The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

PwnieExpress : Pentesting suite for the Nokia N900 PwnieExpress providing one of the best Pentesting suite for the Nokia N900 .It  Includes Aircrack, Metasploit, Kismet, GrimWEPa, SET, Fasttrack, Ettercap, nmap, and more, Custom pentesting screen with shortcuts to macchanger, injection on/off, etc. Built-in wireless card supports packet injection, monitor mode, and promiscuous mode also available : Try It

Operation Brotherhood Shutdown  : Multiple Sites taken down by Anonymous Hackers Anonymous Hackers take down the The Muslim Brotherhood websites. The hacking group had made an announcement Tuesday in which they threatened to launch "Operation Brotherhood Takedown," on all Brotherhood sites at 8pm on Friday, 11 November. According to a video released by them on youtube as shown above. They claim to taken down following sites: As of 2:24 PM EST, ikhwanonline.com IS DOWN. As of 2:26 PM EST, ikhwanweb.com IS DOWN. The Brotherhood claimed in a statement released on Saturday morning that the attacks were coming from Germany, France, Slovakia and San Francisco in the US, with 2000-6000 hits per second. The hackers later escalated their attack on the site to 380 thousand hits per second.Under the overload, four of the group's websites were forced down temporarily.Anonymous is made up of a group of unidentified hackers who have previously attacked Israeli, Russian and NATO...

Android facial recognition based unlocking can be fooled with photo Another Android Feature Exploited, Funny that Android facial recognition based unlocking can be fooled with photo . Check out the video below, courtesy of Malaysia's SoyaCincau : He said " While some of you think that it is a trick and I had set the Galaxy Nexus up to recognise the picture, I assure you that the device was set up to recognise my face. I have a few people there watching me do the video and if any one of them is watching this video I hope you can confirm that this test is 100% legit .".

#Anonymous : Now is the Time to evolve or Die Anonymous was formed and birthed on the internet message board 4chan in 2003. The moniker Anonymous was derived as homage to 4chan. At the time, if someone posted to 4chan's forums and no name was given then the post was credited to "Anonymous". Seizing onto the premise or the idea that actions can be taken anonymously by the lesser or powerless "Anonymous" moved beyond 4Chan and morphed into sometime larger and more potent. The original premise of "Anonymous" appeared to be a limited but noble idea; attempting to keep the internet open and free because governments and corporations were earnestly trying and demanding limits and restrictions to the freedom of expression on the internet. To date "Anonymous" has remained a banner that many channers, as well as hacktivists and IRC users, post under and are loosely grouped together. Allied under the umbrella of "Anonymous" with no real command structure in the group, "Anonymous" rem...

Bangladesh Supreme Court website hacked The official website of the Supreme Court was hacked yesterday.Information technology experts of the court, however, recovered it around 8:00pm. According to the message posted on the site, the hackers identified themselves as " Bangladeshi UnderGround Hacker 3xp1r3 Cyber Army ".They, however, claimed that all the data is safe and not being tampered with or deleted." Some other hackers are trying to hack Bangladeshi sites!! And delete all the data !! (sic), " they warn. Head of IT department of the apex court Quddus Zaman confirmed the restoration of the site, www.supremecourt.gov.bd. Earlier, Supreme Court registrar A K M Shamsul Islam told , " A person from Singapore called me up in the morning and said the website of the Supreme Court has been hacked. Several others also phoned me later and complained about it ."

Burp Suite Pro v1.4.03 released - CSRF generator, SSL strip Added There is a new CSRF generator, which produces proof-of-concept HTML for generating virtually any HTTP request. You can access this feature by right-clicking any item within Burp, and using the engagement tools context menu to select "generate CSRF PoC". Some useful features are: Support for all form encoding types: standard URL encoding, multipart encoding, and plain text encoding. Auto-detection of the optimal encoding type, with manual override. Ability to edit both the request and response in-place, to fine tune attacks. In-browser testing, by pasting a URL into your browser that will cause Burp Proxy to serve up the CSRF PoC in its response. Download/Buy from here

Possible Credit Card Theft in Steam Website Hacking Valve CEO Gabe Newell has contacted all users of the Steam game distribution platform to let them know that the company has suffered a security breach. Right before going offline, users saw a new category in the forum that directed them to open a site named "Fkn0wned." Many users also complained that their email ids related to Steam accounts were "spammed with ads for the web site. Valve recommends all users to keep closely watched the activity of their credit cards because the hackers had access to that information during the attack. Forums Steam are closed for the moment, but the program itself is running. " We have no evidence that the numbers encrypted credit card or personal identifying information was taken by intruders, or the protection of card numbers or passwords have been cracked . We are still investigating , "Newell wrote. " At the moment we have no evidence of misuse of credit cards b...

