The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Iran will Develop their own security Software , No more foreign Solution According to latest report, Iran's Information and Communications Technology Minister announce that - Iran has prohibited import of foreign computer security software. Because International sanctions stopped Iran from obtaining anti-virus software. So, Iran stressed that no foreign software for computer security will be imported into the country, adding that Iran will rely on its own software, made by local developers. The Bonian Daneshpajouhan Institute has about 25 smaller firms that develop domestic security software of various nature, and country will rely on it.  A senior Iranian intelligence official has claimed that an estimated 16,000 computers were infected by the Stuxnet virus, which targeted the country's nuclear facilities and other industrial sites in 2010. The ban is intended to push Iran into the production of its own malware defense instruments. Whether ...

Three Greek Anonymous hackers arrested for defacing Government Sites According to a press release by the Greek police,They has arrested an eighteen-year-old and identified two other teenagers it accuses of having defaced the Greek Ministry of Justice website. The attack happened at the start of February, Aged 16, 17 and 18, the three targeted schoolboys are suspected of taking part in this group under the nicknames ' delirium ', ' nikpa ' and ' extasy '. The Greek Cybercrime division has found electronic traces that supposedly lead to the subjects and claim that they've attacked many sites in the past. Besides the arrests, the unit also seized 12 HDD and 3 notebooks. A police statement says the three claim to be part of the international " Anonymous " activist collective, which has attacked computers in several countries. Hackers posted a video and messages on the Justice Ministry website on February 3, protesting the Greek government's signing of a global copyright trea...

Facebook Hacking - Student jailed for eight months 26-year-old Glenn Steven Mangham, a student in the UK, has been sentenced to eight months in prison for hacking into Facebook from his bedroom at his parents house. Facebook spent $200,000 (£126,400) dealing with Mangham's crime, which triggered a "concerted, time-consuming and costly investigation. Glenn Mangham, 26, admitted to infiltrating the website between April and May of last year. Apparently no user details were taken, as he went straight for "invaluable" intellectual property instead. Facebook alerted the authorities last May after they discovered the breach. The FBI took care of the rest, tracing it all back to the UK address. He found his way in by hacking into the account of a Facebook employee. Facebook operates a bug bounty program in which it pays ethical hackers up to $US 500 for quietly disclosing vulnerabilities. According to reports of Mangham's court appearances, the software development student cl...

FAQ : DNSChanger Trojan, Impact and Solutions Two days before we (THN) Reported that FBI will shutdown Internet on 8th March , Title seems to be more Attention seeking , Why ? Well ! Our job is to aware you about the Internet Security. If we are looking for some extra attention from our Readers then its part of our small effort to make Internet more secure space for all. Today we are going to Explain all about DNSChanger Trojan, its Impact on Internet users and the biggest challenge for FBI to resolve it, and How a non technical user can check and Restore its computer, Hope you will share this article with your Friends, Followers and On your Site to aware them about this Serial Internet Killer . What is DNS (Domain Name System) ? is an Internet service that converts user-friendly domain names into the numerical Internet protocol (IP) addresses that computers use to talk to each other. When you enter a domain name, such as www.thehackernews.com , in your web browser address b...

DPScan : Drupal Security Scanner Released The First Security scanner for Drupal CMS has been released by Ali Elouafiq , on his Blog . His team develop a tool that will enumerate at least the modules used by Drupal so we can simulate a White Box audit on our private machines. This small tool is public and accessible to you for use however you please. It may help other auditors or penetration testers do their job faster, Here is a little demonstration. After downloading the script (in python), you simply type: > python DPScan.py [website url] You can download Drupal Security Scanner here .

