The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Breach confirmed in GlobalSign , SSL certificates not compromised GlobalSign said on Tuesday that the SSL certificate and key for www.globalsign.com may have been exposed after a hack on an external server in September. However, the company said that after investigating the breach it has found no evidence of rogue certificates being issued following the hack. A hacker known as " Comodohacker " compromised other certificate authorities including Comodo and DigiNotar. " I have access to their entire server, got DB backups, their linux / tar gzipped and downloaded, I even have private key of their OWN globalsign.com domain ," the hacker said in a Pastebin at the time. The investigation revealed that the compromise was limited to a peripheral Web server hosting the CA's website and did not affect the part of its network that deals with digital certificates. Companies use digital certificates as a cryptographic online trust technology. A stolen digital certificate can all...

Facebook Ticker partially Removed Due To Various Bugs According to a Post on Facebook Known Issues Page , Facebook has removed the ticker apparently motivated the social network to call the phenomenon a bug that's undergoing a fix. Facebook says that " Some people are seeing their ticker disappear. We are aware of this issue and are working to resolve it. ". Comments explaining that people with less active accounts won't see the feature, Because when your friends aren't doing anything on the site, the ticker would only duplicate the news feed and not scroll, so there's no point in the feature taking up part of your screen. Not even this, Last month a Brazilian (independent) Security and Behavior Research had analyzed a privacy issue in Facebook Ticker that allows any person chasing you without your knowledge or consent .How Facebook Ticker exposing your information and behavior without your knowledge. Meanwhile, the Known Issues on Facebook page posted that som...

Web of Trust (WOT) Wins in Court, Favors freedom of speech The world's leading safe surfing tool Web of Trust (WOT) has won the lawsuit filed against it in the United States. WOT was accused of defamation, violating rights, conspiracy and manipulating algorithms. The court of justice in Florida granted the motion to dismiss with prejudice. The case was brought up by ten companies, which are all associated to a person named Mr. Ayman El-Difrawi. The companies demanded WOT to remove ratings and comments for their numerous websites. WOT's advocacy was based on the article 230 of the Communications Decency Act, legislated in 1996 for similar cases. The article protects Internet service providers clearing them from liabilities related to content created by third parties. During the eventful case, the plaintiff changed their claims several times. The last change happened only a day before the oral hearing, when the plaintiff voluntarily dismissed some defendants and half of the clai...

Government organised 12 Chinese Hacker Groups  behind all Attacks About 12 different Chinese groups largely directed by the government there, do the bulk of the China based cyber attacks stealing critical data from U.S. companies and government agencies, according to U.S. cyber security analysts and experts. US online security companies are suggesting that it should have the right to force them to stop " by any means possible ". Sketched out by analysts who have worked with U.S. companies and the government on computer intrusions, the details illuminate recent claims by American intelligence officials about the escalating cyber threat emanating from China. And the widening expanse of targets, coupled with the expensive and sensitive technologies they are losing, is putting increased pressure on the U.S. to take a much harder stand against the communist giant. The report states that many of the attacks carry tell-tale signatures of particular hacking groups b...

US ,Israel or Russia , Who is Behind Stuxnet ? Initially After Symantec did a little reverse engineering on the now infamous Stuxnet worm, many started pointing the finger at the US and Israel, especially since it was concluded that the piece of malware was designed to target a specific version of the Siemens SCADA programmable logic controls (PLC) operating in certain nuclear facilities from Iran. Ralph Langner told a conference in California that the malicious software was designed to cripple systems that could help build an Iranian bomb.Mr Langner was one of the first researchers to show how Stuxnet could take control of industrial equipment. Dr. Panayotis A. Yannakogeorgos is a cyber defense analyst with the U.S. Air Force Research Institute. He told the Diplomat that the one weak point in the theory that the US and Israel hit the Iranian nuclear problem with Stuxnet is that both sides denied it when they would not have had to. Yannakogeorgos said that the Russians...

Coalition of Law Enforcement Hacked & Agents Information Leaked The Official Website of Coalition of Law Enforcement and Retail Hacked by Exphin1ty, Claiming himself from Anonymous Team. The Database has been hacked using SQL Injection on the website. Passwords, Email ID's, Address & Phone Number of Various Agents leaked by him. The attack resulted in the temporary suspension of the website Hacker Said in a pastebin Note that " The American law enforcement's inhumane treatments of occupiers has caught our attention. You have shown through these actions that you are nothing more than puppets in the hands of your government. We have seen our fellow brothers & sisters being teargassed for exercising their fundamental liberal rights, the exact ones that were bestowed upon them by their Constitution. Due to this and several other reasons we are releasing the entire member database of clearusa.org (The Coalition of Law Enforcement and Retail). An organization wh...

