The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Sec Indi Security Team has found Multiple major flaws on Clickindia.com - One of the biggest Classifieds network. There is a highly possible chance to damage ClickIndia system or to steal the Database. Hackers Exploit it via SQL Injection Vulnerability.

Linux.com down again due to Security Breach Linux Foundation infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are again down for maintenance due to a security breach that was discovered on September 8, 2011. Investigators yet can't elaborate the source of attack. Regarding coming back online , Linux.com says " Our team is working around the clock to restore these important services. We are working with authorities and exercising both extreme caution and diligence. Services will begin coming back online in the coming days and will keep you informed every step of the way. " The added " We are in the process of restoring services in a secure manner as quickly as possible. As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised. If you have reused these passwords on other sites, please change them immediately. We are currently auditing all systems and wil...

SpyEye Trojan stole $3.2 million from US victims, Android users will be next target ! A Russian cybergang headed by a mysterious ringleader called 'Soldier' were able to steal $3.2 million (£2 million) from US citizens earlier this year using the SpyEye-Zeus data-stealing Trojan, security company Trend Micro has reported and Trusteer reports that an Android variant of Spitmo (SpyEye for mobile) has been discovered. The methodology sounds familiar for those familiar with ZeuS Mitmo and SpyEye Spitmo: infected computers inject a message into targeted netbanks prompting their customers to install software on their phones. Once Spitmo is installed, the SpyEye attacker is able to monitor incoming SMS and to steal MTAN authentication messages. " His botnet was able to compromise approximately 25,394 systems between April 19, 2011 and June 29, 2011. And while nearly all of the victims were located in the US, there were a handful of victims spread across another 90 countries ,"...

GoDaddy websites Compromised with Malware Many sites hosted on GoDaddy shared servers getting compromised today  with a conditional redirection to sokoloperkovuskeci.com .In all 445 cases the .htaccess file (a main Apache web server configuration file) was modified to redirect users to a malware site when they were referred by one of a list of search engines. These redirections attacks are very common on outdated WordPress and Joomla sites, but this time (and for this specific malicious domain), we are only seeing them on GoDaddy hosted sites. So it looks like a compromise on their own servers (similar to what has happened in the past). This is caused by this entry that is added to the .htaccess file of the compromised sites: RewriteEngine On RewriteOptions inherit RewriteCond %{HTTP_REFERER} .*ask.com.*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*msn.com*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*bing.com*$ [NC,OR] RewriteCo...

oclHashcat-plus v0.06 - Worlds fastest md5crypt, phpass, mscash2 and WPA/WPA2 cracker oclHashcat-plus faster than every other WPA cracker. The highly anticipated v0.06 of the Graphics Processing Unit accelerated password cracker tool oclHashcat-plus was released today. What makes it so special about this release is that it now has support for captured Wi-Fi Protected Access handshake cracking on top of all the other algorithms currently supported (MD5, MD5 Crypt, DES Crypt, NTLM, Domain Cached Credentials etc). It cracks WPA at an estimated rate of 0-300% faster than rivals, namely the python WPA cracker pyrit. It is coded in OpenCL so both NVIDIA and AMD devices are supported, however this improvement is more noticeable on AMD GPU devices as well as Multi-GPU system Features Worlds fastest md5crypt, phpass, mscash2 and WPA/WPA2 cracker Worlds first and only GPGPU based rule engine Free Multi-GPU (up to 16 gpus) Multi-Hash (up to 24 million hashes) Multi-OS (Linux & Wind...