The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Sony Pictures Facebook Page & Website Hacked again ! The hacking group Anonymous has confirmed that they have once again hacked Sony Pictures, gaining access to their Facebook account and website. Anonymous did threaten Sony for supporting the controversial SOPA bill and now it seems that the threats materialized. The hack hit the Sony Pictures Facebook page and its web site homepage, according to reports and tweets from those involved. Comments were left on the web pages, but have since been removed. The attacks carry the name Op Sony and were noted through the @s3rver_exe Twitter account. " #OpSony SonyPictures Hacked! by s3rver.exe , Anonnerd and N3m3515 ," says a tweet from that user, who continued, " I uploaded a @YouTube video (link removed) Sony Pictures Hacked By Anonymous. " " Your support of the act is a signed death warrant to Sony Company and Associates. Therefore, yet again, we have decided to destroy your network. We will dismantle your phanto...

From the In-Security Land to Security in the Cloud " This article aims to share with you some thoughts and concepts associated with Cloud Computing and the risks involved for those who want to venture into the benefits it offers " --  Mariano M. Río " From the In-Security Land to Security in the Cloud " will try to reflect how true it is that the cloud is dangerous or more dangerous than "land" and in turn how much of what is required to the cloud is rarely seen implemented on the ground. When companies begin their assessment to go to the cloud, the first comments are generally related to the "dangers" associated with privacy and confidentiality of information, the availability of services and other issues that represent the cloud as an undesirable place to visit. This turns out to be real, but as real as could be the situation of exposure of the information in an organization that does not have security program information or at least care with...

BackBox Linux 2.01 released The BackBox team is proud to announce the release 2.01 of BackBox Linux.The new release include features such as Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8.0. The ISO images (32bit & 64bit) can be downloaded from the following location: https://www.backbox.org/downloads What's new System upgrade Performance boost New look Improved start menu Bug corrections New sections such as Forensic Analysis, Documentation & Reporting and Reverse Engineering New Hacking tools and updated tools such as dradis 2.8, ettercap 0.7.4.2, john 1.7.8, metasploit 4.2, nmap 5.51, set 2.5.2, sleuthkit 3.2.1, w3af 1.0, weevely 0.5, wireshark 1.6.3, etc. System requirements 32-bit or 64-bit processor 256 MB of system memory (RAM) 4.4 GB of disk space for installation Graphics card capable of 800×600 resolution DVD-ROM drive or USB port

I'm a firm believer in multitasking. I tend to work on several things simultaneously; the more monitors I have connected the more things I can do in parallel, and I can bounce back and forth between tasks, given that no one interrupts me. When I find an application that can do more than one thing for me, I become very interested, and when it can do three things well, I have myself a winner! GFI LanGuard is just that; a winner, that multitasks for me by providing patch management, network security, and vulnerability scanning into a unified application which makes my network maintenance tasks quick and easy. The latest version was released just a few weeks ago so I decided to take the app out for a spin, really kick the tires, and see what it has to offer. I'll rate each area on a ten point scale, where high scores are better. Here's how my test drive went. 0-60 in an instant The 124MB download came down in an instant, and my trial key was in my inbox before the download was...

#Enter_at_your_own_Risk Cyber Awareness Magazine Issue January edition Released As we promised last month, The Hacker News along with Security-FAQs, SecManiac, Korben, Security-Shell, SecTechno have come together to bring you an outstanding array of internet security and hacking information. You can   Download Here  Special Magazine January 2012 Edition. Previous Editions  available Here . Sit back, read and enjoy : Lee Ives from London, England talk about internet security for your children and what to watch out for and how to protect them and yourself. Security Expert, Pierluigi Paganini takes us on a visit to China and makes us wonder just how influential China's hacking is on world internet security. Read and decide for yourself. Get political emotions warmed up reading " Anatomy of a Revolution " by our own editorial staff.  Mourad Ben Lakhoua takes us on a scary journey of what new Malwares are lurking about and what to expect in the fu...

9 Top Patch Management Practices for Businesses Security I've spent most of the past decade in information security, with a pretty big focus on incident response. It never ceases to amaze me how many security incidents (pronounced hacks) customers suffer as a result of unpatched systems. Patch management is not an art form; it's an underappreciated and often ignored part of what should be daily care and feeding of your infrastructure. Here are the nine best patch management practices I've learned over the years: 1. Automate your patching If your patch management strategy depends upon manual effort, you're doing it wrong. Only the smallest businesses can handle patching by hand. You need a system that can deploy patches to all your systems; workstations and servers. 2. In-depth reporting Automating doesn't mean ignoring. You should be able to see the state of your patch management at any point in time and know exactly which systems are in need of attention. 3. Tes...

