The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Facebook strengthens security with AntiVirus Marketplace Facebook has launched Anti-Virus Marketplace  , a new portal to protect the social network's users.Members are being encouraged to download anti-malware programs which they can use at no cost for six months. Facebook is strengthening its security controls in an attempt to protect its 900 million users from spam and malicious content.Facebook said Wednesday that it will work with Microsoft Corp. and with computer security firms Trend Micro Inc., Sophos, Symantec Corp. and Intel Corp.'s McAfee to provide safeguards on Facebook. " The Antivirus Marketplace was developed with industry partners to enhance protection for people on Facebook ," Facebook wrote in a blog post . " This program will help us provide even better protections to those using Facebook, no matter where they are on the web. " Facebook's security push comes as social networks become an increasingly popular target for spammers and ...

Iran Preparing For Cyberwar Against U.S Security professionals in both the U.S. government and in private industry have long feared the prospect of a cyberwar with China or Russia, two states capable of launching destructive attacks on the computer networks that control critical assets such as the power grid or the financial system. But, Iran is recruiting a hacker army to target the U.S. power grid, water systems and other vital infrastructure for cyberattack in a future confrontation with the United States, security specialists will warn Congress Thursday. " If Iran is willing to blow up a Washington restaurant and kill innocent Americans, we would be naive to think Iran would never conduct a cyberattack against the U.S. homeland ," said Counterterrorism and Intelligence Subcommittee Chairman Pat Meehan, R-Pa. " Over the past three years, the Iranian regime has invested heavily in both defensive and offensive capabilities in cyberspace ," states testimony from Ilan Berman...

VMware on Tuesday announced that a single file from its ESX server hypervisor source code has been posted online, and it held out the possibility that more proprietary files could be leaked in the future.  " The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers ," VMware said in a statement. " Hardcore Charlie " - who claims to have downloaded some 300 Megabytes of VMWare source code. Anonymous tweeted: @AnonymousIRC: Oops, VMWare source leaked? Not good https://pastebin.com/JGxdK6vw to Anonymous contributors. May the Pirate Bay always sail strong! The leaked documents include what appear to be internal VMWare communications, pasted onto CEIEC letterhead and with official looking stamps. One email exchange, dated June 5, 2003 is from Jeffrey Sheldon to an internal VMWare listserv and has the subject "code review:untruncating segments. Given the large number of service pr...

New Flashback malware variant found in the wild A new Flashback Trojan has been discovered that infects Macs without prompting the user for a password. If you haven't updated Java on your Mac, or disabled it entirely, you could be a victim. The new variant  dubbed Flashback.S  is actively being distributed in the wild, taking advantage of a Java vulnerability that Apple has already patched. Flashback.S drops two files in the user's home folder, then deletes cached Java files to avoid detection. However, the researchers did not indicate what this new variant was specifically designed to do or how many computers might be infected. At its height, the original Flashback, which was designed to grab passwords and other information from users through their web browser and other applications, was estimated to be infecting more than 600,000 Macs . After analyzing 100,000 Macs running the firm's free anti-virus software program, Sophos discovered several Apple computers ...

Plown : Security scanner for Plone CMS Despite the fact that Plone is one of the most secure CMS, even the most secure system can be penetrated due to misconfigurations, use of weak passwords and if the admins never apply the patches released. Plown has been developed during penetration tests on Plone sites and was used to ease the discovery of usernames and passwords, plus expose known Plone vulnerabilities that might exist on a system. What Plown does Username enumeration Multithreading password cracking.You can specify the login url (if different that login_form) and the number of threads (16 default) Known vulnerability enumeration, based on urls/objects exposed. If found vulnerable, the tool informs about the vulnerability and the url of the patch Version enumeration is planned, based on md5 hashes of static content (css, js) We hope that plown can act as an assistant to system administrators to strengthen their Plone sites. Download Code (written on python)  or visi...