The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A critical vulnerability discovered in certain LaserJet Pro printers that could give remote attackers access to sensitive data. Homeland Security's Computer Emergency Response Team recently issued a vulnerability note warning that HP LaserJet Professional printers contain a telnet debug shell which could allow a remote attacker to gain unauthorized access to data. This flaw was discovered by a Germany security expert, Christoph von Wittich . He detected the vulnerability during a routine network scan of his company's corporate network. He said the vulnerability could also be used for a denial-of-service attack. " As long as the printer is not connected to the Internet, this vulnerability should not cause much trouble for the end user ,". Marked as CVE-2012-5215 ( VU#782451 , SSRT101078), vulnerability affected 12 printer models including HP LaserJet Pro P1102w, P1102w, P1606dn, M1212nf MFP, M1213nf MFP, M1214nfh MFP, M1216nfh Multifunc...

Israeli mobile security start-up Skycure has exposed a vulnerability that could allow hackers to control and spy on iPhones. A major security vulnerability for iOS configuration profiles  pose malware threat. The vulnerability affects a file known as mobileconf files, which are used by cell phone carriers to configure system-level settings. These can include Wi-Fi, VPN, email, and APN settings. Apple used to use them to deliver patches, and carriers sometimes use them to distribute updates. Adi Sharabani , CEO and co-founder of Skycure, made a demonstration that how sensitive information, including the victim's exact location, could be retrieved, while also controlling the user's iPhone. In Demo, he setup a fake website with a prompt to install a configuration profile and sent the link out to Victim. After installing it, he found out they were able to pull passwords and other data without his knowledge. These malicious profiles can be emailed or ...

The U.S. government repository of standards based vulnerability management website National Vulnerability Database (NVD) was hacked by some unknown attacker last week. The website of NVD ( https://nvd.nist.gov/index.html ) is down since Friday due to a malware infection on two web servers, discovered on Wednesday. The main page of website reads," The NIST National Vulnerability Database (NVD) has experienced an issue with its Web Services and is currently not available. We are working to restore service as quickly as possible. We will provide updates as soon as new information is available ." According to a post available on Google+ by Kim Halavakoski , who contacted NIST Public Inquiries Office to know about the issue," On Friday March 8, a NIST firewall detected suspicious activity and took steps to block unusual traffic from reaching the Internet. NIST began investigating the cause of the unusual activity and the servers were taken offline. Malware was ...

Python supply chain attacks are surging in 2025. Join our webinar to learn how to secure your code, dependencies, and runtime with modern tools and strategies.

Philippines-Malaysia Cyber war over Sabah land dispute take another turn, when Philippines hackers deface their own President  Benigno Aquino III   website early Thursday, and criticized how the President has been handling the conflict in Sabah. The hacker group left a message to the president on the defaced Web site and links to Facebook profiles of the hackers, as shown in screenshot taken. Hacker managed to direct hack into other government websites also including: https://www.gdelpilar.gov.ph https://www.calasiao.gov.ph https://bolinao.gov.ph https://mauban.gov.ph https://apayao.gov.ph https://www.mauban.gov.ph https://www.drd.pnp.gov.ph Complete message from Anonymous Philippines reads: Greetings, President Aquino! We have watched how you signed into law a bill that endangers and tramples upon the citizenship  freedom of speech and expression. Now, we are silent witnesses as to how you are mishandling the Sabah issue. We did not engage the Malay...

According to an exclusive report published today by DNA news, the computers of highly sensitive Defence Research and Development Organisation (DRDO) have reportedly been hacked by Chinese hackers as biggest security breach in the Indian Defence ever. Infiltrate leading to the leak of thousands of top secret files related to Cabinet Committee on Security, which have been detected to have been uploaded on a server in Guangdong province of China. Indian Defence Minister A K Antony said, " Intelligence agencies are investigating the matter at this stage and I do not want to say anything else. " " The leak was detected in the first week of March as officials from India's technical intelligence wing, National Technical Research Organisation (NTRO), working with private Indian cyber security experts cracked open a file called "army cyber policy". The file had been attached to hacked email accounts of senior DRDO officials that quickly spread through the system in a matter...

Great news for Hackers and Backtrack Linux fans! The most awaited penetration testing Linux distribution has been released called ' Kali Linux ' or ' Backrack 6 ', from the creators of BackTrack itself. From last 7 years we have seen five awesome versions of Backtrack Linux. But this time to achieve some higher goals, team decided to leave the 4 years old development architecture and ' Kali Linux ' born today. Kali Linux is based upon Debian Linux, instead of Ubuntu and new streamlined repositories synchronize with the Debian repositories 4 times a day, constantly providing users with the latest package updates and security fixes available. Another great feature introduced is that, because of Debian compliant system, it is now able to Bootstrap a Kali Installation/ISO directly from Kali repositories. This allow any user to easily build their own customization of Kali, as well as perform enterprise network installs from a local or remote repo...