The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Internet System Consortium's (ISC) open source DHCP client (dhclient) allows DHCP servers to inject commands which could allow an attacker to obtain root privileges. The problem is caused by incorrect filtering of metadata in server response fields. By using crafted host names, and depending on the operating system and what further processing is performed by dhclient-script, it can allow commands to be passed to the shell and executed. A successful attack does, however, require there to be an unauthorised or compromised DHCP server on the local network. Dhclient versions 3.0.x to 4.2.x are affected. The ISC has released an update. Alternatively, users can deactivate host name evaluation or add an additional line to dhclient-script. Instructions for doing so can be found in the ISC's advisory. Alongside dhclient-script, X.org's 'X server resource database utility' (xrdb) is also affected, as it also evaluates host names transferred via DHCP. Crafted host name...

Govt of Orissa website Owned by ZHC XtreMist [ZHC] Hacked site :  http://zssmayurbhanj.gov.in/ Mirror:- http://zone-h.org/mirror/id/13421065

Against the backdrop of the attack on its website by " Pakistan Cyber Army ", the CBI is considering to send its team to the US and Europe to trace hackers involved in the defacement. Sources said the agency officials have pin-pointed three Internet Protocol (IP) address -- a unique numerical label borne by each computer in a network that use worldwide web for communications -- two originated from Seattle, Pennsylvania in the US and other in Daugavpils, Latvia in northern Europe. They said the agency has moved a local court here seeking permission to access authorities in the US and Latvia for collecting information on the IP addresses. The CBI had on December 4 last year registered a case against unknown persons of " Pakistani Cyber Army " for hacking and defacement of its website under various Sections of Information Technology Act.

A new rootkit that uses the master boot record (MBR) to hide itself has been discovered in China and is being used to install an online game password stealer. The bootkit is installed on the computer by a trojan downloader distributed from a Chinese adult site and is detected by Kaspersky as Rookit.Win32.Fisp.a. Once executed, the rootkit makes a copy of the old MBR and replaces the sectors with its own code which includes an encrypted driver. When the computer boots, the malicious code executes and restores the original MBR so that Windows can load normally. It then uses hooks to replace the fips.sys system driver with a malicious one. "It should be noted that the driver fips.sys is not required for the operating system to run correctly, so the system won’t crash when it is replaced," says Kaspersky Lab expert Vyacheslav Zakorzhevsky. The driver scans loaded processes to determine if they belong to one of over a dozen antivirus programs and prevent them from running...

MumbaiITPro User Group Hacked by TriCk [TeaMp0isoN] MumbaiITPro User Group is an online technical community initiative for the IT Professionals. They are supported by Global IT Community Association (GITCA) and Microsoft Corporation. Hacked site :  http://mumbaiitpro.org/ Mirror :  http://mirror.sec-t.net/defacements/?id=7039

Hosting company Hostkey.ru got Compromised ! A hacked Hacked Into Hosting company Hostkey.ru, some Proof of hacks are here : 1.)  Cms Hacked 2.) PhpMyAdmin Hacked 3.) Shell on Server 4.) Config File http://pastebin.com/VbuD0acE 5.) Server Rooted http://pastebin.com/h5RW3w6c Full compromise step-by-step @ forum http://tinyurl.com/dusbitchez News Source :  anonymous 

Multiple vulnerabilities in IBM Tivoli Directory Server Multiple vulnerabilities have been reported in IBM Tivoli Directory Server, which can be exploited by malicious users to disclose sensitive information and by malicious people to cause a Denial of Service and compromise a vulnerable system, according to Secunia. 1. The application bundles a vulnerable version of IBM Java. 2 . An error within ibmslapd.exe when processing certain requests can be exploited to cause a stack-based buffer overflow. Successful exploitation of this vulnerability may allow execution of arbitrary code. 3. The TDS proxy server stores the user's password in cleartext in the audit log when the backend server is configured to audit extended operations. The vulnerabilities are reported in versions 6.1, 6.2, and 6.3.