The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

" Please don't mind, its 5th of November " slogan for today ! Anonymous Hackers hacked into " Telecom Italy " (www.telecomitalia.it) and dump Social Security Number, Social Insurance Number, 30000 credentials and lots of vulnerabilities exposed. In a blog post hackers said," Telecom Italy boasts 3000 XSS error and vulnerabilities that allow third parties to access the "htaccess" and other sensitive data. Anonymous will not publish sensitive information of individual users. This one can define a simple notice to show that you do not have appropriate security measures. In fact it is very simple appropriated credentials and social security numbers ." 3000 Cross site scripting ? wow its a huge number ! Hackers upload some paste regrading the hack as given below: 1.) Social Security Number and Social Insurance Number : Link 1 2.)  Some Credentials (sample only) : Link 2 In credentials disclosure we notice an interesti...

The Israeli military has set plans to boost its cyber warfare capabilities with a better Cyber Army by expand its Unit 8200. " It has become clear that the demand for soldiers in this field is growing, which is why we're searching for solutions not only in Israel but abroad as well ," a top officer in the Manpower Directorate. Unit 8200, Israel's equivalent to the NSA, is undergoing a massive expansion. The U.S. Army ad slogan may be: " The Army needs a few good men ." But IDF Unit 8200′s slogan is: " The IDF needs a few good hackers ." Actually not a few, more like hundreds if not thousands. The disclosure comes amid recent reports that the Israeli army is working to enhance its cyber-warfare abilities. Military intelligence chief Maj.-Gen. Aviv Kochavi is slated to invest 2 billion shekels (525 million U.S. dollars) to that end in the coming years. " The military officials are tasked to track "young computer geniuses" and persuade them to immigrate to Israel for...

5th November 2012 was the most exciting day in Cyberspace, yesterday we have report about few major hacks and leaks including Hacking of ImageShack Server , thousands of researchers database leak from Symantec portal, then  NBC Sports Rotoworld forums and NBC Mobile site was defaced by pyknic hacker and a claim that user names and passwords for the site had been compromised, Anonymous leaks the VMware ESX Server Kernel source code online , numerous Australian sites, and the Organization for Security and Cooperation in Europe. The Guy Fawkes Day start with the hack of  28,000 Paypal Accounts. AnonymousPress tweeted , " Paypal hacked by Anonymous as part of our November 5th protest privatepaste.com/e8d3b2b2b1 #5Nov " (File Removed now) Private Paste documents contained 27,935 entries from Paypal database table " mc_customers " including emails, names, passwords (encrypted) and corresponding telephone numbers. However acc...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

Hackers hack into ImageShack server and expose all the files online, moreover Antivirus Company Symantec's portal also hacked by them and complete database of all 1000's of researchers dumped in a pastebin File. One of the hacker behind this hack avilable on twitter at  @ Doxbin . Hacker expose content of few most important files of the server, like /etc/passwd ,  /etc/shadow , Content list of ImageShack Web directory (/home/image/www) and many more. Hacker claimed to use some zero day vulnerability in order to get into the server. Whereas in  Symantec case, hackers leak complete database from online portal. Database information includes Phone numbers, email, domain, password, Name, Username etc. According to Hackers write up that exploit unknown zero-day bug of ZPanel used by Symantec to get into server. In same operation, hackers target  CrytoCC website (https://kerpia.cryt...

Mobile version of Official NBC website (m.nbc.com) and NBC Sports Rotoworld forums (forums.rotoworld.com) are currently defaced with a message reading " hacked by pyknic ." and " Remember, Remember The Fifth of November, The Gunpowder Treason and Plot. I know of no reason why the gunpowder treason should ever be forgot. " Hacker also claim that "user info" and "passwords" had been exposed, but yet there is no note about the dumped database location. We will update the article, once after receiving more information about the hack. Stay Tuned.

Cross Site Scripting (XSS) is currently the most common vulnerability in the world. This is vulnerability of some host which allows anyone to inject code/scripts into the page. The injected scripts could be html tags, javascript script, vbscript scripts. A Hacker with virtual name ' Human mind cracker ' expose similar v ulnerabilities in some big and Important sites, like  Israel airline, Myspace, MTV website, Sweden government, Bangladesh bank, Nasa subdomain, Brown University, Afghanistan government website and Rome government website. In a pastebin note , hacker disclose the vulnerabilities and exact working links. These Cross Site Scripting existence is because of the lack of filtering engines to user inputs at websites, forms and web servers. Most of the time readers thinks that XSS is a very minor bug and having very less impact. But if implemented in a better way, that can ...

India is set to take steps to protect its cyber infrastructure and designate agencies for carrying out offensive cyber attacks on other countries. Indian Government announce the appointment of   first coordinator for The National cyber security agency. Mr. Gulshan Rai , who presently heads the Indian Computer Emergency Response Team (CERT-IN), will be the first coordinator. The move comes at a time when proof shows countries launching cyber attacks not only for intelligence gathering and many nations describing the attacks as an act of war. " The plan is in final stages with certain legal issues being clarified. Among the issues are some objections to the legal powers of the proposed National Critical Information Infrastructure Protection Centre (NCIPC), a command-and-control centre for monitoring the critical infrastructure. NCIPC is to be managed by the technical intelligence agency NTRO (National Technical Research Organisation), and...