FBI will shutdown the Internet on March 8 The Internet could go dark for millions of users as early as March 8 because of a virus that has corrupted computers in more than 100 countries. Last year, authorities in Estonia apprehended six men believed responsible for creating a malicious computer script called the DNSChanger Trojan. Once set loose on the Web, the worm corrupted computers in upwards of 100 countries, including an estimated 500,000 in America alone. Must Read :  FAQ : DNSChanger Trojan, Impact and Solutions The primary impact of this infection is that it caused web surfers to be sent to fraudulent websites by changing what is called the DNS settings on compromised computers.The Domain Name System (DNS) is the backbone of the Internet's address scheme and DNS servers are special computers around the world that act as Internet traffic cops providing directions to websites that you wish to visit. Though the FBI has shut down the DNSChanger network and put up s...

Teyana Taylor 's Twitter Hacked, Nude image Leaked R&B singer  Teyana Taylor was the latest victim of an Internet scandal when a nude photo of her hacked and spread around the Internet. The topless photo and other pictures claiming to be of the " Google Me " singer reportedly appeared online by way of her Yfrog account. The embarrassing nude photo that is trending on Twitter shows someone who has similar features like Taylor, showing off her breasts and is seen wearing nothing but her underwear and a pair of socks. The person's face in the picture is not shown and it hasn't been confirmed that it is in fact the rapper. But Twitter users believe that it us the rapper and has said that Taylor's phone was either stolen or she has uploaded the photo of herself. Read her open letter below: Look I'm human, & just like every girl in this world, I admire my body so i take pics just like EVERY other human being. However my phone that was stolen Wit...

Anonymous Hackers Develop WebLOIC DDOS Tool for Android Mobiles These Days Anonymous Hacker Group using a new tool WebLOIC . This tool is even easier to use than LOIC DDOS tool, requiring no download, it sends requests using Javascript in the user's browser. Just like LOIC, it is a quick path to prison, sending thousands of requests from your IP address to the target, accompanied by a slogan. Recently Hackers Release and New Interface of WebLOIC, ie. for Android Mobile in the form of an Application named " LOIC para Android by Alfred ". They Spread this tool via Anonymous social network accounts to execute the new attack in Various Anonymous operations against Argentinian government - such as #opargentina #iberoamerica. When Attacker will click " Fire ", a JavaScript will sends 1,000 HTTP requests with the message " We are LEGION! " that perform DoS attacks of Given Target URL. This Application is Available to Download here .

The Syrian spyware to target the opposition activists CNN News reported about malicious programs used to target the Syrian opposition, Its a computer viruses that spy on them and according to report a Syrian opposition group and a former international aid worker whose computer was infected. They steal the identities of opposition activists, then impersonate them in online chats, then they gain the trust of other users, pass out Trojan horse viruses and encourage people to open them. Security Researcher in the Malware Detection Team (MDT) at Norman analyse the packages and found that there are two malicious programs, one which displays message about downloading a free security program, and one which showed no action when executed. He said that Most of the ones we've seen come as selfextracting RAR executables that extract a malicious program. The malicious programs have been Visual Basic executables that primarily are downloaders and keyloggers  they ...

How Hackers can Track your Mobile phone with a cheap setup ? Cellular phones have become a ubiquitous means of communications with over 5 billion users worldwide in2010, of which 80% are GSM subscribers. Due to theiruse of the wireless medium and their mobile nature, thosephones listen to broadcast communications that could reveal their physical location to a passive adversary. University of Minnesota researchers found a flaw in AT&T and T-Mobile cell towers that reveals the location of phone users. The attack, described in a Research paper (Click to Download Pdf) , is most useful for determining whether a target is within a given geographic area as large as about 100 square kms or as small as one square kilometer. It can also be used to pinpoint a target's location but only when the attacker already knows the city, or part of a city, the person is in. Ph.D. student Denis Foo Kune says, " Cell phone towers have to track cell phone subscribers to provide service efficiently...

