunications Internet Computer software Company Website hacked by Indian Hacker " pr0tect0r AKA mrNRG " . He Deface the developer.nokia.com  sub-domain of NOKIA and also Redirect Another page to Custom Created Page . Hacker wrote " LOL, Worlds number 1 mobile company but not spending a dime for a server security! FFS patch your security holes otherwise you will be just another antisec victim. No Dumping, No Leaking!! ". Mirror of Hack is also Available on Zone-h . One week before , Pakistan one of the biggest forum  Defence.pk  was also Hacked by pr0tect0r A.K.A. mrNRG in occasion of Independence Day. Nokia Official Statement : During our ongoing investigation of the incident we have discovered that a database table containing developer forum members' email addresses has been accessed, by exploiting a vulnerability in the bulletin board software that allowed an SQL Injecti...

OWASP Zed Attack Proxy (ZAP) v.1.3.2 Released The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox. Some of ZAP's features: Intercepting Proxy Automated scanner Passive scanner Brute Force scanner Spider Fuzzer Port scanner Dynamic SSL certificates API Beanshell integration Download and Details

Israeli Prime Minister Netanyahu 's Website Defaced by Egyptian Hacker An Egyptian hacker managed on Sunday to hack into the website of Israeli Prime Minister, Benjamin Netanyahu, and placed a picture of Egyptian soldiers raising the Egyptian flag in Sinai during the October, 6, 1973, on the sites' homepage. The hacker who managed to penetrate the webpage of Netanyahu wrote " Anti Zionism "; the site was then gradually taken offline. The hack is seen as a symbolic message to Netanyahu regarding the ongoing Israeli military escalation, and illegal occupation of Palestine and Arab territory. The hacker also wrote " Egypt is the greatest civilization, established more than 7000 years ago, but the terrorist state of Israel stole the Palestinian lands, and killed children ". The hacker said, " Do you know that Israel was established on paper in 1948! Before Egypt installed its railways, do you know that you, and your state, are nothing, nothing, nothing ", and added, " I know...

Phone Hacker Forced to Disclose name, Who Told Him to Hack ! Court tells private investigator he must identify 'News of the World' executives who asked him to intercept voicemails. A private detective jailed for illegally intercepting voice-mail messages on behalf of a journalist at one of Rupert Murdoch's British newspapers has been ordered to reveal who asked him to carry out the phone hacking. Coogan's lawyers believe that the release of the names will demonstrate that there was widespread knowledge and authorisation of phone hacking among the defunct Sunday newspaper's senior figures. John Kelly of law firm Schillings told that Mulcaire, who is suing News International himself after it stopped paying his legal fees, would have to answer their questions in a formal document to be filed at the court before September. " He will now have to identify exactly who at the News of the World asked him to access the mobile phones of the named individuals and who ...

JonDoFox 2.5.3 - Browser Optimized for anonymous and secure web surfing The JonDoFox research team has uncovered a new attack on web browsers: Affected are the web browsers Firefox, Chrome and Safari. By a hidden call over of a URL with HTTP authentication data, third party sites could track a user over several web sites, even if the user blocks all cookies and other tracking procedures. JonDoFox now contains an integrated protection against this attack. Third party sites may now no longer receive HTTP authentication data from the browser. Moreover, the protection against cache and referer tracking has been enhanced. Furthermore, some detail enhancements were added, and JonDoFox is now fully compatible with the new Firefox 6. Users may therefore easily update to the new browser version. JonDoFox is both a profile and an extension for the popular Mozilla Firefox web browser. It protects the user's privacy while surfing the web by removing identifying information from the browser. ...

DarkComet-RAT v4.0 Fix1 Released - Fully Cryptable DarkComet-RAT v4.0 Change log - DarkComet-RAT is now compiled on Delphi XE instead of Delphi 2010. - Synthax highlighter added in remote keylogger. - Multithreading is now more efficient, no more freezing, using a new powerfull and stable methode (still using pure Win32 API both side for it) - Get hard drive information added in file manager - Bot logs in main form had change, it is more efficient / fast and user friendly - Whole system parser is now far stable and faster - No-IP was moded and is now better ;) - All global settings were redisigned in a new form that will contain all necessary stuff for Client side - Flags manager has been ported to the main client settings form - Now you can change the default size Width and Height of the users thumbnails - No more menu in the top of the SIN (Main Window - Users list...) so it is more clear - The [+] button is one of the way to add a new port to listen else go to Socket/...