The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Adobe Flash bug allow spying Webcam hole The flaw was disclosed in 2008 and can be exploited to turn on people's webcams or microphones without their knowledge. Attack involved putting the Adobe Flash Settings Manager page into an iFrame and masking it with a game, so that when the user clicked on the buttons he would actually change the settings and turn on the webcam. Adobe is working on a fix for a Flash Player vulnerability that can be exploited via clickjacking techniques to turn on people's webcams or microphones without their knowledge.The issue was discovered by a Stanford University computer science student named Feross Aboukhadijeh who based his proof-of-concept exploit on a similar one disclosed back in 2008 by an anonymous researcher. Once it was made public, Adobe fixed the issue by adding framebusting code to the Settings Manager page. But now, Stanford University computer science student Feross Aboukhadijeh managed to bypass the framebusting JavaScript co...

Million ASP.Net  web sites affected with mass SQL injection attack Hackers are in the midst of a massively successful SQL injection attack targeting websites built on Microsoft's ASP.Net platform. About 180,000 pages have been affected so far, security researchers say. Attackers have planted malicious JavaScript on ASP.Net sites that causes the browser to load an iframe with one of two remote sites: www3.strongdefenseiz.in and www2.safetosecurity.rr.nu , according to security researchers at Armorize who discovered the attack. From there, the iframe attempts to plant malware on the visitor's PC via a number of browser drive-by exploits. A drive-by exploit will load malware without a visitor's knowledge or participation (no need to open a file or click on a link). Fortunately, the attackers are using known exploits, with patches available, so the attack can only be successful if a visitor is using an outdated, unpatched browser without the latest version of Adobe PDF ...

There's something " Human " to  Social Engineering ! At the psychological skill of Social Engineering Social engineering is the human side of breaking into corporate or personal pc's to gain information. Even companies that have an authentication process, firewalls, vpn's and network monitoring software are subject to the skill of a good social engineer. In hacking we rely on our technical skill and in social engineering it is a game of getting your subject to tell you what you want to get into their system. Social engineering has been employed since the beginning of mankind, the art of trickery or deception for the purpose of information gathering, fraud, or in modern times, computer system access. In most cases today the social engineer never comes face to face with their target. In social engineering we exploit the attributes of the human decision making process known as " cognitive biases ." That was the question asked by the Team of Social-engineer.org Gu...

Python supply chain attacks are surging in 2025. Join our webinar to learn how to secure your code, dependencies, and runtime with modern tools and strategies.

Metasploit Community Edition - Advance penetration testing tool by Rapid7 Open-source penetration testing "Metasploit Framework" Rapid7 a project funded by the U.S. on October 18 (U.S. time), and penetration testing tools platform to Metasploit Framework "Metasploit Community Edition" was released. Available for free download from its Web site. According to Rapid7 Chief Security Officer and Metasploit Creator HD Moore, " The best way to tackle the increasing information security challenge is to share knowledge between practitioners, open source projects and commercial vendors. " Community Editioin is based on the Metasploit Framework, a combination of the basic user interface available in commercial versions. Using penetration testing exploit basic, GUI simple, that provides entry-level modules such as a browser. You can verify any exploitable vulnerabilities, that can streamline vulnerability management and data protection. Can also import third-par...

Indian National Congress Party  Official Website Hacked by ZHC ZHC Disastar [ZCompany Hacking Crew] Hackers from Pakistan today hack the Server of Indian National Congress Party  ,one of the two major political parties in India and deface their Official website with Message as shown in above image. Hackers Upload Shell at  https://allindiacongress.com/satyagraha.php  , From where They access the whole Server and Modify the Index.php file for defacing it. The Server is seems to be a Shared Server with Kernel " Linux harshul.anjuinfotech.com 2.6.18-238.19.1.el5 " , Which is easily exploitable. Mirror of Hack is available here .

Google Enable SSL-based searches, Will impact Google Analytic ! According to a blog post by Google, the company is taking steps towards making search more secure for its users. Users will be redirected to https:// instead of https:// when going to do a Google search. By forcing SSL on https://google.com, all keyword data will be hidden. The company is dedicated to SSL and securing search and privacy for its signed in users. But This will restricting search terms availability and also when user will sign out, One will redirect back to Unencrypted (https://) page. The company says this won't change reporting data for webmasters who use analytics tools too see how much traffic Google sends them. How will this change impact Google Analytics users? When a signed in user visits your site from an organic Google search, all web analytics services, including Google Analytics, will continue to recognize the visit as Google "organic" search, but will no longer report the query te...

