The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Iran Shutdown Google ,Yahoo & other Major sites using Https Protocol We Received latest reports from Iran ,Governments has blocked access to the major sites plus websites using certain Https protocol like Gmail, Google ,Yahoo. On the eve of the anniversary of the revolution that overthrew the country’s monarchy and replaced it with an Islamic republic. At the same time nobody can even use banking websites in Iran because all of them using “Https” to encode the sensetive data . As well as Yahoo, Gmail, Google and all sites that rely on the search giant’s API such as WolframAlpha. Sites such as BMI.ir , BPI.ir and Parsian-Bank.com are also apparently banned. There is Online Service  http://www.blockediniran.com  , where you can check that Is there any site blocked in Iran or Not ? We check the " google.com " as shown,but it showing that site is Working. This Condition until Esfand, next month in Persian calender after the 33rd anniversary of the Islamic Revolu...

Listen to your instincts when it comes to the web Lee Ives from Security-FAQs talk about Internet Security in January Edition of The Hacker News Magazine . When you are on the web the best thing that you can do is to go with your instincts. In real life, when we walk around, we usually go with our gut to make sure that we stay out of danger. If something does not seem right we usually “sense” it for lack of a better term. This is not something that is new. This is how we survived in the wilderness all of those many years ago. We made sure that we stayed safe by following our instincts and doing the right thing. All of these years later and that same advice still holds up to be true. But like we said in the previous paragraph, you have to worry about following your instincts when you are on the web as well. There are many different kinds of pitfalls that you can encounter when you are on the web. It doesn’t matter whether it is meeting the wrong type of person or it is downloading...

THC-HYDRA 7.2 - Fast and Flexible network login Bruteforce Tool Updated One of the most famous network logon cracker – THC-HYDRA 7.2 get latest Update . Hydra is a parallized login cracker which supports numerous protocols to attack. New modulesare easy to add, beside that, it is flexible and very fast.Hydra was tested to compile on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX, andis made available under GPLv3 with a special OpenSSL license expansion. Hydra is best for Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support and is part of Nessus. Changelog v7.2 Speed-up http modules auth mechanism detection Fixed -C colonfile mode when empty login/passwords were used (thanks to will(at)configitnow(dot)com for reporting) The -f switch was not working for postgres, afp, socks5, firebird and ncp, thanks to Richard Whitcroft for reporting! Fixed NTLM auth in http-proxy/http-proxy-url module Fixed ...

63 Vulnerabilities on United Nation Website Exposed Online ! Latest Notification in The Hacker News Vault by a Hacker named " Xenu (Casi) " from r00tw0rm Team that There are  63 Blind SQL injection Vulnerabilities exist on United Nation's Website (www.un.org). Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application rather then getting a useful error message they get a generic page specified by the developer instead. This makes exploiting a potential SQL Injection attack more difficult but not impossible. An attacker can still steal data by asking a series of True and False questions through sql statements. Information purported to be stolen from the organization was posted on the site Pastebin on Thursday morning.  Martin Nesirky , a spokesperson for the Secretary General of the United Nations, confirmed the breach." A case of unauthorized access to the UN website is still being investigated ,...

Trixd00r v0.0.1 - An Invisible TCP/IP based backdoor for UNIX systems NullSecurity Team Releases " Trixd00r v0.0.1 " an advanced and invisible TCP/IP based userlandbackdoor for UNIX systems. It consists of a server and a client. The server sits and waits for magic packets using a sniffer. If a magic packet arrives, it will bind a shell over TCP or UDP on the given port or connecting back to the client again over TCP or UDP.  The client is used to send magic packets to trigger the server and get a shell. You can  Download and Use trixd00r-0.0.1.tar.gz  from NullSecurity Website. Video Demonstration : 

Hacker Hits the Embassy of Indonesia in Hungary Hacker from Team thec7crew today claim to Hack the Official Website  Embassy of Indonesia in Hungary. Hacker Hack the Database of Site also Expose various Server Parameters on Pastebin . As Database name mentioned " indone01_web " - There are 30 tables and Hacker also Extract and Expose the Admin's Emails and Passwords in Note. Reason of Hacking is Unknown, But this Hack will really effect the Security of officials at Embassy.

Android.Bmaster Exploits root access to connect to Botnet A new piece of Android malware named Android.Bmaster , first highlighted by researcher Xuxian Jiang at North Carolina State University, was uncovered on a third-party marketplace and is bundled with a legitimate application for configuring phone settings, Symantec researcher Cathal Mullaney wrote in a blog . This Malware is estimated to affect between 10,000 and 30,000 phones on any given day. The malware, mostly found on Chinese phones, works by using GingerBreak, a tool that gives users root access to Android 2.3 Gingerbread.  RootSmart is designed to escape detection by being named " com.google.android.smart, " which the same name as a settings app included by default with Android operating systems. Mullaney explained that once the malware is installed on the Android phone, an outbound connection from the infected phone to a remote server is generated.“ The malware posts some user and phone-specific data to t...