The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

eToro Vulnerable to Database Dump Security Experts at Zsecure.net discover a serious Vulnerability in eToro, which is a financial trading company based in Cyprus and one of the top ranked Forex Trading Service Provider Worldwide. It provides personal online financial services in forex, commodities and stock indices through its own electronic trading platform. eToro is primarily a platform and a software provider; it is not itself a financial broker. Rather, it connects its customers with third party brokerage services provided by various brokers. About the Vulnerability zSecure team has detected detected an active vulnerability in eToro's web-portal which allows the complete access to their database and even the complete database can be dumped/downloaded. Since the company is handling the portfolio thousands of trader's keeping their database vulnerable to outside attack is a shame on the part of the company which is said to carrying millions of value of transactions every...

Oxford University launches Cyber Security Centre Cyber crime is not going away. As the world becomes ever more interconnected and dependent on networks, laptops and personal handheld devices, the opportunities are just too great. The personal information stored on such devices credit card information, drivers’ licenses and Social Security numbers is at high risk and is often targeted by criminals because of the price it can bring on the black market. The Oxford Cyber Security Center is the new home to cutting-edge research designed to tackle the growing threats posed by cyber terrorism and cyber crime, and to safeguard the trustworthiness of electronically-stored information. In addition to being a springboard for new research, is an umbrella for current research activity worth in excess of £5m, supported close involvement of over 12 permanent academic staff, and in excess of 25 research staff, 18 doctoral students. Each year brings its own set of risks and chal...

Return of Lulzsec , Dump 170937 accounts from Military Dating Site Another Hacking group after Lulzsec , comes with name LulzsecReborn has posted names, usernames, passwords, and emails of 170,937 accounts on MilitarySingles.com on Pastebin as part of the group’s Operation Digiturk. LulzSec was a major ticket item last year as the group hacked a number of high profile Web sites all in the name of the “lulz.” After their so called “50 Day Cruise,” the group broke up and went their separate ways.Hacker claim that, There are emails such as @us.army.mil ; @carney.navy.mil ; @greatlakes.cnet.navy.mil ; @microsoft.com ; etc.. in dump. In response to a query by the Office of Inadequate Security, ESingles, the parent company of MilitarySingles.com, said that there is “ no actual evidence that MilitarySingles.com was hacked and it is possible that the Tweet from Operation Digiturk is simply a false claim. ”. LulzSecReborn hack the site and added his deface page here , (as shown in abo...

Anonymous Attacker Package by Maxpain " Maxpain " Hacker and Security Developer, Releases two tools in an Package called " Anonymous Attacker Package ". First one is - Anonymous external attack , allows you to execute udp flood web attack, into websites, this tool was made as external of LOIC, the following package contains : #Anonymous External Attack - A console application made in C# that allows you to flood the websites with anonymous style , and sending 4096 packets each second. The program delays some seconds for each packet that it makes, so it flood effectively without lagging your own connections. Cool for DDoS attacks. (213kb file) #Anonymous DNS Extractor - Extracts the dns and ip servers of the following website, Developer included this program, cause in the target ip of AEA - anonymous external attack you need to use an IP. (128kb file) Both of programs are really light and console applications, by giving you the ultimate experience web attack. ...

Free Configuration Check Tool by eEye Digital Security eEye Digital Security, the industry’s leading innovator of threat management solutions, just released new research, “ Working Toward Configuration Best Practices ” . Findings verify that proper configuration and mitigations remain the most effective way to secure IT infrastructure. The research team at eEye also found that the leading mitigations it recommended in 2011 disabling WebDAV and Microsoft Office document converters - prevented even more vulnerabilities in 2011 than in 2010. In the case of turning off the Office document converters, the percentage increased from eight to 10 percent. Combined, the two tactics mitigate 20 percent of vulnerabilities. To put these relatively simple recommendations into action, IT administrators can download a new, free tool from the eEye researchers. It tests for some of the most highly recommended configuration updates and: • Offers a simple pass/fail and informational status ...