The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Department of Homeland Security Releases Cyber Security Evaluation Tool (CSET) The Cyber Security Evaluation Tool (CSET) is a Department of Homeland Security (DHS) product that assists organizations in protecting their key national cyber assets. It was developed under the direction of the DHS National Cyber Security Division (NCSD) by cybersecurity experts and with assistance from the National Institute of Standards and Technology. This tool provides users with a systematic and repeatable approach for assessing the security posture of their cyber systems and networks. It includes both high-level and detailed questions related to all industrial control and IT systems. The tool is available for download, and the program also offers training and support at no cost to organizations engaged in administering networks that control facilities identified as being crucial to both the nation's economy and national security. CSET is a desktop software tool that guides users through a step...

Anonymous releases 25,000 records of the Austrian police Anonymous Austria post via the official Twitter account about 25,000 records Austrian police officers. Observers suspect that the data from the Austrian section of the " International Police Association " could come. Meanwhile, the far-right Freedom Party tries to take advantage of the data leak. " This violation of the privacy of our policemen have become fair game for possible revenge attacks by criminals. Minister Mikl-Leitner, the political responsibility for this incredible gap in the IT system of their ministry and is increasingly becoming a security risk for our country ," criticizes FPÖ Speak Königsberg.

The Council on Governmental Ethics Laws (COGEL) hacked and complete database dumped Hacker With Name snc0pe claim to hack official website of The Council on Governmental Ethics Laws (COGEL) . He post a message on pastebin , along with the database download link  (1.88MB).

Python supply chain attacks are surging in 2025. Join our webinar to learn how to secure your code, dependencies, and runtime with modern tools and strategies.

Anonymous Hackers Release alleged pepper spray  NYPD Officer 's Personal Info The Anonymous activist collective today released personal information  about a New York police officer who is believed to have sprayed pepper spray on women protesters on Wall Street. The group released phone number, addresses, names of relative and other personal data for a New York police officer, as well as photos that appear to show him at the protest and a closeup of his badge. The Occupy Wall Street organizers also called for the resignation of Police Commissioner Raymond Kelly and released additional video from the incident on the protest Web site . In a statement, Anonymous said: " As we watched your officers kettle innocent women, we observed you barberically (sic) pepper spray wildly into the group of kettled women. We were shocked and disgusted by your behavior. You know who the innocent women were, now they will have the chance to know who you are. Before you commit atroci...

iScanner - Tool to detect and remove malicious codes and web page iScanner is a free open source tool lets you detect and remove malicious codes and web page malwares from your website easily and automatically. iScanner will not only show you the infected files in your server but it's also able to clean these files by removing the malware code ONLY from the infected files. Current Features: Ability to scan one file, directory or remote web page / website. Detect and remove website malwares and malicious code in web pages. This include hidden iframe tags, javascript, vbscript, activex objects, suspicious PHP codes and some known malwares. Extensive log shows the infected files and the malicious code. Support for sending email reports. Ability to clean the infected web pages automatically. Easy backup and restore system for the infected files. Simple and editable signature based database. You can easily send malicious file to iScanner developers for analyzes. Ability to u...

Findmyhash - Find Cracked Hashes Online findmyhash is a Python script which has been developed to find different types of password hashes using multiple cracking online services. In case that it does not find a favourable "cracked" hash, it will also present you with relevant Google search results. This is open source script can mostly serve as a start up point for cracking any hash. It supports a lot many online hash cracking services. Cracking services supported by findmyhash: Schwett.com Netmd5crack.com MD5-Cracker.tk tools.BenRamsey.com md5.Gromweb.com md5.HashCracking.com victorov.su md5.thekaine.de tmto.org md5-db.de md5.my-addr.com md5pass.info md5decryption.com md5crack.com md5online.net md5-decrypter.com authsecu.com hashcrack.com objectif-securite.ch c0llision.net md5.rednoize.com cmd5.org cacin.net ibeast.com password-decrypt.com bigtrapeze.com hashchecker.com md5hashcracker.appspot.com passcracking.com askcheck.com cracker.fox21.at cra...

75 Indian Govt and University Sites hacked including Patiala Police by   Muslim Liberation Army Muslim Liberation Army hackers today hack 75 more Indian websites , Including Govt. and Universities sites and also Police websites. Patiala Police website is one of the target of hackers. List of all hacked sites is here . hackers are : XtReMiSt, KillerMind Haxor, Jerry Hassan, Mindy, Faisy Ali Laghari , according to deface  page.

Harvard University website hacked by Syria protesters Syrian hackers have hit the website of Harvard University, one of America's top universities, Itar-tass reports. Along with a picture of Syrian president, Bashar al-Assad, the hacked home page showed a message saying the "Syrian Electronic Army Were Here". "The university's homepage was compromised by an outside party this morning. We took down the site for several hours in order to restore it. The attack appears to have been the work of a sophisticated individual or group," said a Harvard spokesman. They also criticized US policy towards President Assad`s regime and wrote several threats to the US. The new design stayed on the website for nearly an hour.