Duqu - Next Major Cyber Weapon like Stuxnet The Stuxnet cyberworm could soon be modified to attack vital industrial facilities in the US and abroad, cybersecurity experts warned Wednesday at a Senate hearing. Computer security companies agree that these virus is unprecedented and it means the dawn of a new world. Stuxnet and Duqu were not designed to steal money or send spam but to sabotage plants and cause damage in industrial environments. Expect the appearance of additional copies. The Stuxnet virus that attacked Iran's nuclear program can cripple the country's nuclear facilities for two years, a German computer expert announced on Wednesday, December 15, 2010. From what researchers can tell, Duqu's mission is to gather intelligence data and assets from entities like industrial control system manufacturers, to more easily conduct a future attack against another third party. According to Symantec, the next threat, dubbed "DuQu" because the code has the code strin...

Famous VPN service Proxpn compromised proXPN is one of the famous VPN client based on OpenVPN Service, today hacked by hacked named " TurkisH-RuleZ ". The Server is seems to be Compromised in this Hacking case. Compromised url is h ttp://proxpn.com/whmcs1/downloads and Mirror of Hack is available here .

Report says : US considered cyber war on Libya Officials in the US Obama administration considered compromising Libya's government computer networks to block early-warning data gathering and missile launches on NATO war planes during the American-led strikes, but decided against it, according to The New York Times. The report goes on to claim that, while the use of what is believed to be a pre-existing armoury of Trojans, viruses, malware and military hackers was suggested, the cyber-attack was never actually carried out. The attack would have tried to disrupt Libya's early-warning radar system and thus cripple the North African country's ability to fire back at attacking NATO aircraft.But the Obama administration and the Pentagon chose instead to mount a conventional attack, partly because an American cyberattack might have set a dangerous precedent, and Libya might not have been worth the risk. In the end, American officials rejected cyberwarfare and used convent...

Jynx Kit (LD_PRELOAD) Userland Rootkit Released Jynx Kit is a LD_PRELOAD userland rootkit. Fully undetectable from chkrootkit and rootkithunter. Includes magic packet SSL reverse back connect shell based on SEQ/ACK numbers in a single packet. Solid building block for further LD_PRELOAD rootkits. DOWNLOAD HERE Submitted by ErrProne (www.blackhatacademy.org)

More than 10,000 Facebook account hacked by TeamSwaSTika Another group of Hackers, self titled Team Swastika, have caused panic amongst Facebook users after releasing the details of 10,000 accounts onto popular text sharing site, Pastebin. Pastebin, usually used to share source code, has frequently been host to a number of text files that contain the details of specific hacks by hackitivists and hacker groups. Team Swastika is just one of these hackitivist groups but claims to be the most powerful hacking team in Nepal. They also said that next target will be Nepal Government website. Facebook hacked account dump: https://pastebin.com/KYsd0j5B (part1) - Removed by Pastebin https://pastebin.com/nN5uDrQS (part2) - Removed by Pastebin

National Cyber Security Bulletin on Anonymous DHS has analyzed the likelihood of Anonymous attacking industrial control systems (ICS) after the hacktivist group showed such intentions earlier this year. " Assessment of Anonymous Threat to Control Systems " that was drafted by the National Cybersecurity and Communications Integration Center (NCCIC) back in September. The document is not classified, but it is intended for official use only. The report describes an interest within Anonymous to target industrial control systems. " The capability of the individual to recognize and post code that would gain the attention of those knowledgeable in control systems, as well as their claims to have access to multiple control systems, indicates the individual has an increased interest in control systems, but does not demonstrate capabilities ," the NCCIC said in its report. Download Complete Bulletin

'Good to Know' campaign : Google Collaborates with Citizens Advice Bureau for Online Safety Google's first ever advertising campaign for online safety launches today, in association with the Citizens Advice Bureau. It covers topics such as choosing a password, scam emails and using two factor authentication.The company said future campaigns may deal more extensively with how Google uses people's personal data. The two organisations by using various means and methods, like using adverts in newspapers, on public transports and online, will try to encourage users to adopt secure passwords, log out of web browsers and computers after using them and also to adopt more complex ways to sign in their email accounts which is known as "two-factor authentication".The campaign also focuses on child protection and use of 'cookies' in web browsers. This is the first campaign by Google, which is promoting something different than products such as web browser Chrome. The campaign is p...

