The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

M86 Security detected Web exploitation attacks using AJAX Security researchers from Web filtering vendor M86 Security have detected Web exploitation attacks that use AJAX to fragment the payload into small pieces of code that are harder to detect by antivirus programs and intrusion prevention systems. The attack starts on a page that contains an unsuspicious piece of JavaScript code that is similar to that commonly found on legitimate AJAX-using websites. This code is responsible for fetching the payload in multiple chunks and assembling it back together on the client before executing it. Different pages found by M86 on the attack server exploited vulnerabilities in unpatched versions of Flash Player and Internet Explorer. Bogdan Botezatu, an e-threats analyst at antivirus vendor BitDefender said " This attack scenario definitely has its advantages: by passing the payload in several distinct chunks, the offending packets would likely avoid interception as they pass throug...

Hackers selling cheap BOTNETs and DDOS on forums The Internet has revolutionized shopping around the world. Security researchers F-Secure reported recently in a post that hackers are Selling Cheap DDOS services on Various Forums. Hackers are offering services like distributed denial of service attacks (DDoS), which can be used to knock website offline in just 1 - 2 hours / 2$ per hour. They Posted a Youtube Video in which a young woman advertises DDoS services. " We are here to provide you a cheap professional ddos service.We can hit most large websites/forums game servers.We will test the website/server before accepting your money.Due to the nature of the business we dont offer refunds. " Offer said . There is another Interesting Hacker's Shop ! Moreover, for their assaults, the hackers chiefly utilize botnets, while ignorant operators of computers remain unaware that they've gotten contaminated with malware as also being controlled remotely. " Do you wan...

Next Microsoft Patch Tuesday include BEAST SSL fix Microsoft's first batch of patches for 2012 will include fixes for security vulnerabilities in the Windows operating system and Microsoft Developer Tools and Software. The patches will be released next Tuesday (Jan 10, 2012) at approximately 1:00 PM EST. The solitary critical bulletin in the batch fixes a remote code execution issue in Media Player. The remaining six important bulletins due next Tuesday handle the BEAST SSL issue and various information disclosure bugs, escalation of privilege issues and an update to Microsoft's SEHOP (Structured Exception Handler Overwrite Protection) technology to enhance the defence-in-depth capability that it can offers to legacy applications.  The BEAST/SSL patch was supposed to have been included in December's Patch Tuesday release but had been pulled at the last minute due to some testing problems involving a third-party vendor, according to Microsoft. Henry noted that despite all ...

Ramgen-Janelle Scandal video posted on deface page of Philippines  Premiere Bank A defaced linked of the website of the Premiere Bank Philippines which contains a video of Ramgen-Janelle Sex Video Scandal is the talk of the town and widely spread in the IRC and Facebook today. The defacer who uploaded the video claims to be kenjie miranda of h4ckz0n3.The defacer who uploaded the video claims to be kenjie miranda of h4ckz0n3 . Regarding with the case of this video which violates the ANTI- VOYEURISM LAW OF 2009, Senator Revilla Jr. already asked the National Bureau of Investigation to investigate the spread of Ramgen-Janelle intimate video. The video is already viral in torrent sites and forums sites. [ Source ]

Ping.fm vulnerable to Clickjacking (Video Demonstration)  Two Indian Hackers Aditya Gupta(@adi1391) and Subho Halder (@sunnyrockzzs) have discovered Clickjacking vulnerability in one of the famous website " Ping.FM ". Clickjacking is a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. This is based on a technique known as clickjacking ( or UI Redressing ) where an attacker could perform actions on the behalf of user by tricking the user to click on a button or perform some other action. This vulnerability was earlier seen in Twitter where it allows the status to be loaded through the GET method, and an attacker could frame the twitter webpage and trick the user to click on the tweet button, with the user thinking that its a part of the attacker's webpage. This can be disabled by setting the X-FRAME-ORIGIN method to SAME ORIG...

Hackers leak the Source Code for Symantec Product A group calling itself the Lords of Dharmaraja posted an Adobe document online Wednesday that it claimed was a glimpse of the source code for the internet security software. But Symantec spokesman Cris Paden said "no source code was disclosed" in the post, which was a 12-year-old document describing how the software worked, but not the code. Paden said Symantec continues to investigate the hackers' claim that they have source code. But now Symantec, the makers of Norton AntiVirus, has confirmed that a hacking group has gained access to some of the security product's source code. " Symantec can confirm that a segment of its source code has been accessed. Symantec's own network was not breached, but rather that of a third party entity.We are still gathering information on the details and are not in a position to provide specifics on the third party involved.Presently, we have no indication that the code disclosure...