Mysql.com hacked, serving BlackHole exploit malware MySQL.com website is currently hacked and compromised with a JavaScript malware (and serving malware to anyone visiting it). The mysql.com website is injected with a script that generates an iFrame that redirects the visitors to https://truruhfhqnviaosdpruejeslsuy.cx.cc/main.php, where the BlackHole exploit pack is hosted. " It exploits the visitor's browsing platform (the browser, the browser plugins like Adobe Flash, Adobe PDF, etc, Java, ...), and upon successful exploitation, permanently installs a piece of malware into the visitor's machine, without the visitor's knowledge ," say the researchers. " The visitor doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection." It is, of course, impossible to say who the attackers are. The domain reached through the iFrame is registered to one Christopher J Klein from Miam...

USA Today Twitter Account Hacked By Script Kiddie A group calling itself " The Script Kiddies " hacked USA Today's Twitter account this weekend and used it to solicit requests for future targets and even to promote its own Facebook page. Although this recent hack seems like more of a childish prank, this group is being taken seriously by the FBI due to its earlier hacks involving false terrorism claims posted to NBC's Twitter account. USA Today quickly regained control of the compromised feed. " @usatoday was hacked and as a result false tweets were sent. We worked with Twitter to correct it. The account is now back in our control ," it said. " We apologize for any inconvenience or confusion caused to our readers and thank you for reading @usatoday ." It's possible that the new USA Today hack involved a spyware Trojan horse, like the earlier NBC hack did. For the NBC hack, NBC News's director of social media Ryan Osborn could have received a Trojan horse conta...

[Hurry Up] Hacker Halted 2011 Special Offer For The Hacker News Readers Special for all The Hacker News subscribers (Offer ends Sep 30, 2011) Attend EC-Council's signature event in Miami - Hacker Halted USA - and  Get an iPad 2 + 2 nights hotel +  an additional 10% discount , when signing up for the conference pass at public prevailing rates, or for selected training. Held at the Intercontinental Miami from Oct 21 - 27, Hacker Halted USA will feature some of the best infosec superstars including  Bruce Schneier (Internationally acclaimed security guru), Philippe Courtot (Chairman - Qualys), Jeremiah Grossman (CTO - WhiteHat Security),  George Kurtz (Global CTO - McAfee), Dr. Charlie Miller (Accuvant), Moxie Marlinspike, Barnaby Jack and many others. There are a total of more than 70 speakers this year, and a very comprehensive agenda covering the major hot topics surrounding information security across 4 dedicated tracks. There is also a wide sele...

Facebook track your cookies even after logout ! According to Australian technologist Nik Cubrilovic: ' Logging out of Facebook is not enough .' He added, Even after you are logged out, Facebook is able to track your browser's page every time you visit a website. He wrote in his blog ' With my browser logged out of Facebook, whenever I visit any page with a Facebook like button, or share button, or any other widget, the information, including my account ID, is still being sent to Facebook. ' After explaining the cookies behavior he also suggested a way to fix the tracking problem: ' The only solution to Facebook not knowing who you are is to delete all Facebook cookies.'

Official websites of 7 major Syrian city hacked by Anonymous for #OpSyria Official websites of 7 major Syrian city hacked by Anonymous hackers as part of hacktivists Anonymous' Operation Syria (  #OpSyria ). Anonymous has replaced the home pages of official Syrian websites with an interactive map of Syria, showing the names, ages and date of deaths of victims of the Syrian regime since the protests started in March. They call it  Martyrs of Freedom (March - October 2011).  The figure 2,316 commemorates the number of Syrians killed by the Syrian regime since anti-Assad protests started in Syria in March. The victims' names, ages and dates of death appear as you hover over the map of Syria. Hacked sites: https://tartous-city.gov.sy/ https://deirezzor-city.gov.sy/ https://palmyra-city.gov.sy/ https://homs-city.gov.sy/ https://aleppo-city.gov.sy/ https://latakia-city.gov.sy/ https://old-damascus.gov.sy/

Ani-Shell v1.4 Released With Python - Bind Shell , Anti-Crawler Feature and MD5 Cracker Ani-Shell is a simple PHP shell with some unique features like Mass Mailer , A simple Web-Server Fuzzer , a DDoser , A MD5 hash Cracker , Python and PHP Bind-Shells , Anti-Crawler Features etc! This shell has immense capabilities and have been written with some coding standards in mind for better editing and customization! New Features :- MD5 Hash Cracker Python Bind-Shell Anti-Crawler Function Shell Support for some Older Servers Better CSS Whole New Logo Ani-Shell Project Page : https://sourceforge.net/projects/ani-shell/ Ani-Shell Homepage : https://ani-shell.sourceforge.net/ Default login : lionaneesh Default password : lionaneesh

