The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Adobe Flash bug allow spying Webcam hole The flaw was disclosed in 2008 and can be exploited to turn on people's webcams or microphones without their knowledge. Attack involved putting the Adobe Flash Settings Manager page into an iFrame and masking it with a game, so that when the user clicked on the buttons he would actually change the settings and turn on the webcam. Adobe is working on a fix for a Flash Player vulnerability that can be exploited via clickjacking techniques to turn on people's webcams or microphones without their knowledge.The issue was discovered by a Stanford University computer science student named Feross Aboukhadijeh who based his proof-of-concept exploit on a similar one disclosed back in 2008 by an anonymous researcher. Once it was made public, Adobe fixed the issue by adding framebusting code to the Settings Manager page. But now, Stanford University computer science student Feross Aboukhadijeh managed to bypass the framebusting JavaScript co...

Million ASP.Net  web sites affected with mass SQL injection attack Hackers are in the midst of a massively successful SQL injection attack targeting websites built on Microsoft's ASP.Net platform. About 180,000 pages have been affected so far, security researchers say. Attackers have planted malicious JavaScript on ASP.Net sites that causes the browser to load an iframe with one of two remote sites: www3.strongdefenseiz.in and www2.safetosecurity.rr.nu , according to security researchers at Armorize who discovered the attack. From there, the iframe attempts to plant malware on the visitor's PC via a number of browser drive-by exploits. A drive-by exploit will load malware without a visitor's knowledge or participation (no need to open a file or click on a link). Fortunately, the attackers are using known exploits, with patches available, so the attack can only be successful if a visitor is using an outdated, unpatched browser without the latest version of Adobe PDF ...

There's something " Human " to  Social Engineering ! At the psychological skill of Social Engineering Social engineering is the human side of breaking into corporate or personal pc's to gain information. Even companies that have an authentication process, firewalls, vpn's and network monitoring software are subject to the skill of a good social engineer. In hacking we rely on our technical skill and in social engineering it is a game of getting your subject to tell you what you want to get into their system. Social engineering has been employed since the beginning of mankind, the art of trickery or deception for the purpose of information gathering, fraud, or in modern times, computer system access. In most cases today the social engineer never comes face to face with their target. In social engineering we exploit the attributes of the human decision making process known as " cognitive biases ." That was the question asked by the Team of Social-engineer.org Gu...

Metasploit Community Edition - Advance penetration testing tool by Rapid7 Open-source penetration testing "Metasploit Framework" Rapid7 a project funded by the U.S. on October 18 (U.S. time), and penetration testing tools platform to Metasploit Framework "Metasploit Community Edition" was released. Available for free download from its Web site. According to Rapid7 Chief Security Officer and Metasploit Creator HD Moore, " The best way to tackle the increasing information security challenge is to share knowledge between practitioners, open source projects and commercial vendors. " Community Editioin is based on the Metasploit Framework, a combination of the basic user interface available in commercial versions. Using penetration testing exploit basic, GUI simple, that provides entry-level modules such as a browser. You can verify any exploitable vulnerabilities, that can streamline vulnerability management and data protection. Can also import third-par...

Indian National Congress Party  Official Website Hacked by ZHC ZHC Disastar [ZCompany Hacking Crew] Hackers from Pakistan today hack the Server of Indian National Congress Party  ,one of the two major political parties in India and deface their Official website with Message as shown in above image. Hackers Upload Shell at  https://allindiacongress.com/satyagraha.php  , From where They access the whole Server and Modify the Index.php file for defacing it. The Server is seems to be a Shared Server with Kernel " Linux harshul.anjuinfotech.com 2.6.18-238.19.1.el5 " , Which is easily exploitable. Mirror of Hack is available here .

Google Enable SSL-based searches, Will impact Google Analytic ! According to a blog post by Google, the company is taking steps towards making search more secure for its users. Users will be redirected to https:// instead of https:// when going to do a Google search. By forcing SSL on https://google.com, all keyword data will be hidden. The company is dedicated to SSL and securing search and privacy for its signed in users. But This will restricting search terms availability and also when user will sign out, One will redirect back to Unencrypted (https://) page. The company says this won't change reporting data for webmasters who use analytics tools too see how much traffic Google sends them. How will this change impact Google Analytics users? When a signed in user visits your site from an organic Google search, all web analytics services, including Google Analytics, will continue to recognize the visit as Google "organic" search, but will no longer report the query te...

