The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

#Enter_at_your_own_Risk Cyber Awareness Magazine Issue January edition Released As we promised last month, The Hacker News along with Security-FAQs, SecManiac, Korben, Security-Shell, SecTechno have come together to bring you an outstanding array of internet security and hacking information. You can   Download Here  Special Magazine January 2012 Edition. Previous Editions  available Here . Sit back, read and enjoy : Lee Ives from London, England talk about internet security for your children and what to watch out for and how to protect them and yourself. Security Expert, Pierluigi Paganini takes us on a visit to China and makes us wonder just how influential China's hacking is on world internet security. Read and decide for yourself. Get political emotions warmed up reading " Anatomy of a Revolution " by our own editorial staff.  Mourad Ben Lakhoua takes us on a scary journey of what new Malwares are lurking about and what to expect in the fu...

9 Top Patch Management Practices for Businesses Security I've spent most of the past decade in information security, with a pretty big focus on incident response. It never ceases to amaze me how many security incidents (pronounced hacks) customers suffer as a result of unpatched systems. Patch management is not an art form; it's an underappreciated and often ignored part of what should be daily care and feeding of your infrastructure. Here are the nine best patch management practices I've learned over the years: 1. Automate your patching If your patch management strategy depends upon manual effort, you're doing it wrong. Only the smallest businesses can handle patching by hand. You need a system that can deploy patches to all your systems; workstations and servers. 2. In-depth reporting Automating doesn't mean ignoring. You should be able to see the state of your patch management at any point in time and know exactly which systems are in need of attention. 3. Tes...

Nmap 5.61TEST4 released with Web Spidering Feature ! Nmap release today an interesting version nmap 5.61TEST4 with number of interesting features. Also, to improve the user experience, the Windows installer nowinstalls various browser toolbars, search engine redirectors, andassociated adware. a spidering library and associated scripts for crawling websites. 51 new NSE scripts, bringing the total to 297. a substantial decrease in the size of the Mac OS X installer due to the removal of PPC support. a new vulnerability management library which stores and reports found vulnerabilities. Mac OS X packages are now x86-only (rather than universal), reducing the download size from 30 MB to about 17. Change Log can be found here  and Download Here  .

AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can't easily see. These "invisible" non-human identities (NHIs) now outnumber human accounts in most cloud environments, and they have become one of the ripest targets for attackers. Astrix's Field CTO Jonathan Sander put it bluntly in a recent Hacker News webinar : "One dangerous habit we've had for a long time is trusting application logic to act as the guardrails. That doesn't work when your AI agent is powered by LLMs that don't stop and think when they're about to do something wrong. They just do it." Why AI Agents Redefine Identity Risk Autonomy changes everything: An AI agent can chain multiple API calls and modify data without a human in the loop. If the underlying credential is exposed or overprivileged, each addit...

400000 Israeli Credit Cards & Information Leaked by Saudi Arabia Hackers Hacker named " 0xOmar " from group-xp, largest Wahhabi hacker group of Saudi Arabia claim to Hack lot of Israeli servers, lot of information about Israeli people including their name, address, city, zipcode, Social Security Numbers (Israeli IDnumbers), mobile phone number, home phone number, credit card number (including exp year, month and CVV). According to announcements from the credit card companies, 6,600 of the stolen cards belong to Isracard Ltd., 4,000 to Leumi Card Ltd., and 3,000 to Israel Credit Cards-Cal Ltd. (ICC-Cal) (Visa). Hacker says " We daily use these cards to solve our problems, purchasing VPNs, VPSes, softwares, renting GPU clusters, renting cloud servers and much more! ". They Claim themselves as part of Anonymous hacking Group from Saudi Arabian. " my goal is reacing 1 million non-duplicate people, which is 1/6 of Israel's population. " He said. Qu...

ColdFusion Zero day vulnerability : Remote File Disclosure of Password Hashes Yesterday  Blackhatacademy Released Fully automated MySQL5 boolean based enumeration tool . Today Another post expose the most critical ColdFusion vulnerability affects about a tenth of all ColdFusion servers at the present. It chains together multiple exploits, and it provides a 30 second window into the Administrator panel. The ColdFusion Administrator panel can then be used to write out a shell. ColdFusion Markup Language is an interpreted language utilizing a Java backend. It allows direct access to Java via its cfscript tags, while simultaneously offering a simple web wrapper. It is vulnerable to a variety of attacks, but mainly LFD and SQLi. ColdFusion scripts are commonly run as an elevated user, such as NT-Authority\SYSTEM (Windows) or root (Linux), making them especially susceptible to web-based attacks. Patching a ColdFusion instance from the LFD->Bypass->RCE exploit can only ...