The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Formspring, a social Q&A website popular with teenagers,this week disabled its users' passwords after discovering a security breach. Formspring founder and CEO Ade Olonoh apologized to users for the inconvenience, and advised them to change their passwords when they log back into Formspring. A blog entry posted by Formspring's CEO and founder Ade Olonoh explains that the passwords of all 28 million users have been disabled and the company was notified that 420,000 password hashes that seem to belong to its users have been posted to a security forum, and immediately began an internal investigation. Usernames and other identifying information were not posted with the passwords, but Formspring found that someone had broken into one of its development servers and stolen data from a production database. Encrypted passwords aren't immediately useable, although they can sometimes be decoded by a savvy attacker. Formspring launched in 2009 as a crowd-powered question-and-a...

Sucuri Malware Labs notify that some zero-day exploits are available to Hackers which are being used to Hack into Parallels’ Plesk Panel (Port Number 8443). These attacks was keep on raising from last few months as you can see in the Graph: At least 4000 new websites were infected each day, Sucuri malware researcher Daniel Cid. On other News Portals , there was a news recently that Some 50,000 websites have been compromised as part of a sustained iframe injection attack campaign. Security analyst found that, The majority of the sites being targeted are running Plesk Panel version 10.4.4 or older versions. Brian Krebs on his blog report that Hackers in the criminal underground are selling an exploit that extracts the master password needed to control Parallels’ Plesk Panel. This zero-day exploit for Plesk is being sold on the black market for around $8,000 per purchase. Many of the queries probed for web hosting software Plesk, a finding backed by the Sans Interne...

Just after WikiLeaks began releasing the data from the Syria Files, Anonymous hacktivists claimed responsibility for accessing the information and passing it on to the whistleblower organization. Anonymous supplies WikiLeaks with over two million e-mails from Syrian political figures, ministries and companies. According to Report, Anonymous Syria, Antisec and Peoples Liberation Front breached domains and servers in Syria since February, downloaded data over weeks and handed them to WikiLeaks. In February, the hacker team had "worked day and night" to create a massive breach of multiple domains and dozens of servers inside Syria, the statement claimed. In its intro to the e-mail cache, WikiLeaks indicated that they came from 678,000 individual e-mail addresses and 680 domains, including ones belonging to Syria’s Ministries of Presidential Affairs, Foreign Affairs, Finance, Information, Transport and Culture. At least 400,000 of the e-mails are in Arabic and 68,000 are in ...

zSecure team has recently discovered a critical SQL Injection Vulnerability in the web portal of 4XP, a leading online forex broker having more than 1 lakh customer base. Financial transactions are carried on the broker's paltform on daily basis including but not limited to Credit Card Transactions. The critical vulnerability allows to get complete access to brokers database which can be misused to access their customers confidential information including their login id's, passwords, home address, email-id's, mobile no's, credit card details etc. This critical vulnerbility could prove devastating to the company if they doesn't fix it asap. Below are the details about the company & discovered vulnerability.   About the Company 4XP is an online forex broker that specializes in providing an all-inclusive trading package backed by a caring and devoted support team. 4XP was founded by a group of retail-ended entrepreneurs and capital market dealers sharing a vis...

In January 2012, Microsoft confirmed to PC manufacturers that they must enable Secure Boot by default on PCs to be “Certified for Windows 8”. The purpose of Secure Boot is to put an end to computer viruses that sneak between the hardware and the operating system. These viruses, also known as bootkits, work by getting themselves loaded before the operating system, then they make changes to the operating system while it lies defenseless on disk, and then they load the now defenseless operating system and have their way with it. Secure Boot counters the bootkit by ensuring the hardware verifies the identity and authenticity of the software that sits between the hardware and the operating system - the bootloader, and also the software embedded in hardware devices like network and graphics adapters. Secure Boot sounds like a smart solution to the bootkit problem doesn’t it? Who wouldn’t want a secure boot? Proponents of alternative operating syst...

Bulgarian Hackers Group arrested Bulgarian authorities say that after months of investigation they have busted the “most powerful hacker group” in the country, the Cyber Warrior Invasion. The operation was conducted by Bulgaria’s Sector for Computer Crimes, Intellectual Property and Gambling and the territorial units of the Chief Directorate for Fight with Organized Crime in the municipalities of Pleven, Shumen, Plovdiv, Burgas, Haskovo, Stara Zagora and Kyustendil. Using cyber “terrorist” methods, the group had attacked more than 500 websites worldwide, including those of financial institutions, web-based companies, and governmental and non-governmental organizations. On the confiscated computers, police discovered databases with large amounts of stolen emails, social network profiles and associated passwords, as well as stolen credit card data. The site www.cwi-group.org was used by the members of the group to coordinate their activities. Constantly changing its location and ...