The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

GoDaddy websites Compromised with Malware Many sites hosted on GoDaddy shared servers getting compromised today  with a conditional redirection to sokoloperkovuskeci.com .In all 445 cases the .htaccess file (a main Apache web server configuration file) was modified to redirect users to a malware site when they were referred by one of a list of search engines. These redirections attacks are very common on outdated WordPress and Joomla sites, but this time (and for this specific malicious domain), we are only seeing them on GoDaddy hosted sites. So it looks like a compromise on their own servers (similar to what has happened in the past). This is caused by this entry that is added to the .htaccess file of the compromised sites: RewriteEngine On RewriteOptions inherit RewriteCond %{HTTP_REFERER} .*ask.com.*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*msn.com*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*bing.com*$ [NC,OR] RewriteCo...

oclHashcat-plus v0.06 - Worlds fastest md5crypt, phpass, mscash2 and WPA/WPA2 cracker oclHashcat-plus faster than every other WPA cracker. The highly anticipated v0.06 of the Graphics Processing Unit accelerated password cracker tool oclHashcat-plus was released today. What makes it so special about this release is that it now has support for captured Wi-Fi Protected Access handshake cracking on top of all the other algorithms currently supported (MD5, MD5 Crypt, DES Crypt, NTLM, Domain Cached Credentials etc). It cracks WPA at an estimated rate of 0-300% faster than rivals, namely the python WPA cracker pyrit. It is coded in OpenCL so both NVIDIA and AMD devices are supported, however this improvement is more noticeable on AMD GPU devices as well as Multi-GPU system Features Worlds fastest md5crypt, phpass, mscash2 and WPA/WPA2 cracker Worlds first and only GPGPU based rule engine Free Multi-GPU (up to 16 gpus) Multi-Hash (up to 24 million hashes) Multi-OS (Linux & Wind...

WAVSEP   1.0.3 – Web Application Vulnerability Scanner Evaluation Project A vulnerable web application designed to help assessing the features, quality and accuracy of web application vulnerability scanners. This evaluation platform contains a collection of unique vulnerable web pages that can be used to test the various properties of web application scanners. Additional information can be found in the developer's blog . Project WAVSEP currently includes the following test cases: Vulnerabilities: Reflected XSS:   66 test cases, implemented in 64 jsp pages (GET & POST) Error Based SQL Injection: 80 test cases, implemented in 76 jsp pages (GET & POST ) Blind SQL Injection: 46 test cases, implemented in 44 jsp pages (GET & POST ) Time Based SQL Injection: 10 test cases, implemented in 10 jsp pages (GET & POST ) False Positives: 7 different categories of false positive Reflected XSS vulnerabilities (GET & POST ) 10 different categories o...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

Balaji Plus Cloud Antivirus  Released - Mix of 32 antivirus Engines for ultra Protection Leo Impact Launch World first Antivirus scanning software which protects your PC from viruses, trojans, spyware, rootkits and other malicious programs (zero day exploits) by using 32+ antivirus on cloud. Most of time you can install and use only 2 to 3 antivirus in one system, not more so virus author bypass top antivirus but Balajiplus is Free service by Leo impact Security for Corporate Social Responsibility to protect your digital life using multiple antivirus scanners on cloud. Collective Intelligence, Balaji Antivirus Plus proprietary cloud-scanning technology that automatically collects and processes millions of malware samples, lies at the core of Balaji Cloud Antivirus. In recent comparative tests conducted by both AV-Test.org and AV-Comparatives.org, Balaji Antivirus Security's detection and protection scores rank consistently amongst the top security solutions. Balajiplus Clou...

THC-HYDRA v7.0 new version released for Download THC-HYDRA is a very fast network logon cracker which support many different services. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD and OSX. Official change log: New main engine for hydra: better performance, flexibility and stability New option -u – loop around users, not passwords Option -e now also works with -x and -C Added RDP module, domain can be passed as argument Added other_domain option to smb module to test trusted domains Small enhancement for http and http-proxy module for standard ignoring servers Lots of bugfixes, especially with many tasks, multiple targets and restore file Fixes for a few http-form issues Fix smb module NTLM hash use Fixed Firebird module deprecated API call Fixed for dpl4hydra t...

uTorrent & BitTorrent Sites Hacked, Spread Security Shield Malware Attackers hijacked two popular Torrent websites "bittorrent.com and utorrent.com" and tampered with their download mechanisms, causing visitors trying to obtain file-sharing software to instead receive malware. The site reported on its blog  that the attack had occurred at around 04:20 Pacific Daylight Time (11:20 GMT) on Tuesday. Initially, the incursion was also thought to have affected the servers of the main BitTorrent site, but further investigation revealed this site had been unaffected by the attack. Once installed, Security Shield delivers false reports that a computer is infected with multiple pieces of malware and prompts the user for payment before claiming to disinfect the machine. The attack affected only users who downloaded and installed software from bittorrent.com and utorrent.com during the hour-and-fifty-minute window that the sites were compromised. Those who installed software pr...

