The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Six National Television Stations of Iran Hacked Co-Cain Warriors hackers today hack into 6 National Television Stations of Iran including Broadcasting Elam Center, IRIB Kermanshah Center, IRIB Kerman and 3 more. Hacker upload the deface page on their server and announce the day as " HappY 7Sin Day ". With growing conflicts in middle east more intrusions and DDOS attack on Iranian websites. Iran has been identified as the main cyber threat to the United States,Israel and European Countries. Yesterday we also report that, Iran's cyber defense headquarters has succeeded in making internal mail servers which would enable Iranian organizations and bodies to use local email addresses. Also last week, Iran launched a sophisticated cyber-attack against BBC Persian TV, according to the BBC News. The Reason behind this attack is part of a broader attempt by the government to disrupt the BBC's Persian service. This attack follows various tactic...

SpoofTooph 0.5 : Automate Cloning of Bluetooth devices SpoofTooph 0.5 has been updated with some major bug fixes and new features. The new version 0.5 runs scans MUCH faster, which also allows for more Device Names to be resolved during scans. Spooftooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will only list one of the devices if more than one device in range shares the same device information when the devices are in Discoverable Mode (specificaly the same Address). Change Log v0.5: - Fixed segmentation fault in manual assigning of Device Name and Class of Device - Modified flags - Depreciated      -r: Assign random NAME, CLASS, and ADDR      -l : Load SpoofTooph CSV logfile      -d : Dump scan into SpoofTooph CSV logfile - New      -w : Write ...

Mutillidae 2.1.17 : Born to be Hacked A few days ago an update " Mutillidae " version 2.1.17 was released. Mutillidae is a free, open source web application provided to allow security enthusiest to pen-test and hack a web application. Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver. If you would like to practice pen-testing/hacking a web application by exploiting cross-site scripting, sql injection, response-splitting, html injection, javascript injection, clickjacking, cross frame scripting, forms-caching, authentication bypass, or many other vulnerabilities, then Mutillidae is for you. Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and others. Features Installs easily by dropping project files into the "htdocs" folder of XAMPP. Switch...

Iran makes internal email servers Iran's cyber defense headquarters has succeeded in making internal mail servers which would enable Iranian organizations and bodies to use local email addresses. " One of the most important problems in the cyber arena in Iran is that many individuals and even university professors are using email services like Gmail and Yahoo and have no local email, " Rahimi said, Head of Iran's Cyber Defense Headquarters. " Technical infrastructures have been built in the country and mail servers have been made at the cyber defense headquarters to manage Iranian emails ," he added. The Iranian official noted that the body also shoulders the responsibility to promote culture and education. Iran launched a cyber defense headquarters some five months ago. The key task of cyber defense is to prevent computer worms, or as some call it cyber weapons, from breaking into or stealing data from Iran's maximum security networks, including nuclear facilitie...

Dutch News site spread Malware on 100000 Computers Dutch popular news site NU.nl appears to be serving Java exploit (drive-by malware) to users of IE. Nu.nl has approximately one hour long served the Javascript code that attempted to provide visitors to the news site with a trojan to infect. The attackers made use of servers in India which an exploit kit was placed. The Ministry of Security and Justice issue a warning for malware yesterday by Nu.nl estimated to have infected 100,000 computers. Erik Loman, developer at security firm SurfRight, made ​​known on Twitter on the front page of the news javascript code ' g.js ' was blocked. The code triggered by Loman a nuclear exploit pack on a web server in India was placed. The exploit script checked the browser and common plugins like Flash and Adobe Reader security hole. If an exploit was found, the server sent the Sinowal-malware, a trojan of Russian origin, which is continuously updated and attempts to steal bank detail...

[POC] Windows RDP Vulnerability Exploit The vulnerability described by Microsoft as critical is known as MS12-020 or the RDP flaw. The hackers worked quickly on this particular vulnerability and we've already seen attempts to exploit the flaw which exists in a part of Windows called the Remote Desktop Protocol. Proof of concept (POC) exploit of the deadly RDP vulnerability has been shown to trigger blue screens of death on Windows XP and Windows Server 2003 machines. The exploit attacks a RDP (Remote Desktop Protocol) flaw patched by Microsoft on Tuesday. The discovery of proof-of-concept code on a Chinese website less than 72 hours later came as no great surprise. Security firms warned that worse is likely to follow. The vulnerability might easily be exploited to create a worm that spreads automatically between vulnerable computers. Two POC discovered, first POC to emerge was posted briefly on a Chinese website before disappearing. The second, based off the Chinese...

President Assad 's hacked emails reveal isolation of Syria's leader Asad's personal email account was hacked by Anonymous hackers few hours ago and The Guardian then acquired over 3,000 documents from hacked email that according to opposition is the personal email of ruling couple Bashar and Asma al-Assad sam@alshahba.com and ak@alshahba.com The newspaper said it got the trove of e-mails from a member of the Syrian opposition whom it does not identify. The documents are said to have been intercepted by members of the Supreme Council of the Revolution between June and early February. According to the Guardian, the e-mails show that Assad regularly received advice from Iran or advisers to Iran about how he should respond to the crisis in his country. He received a memo from his media consultant with advice that was based on " consultations with a good number of people in addition to the media and political adviser for the Iranian ambassador. " The memo advised ...

