The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A list of over 450,000 email addresses and plain-text passwords, in a document marked " Owned and Exposed " apparently from users of a Yahoo! service, is in circulation on the internet. The affected accounts appeared to belong to a voice-over-Internet-protocol, or VOIP, service called Yahoo Voices, which runs on Yahoo’s instant messenger. The Voices service is powered by Jajah, a VOIP platform that was bought by Telefonica Europe BV in 2010. The dump, posted on a public website by a hacking collective known as D33Ds Company , said it penetrated the Yahoo subdomain using what's known as a union-based SQL injection. By injecting powerful database commands into them, attackers can trick back-end servers into dumping huge amounts of sensitive information. Since all the accounts are in plain-text, anyone with an account present in the leak which also has the same password on other sites (e-mail, Facebook, Twitter, etc), should assume that someone has accessed their accoun...

Two Argentina-based cyber security experts -   Chris Russo  and Fernando Viacanel , who claimed to have cracked the security code of IT systems involved in the discovery of 'God Particle', today conducted training sessions for Indian government officials. Both the hackers are partners of IT security firm E2 Labs and their company in arrangement with industry chamber Assocham has plans to conduct series of technology exchange programmes on cyber security. Russo said that three times he has been able to find vulnerability in IT system of European Organisation for Nuclear Research (CERN) that has been involved in discovery of 'God Particle' or Higgs Boson. Programme was attended by officials from Cabinet secretariat, National Technical Research Organisation, Airforce, C-DAC, Income Tax Department, Assam's AMTRON along with representatives from private sector entities, Aircel and Cisco. "Talents required to be cyber security experts are mostly available in peo...

Formspring, a social Q&A website popular with teenagers,this week disabled its users' passwords after discovering a security breach. Formspring founder and CEO Ade Olonoh apologized to users for the inconvenience, and advised them to change their passwords when they log back into Formspring. A blog entry posted by Formspring's CEO and founder Ade Olonoh explains that the passwords of all 28 million users have been disabled and the company was notified that 420,000 password hashes that seem to belong to its users have been posted to a security forum, and immediately began an internal investigation. Usernames and other identifying information were not posted with the passwords, but Formspring found that someone had broken into one of its development servers and stolen data from a production database. Encrypted passwords aren't immediately useable, although they can sometimes be decoded by a savvy attacker. Formspring launched in 2009 as a crowd-powered question-and-a...

Sucuri Malware Labs notify that some zero-day exploits are available to Hackers which are being used to Hack into Parallels’ Plesk Panel (Port Number 8443). These attacks was keep on raising from last few months as you can see in the Graph: At least 4000 new websites were infected each day, Sucuri malware researcher Daniel Cid. On other News Portals , there was a news recently that Some 50,000 websites have been compromised as part of a sustained iframe injection attack campaign. Security analyst found that, The majority of the sites being targeted are running Plesk Panel version 10.4.4 or older versions. Brian Krebs on his blog report that Hackers in the criminal underground are selling an exploit that extracts the master password needed to control Parallels’ Plesk Panel. This zero-day exploit for Plesk is being sold on the black market for around $8,000 per purchase. Many of the queries probed for web hosting software Plesk, a finding backed by the Sans Interne...

Just after WikiLeaks began releasing the data from the Syria Files, Anonymous hacktivists claimed responsibility for accessing the information and passing it on to the whistleblower organization. Anonymous supplies WikiLeaks with over two million e-mails from Syrian political figures, ministries and companies. According to Report, Anonymous Syria, Antisec and Peoples Liberation Front breached domains and servers in Syria since February, downloaded data over weeks and handed them to WikiLeaks. In February, the hacker team had "worked day and night" to create a massive breach of multiple domains and dozens of servers inside Syria, the statement claimed. In its intro to the e-mail cache, WikiLeaks indicated that they came from 678,000 individual e-mail addresses and 680 domains, including ones belonging to Syria’s Ministries of Presidential Affairs, Foreign Affairs, Finance, Information, Transport and Culture. At least 400,000 of the e-mails are in Arabic and 68,000 are in ...