The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Thirty-six websites used to sell stolen bank account details have been taken down following an investigation by the Serious Organised Crime Agency ( SOCA ). The arrest of two men in the UK and another in Macedonia is the result of an international operation in which 36 web domains, used to trade compromised banking data, were taken offline. SOCA has been tracking the development of AVCs and monitoring their use by cyber criminals, who support payment card and online banking fraud on a global scale. Working with the FBI, the BKA in Germany, the KLPD in the Netherlands, the Ukraine Ministry of Internal Affairs, the Australian Federal Police, and the Romanian National Police, SOCA has recovered over 2.5 million items of compromised personal and financial information over the past 2 years. Lee Miles, head of cyber operations for SOCA, said: " Our activities have saved business, online retailers and financial institutions potential fraud losses estimated at more than half a billion pounds...

Microsoft's MSN Hotmail (Live) email service currently hosts over 350 million unique users. A Vulnerability Laboratory senior researcher, Benjamin Kunz Mejri, identified a critical security vulnerability in Microsoft's official MSN Hotmail (Live) service. A critical vulnerability was found in the password reset functionality of Microsoft's official MSN Hotmail service. The vulnerability allows an attacker to reset the Hotmail/MSN password with attacker chosen values. Remote attackers can bypass the password recovery service to setup a new password and bypass in place protections (token based). The token protection only checks if a value is empty then blocks or closes the web session. A remote attacker can, for example bypass the token protection with values "+++)-". Successful exploitation results in unauthorized MSN or Hotmail account access. An attacker can decode CAPTCHA & send automated values over the MSN Hotmail module. Regarding the consequences it was a win for Micr...

The BackBox team has announce the release 2.05 of BackBox Linux. The new release include features such as Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8.0. BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools. What's new System upgrade Bug corrections Performance boost Improved start menu Improved WiFi driver (compat-wireless aircrack patched) New Hacking tools: creepy, fern-wifi-cracker, joomscan, pyrit, reaver, xplico, etc. Updated tools: crunch, fimap, hydra, magictree, metasploit, set, sipvicious, skipfish, w3af, weevely, wireshark, wirouterkeyrec, wpscan, zaproxy, theharvester, xsser, etc. Download Backbox 2.05

Several Lebanese ministry websites were the target of a hack attack Thursday by the group Raise Your Voice, in the second such attack on government-related portals this month. " We are RYV, short for Raise Your Voice, and we are simply a group of people who could not bare (sic) sitting in silence, watching all the crimes and injustice going on in Lebanon. We will not be silenced and brainwashed by your media. We will not stop until the Lebanese people mobilize, demand their rights, and earn them ," said the group's message posted on the hacked websites. It is unclear whether Lebanon Anonymous is affiliated with the hacktivist group #Anonymous, renowned for its attacks on websites of governments and corporations it considers corrupt or seeking to limit free speech on the web. Last month, they took down the Interpol's website as a response to the arrest of 25 of their members, as well as the United Nations' official site. Below is the list of the websites that were hacked on...

Hackers continued to attack the Philippine government's online presence, with at least one agency on Thursday reporting a denial-of-service attack the night before. The official website of the Department of Budget and Management (DBM) yesterday became the latest victim of a cyber attack by suspected Chinese hackers.The DBM website was defaced at around 2 pm Wednesday and will remain offline until the repairs are complete, according to Budget Secretary Florencio Abad. In a press statement, Abad said the DBM's official website, www.dbm.gov.ph , is currently undergoing a security audit and "may be inaccessible until critical issues are resolved." The hackers placed a Chinese flag on the DBM website along with a caption announcing it was " Hacked! Owned by Chinese Hackers?! " The webpage also contained a message: " How come a small bitch border country are overconfident? And Challenged to Our Chinese Super Hacker? " A warning was also displayed: " Don't Trouble Chine...