The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Sqlninja 0.2.6 is now available Sqlninja's goal is to exploit SQL injection vulnerabilities on web applications that use Microsoft SQL Server as back end. It is released under the GPLv3.There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on getting an interactive shell on the remote DB server and using it as a foothold in the target network.  Here's what it does: Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode) Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental) Privilege escalation to sysadmin group if 'sa' password has been found Creation of a custom xp_cmdshell if the original one has been removed Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed) TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port th...

Anonymous attack on Israeli government  & security services websites Several Israeli government websites crashed on Sunday in what appeared to be a cyber-attack by Anonymous hackers. The websites of the IDF, Mossad and the Shin Bet security services were among the sites that went down, as well as several government portals and ministries.The Israeli army and intelligence agencies' websites were offline. In a video that was uploaded to YouTube, Anonymous warns that if the siege on Gaza is maintained, it will have no choice but to go on the attack.. " Your actions are illegal, against democracy, human rights, international, and maritime laws ," the statement addressed to the government of Israel and posted on Youtube and Anonymous-affiliated sites said. " Justifying war, murder, illegal interception, and pirate-like activities under an illegal cover of defense will not go unnoticed by us or the people of the world. " " If you continue blocking human...

DUQU – Another Stuxnet in the Making ? Article by :   Nidhi Rastogi is a Cyber security professional based in New York. Article shared from THE HACKER NEWS magazine - November Edition. You can download Complete Magazine here . Barely a year into discovering Stuxnet, the world recently saw its powerful variant in the form of Duqu. It is believed that a Hungarian blogger was the first to have a tryst with the virus in early September at an ISP hosting service. Why it is important: Duqu has gained a lot of attention because of striking similarities with its famous predecessor, Stuxnet. Several Security researchers have concluded that 99 percent of Duqu software rules are same as Stuxnet including source code and keys for encryption. There is reasonable evidence by now that the damage caused by Stuxnet was real. Hence, Duqu is of concern to every security professional at the moment. How it functions: Duqu camouflages its own data behind normal web traffic to avoid suspicion fr...

Insider Threats vs Hackers - by Emmett Jorgensen Emmett Jorgensen has worked in IT and Infosec for over 10 years. He works for Kanguru Solutions (www.kanguru.com), a manufacturer of secure portable storage solutions. Article taken from 'The Hacker News' Magazine - October Edition. You can Download it from Here . News about cyber security, Anonymous, and Lulzsec are constantly making headlines these days, as well they should. It seems that Anonymous is hacking into confidential information on an almost weekly basis. Yet, despite this talk of external risks, the real threat to businesses often comes from within, in the form of insider threats. Although the intent of a hacker is generally more insidious, the insider threat is more prevalent simply due to an employee's access to company data. Insiders often have access to sensitive data without having to circumvent security measures designed to keep out external threats. But which is really a bigger threat to your orga...

VanishCrypt – Virtual Encryption Tool by SecurityLabs SecurityLabs Experts from India release a new Virtual Encryption Tool called " VanishCrypt ". A Freeware Utility to Secure Your Data. It creates a virtual disk that contains your secret files. Data is protected with a Encrypted Password. The files are completely inaccessible without the correct password. Stored files are encrypted with strong CryptoAPI. Additional Features: It have "Advanced Mode" with you can create a real virtual drive accessible in Explorer that contains your files stored in the vdisk image. It uses Win32 API for I/O operations for a great speed improvements Video Demonstration: Download VanishCrypt [ Source ]

Duqu malware was created to spy on Iran's nuclear program A Report by Kaspersky Lab Expert, Ryan Naraine says that the DUQU malware was created to spy on Iran's nuclear program. IrCERT (Iran's Computer Emergency Response Team) Duqu is an upgraded version of "Stars".  Back in April this year, The Iranian government says it is being targeted by a new piece of malware aimed at its federal computers. Also its confirm that some of the targets of Duqu were hit on April 21, using the same method involving CVE-2011-3402, a kernel level exploit in win32k.sys via embedded True Type Font (TTF) file. In both cases a malware similar to Stuxnet found in systems and stealing information. Do you think these relate to each other ? If we are to believe these reports, then it means that Duqu was created in order to spy on Iran's nuclear program. Another interesting part of information is that more than 10 nations have supplied intelligence suggesting Iran ...

