The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Several Lebanese ministry websites were the target of a hack attack Thursday by the group Raise Your Voice, in the second such attack on government-related portals this month. " We are RYV, short for Raise Your Voice, and we are simply a group of people who could not bare (sic) sitting in silence, watching all the crimes and injustice going on in Lebanon. We will not be silenced and brainwashed by your media. We will not stop until the Lebanese people mobilize, demand their rights, and earn them ," said the group's message posted on the hacked websites. It is unclear whether Lebanon Anonymous is affiliated with the hacktivist group #Anonymous, renowned for its attacks on websites of governments and corporations it considers corrupt or seeking to limit free speech on the web. Last month, they took down the Interpol's website as a response to the arrest of 25 of their members, as well as the United Nations' official site. Below is the list of the websites that were hacked on...

Hackers continued to attack the Philippine government's online presence, with at least one agency on Thursday reporting a denial-of-service attack the night before. The official website of the Department of Budget and Management (DBM) yesterday became the latest victim of a cyber attack by suspected Chinese hackers.The DBM website was defaced at around 2 pm Wednesday and will remain offline until the repairs are complete, according to Budget Secretary Florencio Abad. In a press statement, Abad said the DBM's official website, www.dbm.gov.ph , is currently undergoing a security audit and "may be inaccessible until critical issues are resolved." The hackers placed a Chinese flag on the DBM website along with a caption announcing it was " Hacked! Owned by Chinese Hackers?! " The webpage also contained a message: " How come a small bitch border country are overconfident? And Challenged to Our Chinese Super Hacker? " A warning was also displayed: " Don't Trouble Chine...

Facebook strengthens security with AntiVirus Marketplace Facebook has launched Anti-Virus Marketplace  , a new portal to protect the social network's users.Members are being encouraged to download anti-malware programs which they can use at no cost for six months. Facebook is strengthening its security controls in an attempt to protect its 900 million users from spam and malicious content.Facebook said Wednesday that it will work with Microsoft Corp. and with computer security firms Trend Micro Inc., Sophos, Symantec Corp. and Intel Corp.'s McAfee to provide safeguards on Facebook. " The Antivirus Marketplace was developed with industry partners to enhance protection for people on Facebook ," Facebook wrote in a blog post . " This program will help us provide even better protections to those using Facebook, no matter where they are on the web. " Facebook's security push comes as social networks become an increasingly popular target for spammers and ...

A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News Sites (BNS)—to deceive users into online investment fraud across 50 countries. These BNS pages are made to look like real news outlets: CNN, BBC, CNBC, or regional media. They publish fake stories that feature public figures, central banks, or financial brands, all claiming to back new ways to earn passive income. The goal? Build trust quickly and steer readers toward professional-looking scam platforms like Trap10, Solara Vynex, or Eclipse Earn. Scammers use sponsored ads on Google, Meta, and blog networks to push traffic to these sites. Ads often carry clickbait headlines—"You won't believe what a prominent public figure just revealed"—paired with official photos or national flags to make them feel legit. Clicking the ad directs users to a fake article, which then redirects them to a fraudulent trading platform. Many of these scams follow a...

Iran Preparing For Cyberwar Against U.S Security professionals in both the U.S. government and in private industry have long feared the prospect of a cyberwar with China or Russia, two states capable of launching destructive attacks on the computer networks that control critical assets such as the power grid or the financial system. But, Iran is recruiting a hacker army to target the U.S. power grid, water systems and other vital infrastructure for cyberattack in a future confrontation with the United States, security specialists will warn Congress Thursday. " If Iran is willing to blow up a Washington restaurant and kill innocent Americans, we would be naive to think Iran would never conduct a cyberattack against the U.S. homeland ," said Counterterrorism and Intelligence Subcommittee Chairman Pat Meehan, R-Pa. " Over the past three years, the Iranian regime has invested heavily in both defensive and offensive capabilities in cyberspace ," states testimony from Ilan Berman...

VMware on Tuesday announced that a single file from its ESX server hypervisor source code has been posted online, and it held out the possibility that more proprietary files could be leaked in the future.  " The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers ," VMware said in a statement. " Hardcore Charlie " - who claims to have downloaded some 300 Megabytes of VMWare source code. Anonymous tweeted: @AnonymousIRC: Oops, VMWare source leaked? Not good https://pastebin.com/JGxdK6vw to Anonymous contributors. May the Pirate Bay always sail strong! The leaked documents include what appear to be internal VMWare communications, pasted onto CEIEC letterhead and with official looking stamps. One email exchange, dated June 5, 2003 is from Jeffrey Sheldon to an internal VMWare listserv and has the subject "code review:untruncating segments. Given the large number of service pr...

New Flashback malware variant found in the wild A new Flashback Trojan has been discovered that infects Macs without prompting the user for a password. If you haven't updated Java on your Mac, or disabled it entirely, you could be a victim. The new variant  dubbed Flashback.S  is actively being distributed in the wild, taking advantage of a Java vulnerability that Apple has already patched. Flashback.S drops two files in the user's home folder, then deletes cached Java files to avoid detection. However, the researchers did not indicate what this new variant was specifically designed to do or how many computers might be infected. At its height, the original Flashback, which was designed to grab passwords and other information from users through their web browser and other applications, was estimated to be infecting more than 600,000 Macs . After analyzing 100,000 Macs running the firm's free anti-virus software program, Sophos discovered several Apple computers ...