Operation Ghost Click by FBI - Online advertising scam taken Down A gang of internet 'cyber bandits' who stole $14 million after hacking into at least 4 million computers in an online advertising scam have been arrested following a joint investigation by the FBI and Nasa. Six men are in custody in Estonia, pending extradition to the United States, following a two-year investigation into an " intricate international conspiracy " that " hijacked " millions of computers around the world and stole more than US$14-million. The FBI's two-year investigation was dubbed "Operation Ghost Click". Computers in more than 100 countries were infected by the "DNSChanger" malware, which redirected searches for Apple's iTunes store to fake pages pretending to offer Apple software for sale, as well as sending those searching for information on the U.S. Internal Revenue Service to accounting company H&R Block, which allegedly paid those behind the scam a fee for each visitor...

myOpenID XSS : One of the Largest OpenID provider is Vulnerable One of the One of the Largest Independent OpenID provider " myOpenID " is Vulnerable to Cross Site Scripting (XSS) ,Discovered by " SeeMe " - Member of Inj3ct0r Team. Cross Site Scripting (or XSS) is one of the most common application-layer web attacks. What Hacker can do - "The attackers can steal the session ID of a valid user using XSS. The session ID is very valuable because it is the secret token that the user presents after login as proof of identity until logout. If the session ID is stored in a cookie, the attackers can write a script which will run on the user's browser, query the value in the cookie and send it to the attackers. The attackers can then use the valid session ID to browse the site without logging in. The script could also collect other information from the page, including the entire contents of the page". Proof Of Concept - Click Here

CrySyS Duqu Detector Open source Toolkit Released Two weeks ago Researchers at the Laboratory of Cryptography and System Security (CrySyS) in Hungary confirmed the existence of the zero-day vulnerability in the Windows kernel , according to security researchers tracking the Stuxnet-like cyber-surveillance Trojan. The Laboratory of Cryptography and System Security (CrySyS) has released an open-source toolkit that can find traces of Duqu infections on computer networks.The open-source toolkit, from the Laboratory of Cryptography and System Security (CrySyS), contains signature- and heuristics-based methods that can find traces of Duqu infections where components of the malware are already removed from the system. They make a release that " The toolkit contains signature and heuristics based methods and it is able to find traces of infections where components of the malware are already removed from the system.The intention behind the tools is to find different typ...

w3af v.1.1 - Web Application Attack and Audit Framework Released w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. To read our short and long term objectives. w3af is much more than a piece of software, w3af is a community that breathes Web Application Security. Change Log: * Considerably increased performance by implementing gzip encoding * Enhanced embedded bug report system using Trac's XMLRPC * Fixed hundreds of bugs * Fixed critical bug in auto-update feature * Enhanced integration with other tools (bug fixed and added more info to the file) Download Here Get Video Tutorial and Help to Use w3af here

Cross Site Scripting Vulnerability in Speed Bit Search Engine Debasish Mandal, A hacker from India , Found that there is a XSS through JavaScript Injection vulnerability in the Home page of Speed Bit Search Engine.The XSS filter is filtering normal html /script /iframe tags but XSS can be achieved by injecting JavaScript event "onmouseover()".Technical Description is below. Debasish have reported the vulnerability to the Speed Bit Team but haven't yet got any response from their side. Proof Of Concept: 1) Visit this URL https://search.speedbit.com/?aff=grbr" onmousemove="alert(document.cookie) 2) Bring mouse cursor over the hyperlink shown in the image and you should see a POP up box showing the browser cookies. Submitted By :  Debasish Mandal, India.

Computerized Prison doors hacked with vulnerabilities used by Stuxnet worm Security holes in the computer systems of federal prisons in the United States can effectively allow hackers to trigger a jailbreak by remote control. The discovery of the Stuxnet worm has alerted governments around the world about the possibility of industrial control systems being targeted by hackers. A team of researchers with John Strauchs, Tiffany Rad and Teague Newman presented their findings at a recent security conference. They said the project wasn't really all that difficult -- it just took a little time, some equipment bought online and a basement workspace. The idea for the research came about from work that Strauchs had done previously. " I designed a maximum security prison security system. That is, I did the engineering quite a few years ago and literally on Christmas Eve, the warden of that prison after it was occupied, called me and told me all the doors had popped open, including ...