Hacker selling compromised websites gets hacked by d33ds A hacking group called d33ds broke into the online shop of a rival hacker who sells unauthorized access to high-profile websites and data. A hacker calling himself Srblche , also offered information stolen from websites belonging to the U.S. Army, the U.S. Department of Defense, the South Carolina National Guard and other institution. Srblche is believed to be Kuwaiti. d33ds  target  Srblche,  " Anyone willing to pay for this service must be as stupid as he is, " d33ds wrote in its announcement of Srblche's online catalogue being hacked. D33ds is the same group that hacked RankMyHack.com . RankMyHack is a website that awards points for Web compromises depending on how big or important the target was. Hackers compete for a higher position on the leaderboard. [ Source ]

Duqu Analysis and Detection Tool by NSS Labs NSS Labs has built a new, free tool that detects known and newly created Duqu drivers that have infiltrated systems, thus allowing security experts to further analyze the " functionality, capabilities and ultimate purpose of DuQu. ". The Tool is available free. Duqu is notorious worm that exploit Windows Zero-day Vulnerability. Microsoft released temporary fix yesterday for this vulnerability . According to the test, NSS tool Success rate is 100%, zero false positivies. Developers said it is using advanced pattern recognition techniques, it is also capable of detecting new drivers as they are discovered.Two new drivers were discovered after the tool was completed, and both were detected by the NSS tool with no updates required. It seems that Duqu contains similar code and utilizes similar techniques to Stuxnet. More precisely, it seems to make use of digital certificates that appear as legitimate, but it's far too early to descri...

CapitalOne Bank taken down by Anonymous hackers Anonymous Hackers claim to taken down the official website of CapitalOne Bank . Currently Site is showing message on Homepage that " Site under maintenance ". In a pastebin release Anonymous Hacker wrote " ya know.. every guy Fawkes day companies go hire the best white hat hackers to protect them against attackers like us lol.. so dont beat your self's up if nothen was defaced or taken down by ddos.. we still doxed a bunch of people lol! congratulate your self's! Anonymous dident fail we succeeded and we will never fail.. " Hacker also claim to do DDOS attack on CapitalOne website for taken it down. There is another statement by same hacker " Many ddos attacks were taken place today and we all hoped to see at least fox going down ". Its not clear that that either the site is really under  maintenance  after attack by Anonymous Hackers or its any regular  maintenance for backup only. Hackers al...

Mobile Security and Lack thereof Nidhi Rastogi ,A Security Consultant with Logic Technology Inc, New York share her Views about the Mobile Security and Lack thereof . The Article is taken from our September Month Magazine Edition  .Here we go.. Mobile technology, particularly smartphones, has come of age and is increasingly replacing PCs for internet surfing, emails, gaming and social networking. As per a recent survey by Neilson Media Research, smartphones now comprise over 38% of the U.S. Cellphone Market and will become the majority by end of the year. To meet this growing demand, cellphone companies are fast churning out new models with killer features, latest and greatest in technology. With this growth it has also come to attention that security of these devices cannot be left behind. Every day a new data breach is making headlines suggesting hackers have gone into overdrive. However, what is of particular interest is that a bulk of them is being attributed to cellph...

We had an Interesting Article by " Paul F Renda " in our The Hacker News Magazine 's November Edition. We would Like to share this article with our website readers also. You can Download November Issue Here . This is a theoretical prima to bring out a discussion about whether an Internet doomsday worm can be created that is so intractable that it cannot be eradicated. This worm could also have the ability to carry multiple weaponized payloads. Can a doomsday worm shut down the Internet? I don't think anyone could shut down the Internet but I believe a worm can definitely create access problems. An intractable type of malware agent is not an abstract concept or science fiction. A doomsday like virus has been plaguing the U.S.Drone fleet. They keep trying to disinfect their hard drives but it keeps coming back. The Pentagon has been plagued by the worm agent.btz; they are still trying to remove it after 3 years. Some analyst think agent.btz was created by China....

Persistent XSS Vulnerability in White House Website Alexander Fuchs , A German Security Researcher Discover Persistent XSS Vulnerability in Official website of White House . He said " The petition system is vulnerable. Every Petition i start or join will execute my code. I could join all petitions and my code will be executed on all users who visit the petition system. " The XSS Demo is here: https://wwws.whitehouse.gov/petitions/!/petition/security/WxgwM7DS Advisory: https://vulnerability-lab.com/get_content.php?id=308

Fraud communities owned and exposed by Happy Ninja The  Happy Ninjas Hackers Release a Ezine " Owned and Exposed - ISSUE no 3 " on Exploit-Db . They claim to hack various German and International fraud scenes and Publish there all details online in Ezine.  They said " Operation Antisec : The original Antisec Movement was brought to life by actualhackers and targeted full disclosure and the corporate securityindustry. Publishing gigantic amounts of (corporate) data on theinternet does exactly the opposite: It provides the security industrywith the attention they need and hence new customers. " " Money is the root of allevil" as the proverb has it; and it's why fraud communities do comeback after we have owned and exposed them " He added. Most the famous fraud sites got hacked by them , such as: St0re.cc El-Basar.biz Swissfaking.net Vpn24.org Unique-Crew.net Undercover.su Secure-Host.in Hackbase.cc Zion-Network.net Most of the IP add...