President of Guyana 's Website defaced by Hackers The Official Website of President of Guyana 's Website defaced by some hackers belongs to Group called " The Hackers Army " ."To the ignorant observer Israel may appear modern, vigorous and democratic largely thanks to the outrageous bias in Western media and the $$$ whom have become our leaders...now wake up!!!" The Pakistani hacker also blames the UN for creating out of Israel a country comparable to Nazi Germany. Also earlier The Hackers Army has hacked lots of high profile websites inlcuding ESET antivirus site and many more. The Disaster named hacker from the group is responsible for the Defacements . This is not the first time when Tha Disastar manages to breach the security of a site. Just yesterday he took down one of the websites used by Anonymous to spread their activist messages.

Source Code of Crypo.com Available to Download ! The Source Code of Crypo.com , One of the Famous Free Online Encryption Service is now available to download form a File sharing website . This Script will encrypt your messages using a strong encryption algorithm, and then your information will be secure for sending.  Download Here

Fully Undetectable Backdoor generator for Metasploit Security Labs Experts from Indian launch an automated Anti-Virus and Firewall Bypass Script. Its an Modified and Stable Version in order to work with Backtrack 5 distro. Below you can find the modified version and a simple presentation on how it works: In order to be able to compile the generated payload we must install the following packages ; Mingw32 gcc which you can install by : root@bt:~# apt-get install mingw32-runtime mingw-w64 mingw gcc-mingw32 mingw32-binutils After the installation we must move our shell-script - Vanish.sh - to default Metasploit folder  (/pentest/exploits/framework) and execute it. Recommended Seed Number = 7000 and Number of Encode = 14 . Note:  By default Script Generates Reverse TCP Payload but you can change it some modifications in Script [vanish.sh]. Virus Scan Report of Backdoor shows that its almost undetectable by most of the Antivirus programs. Download Link ...

Russian hackers hit Twitter with automated hashtags tweets Russian hackers have taken aim at Twitter in recent days to hamper communication between opposition activists as outrage against the conduct of last week's general elections grows. The pro-government messages were generated by thousands of Twitter accounts that had little activity beforehand. The hashtag is #триумфальная (Triumfalnaya), the name of the square where many protesters gathered. Maxim Goncharov, a senior threat researcher at Trend Micro, observed that " if you currently check this hash tag on twitter you'll see a flood of 5-7 identical tweets from accounts that have been inactive for month and that only had 10-20 tweets before this day. To this point those hacked accounts have already posted 10-20 more tweets in just one hour. " Brian Krebs, the author of the blog Krebs on Security, noted that the 'bot accounts he lists them here  appear to follow a single account called @master_boot , as well as following e...

BeEF 0.4.2.12 alpha Browser Exploitation Framework Released The Browser Exploitation Framework (BeEF) is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing. BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors. BeEF provides an easily integratable framework that demonstrates the impact of browser and Cross-site Scripting issues in real-time. Development has focused on creating a modular framework. This has made module development a very quick and simple process. Current modules include metasploit, port sc...

The Mole - Another Automatic SQL Injection exploitation tool The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. Features Support for injections using Mysql, SQL Server, Postgres and Oracle databases. Command line interface. Different commands trigger different actions. Auto-completion for commands, command arguments and database, table and columns names. Support for query filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily. Exploits SQL Injections through GET and POST methods. Developed in python 3. Video Demonstration: 1.)  Installation Guide 2.) Tutorial to Use 3.) Download Mole

Note : This Article is taken from Most Comprehensive and Informative IT Security Magazine by The Hacker News - December Edition [ Download Here ] "Be Social" is the imperative of the last years. We live alternative lives, weave dense networks of relationships; we feel the irrepressible urge to be part of a group, to fill the void that we carry within. But this human propensity to aggregation is now the foundation of the concept of "social network", a community of people, each of them defined "node" by researches, which are united by friendship, kinship, passions, interests, religious beliefs. The whole world is represented by a lattice structure that scientists have long taken to study, to achieve the classification of that human "node", classify its customs, and especially to predict the behavior and through it influence the response of the community a particular event. The philosophy is that of the control. In May Pierluigi Paganini defined the ter...

Six arrested for Million Pounds phishing scam Six people from London and the North West were being questioned by police on Friday in connection with a £1 million phishing scam that drained the bank accounts of hundreds of UK students. That is a lot of beer and book money, and the police said that hundreds of students had been caught out by the scammers. Today the Metropolitan Police said its Police Central e-Crime Unit (PCeU) arrested the suspects yesterday after four months of investigation. On Thursday, the police arrested a 38 year old man in Bolton; a 26 year old man and a 25 year old woman in Manchester; a 25 year old man in Deptford, London; and a 49 year old woman and a 31 year old man in Stratford, London. Police also seized computers and equipment from premises in London, Manchester and Bolton. The police said that on average the scammers, four men and two women, took amounts of money ranging from £1,000 to £5,000 at a time. They have been arrested on suspicion of consp...

