The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

NeXpose 5.0 vulnerability management solution Released by Rapid7 Nexpose proactively supports the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. This gives organizations immediate insight into the security posture of their IT environment by conducting over 65,000 vulnerability checks for more than 16,000 vulnerabilities. The solution leverages one of the largest vulnerabilities databases to identify vulnerabilities across networks, operating systems, databases, Web applications and virtual assets. Risk is classified based on real exploit intelligence combined with industry standard metrics such as CVSS, as well as temporal and weighted risk scoring. Nexpose provides a detailed, sequenced remediation roadmap with time estimates for each task. Nexpose is used to help organizations improve their overall risk posture and security readiness as well as to comply with mandatory regulati...

Military Contractor Mitsubishi hacked Mitsubishi Heavy Industries Ltd said on Monday that its computers had been hacked into, with one newspaper saying the target was Japan's biggest defence contractor's factories for submarines, missiles and nuclear power plant components. " There is no possibility of any leakage of defense-related information at this point, " a spokesman for the Japanese conglomerate said. According to the Japanese newspaper, information was stolen from the company's computers in the attack. Mitsubishi Heavy has confirmed the attack, but said it is still investigating whether there were any information leaks.The company said about 80 virus-infected computers were found at the company's headquarters in Tokyo as well as manufacturing and R&D sites including Kobe Shipyard & Machinery Works, Nagasaki Shipyard & Machinery Works and Nagoya Guidance & Propulsion System Works. Kobe Shipyard currently builds submarines and makes compone...

NetworkMiner 1.1 -  Network Forensic Analysis Tool (NFAT) Released  NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.NetworkMiner collects data (such as forensic evidence) about hosts on the network rather than to collect data regarding the traffic on the network. The main user interface view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames). Consider a scenario where you're analyzing a suspicious website, wishing to understand the way that it might try attacking its visitors. One way to approach this challenge is to browse the website using a Windows ...

Intelligence and National Security Alliance (INSA) hacked On Wednesday, 48 hours after releasing a policy paper on cybersecurity, the top trade association for intelligence contractors got a first-hand lesson on the subject: they discovered that their website was hacked. Cryptome, a site affiliated with the hacker collective Anonymous, published the membership emails and phone numbers and in some cases home addresses for the members of the Intelligence and National Security Alliance (INSA). By clicking on a link titled, "INSA Nest of Official and Corporate Spies," anyone can find contact information for senior officials at the NSA, FBI, and CIA, as well as top national security contracting firms like Booz Allen Hamilton. The apparent cyberattack on the Intelligence and National Security Alliance, or INSA, is the latest example of the ability of hackers to penetrate the computer systems of government agencies and private companies — including those that pride themselves on their ...

Comodohacker is 21 year old patriotic Iranian Hacker The New York Times got in touch with Comodohacker, who says he's a 21-year-old Iranian student, and asked him about the motives behind his sweeping breach of Gmail this summer. By sniping security certificates from a Dutch company — essentially the digital ID cards that tell your computer a website's legit — Comodohacker was able to crack 300,000 Iranian Gmail accounts, prompting Google to warn the entire country. " My country should have control over Google, Skype, Yahoo, etc., " he said by e-mail. " I'm breaking all encryption algorithms and giving power to my country to control all of them. "" I'm totally independent, " he said " I just share my findings with some people in Iran. They are free to do anything they want with my findings and things I share with them, but I'm not responsible. " Hundreds of companies and government authorities around the world, including in the United States and China, have the power to issue the...

United States Navy Military domain is vulnerable to hackers United States Navy Military website is full of vulnerabilities. Sec Indi Security Team Hacker upload a custom message on the server as shown below : Url is hidden for Security Reasons. Hacker claim to inform the website admins already, but government did not fix it yet so he releasing this in public.

Vulnerability Discovered in SpyEye Botnet , Exploit Available for Download Blind SQL injection Vulnerability Discovered in SpyEye Botnet by S4(uR4 ( r00tw0rm.com ) Exploit : Vulnn type : Blind SQL injection vuln script : frm_cards_edit.php Affected version : ALL May use any botnet from : https://spyeyetracker.abuse.ch/monitor.php What is SpyEye ? W32/SpyEye Aliases :  This is a list of aliases for the variant of SpyEye discovered in early February 2011 that has been actively targeting Norwegian banking websites: Trojan-Spy.Win32.SpyEyes.evg (Kaspersky) PWS-Spyeye.m (McAfee) Trojan:Win32/EyeStye.H (Microsoft) A variant of Win32/Spy.SpyEye.CA (NOD32) W32/Malware.QOOC (Norman) Trojan.Zbot (Symantec) Mal_Xed-24 (Trend Micro) Brief overview SpyEye is a trojan with backdoor capabilities that attempts to steal sensitive information related to online banking and credit card transactions from an infected machine. SpyEye is sold via its author in an easy to configure ...