Anonymous group member "Stun" announce the leak of VMware ESX Server Kernel source code via twitter today. The tweet reads,  " WILD LEAKY LEAK. FULL VMware ESX Server Kernel LEAKED LINK #Anonymous #AntiSec ". VMware ESX is an enterprise-level computer virtualization product offered by VMware. The reason behind this wild leak by anonymous is that, Vmware continue producing on same level again and again which is not a good practice for better Security. " Bullshitting people and selling crap. But it's time for Anonymous finally to deliver. Ofc VMware will try to make like this Kernel is old and isn't used in its recent products. But thanks god, there is still such as thing as reverse engineering that will prove it's true destiny. " Hacker said. A 1.89 MB uploaded on torrent and titled "VMware ESX Server Kernel LEAKED". I have download the archive and file inside archive as shown above. Dump seems to be produced by revers...

A federal judge ordered the FBI to disclose more information about its " Going Dark "  surveillance program, an initiative to extend its ability to wiretap virtually all forms of electronic communications. Why shocking ? because a federal judge just ruled that police can place surveillance cameras on private property without a search warrant and another federal judge quickly overturned a previous decision blocking the indefinite detention provisions of the National Defense Authorization Act (NDAA) for Fiscal Year 2012. The EFF ( Electronic Frontier Foundation)   has filed filed two freedom of information requests, in response to which they received damned little. Judge Richard Seeborg says the feds need to go back and try again. FBI's wiretapping system is robust and advanced, so request sought documents concerning limitations that hamper the DOJ's ability to conduct surveillance on communication networks including encrypted services like BlackBerry, social-n...

Team GhostShell hackers group who was responsible for the recent leak of some millions of records from top universities around the world once again strike back. As the part of " Project Blackstar " Hacking group GhostShell Declares War On Russia and leaks 2.5 millions of accounts belong to  governmental, educational, academical, political, law enforcement, telecom, research institutes, medical facilities, large corporations in such fields as energy, petroleum, banks, dealerships and many more. This set of hacks is spread out across 301 links, many of which simply contain raw dump files uploaded to GitHub and mirrored on paste sites like Slexy.org and PasteSite.com. The files include IP addresses, names, logins, email addresses, passwords, phone numbers, and even addresses. " The average citizen is forced to live an isolated life from the rest of the world imposed by it's politicians and leaders. A way of thinking outdated for well over 100 years now, "...

The growing popularity of microblogging sites like Twitter has sparked a corresponding rise in social networking scams. If you receive an email or direct message (DM) on Twitter with text " Hello, You have been selected to be the Twitter user for the month! We've got a reward for you text this word ITweet to the following number 6 8 3 9 8 " , don't bother replying the mail. Mary C. Long actually notice this scam and write a quick warming on his blog .  Those who send messages to the number provided by the scammers are actually handing over their phone numbers to the crooks. They can use the information for smishing attacks and all sorts of other malicious plots , Eduard Kovacs from Softpedia explains . Here a small list of most common Twitter-Facebook Scam messages , If any of this phishing scheme sounds familiar, ignore the message. i got mine yesterday you even see them taping u him what on earth you're doing on this mov...

A few week ago, we have seen a major example of Cyberbullying , where a 15-year-old girl ' Amanda Todd '  to kill herself. The Internet can be a dangerous place for the young, exposing them to e-threats such as malware, phishing schemes, pornography or material promoting the use of drugs and violence, among others. In order to keep your kids safe, you'll need to know about the different types of online dangers that are out there. Researchers from  TrendMicro found a malware that steals images from your hard drives of an affected system and able to upload them to a remote FTP server . Malware specifically look for all .JPG, .JPEG, and .DMP files in the storage. Once your system will connect to internet, malware will upload first 20,000 files to the FTP server. " Information theft routines have been mostly limited to information that are in text form, thus this malware poses a whole new different risk for users. " The internet is a very useful too...

On a quick tip from a The Hacker News reader - Travis, we came to know about that some antivirus giving warning when readers try to visit  Bloomberg's Businessweek website ( businessweek.com ) that the site is infected with malware and trying to drop a malware on visitor's system. Website having very high alexa rank, that means it server updates to millions of daily visitors. Most obvious that Bloomberg's site was hacked and then hacker was able to inject the script to infect visitors of site. After exploring the site, I found that some " Under Maintenance " pages like (  hxxp://bx.businessweek.com/photos/spham708_medium.jpg  ) of  Businessweek website having injected iframe that trying to open a remote page uploaded on a italian website as shown below: Injected URL :  hxxp://www.lamiabiocasa.it/class/cls-memcache.php ( Do not open this page ). We have another news from other sources that, recently around h...

