The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Hacker News Magazine September Issue - NO ONE IS SECURE Well folks, after this issue and the obvious intensity of the insecurity of the net, I have a few thoughts on the unfettered access to knowledge. It is more than apparent we all live in a time where the extensive dissemination of opinions, thoughts and ideas and information are done through a modern method of transmission. The simplicity and effectiveness by which computers and networks are used to assemble, store, search, associate, recover, and share information make computer technology especially risky to anyone who wishes to keep personal or protect information from the public sphere or out of the clutches of anyone who is perceived as a probable threat. As this issues explores, the evolving and more advanced capabilities of computer viruses, phishing, fraud schemes, spyware, and hacking activity springing up from every corner of the globe and the diversity of privacy-related issues engendered by computer technolo...

Two Suspected Anonymous/LulzSec hackers arrested by British police Officers from the Metropolitan Police Service's Central e-Crime Unit (PCeU) have today, 1 September, arrested two men for conspiring to commit offences under the Computer Misuse Act 1990. Two men, aged 20 and 24, have been arrested by British police in connection with Anonymous and LulzSec Members. The men were arrested separately at addresses in Mexborough, Doncaster, South Yorkshire and Warminster, Wiltshire. The Doncaster address was searched by police and computer equipment was removed for forensic examination. Kayla, alongside the likes of Sabu, Topiary and Tflow is considered to be one of the key figures in the LulzSec hacking gang. DI Mark Raymond from the PCeU said: " The arrests relate to our enquiries into a series of serious computer intrusions and online denial-of-service attacks recently suffered by a number of multi-national companies, public institutions and government and law enforcement ...

EA Game - Battlefield Heroes Accounts Hacked by ' Why So Serious? ' Albanian Hacker One of the most famous games over the world Battlefield Heroes which is created by EA Games is hacked by a new hacker named " Why So Serious? ". The hacker is from Albania. He made a post on Battlefield Heroes site & said: " Hello all Players and Admins. I'm Why So Serious?. Today I hacked some Battlefield Heroes accounts. I'm going to post them on this forum and on my Fan Page on Facebook: Why So Serious? . " Hacker Leaks the User Login passwords on pastebin from Battlefield Site. Hacker claim that he will hack another EA Games accounts and Jagex Games accounts and will post those accounts also today. Hacker also have a facebook page , where he publish the hack details. Hacked Website:  https://www.battlefieldheroes.com/

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

Texas law enforcement Hacked by #Antisec and  #FreeAnons  - 3GB of data leaked Texas Police Chiefs Association Website hacked by Anonymous Hackers for Antisec Operation. Hacker deface their website and post 3GB of data on it with Message " In retaliation for the arrests of dozens of alleged Anonymous suspects, weopened fire on dozens of Texas police departments and stole boatloads ofclassified police documents and police chief emails across the state. During theSan Jose courtdate we defaced and gave out live backdoor and admin access to thewebsite TexasPoliceChiefs.org while allied ships launched ddos attacks uponJustice.gov and other law enforcement websites. " Complete Message  here . All this done for #FreeAnons  Campaign. Texas law enforcement agencies (LEA), and includes the emails and personal information for 28 police chiefs posted here . The leaked messages are said to contain Internal Affairs related case details, as well as pornographic materi...

Invitation for DEF-CON Chennai (DC602028) Meet We like to invite all the  Like Minded People , who are interested in Cyber Security to attend the meet. We are DEF-CON registered Group.  Our Group ID is DC602028 [ Tickets for the Meet] We have very limited tickets for the DEF-CON Chennai(DC602028) Meet. For General Public 700 INR  For Students 500 INR To book the ticket mail to  dc602028@gmail.com [ Time of the Meet ] On 11th September 2011 From 2:30 PM to 7PM [ Venue of the Meet ] The Venue is going to be at Le Waterina Hotel, a 4 Star Resort. Le Waterina – The Boutique Hotel No 35 Kaveri Nagar (near Bella Ciao) Waterland Drive,Thiruvanmiyur Kottivakkam Beach.Chennai 600041.

Kernel.org Server Rooted and 448 users credentials compromised The main kernel.org page is currently carrying a notice that the site has suffered a security breach. " Earlier this month, a number of servers in the kernel.org infrastructure were compromised. We discovered this August 28th. While we currently believe that the source code repositories were unaffected, we are in the process of verifying this and taking steps to enhance security across the kernel.org infrastructure. " As the update mentions, there's little to be gained by tampering with the git repositories there anyway. The infection occurred no later than August 12 and wasn't detected for another 17 days. The systems were infected by an off-the-shelf, a self-injecting rootkit known as Phalanx that has attacked sensitive Linux systems before. What happened? Intruders gained root access on the server Hera. We believe they may have gained this access via a compromised user credential; how they man...