Miley Cyrus Needs A Lecture on Cyber Security The man, who is currently facing up to 121 years behind bars, has been charged with 26 counts of identity theft , wire-tapping and unauthorised access to protected computer.Chaney, who has been in contact with TMZ for the last two years, has contacted the gossip website with details on how he hacked into Miley Cyrus's Gmail account. With celebrity phone hacker Christopher Chaney arrested, another hacker has reached out to TMZ to share how laughably easy it was for him to hack into Miley Cyrus' Gmail account. Here's a lesson in the Internet, Miley: Don't use the name of your best friend (which the Internet knows) as your security question.First he tracked down her Gmail name; though he doesn't say what it is, I just did a quick Google search and came up with two possibilities through Yahoo! Answers already. Obviously that part won't take long. When he tried to log in, he got a security question—the name of one of Miley's girlfriends...

Sesame Street YouTube Channel Hacked, Porn Posted On Sunday afternoon, some of the world's worst lowlifes decided to hack the Sesame Street YouTube channel and replace some of the videos with pornographic clips. For about 20 minutes yesterday, visitors to the YouTube channel of the popular children's show saw hardcore porn instead of Elmo and Big Bird. The channel has nearly 150,000 subscribers, and usually hosts dozens of clips from the PBS program.But Sunday, the hackers replaced the page's banner to read, " SESAME STREET: I'TS [sic] WHERE PORN LIVES ." In the profile description, the hackers wrote: " WHO DOESN'T LOVE PORN KIDS? RIGHT! EVERYONE LOVES IT…PLEASE DON'T LET SESAME STREET TO GET THIS ACCOUNT BACK KIDS …WE GONNA MAKE ALL THE AMERICA HAPPY! " " We apologize for any inconvenience our audience may have experienced yesterday on our Sesame Street YouTube channel ," read a message on the channel's home page , which appeared to have been restored around 11 a...

Armorize Partners With Symantec to Provide Powerful Anti-Malvertising Technology Armorize Partners With Symantec to Provide Its Powerful Anti-Malvertising Technology to Symantec's New Solution, AdVantage, to Help Customers Protect Themselves From the Growing Threat of Malicious Advertising Attacks. The partnership will utilize the advanced malware detection engine from Armorize's successful HackAlert product lines to power Symantec's new cloud-based anti-malvertising solution, Symantec AdVantage.The Symantec AdVantage solution will provide its customers with the ability to monitor the ads displayed on their websites for web malware. The product dashboard will also present valuable statistics which enable publishers to compare the quality of ads and ad networks they work with based on the safety ratings and reputation scores for each specific ad or network. Some of the users who visited KickassTorrents (KAT), one of the most popular torrent trackers on the Internet, ...

UNESCO E-platform domain got hacked by Fatal Error Crew The E-Platform domain of one of the Biggest Organisation United Nations Educational, Scientific and Cultural Organization (UNESCO) got hacked and defaced by Fatal Error Crew hackers . Mirror of hack is available here . 

Cyber Cell Mumbai  Websites hacked by Pakistani Hacker Pakistani hacker " Shadow008 " from Pakistani Cyber Army again strike back on India's Most Important website of Cyber cell located at Mumbai , India. The Websites is Defaced today Morning and Mirror of Hack also available on Legend-h .This is not 1st time when Indian law enforcement agency site become the target of Pakistani hackers. Last Year, CBI website was also defaced by same "Pakistani Cyber Army".  Hacker post the reason of Hack on deface page as " Site Has Be Hacked For Revenge after they hacked our Pakistani Sites ". Right Now, Site is Recovered back to Original One by officials.

Encipher It : Easiest Browser based Advanced Encryption Tools [Video Demonstration] " Encipher It " One of the best and easiest AES Text encryptor for Google Mail or anything else. It Provide more secure PBKDF2 (Password-Based Key Derivation Function) key generation. It use Advanced Encryption Standard to protect your data. All encoding/decoding is performed locally in your browser. Video Demonstration by Network NUTS : Subscribe " Network Nuts " You Tube Channel for More Linux Tutorials. Try " Encipher It " Now !

Artillery 0.1 alpha  - New tool for Linux Protection by ReL1K A new Tool " Artillery " - for Linux Protection has been Released by ReL1K (Founder DerbyCon, Creator of the Social-Engineer Toolkit). It's written in Python and completely open-source. Artillery is a combination of a honeypot, file monitoring and integrity, alerting, and brute force prevention tool. It's extremely light weight, has multiple different methods for detecting specific attacks and eventually will also notify you of insecure nix configurations. Features: If anyone decides to port scan or touch those ports, they are blacklisted immediately and permanently. It's multi-threaded and can handle as many connections thrown at it. Monitor file integrity leveraging sha-512 database Keeps track of all system files and if anything changes Artillery also monitors the SSH logs, and the event of a brute force attack, blacklists the host forever Extremely Simple Configuration ( /var/artillery/config ) ...