The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Anonymous expose email addresses of British military staff & Nato officials Anonymous Hackers expose email addresses of 221 British military staff with encrypted passwords, including those of defence, intelligence and police officials as well as politicians and 242 Nato advisers. " Civil servants working at the heart of the UK government including several in the Cabinet Office as well as advisers to the Joint Intelligence Organisation, which acts as the prime minister's eyes and ears on sensitive information have also been exposed ." from  Guardian  .

XSS vulnerability reported in Yahoo subdomain website Vansh Sharma & Vaibhuv Sharma from India Reported another important Cross site scripting XSS vulnerability in Yahoo subdomain as shown. Vulnerable Link :  https://au.tv.yahoo.com/plus7/royal-pains/ Cross-site scripting ( XSS ) is a type of computer security vulnerability typically found in Web applications that enables attackers to inject client-side script into Web pages viewed by other users.

International Conference on Cyber Security (ICCS)  2012 : Protecting the Cyber World The FBI is teaming up with Fordham University for the International Conference on Cyber Security. It's an effort to identify emerging cyber threats and develop ways to mitigate those threats. The ZeuS Trojan has infected almost 4 million computers in the United States alone. Financial losses due to the ZeuS Trojan are estimated at up to $60 million. The third annual International Conference on Cyber Security: A White Hat Summit (ICCS 2012), a joint effort between the Federal Bureau of Investigation and Fordham University, brings together global leaders from law enforcement, industry and academia at Fordham's Lincoln Center campus from January 9 through 12, 2012. The conference will include three days of lectures, panel discussions, sponsor presentations, exhibitions, and exceptional networking opportunities. ICCS 2012, a four-day event features more than 65 unique lectures from keynote...

Wireless Penetration Testing Series Part 1 : Getting Started with Monitoring and Injection We had promised a while back that we would start a Wireless Security and Penetration testing series based on the SecurityTube Wi-Fi Security Expert (SWSE) course! This course is based on the popular and much appreciated book – " Backtrack 5 Wireless Penetration Testing ", So here we go . In the first two videos, the instructor gets us up and running with our lab setup – access points, victim and attacker machines, wireless cards etc. We then learn that there are 2 essential concepts which one needs to be aware of when dealing with security – ability to monitor and ability to actively prevent attacks. For monitoring, we need to be able to put our wireless cards into "promiscuous mode" so that it can gather all the packets in the air. This is called monitor mode in wireless and we can do this by using a utility called airmon-ng. For active prevention, we need the ability to inject arbitrary pac...

M86 Security detected Web exploitation attacks using AJAX Security researchers from Web filtering vendor M86 Security have detected Web exploitation attacks that use AJAX to fragment the payload into small pieces of code that are harder to detect by antivirus programs and intrusion prevention systems. The attack starts on a page that contains an unsuspicious piece of JavaScript code that is similar to that commonly found on legitimate AJAX-using websites. This code is responsible for fetching the payload in multiple chunks and assembling it back together on the client before executing it. Different pages found by M86 on the attack server exploited vulnerabilities in unpatched versions of Flash Player and Internet Explorer. Bogdan Botezatu, an e-threats analyst at antivirus vendor BitDefender said " This attack scenario definitely has its advantages: by passing the payload in several distinct chunks, the offending packets would likely avoid interception as they pass throug...