The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Last week Council on Foreign Relations website was compromised and recently hit by a drive-by attack using a zero day Internet Explorer 6 vulnerability for Cyber Espionage attack, suspected by Chinese Hackers. Later Microsoft confirmed that  Internet Explorer 6, 7, and 8 are vulnerable to remote code execution hacks. According to researcher  Eric Romang , CFR watering hole attack (CVE-2012-4969 and CVE-2012-4792) has also target Capstone Turbine Corporation website since mid-September. He was able to find a cached version of the first JavaScript that starts the drive-by attack. Then on further search finds that by doing a Google dork search site:capstoneturbine.com "_include"  we can see something strangely like CFR.org "news_14242aa.html" file. Capstone Turbine Corporation is the world's leading producer of low-emission microturbine systems, and was first to market with commercially viable microturbine energy products. Capstone Turbine has shipped tho...

Google Play Developer Console enables developers to easily publish and distribute their applications directly to users of Android-compatible phones. Recently someone posted on Reddit that a developer is trying to spread malware by masquerading infected programs as legitimate software. The account of the developer called, " apkdeveloper " and readers spotted that they are posting fake malware apps by names of famous android games and apps, using the word "Super" as suffix to them, making them seem as an upgraded version of the game. The users can find the difference between the real app and malicious app by observing the device permissions, like as compared to the simple permissions like network access and read write access of the original Temple Run app, the ' Temple Run Super ' app asks for sensitive information like location, phone status, identity and access to user accounts. After many report abuse Google Play has removed the developer from th...

Do you have any idea about an Internal IP Address or a Private IP Address that too assigned for Multinational Companies? Yeah, today we are gonna discuss about Internal IP or Private IP address Disclosure. Disclosure of an Internal IP like 192.168.*.* or 172.16.*.* , can really Impact ? Most security researchers call it as "bull shit" vulnerability. But when it comes to impact calculation even if the server is behind a firewall or NAT, an attacker can see internal IP of the remote host and this may be used to further attacks. Internet Giants like Facebook, Google, PayPal and Serious National Security organizations like FBI, Pentagon and NASA are taking initiatives for their Security Issues. At same, we at ' The Hacker News ' stand together for organizations that talk about national security in a serious way. I guess,its the time to understand about the flaws and its impacts where I would like to share my findings about our Internet Giants and Organiza...

Last Friday, we reported that the website of the U.S. Council of Foreign Relations was allegedly compromised by Chinese hackers who exploited the zero-day bug that was only discovered that same day. The CFR website was compromised with JavaScript that served malicious code to older IE browsers and the code then created a heap-spray attack using Adobe Flash Player. Yesterday former hacker Bryce Case Jr (YTCracker) tweeted about a new zero day exploit threatening all users of IE8, " internet explorer 6-8 0day making the rounds force them toolbar installs and keyloggers on exgf while you still can... ". On Saturday, Microsoft published a security advisory warning users of Internet Explorer 6, 7, and 8 that they could be vulnerable to remote code execution hacks. The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vuln...

Suddenly today Google Chrome start detecting Twitpic.com as malware threat. Twitpic is one of the most popular website for Sharing photos and videos on Twitter. Twitpic denies and said that there is no malware on the website and is trying to contact Google. We also notice that, Twitter profiles and pages with Twitpic URL in tweets are also blocked curretly by Chrome. Many people also complaining about this on Google Help forum. An official statement from Twitpic via tweet ," Working to fix the google chrome malware notice when visiting Twitpic.com as this is not true or the case, trying to contact google ". Google's Safe Browsing Diagnostic page for twitpic.com saying, " Site is listed as suspicious - visiting this web site may harm your computer. Of the 12029 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google vis...

Android devices having more than 1.3 million daily activation and that there are now more than 500 million Android devices active worldwide. Where Android is growing at a rapid pace, there is equal growth in users from various countries like Kurdistan. Kurdistan refers to parts of eastern Turkey (Turkish Kurdistan), northern Iraq (Iraqi Kurdistan), northwestern Iran (Iranian Kurdistan) and northern Syria (Western Kurdistan). Rawand Haider ,  Petroleum Engineer by profession and  Android Rom Developer releases first Android  Kurdish version Rom. Officially there is no Kurdish language in Android devices yet available. Kurdish people begun to realize that the future is for Android OS, as a result, they're buying android phones more than ever. More than 60 million people speaking Kurdish language and  Rawand's project becomes  quite useful and handy project  for them now. The Rom is based on Jelly bean 4.1.1 an...

Web site for the Council on Foreign Relations was compromised and recently hit by a drive-by attack that was detected earlier this week. Hacker are suspected to be from China , who are exploiting a zero day  Internet Explorer vulnerability for Cyber Espionage attack against one of American most elite foreign policy web groups. According to Fireeye  researchers, a malicious content on the website was hosted by hackers, that is exploiting Internet Explorer version 8.0 (fully patched version) to hack windows systems of visitors. " We have chosen not to release the technical details of this exploit, as Microsoft is still investigating the vulnerability at this time. "  Once the system compromised, hackers look for valuable information from their computers, kinda Cyber Espionage. The FBI was notified of the attack and is said to be investigating. The CFR is one of the most elite foreign policy organizations in the United States w...

