The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Mutillidae 2.1.17 : Born to be Hacked A few days ago an update " Mutillidae " version 2.1.17 was released. Mutillidae is a free, open source web application provided to allow security enthusiest to pen-test and hack a web application. Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver. If you would like to practice pen-testing/hacking a web application by exploiting cross-site scripting, sql injection, response-splitting, html injection, javascript injection, clickjacking, cross frame scripting, forms-caching, authentication bypass, or many other vulnerabilities, then Mutillidae is for you. Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and others. Features Installs easily by dropping project files into the "htdocs" folder of XAMPP. Switch...

Iran makes internal email servers Iran's cyber defense headquarters has succeeded in making internal mail servers which would enable Iranian organizations and bodies to use local email addresses. " One of the most important problems in the cyber arena in Iran is that many individuals and even university professors are using email services like Gmail and Yahoo and have no local email, " Rahimi said, Head of Iran's Cyber Defense Headquarters. " Technical infrastructures have been built in the country and mail servers have been made at the cyber defense headquarters to manage Iranian emails ," he added. The Iranian official noted that the body also shoulders the responsibility to promote culture and education. Iran launched a cyber defense headquarters some five months ago. The key task of cyber defense is to prevent computer worms, or as some call it cyber weapons, from breaking into or stealing data from Iran's maximum security networks, including nuclear facilitie...

Dutch News site spread Malware on 100000 Computers Dutch popular news site NU.nl appears to be serving Java exploit (drive-by malware) to users of IE. Nu.nl has approximately one hour long served the Javascript code that attempted to provide visitors to the news site with a trojan to infect. The attackers made use of servers in India which an exploit kit was placed. The Ministry of Security and Justice issue a warning for malware yesterday by Nu.nl estimated to have infected 100,000 computers. Erik Loman, developer at security firm SurfRight, made ​​known on Twitter on the front page of the news javascript code ' g.js ' was blocked. The code triggered by Loman a nuclear exploit pack on a web server in India was placed. The exploit script checked the browser and common plugins like Flash and Adobe Reader security hole. If an exploit was found, the server sent the Sinowal-malware, a trojan of Russian origin, which is continuously updated and attempts to steal bank detail...

[POC] Windows RDP Vulnerability Exploit The vulnerability described by Microsoft as critical is known as MS12-020 or the RDP flaw. The hackers worked quickly on this particular vulnerability and we've already seen attempts to exploit the flaw which exists in a part of Windows called the Remote Desktop Protocol. Proof of concept (POC) exploit of the deadly RDP vulnerability has been shown to trigger blue screens of death on Windows XP and Windows Server 2003 machines. The exploit attacks a RDP (Remote Desktop Protocol) flaw patched by Microsoft on Tuesday. The discovery of proof-of-concept code on a Chinese website less than 72 hours later came as no great surprise. Security firms warned that worse is likely to follow. The vulnerability might easily be exploited to create a worm that spreads automatically between vulnerable computers. Two POC discovered, first POC to emerge was posted briefly on a Chinese website before disappearing. The second, based off the Chinese...

President Assad 's hacked emails reveal isolation of Syria's leader Asad's personal email account was hacked by Anonymous hackers few hours ago and The Guardian then acquired over 3,000 documents from hacked email that according to opposition is the personal email of ruling couple Bashar and Asma al-Assad sam@alshahba.com and ak@alshahba.com The newspaper said it got the trove of e-mails from a member of the Syrian opposition whom it does not identify. The documents are said to have been intercepted by members of the Supreme Council of the Revolution between June and early February. According to the Guardian, the e-mails show that Assad regularly received advice from Iran or advisers to Iran about how he should respond to the crisis in his country. He received a memo from his media consultant with advice that was based on " consultations with a good number of people in addition to the media and political adviser for the Iranian ambassador. " The memo advised ...