Nmap 5.61TEST4 released with Web Spidering Feature ! Nmap release today an interesting version nmap 5.61TEST4 with number of interesting features. Also, to improve the user experience, the Windows installer nowinstalls various browser toolbars, search engine redirectors, andassociated adware. a spidering library and associated scripts for crawling websites. 51 new NSE scripts, bringing the total to 297. a substantial decrease in the size of the Mac OS X installer due to the removal of PPC support. a new vulnerability management library which stores and reports found vulnerabilities. Mac OS X packages are now x86-only (rather than universal), reducing the download size from 30 MB to about 17. Change Log can be found here  and Download Here  .

400000 Israeli Credit Cards & Information Leaked by Saudi Arabia Hackers Hacker named " 0xOmar " from group-xp, largest Wahhabi hacker group of Saudi Arabia claim to Hack lot of Israeli servers, lot of information about Israeli people including their name, address, city, zipcode, Social Security Numbers (Israeli IDnumbers), mobile phone number, home phone number, credit card number (including exp year, month and CVV). According to announcements from the credit card companies, 6,600 of the stolen cards belong to Isracard Ltd., 4,000 to Leumi Card Ltd., and 3,000 to Israel Credit Cards-Cal Ltd. (ICC-Cal) (Visa). Hacker says " We daily use these cards to solve our problems, purchasing VPNs, VPSes, softwares, renting GPU clusters, renting cloud servers and much more! ". They Claim themselves as part of Anonymous hacking Group from Saudi Arabian. " my goal is reacing 1 million non-duplicate people, which is 1/6 of Israel's population. " He said. Qu...

ColdFusion Zero day vulnerability : Remote File Disclosure of Password Hashes Yesterday  Blackhatacademy Released Fully automated MySQL5 boolean based enumeration tool . Today Another post expose the most critical ColdFusion vulnerability affects about a tenth of all ColdFusion servers at the present. It chains together multiple exploits, and it provides a 30 second window into the Administrator panel. The ColdFusion Administrator panel can then be used to write out a shell. ColdFusion Markup Language is an interpreted language utilizing a Java backend. It allows direct access to Java via its cfscript tags, while simultaneously offering a simple web wrapper. It is vulnerable to a variety of attacks, but mainly LFD and SQLi. ColdFusion scripts are commonly run as an elevated user, such as NT-Authority\SYSTEM (Windows) or root (Linux), making them especially susceptible to web-based attacks. Patching a ColdFusion instance from the LFD->Bypass->RCE exploit can only ...

30 Pakistan government Sites goes down ! Indian Hacking Group Indishell claiming to hack and Bring down 30 30 Pakistan government websites, Including  Police and Navy Sites also. Hacker attack on webserver located at 50.23.225.39 IP address. List of all Hacked Sites is Here  and Mirror of Deface Pages can be checked Here .

Android mobile internet tethering become undetectable by carriers When the idea that your smartphone's data connection would be able to be shared by your laptop with no additional charge, everyone seemed to be on board over the past year, carriers have started up extra costs for this and have struck down all attempts by apps to sidestep the process , until now. What one of the most well-known hacker/developers in the world Koushik Dutta, aka Koush, has done is to create a non-market app that allows you to use your smartphone as an internet hotspot, doing so without adding costs to you beyond what that data would cost to you on your smartphone on its own. And it's completely (nearly) undetectable by carriers. " Over the last month, I've been working on a new app. Tether Alpha is a USB[2] tether solution for Mac, Windows, and Linux that allows you to use your phone's data connection to get internet access on your desktop or laptop. " Koushik Dutta said. " I am...

Japan developing cyber weapons for Counter Attack Japanese technology firm Fujitsu is developing a ' seek and destroy ' virus which could identify and combat hacking and other cyber threats in a more effective way. The weapon is the culmination of a 179 million yen three-year project entrusted by the government to technology maker Fujitsu Ltd to develop a virus and equipment to monitor and analyse attacks, the daily said. The chief snag for the plan is that Japanese law currently forbids the manufacturing of computer viruses. However, we would suspect that a compromise can be reached in due course, given the project is being carried out in the interest of national security. Japan was a notable victim of hacking in 2011, which proved to be a year in which cyber crimes and threats rose to prominence.  Japan's parliament had its computer system hacked into, while a number of cyber espionage campaigns including one targeting almost 50 US companies were waged on governments an...

Fully automated MySQL5 boolean based enumeration tool Blackhatacademy Developers  releases Fully automated MySQL5 boolean based enumeration tool. By default, this script will first determine username, version and database name before enumerating the information_schema information. When the -q flag is applied, a user can supply any query that returns only a single cell If the exploit or vulnerability requires a single quote, simply tack  %27  to the end of the URI. This script contains  error detection : It will only work on a mysql 5.x database, and knows when its queries have syntax errors. This script uses perl's LibWhisker2 for IDS Evasion (The same as Nikto). This script uses the MD5 algorithm for optimization. There are other optimization methods, and this may not work on all sites. GET TOOL SCRIPT HERE .