Most of you knows the power of Nmap, When used properly, Nmap helps protect your network from invaders. One of the best tool for hackers, penetration testers and Security  researchers. Officially Nmap a desktop tool, can be used as web version but should be under some limitations. When someone does Nmap scan against a target to find out the open ports, enumerating system details and installed services versions, most obvious if  used improperly, Nmap can get you sued, fired, expelled, jailed, or banned by your ISP for scanning a target under hacking attempt. Hacker can be tracked back via the IP address from where one perform the scanning, but what if a web version of Nmap available on a website, where one just need to enter the target IP/website address and that website will do a free scan against your target ? Seems easy and one can use Proxy to access that website and which will do a simple and fast scan for you ! Yes, a service called "...

The Russian anti-virus vendor Doctor Web has found a new malicious program for Android which allows hacker groups to carry out mobile denial of service attacks. While it's not entirely clear how the Trojan is spread, researchers suspect that the attackers use social engineering tactics since the malware appears to disguise itself as a Google Play clone. This malware works in the background without your knowledge. Once it is activated it searches for its command and control center and sends out information regarding your device there. One piece of information that will be sent is your phone number. The criminals will be using this number to send text messages to your phone to control the malware. Dubbed TheAndroid.DDoS.1.origin, creates an application icon, similar to that of Google Play. If the user decides to use the fake icon to access Google Play, the application will be launched. When it receives a DDoS attack command, the malware starts to send data packets ...

Thamatam Deepak (Mr.47™) reported a Cross site scripting (XSS) Vulnerability and cookie handling in HTC website, that allow an attacker to HTC website hijack accounts. Mr. Deepak is a 16 years old whitehat hacker, listed in Apple Hall of Fame with 'The Hacker News' researcher Mohit Kumar this month. Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. The malicious script can access any cookies, session tokens, or other sensitive information retained by your browser. This vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross site scripting is very common web application vulnerability, Yesterday our security researcher, Christy Philip Mathew reported about multiple xss in official latest versions of cPanel and WHM . As reported by Whitehat hacker Deepak, there are multiple xss in HTC website, that a...

Most of the crazy readers always demand for some solution to turn their Android Smartphone into a Hacking Machine. There are various solutions, like installing some penetration testing android based tools like ANTI, dSploit, FaceNiff etc and also Installing ARM version of Backtrack OS. Today I found another solution for same purpose i.e.UbnHD2, a Ubuntu based Pen-testing OS. UbnHD2 is a security and pentest focused ubuntu/debian system that runs natively on the HTC HD2 phone. The product right now in beta versions and various options may not work. Installations steps are described by developer . Features Based on Ubuntu 10.10 Maverick Meerkat, Kernel 2.6.32.15 (ARM) X.org 7.5, GNOME 2.32.0 & Cairo-Dock 2.2.0 USB-OTG, 3G Network & WiFi (Drivers not included, proprietary, check XDA Forum) Perl 5.10.1, Ruby 4.5, Python 2.6.6 and more than 170 Pentest Tools preloaded Download From Sourceforge

cPanel is a Unix based  fully featured popular web based hosting account control panel that helps webmasters to manage their domains through a web browser. The latest version of  cPanel & WHM is 11.34, which is  v ulnerable  to multiple cross site scripting. During my bug hunting process, today I ( Christy Philip Mathew )  discovered some serious XSS v ulnerabilities in  official cPanel, WHM. It also impact on the  latest version of software. This week, Rafay Baloch (Pakistani white hat hacker) also discovered another reflective cross site scripting vulnerability in  cPanel at manage.html . The interesting part would be the whole demonstration I done with the Official cPanel Demo located at https://cpanel.net/demo/ location, can be accessed via demo user & password provided by cPanel website itself i.e.  https://demo.cpanel.net:2086/login/?user=demo&pass=demo These  vulnerabilit...

One of the most popular Wordpress Plugin called " W3 Total Cache " which is used to Improve site performance and user experience via caching, having potential vulnerability. On Christmas day, someone disclose it on full-disclosure site that how a plugin misconfiguration leads to possible Wordpress cms hack. The loophole is actually activated on the fact that how W3TC stores the database cache. Jason disclosed that cache data is stored in public accessible directory, from where a malicious attack can can retrieve password hashes and other database information. Default location where this plugin stores data is " /wp-content/w3tc/dbcache/ " and if directory listing is enabled, attacker can browse and download it. He said," Even with directory listings off, cache files are by default publicly downloadable, and the key values / file names of the database cache items are easily predictable. " Because the plugin is very famous ,so thi...