The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Brazil ISP servers under Massive DNS poisoning attacks Kaspersky Lab expert Fabio Assolini Report that A massive DNS cache poisoning attack attempting to infect users trying to access popular websites is currently under way in Brazil. Several large ISPs in the highly connected country have been affected by the attack, and police have made at least one arrest in connection with the operation. Attackers have been able to poison the DNS cache records for several major Web sites at some large ISPs. Last week Brazil's web forums were alive with desperate cries for help from users who faced malicious redirections when trying to access websites such as YouTube, Gmail and Hotmail, as well as local market leaders including Uol, Terra and Globo. In all cases, users were asked to run a malicious file as soon as the website opened. It asks the customer to download and install the so-called " Google Defence " software required to use the search engine. In reality, though, this ...

Sqlninja 0.2.6 is now available Sqlninja's goal is to exploit SQL injection vulnerabilities on web applications that use Microsoft SQL Server as back end. It is released under the GPLv3.There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on getting an interactive shell on the remote DB server and using it as a foothold in the target network.  Here's what it does: Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode) Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental) Privilege escalation to sysadmin group if 'sa' password has been found Creation of a custom xp_cmdshell if the original one has been removed Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed) TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port th...

Anonymous attack on Israeli government  & security services websites Several Israeli government websites crashed on Sunday in what appeared to be a cyber-attack by Anonymous hackers. The websites of the IDF, Mossad and the Shin Bet security services were among the sites that went down, as well as several government portals and ministries.The Israeli army and intelligence agencies' websites were offline. In a video that was uploaded to YouTube, Anonymous warns that if the siege on Gaza is maintained, it will have no choice but to go on the attack.. " Your actions are illegal, against democracy, human rights, international, and maritime laws ," the statement addressed to the government of Israel and posted on Youtube and Anonymous-affiliated sites said. " Justifying war, murder, illegal interception, and pirate-like activities under an illegal cover of defense will not go unnoticed by us or the people of the world. " " If you continue blocking human...

DUQU – Another Stuxnet in the Making ? Article by :   Nidhi Rastogi is a Cyber security professional based in New York. Article shared from THE HACKER NEWS magazine - November Edition. You can download Complete Magazine here . Barely a year into discovering Stuxnet, the world recently saw its powerful variant in the form of Duqu. It is believed that a Hungarian blogger was the first to have a tryst with the virus in early September at an ISP hosting service. Why it is important: Duqu has gained a lot of attention because of striking similarities with its famous predecessor, Stuxnet. Several Security researchers have concluded that 99 percent of Duqu software rules are same as Stuxnet including source code and keys for encryption. There is reasonable evidence by now that the damage caused by Stuxnet was real. Hence, Duqu is of concern to every security professional at the moment. How it functions: Duqu camouflages its own data behind normal web traffic to avoid suspicion fr...

Insider Threats vs Hackers - by Emmett Jorgensen Emmett Jorgensen has worked in IT and Infosec for over 10 years. He works for Kanguru Solutions (www.kanguru.com), a manufacturer of secure portable storage solutions. Article taken from 'The Hacker News' Magazine - October Edition. You can Download it from Here . News about cyber security, Anonymous, and Lulzsec are constantly making headlines these days, as well they should. It seems that Anonymous is hacking into confidential information on an almost weekly basis. Yet, despite this talk of external risks, the real threat to businesses often comes from within, in the form of insider threats. Although the intent of a hacker is generally more insidious, the insider threat is more prevalent simply due to an employee's access to company data. Insiders often have access to sensitive data without having to circumvent security measures designed to keep out external threats. But which is really a bigger threat to your orga...

VanishCrypt – Virtual Encryption Tool by SecurityLabs SecurityLabs Experts from India release a new Virtual Encryption Tool called " VanishCrypt ". A Freeware Utility to Secure Your Data. It creates a virtual disk that contains your secret files. Data is protected with a Encrypted Password. The files are completely inaccessible without the correct password. Stored files are encrypted with strong CryptoAPI. Additional Features: It have "Advanced Mode" with you can create a real virtual drive accessible in Explorer that contains your files stored in the vdisk image. It uses Win32 API for I/O operations for a great speed improvements Video Demonstration: Download VanishCrypt [ Source ]

Duqu malware was created to spy on Iran's nuclear program A Report by Kaspersky Lab Expert, Ryan Naraine says that the DUQU malware was created to spy on Iran's nuclear program. IrCERT (Iran's Computer Emergency Response Team) Duqu is an upgraded version of "Stars".  Back in April this year, The Iranian government says it is being targeted by a new piece of malware aimed at its federal computers. Also its confirm that some of the targets of Duqu were hit on April 21, using the same method involving CVE-2011-3402, a kernel level exploit in win32k.sys via embedded True Type Font (TTF) file. In both cases a malware similar to Stuxnet found in systems and stealing information. Do you think these relate to each other ? If we are to believe these reports, then it means that Duqu was created in order to spy on Iran's nuclear program. Another interesting part of information is that more than 10 nations have supplied intelligence suggesting Iran ...