UMP French Political Party got hacked & personal information leaked The personal data of several political parliamentarians, ministers, Minister of UMP French Political Party employees were released online by an unknown source. The leak contain the details of  Bernard Accoyer, Lionel Tardy, Jean Tiberi, Georges Tron, Christian Vanneste, Jean Luc Warsmann, Laurent Wauquiez, Michèle Alliot-Marie, Patrick Balkany, Jean Francois Cope, etc.. Korben  publish  that , The leak available in 4 files posted on Pastebin under the name " French Right Wing Hacked "which includes personal information on over 1000 frames of the UMP. Database Dumps: -  https://pastebin.com/kpGWv9qD -  https://pastebin.com/WG7Ffh5t -  https://pastebin.com/jWA4RkCG -  https://pastebin.com/9tcqrFBX The first four of these files reveals all the potential variables specified for each record. Status, title, date and place of birth, education, employees, telephone numbers, business ...

Anonymous Hackers hack neo-Nazis website & leak personal info of 16,000 Finns Anonymous Hackers have successfully hacked the neo-Nazi website and published the database of its 16000 membership application database containing personal data of some applicants from all around the country. The hack was motivated by an apparent desire to shame the Finnish government into improving data security. In a Statement Anonymous says " We have no tolerance for any group based on racial, sexual and religion discrimination as well as for all the people belonging to them and sharing their ideologies, which is the reason why we decided to carry out last Monday's attack. ". Authorities are investigating the security breaches, according to an online message attributed to Anonymous Finland. According to the Helsingin Sanomat, the published information seems stolen from several sources: the Work Efficiency Institute, Student Alliance Osku, WinNova Länsirannikon koulutus Ltd, and Adu...

Researcher Charlie Miller kicked out from iOS dev program for Exploiting iOS security flaw A major security flaw in Apple's iOS operating system that could allow hackers to remotely gain unauthorized access to an iPhone, iPod touch or iPad has been uncovered by a security expert "Charlie Miller ". Charlie Miller gets a kick of out defeating Apple's security mechanisms, using his hacking skills to break into Macbooks and iPhones. Now, Apple has kicked the security researcher out of its iOS developer program after word got out that he built a proof-of-concept iPhone app to showcase a bypass of the code signing mechanism. Hours before, a YouTube video that Miller released went viral. In it, he demonstrated how he hijacked an iPhone to run malicious code after installing his Instastock app, which was admitted into the App Store in September. According to the report, Miller plans to reveal the issue in a presentation at the SysCan security conference in Taiwan next week. As...

The Hacker News arrived on Google+ Pages Google has finally added Google+ Pages feature in their social network which allow brands, products, companies, businesses, places, groups, and everyone else to establish a presence on the service. We've gone ahead and set up our very own ' The Hacker News ' Google+ page for all of our Readers . How you can help us to Grow Us ? Use " Share This Page " button available below the profile picture to share THN page with your friends and Family.  Add THN in your Circle Now  ! Find Us on: Twitter Facebook Page

International Foreign Government  E-Mails Hacked by TeaMp0isoN TeaMp0isoN group of hackers claim to hack more than 150 Email Id's of International Foreign Governments. They Release the Email List with Password on Pastebin note . Hex000101 Hacker, A member of TeaMp0isoN team got these Login credentials from various Government sites after hacking their databases such as armynet.mod.uk and website of Parliament of Australia (aph.gov.au) .

China is the birth place for most of malicious Android apps Mobile malware is rising, and there have been explosions in the world of viruses and Trojans. Virus makers are now targeting mobile platforms- thanks to their growing popularity. If we take the statistics from last 6 months, the chances of Android smart phones to be infected have doubled. A new report by TrendMicro says that " China is the birth place for most of malicious Android applications " . Even Android OS is also becoming more and more popular in China. This growth of Android users in China, however, seems to do little for the rocky relationship between Google and the Chinese government. It has been reported that access to the Google Android Market has been intermittent since 2009. According to a Report by TrendMicro, The inconvenience in accessing the Android Market, one not experienced by users from other countries, can be considered a big factor in the Chinese users' preference in terms of where to dow...

Brazil ISP servers under Massive DNS poisoning attacks Kaspersky Lab expert Fabio Assolini Report that A massive DNS cache poisoning attack attempting to infect users trying to access popular websites is currently under way in Brazil. Several large ISPs in the highly connected country have been affected by the attack, and police have made at least one arrest in connection with the operation. Attackers have been able to poison the DNS cache records for several major Web sites at some large ISPs. Last week Brazil's web forums were alive with desperate cries for help from users who faced malicious redirections when trying to access websites such as YouTube, Gmail and Hotmail, as well as local market leaders including Uol, Terra and Globo. In all cases, users were asked to run a malicious file as soon as the website opened. It asks the customer to download and install the so-called " Google Defence " software required to use the search engine. In reality, though, this ...