Duqu - Next Major Cyber Weapon like Stuxnet The Stuxnet cyberworm could soon be modified to attack vital industrial facilities in the US and abroad, cybersecurity experts warned Wednesday at a Senate hearing. Computer security companies agree that these virus is unprecedented and it means the dawn of a new world. Stuxnet and Duqu were not designed to steal money or send spam but to sabotage plants and cause damage in industrial environments. Expect the appearance of additional copies. The Stuxnet virus that attacked Iran's nuclear program can cripple the country's nuclear facilities for two years, a German computer expert announced on Wednesday, December 15, 2010. From what researchers can tell, Duqu's mission is to gather intelligence data and assets from entities like industrial control system manufacturers, to more easily conduct a future attack against another third party. According to Symantec, the next threat, dubbed "DuQu" because the code has the code strin...

Famous VPN service Proxpn compromised proXPN is one of the famous VPN client based on OpenVPN Service, today hacked by hacked named " TurkisH-RuleZ ". The Server is seems to be Compromised in this Hacking case. Compromised url is h ttp://proxpn.com/whmcs1/downloads and Mirror of Hack is available here .

Report says : US considered cyber war on Libya Officials in the US Obama administration considered compromising Libya's government computer networks to block early-warning data gathering and missile launches on NATO war planes during the American-led strikes, but decided against it, according to The New York Times. The report goes on to claim that, while the use of what is believed to be a pre-existing armoury of Trojans, viruses, malware and military hackers was suggested, the cyber-attack was never actually carried out. The attack would have tried to disrupt Libya's early-warning radar system and thus cripple the North African country's ability to fire back at attacking NATO aircraft.But the Obama administration and the Pentagon chose instead to mount a conventional attack, partly because an American cyberattack might have set a dangerous precedent, and Libya might not have been worth the risk. In the end, American officials rejected cyberwarfare and used convent...

Jynx Kit (LD_PRELOAD) Userland Rootkit Released Jynx Kit is a LD_PRELOAD userland rootkit. Fully undetectable from chkrootkit and rootkithunter. Includes magic packet SSL reverse back connect shell based on SEQ/ACK numbers in a single packet. Solid building block for further LD_PRELOAD rootkits. DOWNLOAD HERE Submitted by ErrProne (www.blackhatacademy.org)

More than 10,000 Facebook account hacked by TeamSwaSTika Another group of Hackers, self titled Team Swastika, have caused panic amongst Facebook users after releasing the details of 10,000 accounts onto popular text sharing site, Pastebin. Pastebin, usually used to share source code, has frequently been host to a number of text files that contain the details of specific hacks by hackitivists and hacker groups. Team Swastika is just one of these hackitivist groups but claims to be the most powerful hacking team in Nepal. They also said that next target will be Nepal Government website. Facebook hacked account dump: https://pastebin.com/KYsd0j5B (part1) - Removed by Pastebin https://pastebin.com/nN5uDrQS (part2) - Removed by Pastebin

National Cyber Security Bulletin on Anonymous DHS has analyzed the likelihood of Anonymous attacking industrial control systems (ICS) after the hacktivist group showed such intentions earlier this year. " Assessment of Anonymous Threat to Control Systems " that was drafted by the National Cybersecurity and Communications Integration Center (NCCIC) back in September. The document is not classified, but it is intended for official use only. The report describes an interest within Anonymous to target industrial control systems. " The capability of the individual to recognize and post code that would gain the attention of those knowledgeable in control systems, as well as their claims to have access to multiple control systems, indicates the individual has an increased interest in control systems, but does not demonstrate capabilities ," the NCCIC said in its report. Download Complete Bulletin

'Good to Know' campaign : Google Collaborates with Citizens Advice Bureau for Online Safety Google's first ever advertising campaign for online safety launches today, in association with the Citizens Advice Bureau. It covers topics such as choosing a password, scam emails and using two factor authentication.The company said future campaigns may deal more extensively with how Google uses people's personal data. The two organisations by using various means and methods, like using adverts in newspapers, on public transports and online, will try to encourage users to adopt secure passwords, log out of web browsers and computers after using them and also to adopt more complex ways to sign in their email accounts which is known as "two-factor authentication".The campaign also focuses on child protection and use of 'cookies' in web browsers. This is the first campaign by Google, which is promoting something different than products such as web browser Chrome. The campaign is p...