Call for Articles - The Hacker News Magazine | December Edition THN Magazine is a free monthly magazine designed to spread awareness and knowledge about cyber security. Our goal is to provide the most up-to-date information on a wide variety of topics that relate to hackers and security experts worldwide. We welcome contributions from readers and hackers like YOU! Simply submit your idea or article to thehackernews@gmail.com or  admin@thehackernews.com  and your submission could be featured in our next edition. Some topics of interest include, but are not limited to: New attack and defense techniques Related to Anonymous ,Activist and Hacktivists Vulnerability discovery Small tactics and techniques; Big attacks and impact Mobile hacking Professional exploit development Security and hacking events around the world Technical book reviews Security and hacking threats Security tools Expert interviews If you enjoy our monthly publication, please spread the word...

XSS Vulnerability on AOL Energy website A non-persistent Cross Site Scripting (XSS) vulnerability discovered on AOL Energy website. The similar Vulnerability is claimed by few other guys on some forums too. No clue that who found it first, But THN got update from Vansh & Vaibhuv from India.

#OccupyLondon : The Night of Thousand Masks on 5th November Anonymous Mask = " A symbol that unites them behind one universal message " . Activists plan to protest on 5th November ,2011 at Saint Pauls Cathedral London 9:00pm - 11:00pm. This going to be " The Night of Thousand Masks ". Message By Anonymous : Good evening, London. Allow me first to apologize for this interruption. I do, like many of you, appreciate the comforts of every day routine- the security of the familiar, the tranquility of repetition. I enjoy them as much as any bloke. But in the spirit of commemoration, thereby those important events of the past usually associated with someone's death or the end of some awful bloody struggle, a celebration of a nice holiday , I thought we could mark this November the 5th, a day that is sadly no longer remembered, by taking some time out of our daily lives to sit down and have a little chat. There are of course those who do not want us to speak. I susp...

Super Cryptography : The Next Generation Encryption The next generation of encryption technologies meets this need by using Elliptic Curve Cryptography (ECC) to replace RSA and DH, and using Galois/Counter Mode (GCM) of the Advanced Encryption Standard (AES) block cipher for high-speed authenticated encryption. Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. The use of elliptic curves in cryptography was suggested independently by Neal Koblitz and Victor S. Miller in 1985. According to Cisco ," New algorithms for encryption, authentication, digital signatures, and key exchange are needed to meet escalating security and performance requirements ". A 244-bit ECC key has the equivalent strength of a 2048-bit RSA key for security; a 384-bit ECC key matches a 7680-bit RSA key. Greater strength for any given key length enables the use of shorter keys, resulting in significantly l...

The Hacker News Magazine - Anniversary Edition  - November Issue 06 In November of 2010 the team at The Hacker News finally achieved our ultimate goal of launching an online News Portal and Magazine addressing the tricky and complicated world of hackers and hacking. In our first year The Hacker News made our fair shares of mistakes, typical of first-time publishers, but our successes have been innumerable and The Hacker News has reached many of it goals in this often hectic and exciting  first year. The Hacker News was fortunate enough to have assembled a dedicated and professional team that intrinsically understood that it is not enough to hope to succeed; you have to plan to succeed. And I am grateful to each and every one of these talent people that understood this concept and helped implement it daily to help insure our success. As the mainstream media often denigrates computer hackers as nothing more than digital pranksters, we at The Hacker News believe that many...

Palestine : Hackers have taken down phone and Internet services The main phone network in the West Bank and Gaza has suffered a sustained attack by computer hackers, the Palestinian Authority (PA) says. Mashour Abou Daqqa, the Palestinian telecoms minister, said the disruptions, which began Tuesday morning, came from various sources around the world, but had no detailed information. He said hackers used IP servers in Germany, China, and Slovenia to launch the attack. Hack may be linked to rising regional tensions over the Palestinian Authority's successful move to acquire membership in Unesco on Monday. It also comes against the backdrop of new cross-border clashes along the border between Israel and Gaza. One Israeli civilian and at least 10 Palestinian militants were killed in the worst violence on that front in months. The fighting followed the launch of rocket salvos against Israeli territory last week. Israel retaliated with airstrikes. Daqqa suggested its neighbour coul...

Blackhole Exploit Kit attack on WampServer & Wordpress sites Kimberly from  Stopmalvertising  found Blackhole Exploit Kit on Website of most popular Webserver software site WAMPSERVER . Almost at the bottom of the webpage they notice a Javascript requesting a file from jquery.googlecode.com . The URL is followed by a long string of parameters. The file  returns a 404, it's just there to fool people. Once the script decoded we obtain an iframe leading to vc-business.com/in.php .According to Analyse of Kimberly , If a vulnerable Java, Windows Media Player, Flash or Adobe Reader version is detected, the visitor will be redirected to 91.194.214.66/dng311011/c7a44076f6c722eb74725563b0a000a0/spl.php and from there to 30domaaaam.in/main.php?page=c76874df55550a3f . According to Norton Safe Web , 91.194.214.66 has been caught in distributing the ZeroAccess rootkit. Second Recent Attack by Blackhole Exploit discovered in  thousands of WordPre...