700,000 sites on Inmotion Hosting Server hacked by TiGER-M@TE in one shot ! 700,000 websites hosted on InMotion Hosting network hacked by TiGER-M@TE including  Trinity FM, Blast Magazine. It was not just a server hack, actually whole data center got hacked.   List of all hacked 700000 sites are available here .  Hackers copied over the index.php in many directories (public_html, wp-admin), deleted my images directory and added index.php files where they weren't needed. 2,00,000 websites hack mirror already Submitted to Zone-H by TiGER-M@TE . We ( The Hacker News ) talk with hacker about the hack, He claim " I hack 700000 websites in one shot, this may be a new world Record. After submitting 200,000 domains,zone-h was going down again and again and became almost unresponsive in the end.so i was unable to submit all websites.so i've listed all domains in attachment .   It was not just a server hack, actually whole data center got hacked. " In Moti...

Mac trojan poses as PDF to open botnet backdoor There's another Mac OS X Trojan out in the wild, and it might be heading your way.If you open the file, which could appear as an emailed attachment or as a Web link, the document, written in traditional Chinese ideograms, does indeed display. But a Trojan silently installs itself in the background as you try to sort out centuries-old territorial claims.The Trojan doesn't really do anything yet. But F-Secure, the Finnish security firm that discovered it, notes that it lays the groundwork for much more sophisticated attacks against Macs. The malware in question has been identified as Trojan-Dropper:OSX/Revir.A, which installs a backdoor, Backdoor:OSX/Imuler.A, onto the user's Mac. Currently, however, the backdoor doesn't communicate with anything. The command-and-control center for this particular malware is apparently a bare Apache installation, which has been sitting at its current domain since May of this year. Beca...

Singapore will setup National Cyber Security Centre Singapore has said it will boost its national capability to counter cyber security threats through the setting up of a ' National Cyber Security Centre ' in the coming months. The Centre, which will be headed by the Singapore Infocomm Technology Security Authority, will help the government deal more effectively with cyber security threats and vulnerabilities by enhancing capabilities in early detection and prevention, Deputy Prime Minister Teo Chee Hean said. In his address at the Second Singapore Global Dialogue here yesterday, Teo, who is also coordinating minister for national security and home affairs minister, said a safe and functioning cyberspace was critical to " our society, economy and national security. "

Lulzsec Hacker tracked by Proxy logs, can face 15 years prison The FBI believes that the homeless man they arrested on Thursday was "Commander X", a member of the People's Liberation Front (PLF) associated with Anonymous hacktivism. The logs maintained by HideMyAss.com, in addition to other evidence, has led to the arrest of another LulzSec member in Arizona, The Tech Herald has learned. Cody Kretsinger, 23, allegedly used the anonymity service during his role in the attack on Sony Pictures. According to HideMyAss.com, " …services such as ours do not exist to hide people from illegal activity. We will cooperate with law enforcement agencies if it has become evident that your account has been used for illegal activities ." The service stores logs for 30-days when it comes to Website proxy services, and they store the connecting IP address, as well as time stamps for those using the VPN offerings. Emails seeking comment on HideMyAss.com's level of cooperation with the ...

HTTPS SSL encryption Vulnerable To Crypto Attack The secure sockets layer (SSL) and transport layer security (TLS) encryption protocol, used by millions of websites to secure Web communications via HTTPS, is vulnerable to being decrypted by attackers. Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that's passing between a webserver and an end-user browser. Juliano Rizzo and Thai Duong say the vulnerability compromises TLS (Transport Layer Security) 1.0, the encryption mechanism that secures Web sites accessed using HTTPS (Secure Hypertext Transfer Protocol). TLS is the successor to SSL (Secure Sockets Layer) and is widely used at financial sites. Companies, including Google, Facebook, and Twitter, are urging the wider use of TLS on the Web. The exploit – demonstrated with a tool called BEAST – targets a flaw that could leave transactions open to attack a...

Pscan 2.0 - multi threaded TCP Syn port scanner TCP Port scanner Multi threaded with possibility to scan 65535. TCP ports on an IP address.You can specify how many threads to run and the timeout. Further more it will tell you the MAC address of the target and the service runningFor LINUX and Windows. Change Log - Added option -s for Syn scan. - Scanning made faster thanks to Syn scan - Added even more default ports - Improved error handler for Syn scan - Improved text output - Fixed minor bugs: - changed pathname to oui.txt and port-numbers.txt files - added missing call to cleanup function WSACleanup Download multi threaded TCP Syn port scanner 2.0