WikiLeaks.org under Cyber Attack after releasing U.S. diplomatic cables The WikiLeaks website, which contains thousands of U.S. embassy cables, has crashed in an apparent cyberattack. The anti-secrecy organization said in a Twitter message Tuesday that Wikileaks.org "is presently under attack." Wikileaks.org today released 250,000 U.S. diplomatic cables that have apparently caused grave concern in Western governments. The documents have already revealed that the U.S. has been spying on the United Nations Secretary General. State Department spokeswoman Victoria Nuland would not confirm the authenticity of the latest documents, but said " the United States strongly condemns any illegal disclosure of classified information. "

Bangladesh Police website hacked by RetnOHacK Anonymous Albanian Hacker Some Anonymous Hacker " RetnOHacK " from Albanian claim to hack Bangladesh Police website as shown in Screenshot. Hacker claim to hack this just for Fun and using Sql Injection Vulnerability on website.

Google+ Hacker  Florian Rohrweck Hired By Google for Security Austrian blogger/developer Florian Rohrweck, who discovered unreleased Google+ features by exploring the source code, was hired by Google. Rohrweck's main claim to fame was a period of snooping on the code behind Google's various web apps, during which time he uncovered pre-launch evidence of things like Google+ Games, telling the world of the impending release and somewhat taking the wind of of Google's sails. On his blog Rohrweck now has posted that he " has gone Google ": "Or at least I will be have gone soon. Or something like that  I will post new articles again. Not so much about leaks but more about the dark arts of mastering Google products and APIs. Or something else. Time will tell! Thanks to all of you, who supported me on my way and made my work so much fun and enjoyable! You guys are awesome! Rock on!" Few Days ago a big tech company " Apple " has plucked an outsider notorious...

Qubes OS  : An Operating System Designed For Security Qubes is an open source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers. In the future it might also run Windows apps. Key architecture features: Based on a secure bare-metal hypervisor (Xen) Networking code sand-boxed in an unprivileged VM (using IOMMU/VT-d) No networking code in the privileged domain (dom0) All user applications run in "AppVMs", lightweight VMs based on Linux Centralized updates of all AppVMs based on the same template Qubes GUI virtualization presents applications like if they were running locally Qubes GUI provides isolation between apps sharing the same desktop Storage drivers and backends sand-boxed in an unprivileged virtual machine(*) Secure system boot based on Intel TXT(*) Download Qubes Os

AnDOSid the DOS tool for Android A new product released by SCOTT HERBERT  for Android mobile phones,Its  AnDOSid  - the DOS tool for Android Phones. The rise of groups like Anonymous and LuzSec, as well as constant India / Pakistan cyberwar has raised the issue of cyber-security high(er) in the minds of web owners. Pentesting tools exist to simulate such attacks and help website security people defend against them, however for the most part they currently only exist for desktop computers. Mobile phones have, over the last few years, grown from simple devices that send and receive calls to mobile computing platforms which can be purchased for less than $100 a device. AnDOSid fills that gap, allowing security professionals to simulate a DOS attack (An http post flood attack to be exact) and of course a dDOS on a web server, from mobile phones.  AnDOSid is actively being developed and I welcome feedback from the security community as to how you would ...

XCode SQLi/LFI/XSS and Webshell Scanning tool XCode Exploit – Vulnurable & webshell Scanner help you to gather the dorks Link from Google. then you may check the results if its Vulnurable to exploit with SQL injection commands, LFI,and XSS. And You may hunt the webshells those uploaded. Download Here [ Source ]

Iranian Man-in-the-Middle Attack Against Google certificate Recently discovered attempts of an SSL man-in-the-middle attack against Google users - spotted by a number of Iranian Internet users - have revealed that Dutch Certificate Authority DigiNotar has issued an SSL certificate for all *.google.com domains. What's worse than discovering that someone has launched a man-in-the-middle attack against Iranian Google users, silently intercepting everything from email to search results and possibly putting Iranian activists in danger? Discovering that this attack has been active for two months. " This is a wildcard for any of the Google domains ," said Roel Schouwenberg, senior malware researcher with Kaspersky Lab, in an email interview Monday. " [Attackers] could poison DNS, present their site with the fake cert and bingo, they have the user's credentials ," said Andrew Storms, director of security operations at nCircle Security. As the problems with the ...