The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Authorities in the U.S. and Germany have raided Internet Service Providers in hopes of tracking down the hackers who launched distributed denial of service (DDoS) attacks against Web sites such as Visa.com, PayPal.com, and Mastercard.com earlier this month. In documents posted Wednesday to the Smoking Gun Web site, the U.S. Federal Bureau of Investigation describes the complex path its investigation has taken as it has searched for the computers that served as a central meeting point for the attacks. After Germany's Federal Criminal Police raided service provider Host Europe, they linked one of he IRC servers to Dallas's Tailor Made Services, the documents state. Two hard drives were seized from Dallas's Tailor Made Services on Dec. 16, the Smoking Gun reports. Another IRC server has been traced to Fremont, California's Hurricane Electric. Neither Hurricane Electric nor Tailor Made Services could be reached immediately for comment Thursday. The early-December at...

The bug in Microsoft Word 2002, 2003, 2007 and 2010 was patched Nov. 9 as part of Microsoft's monthly security update. Word 2008 and 2011 for the Mac have also been patched, but Microsoft has not yet issued a fix for the same flaw in the older Word 2004. The circulating attacks affect only Windows versions of the suite, however. According to the Microsoft Malware Protection Center (MMPC), the group that investigates attack code and issues signature updates for the company's antivirus software, the first in-the-wild exploits were detected last week. When Microsoft shipped the Word patch last month, it rated the bug as "1" on its exploitability index, meaning it believed a working attack would pop up within 30 days. The attack uses a malicious RTF (Rich Text Format) file to generate a stack overflow in Word on Windows, said MMPC researcher Rodel Finones. Following a successful exploit, the attack code downloads and runs a Trojan horse on the compromised computer...

With the Federal Bureau of Investigations (FBI) treating successful cyber attacks by "Operation Payback" as criminal offenses, a new level of ambiguity is being introduced into the enforcement of cyber crime laws. The FBI was treating efforts by "Anonymous" and "4chan" as an "unauthorized and knowing transmission of code or commands resulting in intentional damage to a protected computer system," according to a search warrant affidavit published online Thursday. Not all distributed denial of service (DDoS) efforts are a crime. This is especially true when systems within the networks staging the attack are placed there voluntarily by their users, with thousands of willing individuals simply flooding a server by asking it to do what it's designed for: loading pages. Botnets of this nature have been compared to cyber "sit-ins": a computer-age echo of civil rights-era protests. However, a newly discovered software exploit in peer-to-pee...

315 Websites hacked By Tunisian Hacker - The 077 ( HamDi HaCKer ) Websites Hacked : Full List here -  http://pastebin.ca/2035387

“Hexjector is an open-source, multi-platform PHP script to automate site penetration tests for SQL Injection Vulnerabilities.” This is the updated change log: * Error_Check, HexDorker, HexaFind, HexDumper, HexaCurD, Hexdumpfile, Hexoutfile, Hexloader, and WAF_Detector have all been updated. * HexaFind is now multithreaded(Credits tDavid Hopkins for his CURL Class). * HexacURL removed. * Information.php is not used anymore. * Code is refined and organized for better view. * Output Buffering removed. * WAF Bypass Module Added. * HTTP Requests are now available. * POST * Interface of Hexjector is changed thanks tJohnburn, and mods from me. * A nonpersistent XSS is patched in HexDorker. * Codename Added. * RCE Test added. * Troubleshoot section added taid users in solving problems. * A new Manual Updater is added. * News Feeds Retriever. * Patch Retriever. * SQL Injection Type Detection is recoded tbe more precise. * Another Series of SQL Injection Type Detection are ...