The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Indian hacker, Godzilla once again hit Bangladesh government server . Hacker told us about his latest cyber attack on  Directorate General of Forces Intelligence Bangladesh (DGFI -  www.dgfi.gov.bd ) server . He claimed to back up all confidential mails in the server and list of all their agents around the globe. Hacker taunt Bangladesh govt , " To all stupid Intelligence people of Bangladesh do you know what is security??,  Iam really felling pitty for you." Through a paste  note, hacker leak one sample mail (funny one), which is the conversation between Dewan Mamoon and DGFI Director. Some words from email are, " I love the CIA. I love the DGFI. I love the Bangladesh armed forces. I love America and I love Bangladesh. " and " I know that you are the ones to thank for sponsoring me in Bangladesh and the CIA for sponsoring me in America. " Compromised Intelligence server claimed to be full of sensitive information. In past year, G...

It's the news of the day, a fraudulent digital certificate that could be used for active phishing attacks against Google's web properties. Using the certificate it is possible to spoof content in a classic phishing schema or perform a man-in-the-middle attack according Google Chrome Security Team and Microsoft experts. Microsoft has been immediately started the procedure to update its Certificate Trust list (CTL) and all versions of its OSs to revoke the certificate. Microsoft has also decided to revoke other two certificates for the same reason, it seems that some attacks using the first certificate have been already detected, fraudulent digital certificate that was mistakenly issued by a domain registrar run by a Turkish domain registrar. Microsoft has issued a security advisory " Microsoft Security Advisory ( 2798897 ) -Fraudulent Digital Certificates Could Allow Spoofing " that states: "Microsoft is aware of active attacks using one fraudulent digital certificate is...

Japan ministry become the recent victim of a cyber attack through a malware that suspected to have compromised and sent overseas more than 3,000 confidential documents from the ministry, including many on global trade negotiations. After investigation, experts found that Hackers use "HTran" the Advanced Persistant Threat (APT) exploit kit for attack. Computers at country's Ministry of Agriculture, Forestry and Fishery suspected to be infected from this. HTran is a rudimentary connection bouncer, designed to redirect TCP traffic destined for one host to an alternate host. The source code copyright notice indicates that HTran was authored by "lion", a well-known Chinese hacker and member of "HUC", the Honker Union of China. A lot of the documents were about the negotiations over the US-led Trans-Pacific Partnership multilateral trade pact. According to a report from SecureWorks, Dell's security division, in 2011 that the malware is believed to have b...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

RED HAT has fixed multiple web application security issues that allowed hackers to extract website database using Blind SQL injection. Red Hat also confirmed a cross site scripting and Local File Inclusion Vulnerabilities on their website. Mohamed Ramadan Security Researcher and Trainer Attack-Secure , told ' The Hacker News ' that last year he reported 3 flaws to the company and they finally confirm and patch those in January 2013. Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application, rather than getting a useful error message, they get a generic page specified by the developer instead. This makes exploiting a potential SQL Injection attack more difficult but not impossible. Local file inclusion is a vulnerability that allows the attacker to read files, that are stored locally through the web application.This happens because the code of the application does not pro...

Two high school football players in Steubenville, Ohio are under arrest for the sexual assault of a 16-year-old girl. Newly leaked video sheds more light on what may have happened to a girl who told police she was raped by these high school football players in August. Trent Mays and Ma'lik Richmond- have been arrested and charged with raping a fellow 16-year-old, taking her to a number of parties when she was too drunk to resist, digitally penetrating her and possibly even urinating on her.  A small group of information activists was able to do what 3 Ohio state law enforcement agencies couldn't. The clip, released this week by an Anonymous cell calling itself " Knight Sec " is reported to show former Steubenville, Ohio high school athlete Michael Colin Nodianos bragging about the sexual assault from a friend's apartment. On the video which recently was posted online, the boys joke about the girl appearing "dead". On their website, called Local Leaks ...

Soon, you would have the ability to carry a proper desktop operating system on your mobile phone. The firm behind the Ubuntu operating system, Canonical has announced a version of its software for smartphones. Instead of Android, now users will be able to run a very different Linux-based OS , the long-awaited mobile version of Ubuntu which comes with a new UI adapted for smaller screens. Best part, the operating system uses the drivers and kernels from Android, which means it can be easily installed on any smartphone currently running Google's OS, and also means manufacturers won't need to change any of their hardware to support the new OS. Benefits: A single OS for phone, PC and TV Fast, beautiful interface for entry level smartphones Unique PC experience on super phones when docked with a monitor, keyboard and mouse Ubuntu raises the bar for mobile UI design, for richer and more apps. Ubuntu's founder, Mark Shuttleworth, said he was in talks with manufacturers f...