Plown : Security scanner for Plone CMS Despite the fact that Plone is one of the most secure CMS, even the most secure system can be penetrated due to misconfigurations, use of weak passwords and if the admins never apply the patches released. Plown has been developed during penetration tests on Plone sites and was used to ease the discovery of usernames and passwords, plus expose known Plone vulnerabilities that might exist on a system. What Plown does Username enumeration Multithreading password cracking.You can specify the login url (if different that login_form) and the number of threads (16 default) Known vulnerability enumeration, based on urls/objects exposed. If found vulnerable, the tool informs about the vulnerability and the url of the patch Version enumeration is planned, based on md5 hashes of static content (css, js) We hope that plown can act as an assistant to system administrators to strengthen their Plone sites. Download Code (written on python)  or visi...

Hacker deface T&T Parliament website to warn about security holes The Government's parliamentary website, www.ttparliament.org, was taken offline yesterday after a computer software hacker apparently breached the security codes of the site and left a mischievous message announcing the security break. Under the name "CoD3X", the hacker reassured the parliamentary site administrator that all the files and the system's database remained intact. " Greatz to admin your website hacked due to security vulnerabilities, patch your website, keep it updated. Don't worry all your files and your database are still here. This is a warning, what other hackers can do to your website. Keep it in mind...CoD3X ." Minister of Government Business and Acting Attorney General Dr Roodal Moonilal, though, was not concerned with the breach and in fact denied that the Parliament site was taken offline to deal with that specific issue. Corporate communications manager, Jason Elcock, yester...

Cyber Attack on The Iranian Oil Ministry 's Computer Network The Iranian oil ministry's computer network came under attack from hackers and a computer virus, prompting the Islamic Republic to disconnect the country's main oil export terminal from the internet as a preventative measure, a semiofficial news agency reported on Monday. The Mehr News Agency, which is a semi-official arm of the Iranian government, reported Monday that the country's principal oil terminal on Kharg Island was disconnected from the Internet as part of the response to the attacks. Email systems associated with the targets were also pulled offline. Iranian officials said the virus attack, which began in earnest Sunday afternoon, had not affected oil production or exports, since the industry was still primarily mechanical and does not rely on the Internet. Officials said they were disconnecting the oil terminals and possibly some other installations in an effort to combat the virus. Cyberattac...

Google raises Hackers bounties to $20,000 Google on Monday raised to $20,000 its bounty on software bugs that hackers could exploit for cyber attacks on the Internet giant's online services. The maximum reward for exposing a vulnerability that would let an intruder's code get up to mischief in a Google data centre was ramped up from the $US3,133 ($A3,030) payout set when the bounty program was launched in November of 2010. Remote code flaws found in Google's Web apps will also be rewarded $20,000.The term "remote code execution" refers to the most serious category of vulnerabilities, those which when exploited allow an attacker to hijack a system and/or plant malware on a machine. A $10,000 bounty will be paid for SQL injection bugs or significant authentication bypass or data leak vulnerabilities, Google said in the revised rules for the program. At Google's Pwnium contest in March, Google paid out $60,000 prizes to anyone that could exploit the Chrome b...

Iran Replicating Captured U.S. Drone RQ-170 Sentinel Iranian military aerospace chief General Amir Ali Hajizadeh was quoted having said:" The Americans should be aware to what extent we have infiltrated the plane. " Iran has broke the encryption codes and begun construction of a replica of the United States surveillance drone captured last year, according to Iranian officials. American spy drone that went down in Iran last year, including information that the aircraft was used to spy on Osama bin Laden weeks before he was killed. Iran also said it was building a copy of the drone. US Senator Joe Lieberman dismissed the claim that a copy was being made as " Iranian bluster " saying, "they're on the defensive because of our economic sanctions against them". The U.S. says the drone malfunctioned and downplayed any suggestion that Iran could mine the aircraft for sensitive information because of measures taken to limit the intelligence value of drones operating...

Fuck CISPA - Stop censoring Internet ! -  By:    Patti Galle, Executive Editor The Cyber Intelligence Sharing and Protection Act (CISPA) H.R. 3532 is a new bill being introduced in Congress that is gunning to blast the ongoing cyber attacks that have occurred since internet users figured out the keyboard could be an effective weapon. If passed through Congress, the bill would allow the government access to personal correspondence of any person of their choosing. Once again, we are being fucked by those nosey neighbors in our government. You should be very mad and very afraid because CISPA is far worse than SOPA and PIPA in its effects on the internet. The wording of this bill is mumbo jumbo, vague and broad. Reading through the nonsense, basically the act would allow Congress to circumvent existing exemptions to online privacy laws, and would allow the monitoring and censorship of any user of the internet. Peeping Toms will be wetting their pants. The real kicker (in ...

Have you ever wondered how Hackers or Black Hats hack into a computer system ? Our Hacker Boot Camp training session will teach you how this can be done. You will be shown the techniques, tools and methods that the hacker uses. This insight will help you understand how to better protect your IT architecture and identify the vectors of attack that hackers use. The Hacker News organising an Advance Ethical Hacking and Cyber Security Boot Camp at Delhi, India. All of our instructors are experts in their field and maintain respected reputations within the security community. CCSN is a revolutionary new certification in the field of information security training program for amateurs and professionals to help you gain the skills you need to become an expert in the field of information security. This specialized certification assures potential employers and customers that you have a level of advanced knowledge to detect and offer support for some of the most advanced secur...