Tenable Release Nessus 5.0 vulnerability scanner Tenable Network Security announced Nessus 5.0 vulnerability and configuration assessment solution for enterprises and security professionals. Nessus version 5.0 introduces key features and improvements, separated into the four major phases of the vulnerability scanning process: Installation and management (for enhanced usability) - Nessus 5.0 simplifies the installation and configuration for non-technical users. Configuration and management: Nessus v5.0 configuration and management is now done 100% through the GUI Scan policy creation and design (for improved effectiveness) - Users now enjoy improved effectiveness when creating scan policies. Over two dozen new pre-built plugin filters make it easy for security and compliance professionals to simplify policy creation for laser-focused scans on the areas that matter most. Users can quickly select multiple filter criteria, such as, Vulnerability Publication Date, publi...

Anonymous deface National Consumer sites & Federal Trade Commission sites  against #ACTA Today, Anonymous Hackers deface multiple National Consumer websites over ACTA, the protests and hactivism continues against ACTA - 'The Anti-Counterfeiting Trade Agreement' is a proposed plurilateral agreement for the purpose of establishing international standards on intellectual property rights enforcement. Hackers Deface following sites : business.ftc.gov consumer.gov ncpw.gov ftcstaging.mt.fhdbeta.com ncpw.gov consumer.ftc.gov ftcdev.mt.fhdbeta.com Mirror of Defacements : https://zone-h.org/mirror/id/16983974 Mysql Username, Emails and Passwords of all usres leaked by Hackers on Deface page as shown. Hackers also post a video on The Top of page to show there view about ACTA. Last Month, Prime Minister Donald Tusk's web site was still offline, following attacks by hackers protesting against Poland signing the Anti-Counterfeiting Trade Agreement (ACTA), designed to combat ...

Armitage Update : Graphical cyber attack management tool for Metasploit Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don't use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you. Armitage Changelog 14/Feb/12 - Added ports 5631 (pc anywhere) and 902 (vmauthd) to the MSF Scans feature. - Several cosmetic tweaks to the spacing in Armitage tables. - Moved table render code from Sleep to Java to avoid potential lock conflicts - Added support for vba-exe payload output type. - Payload generation dialog now sets more appropriate default options for the vba output type when it is selected. - Meterp command shell "read more stuff?" heuristic now accounts for Yes/No/All - Fixed ExitOnSession ...

Internet users in dozens of countries around the world where governments tend to look askance at freedom and civil liberties have come to rely on the Tor network for dependable, anonymous access to the Web. But those governments and some popular websites have caught on to the game and begun to make it more difficult for users to connect to the Tor network. If you live in an area with little or no Internet censorship, you may want to run a Tor relay or a Tor bridge relay to help other Tor users access an uncensored Internet.The Tor network relies on volunteers to donate bandwidth. The more people run relays, the faster and more secure the Tor network will be. To help people using Tor bypass Internet censorship, set up a bridge relay rather than an ordinary relay. Now, new version of the software include a feature that enables users to connect to one of several " bridges ," or Tor relays whose IP addresses aren't listed in the Tor directory. Bridges to Tor is a step forwa...

Indian Stock Market next target of Bangladesh Hackers Bangladesh Cyber Army hackers released a Youtube video mentioning their next attack would be on Indian Stock Market, in order to Protesting the killing of another Bangladeshi citizen on Border by BSF. Bangladesh Cyber Army has attacked 3 important Indian Stock Market sites : https://www.dseindia.com/ https://www.nseindia.com/ https://www.paisacontrol.com/ The websites were down during the peak hour. So all types of online transaction was off. The sites faced DDoS attacks and were down for around 10 hours. This caused a huge amount of loss in the financial sector of India. The amount of loss may reach millions of rupees as well. Bangladesh Cyber Army mentioned that they are still not done. They will continue their attacks if BSF does not stop their brutality over innocent Bangladeshi citizens. They also mentioned that these high-profile sites will suffer continuous attacks if the points mentioned by them are not accepted. Bangla...