Book : Backtrack 5 Wireless Penetration Testing by Vivek Ramachandran This book will provide a highly technical and in-depth treatment of Wi-Fi security. The emphasis will be to provide the readers with a deep understanding of the principles behind various attacks and not just a quick how-to guide on publicly available tools. We will start our journey with the very basics by dissecting WLAN packet headers with Wireshark, then graduate to the next level by cracking WEP, WPA/WPA2 and then move on to real life challenges like orchestrating Man-in-the-Middle attacks, creating Wi-Fi Honeypots and compromise networks running WPA-Enterprise mechanisms such as PEAP and EAP-TTLS. Even though touted as a Beginner's Guide, this book has something for everyone - from the kiddies to the Ninjas. You can purchase the book from: Global: https://www.amazon.com/BackTrack-Wireless-Penetration-Testing-Beginners/dp/1849515581/ India: https://www.packtpub.com/backtrack-5-wireless-penetration-testi...

McAfee DeepSAFE - Anti-rootkit Security Solution McAfee previewed its DeepSAFE hardware-assisted security technology for proactively detecting and preventing stealthy advanced persistent threats (APTs) and malware. The technology, which was co-developed with Intel, sits below the OS, providing the ability to fundamentally change the security game, according to the companies. According to McAfee Labs, more than 1,200 new rootkits per day are detected - equating to 50 per hour every single day. The DeepSAFE technology, which was demonstrated at the Intel Developer Forum in San Francisco, was able to detect and stop a zero-day Agony rootkit from infecting a system in real time. This technology is expected to launch in products later in 2011. Key attributes of McAfee DeepSAFE: Builds the foundation for next-generation hardware-assisted security operating beyond the operating system Provides a trusted view of system events below the operating system Exposes many attacks that are un...

Presidential website president of Bolivia hacked The presidential website of Bolivia presidencia.gob.bo has been hacked. The hack has been carried out by twitter id: @SwichSmoke. The website data has been breached and has been data leaked.Hacker upload the dumps on Pastebin .

Top100 Arena Gaming Sites Network hacked By ACA [Albanian Cyber Army] Albania hackers have exploited one of the biggest Game Arena site   " Top100 " database using SQL injection attack. They leak the database on mediafire . Hackers belongs from group  ACA [Albanian Cyber Army] .

#Opiran new press release for 23 September by Anonymous Hackers [Salutation] To the Noble and Brave People of Iran and Syria, [Acknowledge plight] The people of Iran and Syria are still being caged, tortured and murdered. They are ruled by vile leaders, who seek not to protect, but to harm. Leaders who will stop at nothing to keep their power. [Statement of Facts and Outcomes] Iran deserves modern affortable energy and fair elections. The entire world speaks of the treachery of Iran's fraudulous regime. Newly secret US ambassadorial letters, released by WikiLeaks, confirm what you already know. [ irc.iranserv.com #opiran port 6697 ssl ] [Outline Client Condition] The people of Syria are beaten by regime police from Iran. The People of Syria are kept down by the regime of Iran, which backs the will of Assad to remain in power. No matter how many innocent victims fighting for freedom and social justice, this may cost. [Support] Ahmadinejad, Khamenei and Assad know th...

The Security Onion LiveDVD - Download The Security Onion LiveDVD is a bootable DVD that contains software used for installing, configuring, and testing Intrusion Detection Systems. It is based on Xubuntu 10.04 and contains Snort, Suricata, Sguil, Squert, Xplico, nmap, metasploit, Armitage, scapy, hping, netcat, tcpreplay, and many other security tools. Official change log for Security Onion 20110919: The "IDS Rules" menu now has a new entry called "Add Local Rules" which will open /etc/nsm/rules/local.rules for editing using the "mousepad" GUI editor. You can then add any rules that you want to maintain locally (outside of the downloaded VRT or Emerging Threats rulesets). A new menu called "IDS Config" was added with a new menu entry called "Configure IDS engine(s)". This will list all of the IDS engines on your system and allow you to choose one to configure. It will then open the proper config file for whatever IDS engine you're running. After you save and close the config f...