Malicious Android application stealing banking credentials A new form of smart Android malware can not only steal your online banking information, but update itself in the future and secretly send contact information stored on your device off to the Bad Guys. Security researchers at McAfee have discovered a malicious Android application capable of grabbing banking passwords from a mobile device without infecting the user's computer. From a McAfee blog post on the subject, penned by Malware Researcher Carlos Castillo: " To get the fake token, the user must enter the first factor of authentication (used to obtain initial access to the banking account). If this action is not performed, the application shows an error. When the user clicks "Generar" (Generate), the malware shows the fake token (which is in fact a random number) and sends the password to a specific cell phone number along with the device identifiers (IMEI and IMSI). The same information is also sent to one of th...

Stanford University defaced by Indian Hackers Stanford University subdomain ( https://scale.stanford.edu/ ) defaced by Indian hackers " Yash " and " C0de Inject0r " from Team Nuts . Stanford is an American private research university located in Stanford, California. Hacker write on page " Everyday Someone Get Hacked , Today is your Day ". " Admin -Good Security ,But Still Failed To Keep Us Out Of Your BOX " They added. Deface page have " Vande Mataram " as background music. Vande Mataram is a patriotic song for Indians. Reason of Defacement is unknown. At time of writing this post, site displaying black colour background with Hackers message on it. Team Nuts Hackers was mostly active last year, you can check their past hacks here .

PS3 hacker Geohot arrested for possession of marijuana George 'GeoHot' Hotz, who you might know as "geohot" who made the Sony console's root key available last year, has been banged up for carrying drugs. He was traveling by car with friends on his way to the SXSW conference in Austin to give a talk titled " The Final Frontier of Reverse Engineering " when he had to stop at a border patrol checkpoint in Sierra Blanca, Texas. Department of Homeland Security officers were using dogs to decide if a vehicle warranted a search, and Hotz's car was barked at. Geohot holds a medical marijuana license in California (for those pesky headaches, clearly) and as such, was legally allowed to tote around a confectionary treat bag of THC-infused sweets. Sadly for Geohot, as he may or may not have noticed, he wasn't in California when a sheriff pulled a 1/4 oz. of Mary Jane from the glove box, alongside a pack of chocolates said to contain less than 1/8 oz. of the same Wa...

Carbylamine PHP Encoder - Make PHP files Fully Undetectable from Antivirus Carbylamine PHP Encoder is a PHP Encoder for obfuscating/encoding PHP files so that antivirus detection signatures can be bypassed. High Security PHP Encoder Stops unauthorized personnel from reading, modifying and reverse engineering your code. Advance PHP obfuscation makes your code extremely hard to understand. Improves security by preventing hackers from analyzing your source code. Encoding is a process where the PHP source code is converted to an intermediate machine readable format. This format is hard for humans to read and convert back to source code. As a result it protects your code from casual browsing. This means that if people obtain access to your site's code they will not be able to use that for unintended purposes. Obfuscation is a process where code intentionally made very hard to read as source code or as reverse engineered code. This obfuscation is designed to manage risks that st...

Iran Defense Forum users logins compromised and Leaked Hacker with name " Le0n B3lm0nt " claimed to hack into the Iran Defense Forum website (irandefence.net) and leak user details of all 3,212 members including their usernames, Emails and Passwords.  Iran Defense Forum is an independent forum that is not associated with the Iranian Government, neither it is affiliated with any governmental or regulatory agencies nor related to any political or religious entity. Hacker leak the database on Pastebin Note . Also two days before  Iran hacked BBC Persian TV  The Reason behind this attack is part of a broader attempt by the government to disrupt the BBC's Persian service. This attack follows various tactics by the Iranian government, such as harassment, arrests, and threats against the relatives of BBC Persia correspondents who still live in Iran, in an effort to force the journalists to quit the Persian news service.

FBI actually leak Stratfor e-mails just to bust Julian Assange ? Internal emails disclosed by Anonymous and WikiLeaks suggest that Stratfor, a private intelligence firm working with the U.S. Justice Department. But The FBI turned a computer hacker to build its case against a group of people it alleges are responsible for a string of audacious attacks that captured the personal details of more than one million people. Hector Monsegur, known as Sabu, leader of the Anonymous affiliated hacking group LulzSec, was arrested by FBI agents in his New York apartment on Monday, June 7, 2011, at 10:15PM. On August 15, Monsegur pleaded guily to several counts of hacking and identity theft.  Seeing that Xavier 'Sabu' Monsegur had apparently been working for the FBI for the last couple of months, it isn't too far-fetched to think that the leaks of the Stratfor e-mails given to Wikileaks by Anonymous was nothing more than a tactic to entrap Wikileaks and build a case against Assange...