The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

BackBox Linux 2.01 released The BackBox team is proud to announce the release 2.01 of BackBox Linux.The new release include features such as Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8.0. The ISO images (32bit & 64bit) can be downloaded from the following location: http://www.backbox.org/downloads What's new System upgrade Performance boost New look Improved start menu Bug corrections New sections such as Forensic Analysis, Documentation & Reporting and Reverse Engineering New Hacking tools and updated tools such as dradis 2.8, ettercap 0.7.4.2, john 1.7.8, metasploit 4.2, nmap 5.51, set 2.5.2, sleuthkit 3.2.1, w3af 1.0, weevely 0.5, wireshark 1.6.3, etc. System requirements 32-bit or 64-bit processor 256 MB of system memory (RAM) 4.4 GB of disk space for installation Graphics card capable of 800×600 resolution DVD-ROM drive or USB port

I’m a firm believer in multitasking. I tend to work on several things simultaneously; the more monitors I have connected the more things I can do in parallel, and I can bounce back and forth between tasks, given that no one interrupts me. When I find an application that can do more than one thing for me, I become very interested, and when it can do three things well, I have myself a winner! GFI LanGuard is just that; a winner, that multitasks for me by providing patch management, network security, and vulnerability scanning into a unified application which makes my network maintenance tasks quick and easy. The latest version was released just a few weeks ago so I decided to take the app out for a spin, really kick the tires, and see what it has to offer. I’ll rate each area on a ten point scale, where high scores are better. Here’s how my test drive went. 0-60 in an instant The 124MB download came down in an instant, and my trial key was in my inbox before the download was...

#Enter_at_your_own_Risk Cyber Awareness Magazine Issue January edition Released As we promised last month, The Hacker News along with Security-FAQs, SecManiac, Korben, Security-Shell, SecTechno have come together to bring you an outstanding array of internet security and hacking information. You can   Download Here  Special Magazine January 2012 Edition. Previous Editions  available Here . Sit back, read and enjoy : Lee Ives from London, England talk about internet security for your children and what to watch out for and how to protect them and yourself. Security Expert, Pierluigi Paganini takes us on a visit to China and makes us wonder just how influential China’s hacking is on world internet security. Read and decide for yourself. Get political emotions warmed up reading “ Anatomy of a Revolution ” by our own editorial staff.  Mourad Ben Lakhoua takes us on a scary journey of what new Malwares are lurking about and what to expect in the fu...

9 Top Patch Management Practices for Businesses Security I've spent most of the past decade in information security, with a pretty big focus on incident response. It never ceases to amaze me how many security incidents (pronounced hacks) customers suffer as a result of unpatched systems. Patch management is not an art form; it's an underappreciated and often ignored part of what should be daily care and feeding of your infrastructure. Here are the nine best patch management practices I've learned over the years: 1. Automate your patching If your patch management strategy depends upon manual effort, you're doing it wrong. Only the smallest businesses can handle patching by hand. You need a system that can deploy patches to all your systems; workstations and servers. 2. In-depth reporting Automating doesn't mean ignoring. You should be able to see the state of your patch management at any point in time and know exactly which systems are in need of attention. 3. Tes...

Nmap 5.61TEST4 released with Web Spidering Feature ! Nmap release today an interesting version nmap 5.61TEST4 with number of interesting features. Also, to improve the user experience, the Windows installer nowinstalls various browser toolbars, search engine redirectors, andassociated adware. a spidering library and associated scripts for crawling websites. 51 new NSE scripts, bringing the total to 297. a substantial decrease in the size of the Mac OS X installer due to the removal of PPC support. a new vulnerability management library which stores and reports found vulnerabilities. Mac OS X packages are now x86-only (rather than universal), reducing the download size from 30 MB to about 17. Change Log can be found here  and Download Here  .

400000 Israeli Credit Cards & Information Leaked by Saudi Arabia Hackers Hacker named " 0xOmar " from group-xp, largest Wahhabi hacker group of Saudi Arabia claim to Hack lot of Israeli servers, lot of information about Israeli people including their name, address, city, zipcode, Social Security Numbers (Israeli IDnumbers), mobile phone number, home phone number, credit card number (including exp year, month and CVV). According to announcements from the credit card companies, 6,600 of the stolen cards belong to Isracard Ltd., 4,000 to Leumi Card Ltd., and 3,000 to Israel Credit Cards-Cal Ltd. (ICC-Cal) (Visa). Hacker says " We daily use these cards to solve our problems, purchasing VPNs, VPSes, softwares, renting GPU clusters, renting cloud servers and much more! ". They Claim themselves as part of Anonymous hacking Group from Saudi Arabian. " my goal is reacing 1 million non-duplicate people, which is 1/6 of Israel's population. " He said. Qu...

ColdFusion Zero day vulnerability : Remote File Disclosure of Password Hashes Yesterday  Blackhatacademy Released Fully automated MySQL5 boolean based enumeration tool . Today Another post expose the most critical ColdFusion vulnerability affects about a tenth of all ColdFusion servers at the present. It chains together multiple exploits, and it provides a 30 second window into the Administrator panel. The ColdFusion Administrator panel can then be used to write out a shell. ColdFusion Markup Language is an interpreted language utilizing a Java backend. It allows direct access to Java via its cfscript tags, while simultaneously offering a simple web wrapper. It is vulnerable to a variety of attacks, but mainly LFD and SQLi. ColdFusion scripts are commonly run as an elevated user, such as NT-Authority\SYSTEM (Windows) or root (Linux), making them especially susceptible to web-based attacks. Patching a ColdFusion instance from the LFD->Bypass->RCE exploit can only ...