Your android device allows you to connect with anyone at anytime, if they are available. Mobile-enhanced shopping and banking sites gives you freedom to buy anything - anywhere. You have millions of applications, that you can install to pimp up your device. But same applications can exploit your business and personal life by stealing your personal information by various intelligent methods. Researchers at NC State University has uncovered a new vulnerability that expose smishing and vishing threats for Android users. I think you need to know about  Smishing  first,so it is where the mobile phone user will receive a text message. This text message only purpose is to get the user to click on the link. If you click on the link, you may inadvertently be downloading a Trojan horse, virus, or other malicious malware. So, researchers found a new way to do such phishing attacks using fake sms, If an Android user ...

Government eavesdropping and security agency GCHQ is developing new tools to sift through them for nuggets of useful data from Facebook, Twitter, LinkedIn, Google+, Pinterest. All of these are the source of valuable intelligence that the UK's intelligence agencies want to know about. During a visit to Bletchley Park, UK foreign secretary William Hague launched a 'spy drive' to recruit staff for GCHQ and other intelligence agencies, a National Cipher Challenge for schools, and a £480,000 grant to the home of WW2 code-breaking. " The work involves devising algorithms, testing them and general problem solving in the broad field of language and text processing. This pioneering research work is open to specialist in mathematical/statistics, computational linguists (eg speech recognition and/or language processing) and language engineering ." Job Description explains . " Using data-mining techniques, you will help us to find meaningful patterns and relationships in large ...

Do you believe that it is possible to shut down Facebook with a cyber attack on 5th November 2012, which is not even organised in a proper way ? Few activists on internet threatened to shut down Zynga and Facebook, after the gaming giant announced it was laying off five per cent of its work force. Most obvious like other big fake claims, this claim is also not from the activist working as Anonymous Genuinely. Generally I am strong supporter of Anonymous or Wikileaks but the Idea behind Anonymous have lots of Pro and Con. I ask some Anonymous (who are actually managing major operations) to comment about the attack scheduled on 5th November by some unknown anonymous group, and their reply was simply -- " FAKE " . Facebook , Twitter and other social media sites and News organisations are giving you platform for spreading information, they are your voice with an amplifier. Do you think you can use your MIC after u...

Google is bringing a host of new features to its Android 4.2 Jelly Bean operating system designed to increase productivity, creativity and peace of mind and some very promising security improvements including: client side malware protection, Security Enhanced Linux, and always-on VPN . Most important Security Improvements in Android 4.2 is that it now includes a service based on Bouncer that works with all apps, not just those on Google Play. For example, it can check the apps you download on the Amazon App Store, or from 3rd Party sites. Whenever user will install any app from a different source than the official market, and will scan it for any malicious code that may prove potentially harmful for your device. Other than this, Users can now control how much data apps can access and share. This is made even more secure by something called VPN lockdown that can limit the amount of information sent over a connection that may not be secure or that is shared rather ...

French security researcher firm and famous bug hunters at Vupen announced that it had already developed an exploit that could take over a Window 8 machine running Internet Explorer 10, in spite of the many significant security upgrades Microsoft built into the latest version of its operating system. Windows 8 operating system released last week, and now Microsoft itself has not been aware of security vulnerabilities available in release. " We welcome #Windows 8 with various 0Ds combined to pwn all new Win8/IE10 exploit mitigations, " Vupen posted on Twitter . Bekrar's claim follows up on his promise earlier in the month that Vupen would be ready to compromise Windows 8 immediately upon its launch: " Windows 8 will be officially released by MS on Oct 26th, we'll release to customers the 1st exploit for Win8 the same day #CoordinatedPwnage " "T he in-depth technical details of the flaws will be shared with our customers and they can use them to protect their critical i...

Folks from abuse.ch spotted an interesting piece of ransomware malware currently circulating in the wild. Current release is infecting Windows users. It seems that Cybercrooks are taking advantage of Anonymous Banner, for conducting such malware campaigns and supposed to be another game by opposite parties for discredit/Infamous the name of Anonymous in the eyes of the world. Before twitter user @FawkesSecurity posted a threat to bomb a government building by Anonymous. But later, collective group clear themself by statement, " Anonymous is not a terrorist organization. Anonymous does not use bombs. Anonymous does not condone violence in any way. Anonymous supports justice and universal equal rights. We support peaceful protest ." Ransomware malware restricts access to the computer system that it infects and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Message read " Your computer has been hacked by the Ano...

Late in August McAfee Labs discovered a Fake Antivirus program that claims to detect infections, and displays alerts to scare users into purchasing protection. On the contrary, this program is not genuine software and has nothing to do with reliable and effective AV tools. The truth is that this is another scam application developed to enter your PC through vulnerabilities in outdated programs. Trend Micro, which detects the threat as TROJ_FAKEAV.EHM said, " After infecting a user's system, this malware scares its victim into buying the "product" by displaying fake security messages, stating that the computer is infected with spyware or other malware and only this product can remove it after you download the trial version. As soon as the victim downloads Win 8 Security System, it pretends to scan your computer and shows a grossly exaggerated amount of nonexistent threats ". This sort of malware is commonplace, with examples existing for Windows XP, Windows Vista, Windows 7 and ...