BruCON – Belgium's First Security Conference BruCON, Belgium's first security conference is back for it's third edition on 19-22 September. After witnessing greater success in the past two years, this year's event is expected to attract more then 400 people from around Europe. BruCON conference aims to create bridge between the various actors active in computer security world, included but not limited to hackers, security professionals, security communities, non-profit organizations, CERTs, students, law enforcement agencies,academic researchers, etc. BruCON is organized as a non-profit event by volunteers. A group of security enthusiasts decided that it was time in Belgium to have its own security conference. A lot of countries around the world already had these kind of conferences to discuss and present research on computer security and related subject matters. This group of volunteers wanted Belgium not to be the last to have a similar conference. The event features more then 27...

Hook Analyser Malware Tool Released Hook analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer. The tool can hook to an API in a process and can do following tasks. 1. Hook to API in a process 2. Hook to API and search for pattern in memory of a process 3. Hook to API and dump buffer (memory). Download Here

Panda Security (Pakistan domain) hacked by X-NerD Panda Security, One of the famous Computer software company website got hacked. Pakistan domain of Panda Security hacked by Pakistani hacker " X-NerD ". Hacker is from Pakistan Cyber Army team of hackers. Taunt by hacker on deface page " OoooOOPss...I am ShockeD At YouR SecuritY..S3cuR!tY L3vEL Z3r0...YOu Dont KnoW HOw To SecurRe Your AsS n Pr0vidinG SEcurity to 0therS...Big LauGh... ". Yesterday X-Nerd was in news for hacking Hundreds of other domains. Mirror of hack on Zone-H .

Suggested The Linux 3.1 Kernel logo This new logo was proposed just this weekend and the current discussion to see whether it will be accepted for Linux 3.1 can be found in this LKML thread . To mark the upcoming release of the Linux 3.1 kernel IBM's Darrick Wong has proposed changing the familiar solo-Tux logo to something more, well, befitting of the version number. This proposed logo for the Linux 3.1 kernel isn't to raise awareness for any animals or other causes. but to poke fun at Microsoft Windows 3.1. Darrick Wong of IBM has proposed replacing the Tux logo in the Linux 3.1 kernel with a new logo that makes mockery of Microsoft's Windows 3.1 operating system that began selling 19 years ago.

Truth Alliance Network and 20 Churches websites hacked by Muslim Liberation Army 20 Churches websites and Truth Alliance Network defaced by Muslim Liberation Army. Hacker with name "XtReMiSt" deface all these 21 websites and post above image and message on homepage as shown. Message posted by hackers " To Raise A Voice Against Quran Burning Day and Illegal occupation of Israel and India in Palestine and kashmir.. and to show why muslims are raising their voice against america....Message Delievered with peace... !!! " Further message posted by him : Sites like Church of God of North America, Legacy Church, First United Church of God, First Church of God Madisonville, First Baptist Church Hyannis, Meet the Pastors - First Church of God has been defaced. List of hacked sites is here .

Federal Nigerian Government Websites Hacked by Elemento_pcx & s4r4d0 Nigerian Government Websites defaced by hacker with name " Elemento_pcx & s4r4d0 ". Defacement page   contain the message " Fatal Error!by Elemento_pcx & s4r4d0 ..."Be yourself but not always the same" ... G. The Thinker ...Help? s4r4d0 [at] yahoo.com & elemento_pcx [at] yahoo.com.br ". Mirror of hack also posted to Zone-H .

Linux Foundation & Linux.com multiple server compromised The Linux Foundation has pulled its websites from the web to clean up from a "security breach". A notice posted on the Linux Foundation said the entire infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011. Multiple Servers that are part of the Linux Foundation & Linux.com infrastructure were affected during a recent intrusion on 8 September which " may have compromised your username, password, email address and other information ".  More from the Linux Foundation announcement: We are in the process of restoring services in a secure manner as quickly as possible. As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised. If you have reused these passwords on other sites, please change them immediately. ...

Hundreds of domains hacked by X-NerD hacker More than 250 websites are defaced by Pakistani hacker " X-NerD " and a custom page can be seen their at site/x.php . List and Mirror of all 250+ hacked sites are here .