The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The South Carolina Department of Revenue has announced that millions of Social Security numbers and debit/credit card numbers have been compromised. Hackers from outside the United States recently penetrated the website for South Carolina's Department of Revenue and reportedly made off with 3.6 million Social Security numbers and 16,000 unencrypted credit and debit card numbers. According to the statement, investigators discovered that a hacker attempted to access the system several times in August and September. The statement said it is believed the hacker successfully obtained data for the first time in mid-September. " We are taking immediate steps to protect the taxpayers of South Carolina, including providing one year of credit monitoring and identity protection to those affected ." Haley says Friday was the earliest they could announce the breach to allow law enforcement personnel to do their jobs and keep the chance of catching the hacker. Haley says the...

Anonymous hackers claimed that they compromise over 20 million user accounts worldwide this year to promote Operation Jubilee . Large community web sites were targeted to gain access to users' contact information. Many administrators denied that their databases were at risk while all their data was being downloaded. The reason for one of the largest hacking campaigns in history is to rally people to cancel debt and end the economic crisis. Earlier this month Operation Jubilee came into public view after defacing several popular police forums. Members of the police forums received e-mail inviting them to join the Operation. News of the defaces spread quickly with the help of social media platforms. Until these events, Operation Jubilee was virtually unknown to the general population. Unbeknownst to the public, large web sites were already being attacked for months. Operation Jubilee is a peaceful protest to take place on the 5th of November in front of Parliament...

A Hacker going by name - " LegitHacker97 " claiming that he successfully access a NASA subdomain website , that actually belongs to a US Government computer, as mentioned on homepage. ***** WARNING ***** This is a US Government computer Hacker also dump a  82.51 MB (compressed or 337 MB uncompressed) Archive five days ago on internet, includes the complete source code of the website (in ASP). After watching the pastebin note , we tried to contact the hacker for collecting more information about the hack. Hacker describe The Hacker News via mail that," This was hacked by a major LFI vulnerability which allowed me to upload my own shell (backdoor to the site) and I took advantage of it by downloading all off the website ! ". He add ," But now vulnerability is fixed ". I download the dump from the link posetd by hacker in pastebin note and tried to match the files with NASA website and subdomains, and found that these file actually belo...

Most of the readers have question in mind that, How hackers know everything about their target ? How to DOX (finding personal information) someone ? So answer is --  Open Source Intelligence (OSINT). A Patriot Hacker ' The Jester ' (or "th3j35t3r") who made his name after harassing Anonymous activist group, disrupting WikiLeaks and stalking "jihadist" sites has finally list his all time favorite Open Source Intelligence (OSINT) toolset. Open Source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence. Hacker posted list of some free available tools on his blog , includes Maltego, Creepy, Spokeo, CaseFile, FoxOne Scanner (Jester's Edition). OSINT is defined by both the U.S. Director of National Intelligence and the U.S. Department of Defense, as " produced from publicly available information that is co...

Reid Wightman from security firm ioActive reported that there is an undocumented backdoor available in   CoDeSys  software that actually used to manage equipment in power plants, military environments, and nautical ships. The bug allow malicious hackers to access sensitive systems without authorization, Ars said. The CoDeSys tool will grant a command shell to anyone who knows the proper command syntax and inner workings, leaving systems that are connected to the public Internet open to malicious tampering and There is absolutely no authentication needed to perform this privileged command,  Reid mention. This software has been used in industrial control systems sold by 261 different manufacturers. 3S-Smart Software Solutions designs CoDeSys and recently issued an advisory that recommends users set a password, but  he is able to develop two exploit shells , one is  codesys-shell.py (to get the CoDeSys command shell wit...

The whistleblowing website Wikileaks from tonight releasing more than 100 U.S. Defense Department files detailing military detention policies in camps in Iraq and at Guantanamo Bay in the years after the September 11 attacks on U.S. targets - " The Detainee Policies " In a statement , WikiLeaks criticized regulations it said had led to abuse and impunity and urged human rights activists to use the documents to research what it called policies of unaccountability . WikiLeaks says it plans to release the files in chronological order to paint a picture of the evolution of America's military detainee practices. WikiLeaks founder Julian Assange said: " The 'Detainee Policies' show the anatomy of the beast that is post-9/11 detention, the carving out of a dark space where law and rights do not apply, where persons can be detained without a trace at the convenience of the U.S. Department of Defense. It shows the excesses of the early days of war against an unknown...

Security researcher Andres Blanco from CoreSecurity discovered a serious vulnerability in two Wireless Broadcom chipsets used in Smartphones. Broadcom Corporation, a global innovation leader in semiconductor solutions for wired and wireless communications. Broadcom BCM4325 and BCM4329 wireless chipsets have been reported to contain an out-of-bounds read error condition that may be exploited to produce a denial-of-service condition. Other Broadcom chips are not affected. The CVE ID given to issue is  CVE-2012-2619 . In advisory they reported that this error can be leveraged to denial of service attack, and possibly information disclosure. An attacker can send a RSN (802.11i) information element, which causes the Wi-Fi NIC to stop responding. Products containing BCM4325 chipsets: Apple iPhone 3GS Apple iPod 2G HTC Touch Pro 2 HTC Droid Incredible Samsung Spica Acer Liquid Motorola Devour Ford Edge (yes, it's a car) Product...