Dangerous IE browser vulnerabilities, Allows remote code execution ! Microsoft is expected to show some love for Windows administrators on Valentine's Day, with nine patches fixing 21 vulnerabilities in February's Patch Tuesday release. Also, Microsoft is warning all users of its Internet Explorer web browser to immediately apply the latest security patch as a precaution against malicious hacker attacks. Critical fixes would address flaws that could allow remote code execution in Windows, Internet Explorer, .NET Framework, and Silverlight, Microsoft's web development tool. The update is rated "critical" for Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows client machines and Microsoft expects to see reliable exploit code published with the next 30 days. Here are the bulletins for February 2012: MS12-008 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465) MS12-010 – Cumulative Security Update for Inte...

Anonymous Hackers target Nasdaq website Websites of exchange operators Nasdaq and BATS have been attacked by hackers over the last 24 hours, causing ongoing disruptions for those trying to use the sites. Sites was down because of distributed denial-of-service attack from a group of Anonymous hackers. L0NGwave99 ,a online hacktivist, is claiming to be responsible for the attack. In a release issued Tuesday, an operative writes " This DDoS Operation over NASDAQ is done in support of the great and rooted 99% movement, whom the L0NGwave99 Group has decided to give a present ." " The website wasn't hacked, nobody got any information. What they did was try to block access for our users ," NASDAQ spokesman Joseph Christinat adds to the agency. Trading in Nasdaq stocks has not been affected by the attacks. According to reports, the attacks have also affected the NasdaqTrader.com site, although it seems to be fine at the moment. " The website wasn't hacke...

Anonymous leak 400 Mb Documents from US Army Intelligence Knowledge Network Anonymous claim to hack Intelligence Knowledge Network (IKN) Portal of United States Army -  ikn.army.mil . Hackers dump around 400 Mb of Data on Rapidshare in two parts : https://rapidshare.com/files/665225777/Documents1.zip https://rapidshare.com/files/2204410673/Documents.zip AnonymousIRC also tweeted few part of leaked documents , here and here .  IKN is a Knowledge Management tool and dynamic portal that enables Intelligence Soldiers all over the world to communicate, collaborate and investigate. IKN serves as the Intelligence Warfighter Forum and hosts discussion forums, a single point of entry to access Intelligence Community websites, and provides a variety of public and private web applications that support the Intelligence Community and the Warfighter.IKN Public Sites

Cryptome Webpages infected with Blackhole exploit kit Cryptome.org a popular website and similar to Wikileaks was hacked by the cybercriminals & Attackers were able to hide malicious scripts on every one of the site's 6,000 pages. Anyone visiting with a vulnerable browser will have found themselves infected with Blackhole, most likely adding their computer to a larger bot. Cryptome attack, website owners only know they have a problem when users contact them with the bad news after detecting it with security software wise to its many techniques for staying out of sight. Cryptome official write , " A reader reported today that accessing a file on Cryptome caused this intrusion warning " and " Replacement with clean files is proceeding, probably done by end of day ." Two years ago, the organisation published Microsoft's secret Global Criminal Compliance handbook, which laid out how the company was gathering certain data from users of some of its services...

Philips Electronics got hacked, Database Stolen by Hackers Another big site got hacked today, its Philips Electronics - had revenues of €25.42 billion in 2010, making it one of the largest electronics companies in the world. It employs around 114,500 people across more than 60 countries. The deface page shows the name of Hacker as -  Hacked by bch195 and HaxOr . These hackers belongs from  Team INTRA . Hacker also make a pastebin note ( https://pastebin.com/BDbrcx8b ) about hack. Hacker claim to hack many subdomains of Philips websites as shown. The screenshot is of a php shell uploaded on Philips's Website. Hackers link 3 more Private note in last pastebin note, which include Most of the Hacked Database of Website and List of few emails extracted from their. Also hacker comment that " This is first 100 emails from 200k list.I don't want to share more because i will sell it ." Last week seems to have another interesting Hacks of big websites : "NASA Own...