" Enter at your own Risk " Cyber Security Awareness Campaign Coming this January , For the First time in Cyber History the Best, The Brightest & the Most Daring Come Together For an Information Extravaganza that will blow your Cyber Mind ! It's a time for us to offer education that increases online security for everyone. ENTER AT YOUR OWN RISK Cyber Security Awareness Campaign   The Hacker News  & 5 Other Top IT Security Sites are Sponsoring a Special Edition January 2012 Magazine, That Features Articles & Commentaries on Cyber Security From : 1.) The Hacker News 2.)   Security-FAQs 3.)   SecManiac 4.)   Korben 5.)  Security-Shell 6.) SecTechno Our goal is to provide the most up-to-date information on a wide variety of topics that address the tricky and complicated world of hackers and hacking. Cyber security is our Shared Responsibility. Everyone has the potential to make a difference and educate others. You can r...

Hack a webcam and a film camera into a USB microscope Have you ever wanted to inspect or photograph something up close, but could not find amagnifying glass or did not have enough light on your subject? Well read on, because this project will do the job for you at little or no cost called " My Inspector Gadget ". Most of you probably have a webcam sitting around somewhere, and after all the high voltage projects you've done using disposable cameras, we bet you have some camera lenses too. In a contest entry Butch shows  how to make your very own computer enabled microscope out of stuff that many of you will have lying around your house. What is basically involved is tearing apart a web cam, adding additional lighting and a lens assembly from an old film camera. In is project he shows how to harvest the lens from the film camera and mount it, as well as where he added the LED. You can see in the picture above, his results are pretty good. [ Source ]

Biggest Pakistan News site Dawn.com hacked by LuCkY Indian hacking Group " Indishell " hackers once again hit Pakistani cyber space. This time LuCkY from Indishell team deface the biggest Pakistani News site Dawn.com  ( Alexa Rank : 3540 ). He also post Database Info ie. Database Name - archives_wpress Database Name - archives_user2 Database Password - 'B,!R~T-K^L2)'); Deface page message include the possible hack reason " You Wont get kashmir by hacking sites lol , Kashmir is ours will be".  Hackers on both sides have indulged in sporadic attacks against each other ever since 1998 nuclear tests. The Indishell and PCA warriors hide behind coded named such as 'Zombie' , 'Lucky' and are thought to be young IT professionals.

Charlie Miller is a former hacker who has become an information security consultant now working with Department of Defense (DoD) for helping out with cyber security.  He was invited to the conference on cyber conflict held by the NATO Cooperative Cyber Defense Center of Excellence in Tallinn, where he talked about the vulnerability of information systems.  In a recent video released he talks about the ways he works. He spent five years working for the National Security Agency. Miller demonstrated his hacks publicly on products manufactured by Apple. In 2008 he won a $10,000 cash prize at the hacker conference Pwn2Own in Vancouver Canada for being the first to find a critical bug in the ultrathin MacBook Air. The next year, he won $5,000 for cracking Safari. In 2009 he also demonstrated an SMS processing vulnerability that allowed for complete compromise of the Apple iPhone and denial-of-service attacks on other phones. In 2011 h...

Critical Zero-day Vulnerability in Adobe Reader Researchers at the Lockheed Martin Computer Incident Response Team (CRT) and members of the Defense Security Information Exchange informed Adobe that their products were being exploited by hackers. The exploit affects all versions of Adobe Reader and Adobe Acrobat 9.x and higher, including Adobe Reader X and Adobe Acrobat X (10.1.1) for Windows, Macintosh, and UNIX. " This U3D memory corruption vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system ," wrote Adobe in their incident report, explaining that this essentially a memory-corruption and privilege escalation exploit. " There are reports that the vulnerability is being actively exploited in the wild in limited, targeted attacks against Adobe Reader 9.x on Windows. Adobe Reader X Protected Mode and Acrobat X Protected View mitigations would prevent an exploit of this kind from executing. " According to a blog po...

XSS (Cross site Scripting )  Vulnerability discovered on Google Code website as shown. Claimed to be Discovered by  Vansh Sharma & Vaibhuv Sharma. Proof Of Concept: Just go to https://code.google.com/apis/ajax/playground/  and then click on edit HTML after that remove all the codes and type this script: < img src="< img src=search"/onerror=alert("XSS")//"> And click on DEBUG CODE , and then first it will show you " Sample must have <head> element " click OK and wait for the window to load if nothing happen then try the same thing again or simply you can click on RUN CODE, and you will get a popup which is XSS. Another Similar XSS posted by  +Pirate , as posted on HackForum Community.