Hacker selling compromised websites gets hacked by d33ds A hacking group called d33ds broke into the online shop of a rival hacker who sells unauthorized access to high-profile websites and data. A hacker calling himself Srblche , also offered information stolen from websites belonging to the U.S. Army, the U.S. Department of Defense, the South Carolina National Guard and other institution. Srblche is believed to be Kuwaiti. d33ds  target  Srblche,  " Anyone willing to pay for this service must be as stupid as he is, " d33ds wrote in its announcement of Srblche's online catalogue being hacked. D33ds is the same group that hacked RankMyHack.com . RankMyHack is a website that awards points for Web compromises depending on how big or important the target was. Hackers compete for a higher position on the leaderboard. [ Source ]

Duqu Analysis and Detection Tool by NSS Labs NSS Labs has built a new, free tool that detects known and newly created Duqu drivers that have infiltrated systems, thus allowing security experts to further analyze the " functionality, capabilities and ultimate purpose of DuQu. ". The Tool is available free. Duqu is notorious worm that exploit Windows Zero-day Vulnerability. Microsoft released temporary fix yesterday for this vulnerability . According to the test, NSS tool Success rate is 100%, zero false positivies. Developers said it is using advanced pattern recognition techniques, it is also capable of detecting new drivers as they are discovered.Two new drivers were discovered after the tool was completed, and both were detected by the NSS tool with no updates required. It seems that Duqu contains similar code and utilizes similar techniques to Stuxnet. More precisely, it seems to make use of digital certificates that appear as legitimate, but it's far too early to descri...

CapitalOne Bank taken down by Anonymous hackers Anonymous Hackers claim to taken down the official website of CapitalOne Bank . Currently Site is showing message on Homepage that " Site under maintenance ". In a pastebin release Anonymous Hacker wrote " ya know.. every guy Fawkes day companies go hire the best white hat hackers to protect them against attackers like us lol.. so dont beat your self's up if nothen was defaced or taken down by ddos.. we still doxed a bunch of people lol! congratulate your self's! Anonymous dident fail we succeeded and we will never fail.. " Hacker also claim to do DDOS attack on CapitalOne website for taken it down. There is another statement by same hacker " Many ddos attacks were taken place today and we all hoped to see at least fox going down ". Its not clear that that either the site is really under  maintenance  after attack by Anonymous Hackers or its any regular  maintenance for backup only. Hackers al...

Mobile Security and Lack thereof Nidhi Rastogi ,A Security Consultant with Logic Technology Inc, New York share her Views about the Mobile Security and Lack thereof . The Article is taken from our September Month Magazine Edition  .Here we go.. Mobile technology, particularly smartphones, has come of age and is increasingly replacing PCs for internet surfing, emails, gaming and social networking. As per a recent survey by Neilson Media Research, smartphones now comprise over 38% of the U.S. Cellphone Market and will become the majority by end of the year. To meet this growing demand, cellphone companies are fast churning out new models with killer features, latest and greatest in technology. With this growth it has also come to attention that security of these devices cannot be left behind. Every day a new data breach is making headlines suggesting hackers have gone into overdrive. However, what is of particular interest is that a bulk of them is being attributed to cellph...

We had an Interesting Article by " Paul F Renda " in our The Hacker News Magazine 's November Edition. We would Like to share this article with our website readers also. You can Download November Issue Here . This is a theoretical prima to bring out a discussion about whether an Internet doomsday worm can be created that is so intractable that it cannot be eradicated. This worm could also have the ability to carry multiple weaponized payloads. Can a doomsday worm shut down the Internet? I don't think anyone could shut down the Internet but I believe a worm can definitely create access problems. An intractable type of malware agent is not an abstract concept or science fiction. A doomsday like virus has been plaguing the U.S.Drone fleet. They keep trying to disinfect their hard drives but it keeps coming back. The Pentagon has been plagued by the worm agent.btz; they are still trying to remove it after 3 years. Some analyst think agent.btz was created by China....

Persistent XSS Vulnerability in White House Website Alexander Fuchs , A German Security Researcher Discover Persistent XSS Vulnerability in Official website of White House . He said " The petition system is vulnerable. Every Petition i start or join will execute my code. I could join all petitions and my code will be executed on all users who visit the petition system. " The XSS Demo is here: https://wwws.whitehouse.gov/petitions/!/petition/security/WxgwM7DS Advisory: https://vulnerability-lab.com/get_content.php?id=308