The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

FreeFloat FTP Server - Buffer Overflow Vulnerability Ashfaq Ansari Reported  FreeFloat FTP Server - Buffer Overflow Vulnerability. In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, whilewriting data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case ofviolation of memory safety.Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program operates.This may result in erratic program behavior, including memory access errors, incorrect results, a crash, or a breach ofsystem security. This Exploit helps to gain remote access on FreeFloat FTP using FEAT command. Download Proof of Concept from Here and Exploit is Available here . [ Source ]

UCLA psychology department database hacked by Inj3ctor Inj3ctor team of Hackers take responsibility for the release of information from the psychology department's database which included the names, home addresses and dates of birth of 26 applicants to the university. The attacker also published some information that helped him access the database. He highlighted the open ports and the versions of the services he relied on to hack the site. This is not the first time that the department database has been dumped on Pastebin. In July 2011, another hacker posted psychology department faculty's phone number, first and last name, e-mail address, street address, and UCLA ID number. Webmasters from UCLA IT are still investigating the hacking, but Bollens said it is likely the result of a SQL injection, which makes programs give more information than intended for release. The psychology department's outdated database may have made it more susceptible to the SQL injection, where ...

Sky News Twitter account Hacked Hackers yesterday accessed the Twitter account for Sky News business desk and posted a tweet claiming that James Murdoch had been arrested by London police. It has also lately been used by hacker groups to simply raise their profile and make the public aware of their existence. Soon re-twitted by many followers, the fake news created quite a stir.The false tweet was erased within minutes, but not before other Twitter users had shared it across the network. Sky News is likely to find out soon whether the hack was executed by an insider - possibly as a joke - or by hackers.

Uniscan 5.2 is released -  vulnerability scanner Uniscan is a open source vulnerability scanner for Web applications. Uniscan 2.0 is a perl vulnerability scanner for RFI, LFI, RCE, XSS and SQL-injection. features: Identification of system pages through a Web Crawler. Use of threads in the crawler. Control the maximum number of requests the crawler. Control of variation of system pages identified by Web Crawler. Control of file extensions that are ignored. Test of pages found via the GET method. Test the forms found via the POST method. Support for SSL requests (HTTPS). Proxy support. Generate site list using Google. Generate site list using Bing. Plug-in support for Crawler. Plug-in support for dynamic tests. Plug-in support for static tests. Plug-in support for stress tests. DOWNLOAD UNISCAN 5.2 Tutorials to create your plug-ins: https://www.uniscan.com.br/tutorial1.php https://www.uniscan.com.br/tutorial2.php https://www.uniscan.com.br/tutorial3.php

Duqu computer virus Detected by Iran civil defense organization The virus is called W32.Duqu, or just Duqu create fear after the opening Pandora's Box of Stuxnet. The head of Iran's civil defense organization told the official IRNA news agency that computers at all main sites at risk were being checked and that Iran had developed software to combat the virus. First, Duqu is not deigned to harm industrial automation. The software basically attacks windows systems. Instead of sabotaging industrial control, Duqu has been general remote access capabilities. Duqu has a key logger and can save passwords etc.. The malware uses HTTP and HTTPS to communicate to a command and control (C&C) server at 206.183.111.97, which is hosted in India, the IP is inactive as of October 18th. Duqu infiltrates systems directly it is not a worm like Stuxnet and needs to be placed directly, e.g. through infected mails.Duqu also the certificate of C-Media Electronics Incorporation, a Taiwanese audio ch...

SAHER HoneyNet : A Tunisian Honeynet Project A honeynet is a network set up with intentional vulnerabilities; its purpose is to invite attack, so that an attacker's activities and methods can be studied and that information used to increase network security. A honeynet contains one or more honey pots, which are computer systems on the Internet expressly set up to attract and "trap" people who attempt to penetrate other people's computer systems. Although the primary purpose of a honeynet is to gather information about attackers' methods and motives, the decoy network can benefit its operator in other ways, for example by diverting attackers from a real network and its resources. The Tunisian honeynet project " Saher-HoneyNet " is an initiative launched by the Tunisian CERT, in order to mitigate threats related to malicious traffic in order to improve the national cyberspace security by ensuring preventive and response measures to deal with malware infections....

Bizztrust : The Most Secure Android Phone With companies these days justifiably concerned about the security of the mobile devices provided to their workforce, many workers find themselves carrying around two mobile phones - one for personal use and another for business. Sure, mobile phones aren't the huge pocket-stretching devices they once were but for the sake of convenience, one is most definitely better than two. A new German project makes Android phones significantly more secure for business communications--this could change the way people use smartphones, entirely.The Germans are an efficient lot, and when it comes the quality of their automobiles, well Mercedes Benz, BMW and Audi says it all, don't they? The Swedish are also in with a shout for the safest car in the market, but when it comes to having the world's most secure Android-powered phone, the Germans have it down pat after discovering a method to develop super-secure virtual "work phones" on Android-powered devi...