The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The French Ministry of Finance was hit by an unprecedented cyber attack in December, with over 150 computers compromised, according to reports. Hackers got their hands on documents related to the current French presidency of the G20 and international economic affairs, Paris Match reported. Patrick Pailloux, the executive director of l'ANSSI (Agence Nationale de la Securite des Systemes d'Information), said it was the first time the French state had been targeted by an attack of this scale. Pailloux also revealed other French Government departments had been targeted. The hackers used a Trojan to infiltrate systems, having sent emails to French Government workers, using what appeared to be standard social engineering tactics. Pailloux said an operation had been carried out to improve defences at the Government department. There have been rumblings the attack came from China, although no solid proof has emerged. "I can say that we know of hacker groups in China specialising in t...

Concerns about North Korea's cyber warfare squads are resurfacing after Friday's cyber and GPS jamming attacks, which are being blamed on the North. Pyongyang began developing electronic warfare capabilities in 1986 when it founded Mirim University, the present-day Automation University, to train specialists. A defector who graduated from the university recalled that 25 Russian professors were invited from the Frunze Military Academy in the former Soviet Union to give lectures, and some 100 to 110 hackers were trained there every year.  Mirim is a five-year college. The Amrokgang College of Military Engineering, the National Defense University, the Air Force Academy and the Naval Academy are also reportedly training electronic warfare specialists.  Jang Se-yul of North Korean People's Liberation Front, an organization of former North Korean military officers and servicemen, recalled that when he fled the North in 2007, "I heard that the North Korean military has about ...

How to join  Anonymous Hacker - Identity less Cyber Heroes  ? We have a long fight ahead of us. lets work toward a better world together. together we can do what our elected officials refuse to do. make the world a better place. We Are Legion. Expect Us. Protect your identity :  Click Here HOW TO JOIN ANONYMOUS - A BEGINNER'S GUIDE Preface: So you want to join Anonymous? You can not join Anonymous. Nobody can join Anonymous. Anonymous is not an organization. It is not a club, a party or even a movement. There is no charter, no manifest, no membership fees. Anonymous has no leaders, no gurus, no ideologists. In fact, it does not even have a fixed ideology. All we are is people who travel a short distance together - much like commuters who meet in a bus or tram: For a brief period of time we have the same route, share a common goal, purpose or dislike. And on this journey together, we may well change the world. Nobody can speak for Anonymous. Nobody ...

An official with Iran's Revolutionary Guard has said that Iran welcomes hackers who are willing to work for the Islamic Republic.  "Regarding the cyber issue, we welcome the presence of those hackers who are willing to work for the goals of the Islamic Republic with good will and revolutionary activities," said Brigadier General Gholamreza Jalali, adding that those hackers who he said are working against people will be dealt with. Jalali, who heads the country's Passive Defense Organization, made the comments in an  interview with "Bultannews,"  a website said to be close to the Intelligence Ministry. Was Jalali trying to recruit new staff for the "Iranian Cyber Army" or for Iran's newly launched cyber police? Or for a new entity called the "Cyber War Base "? Jalali said the "base" will be launched in the near future and will fight against cyber attacks. The  Iranian Cyber Army  has been responsible for hacking and bringing down a number of websites in ...

Ravi3ggsmindia.com Defaced by Fedora (Pak Hacker) Hacked site link :  https://ravi3ggsmindia.com/ News Source : Fedora (Pak Hacker)

Hackers have compromised a private e-mail list used by Linux and BSD distributors to share information on embargoed security vulnerabilities and used a backdoor to sniff e-mail traffic, according to the moderator of the list. In a note to " Vendor-Sec " members, moderator Marcus Meissner said he noticed the break-in on January 20 but warned that it might have existed for much longer. I have disabled the specific backdoor, but as I am not sure how the break-in happened it might reappear. So I recommend not mailing embargoed issues to vendor-sec@….de at this time. Immediately after Meissner's warning e-mail, the attacker re-entered the compromised machine and destroyed the installation. The "Vendor-Sec" list is used by distributors of free/open-source OS and software to discuss potential distribution element (kernel, libraries, applications) security vulnerabilities, as well as to co-ordinate the release of security updates by members. This means that a compromise and the captu...

A vulnerability that a researcher planned to use to compromise an Android cellphone at a hacking contest later this week got squashed after Google fixed the underlying bug in the Android Market. Scio Security CTO Jon Oberheide notified Google of the XSS, or cross-site scripting, bug in the application bazaar because he didn't believe the vulnerability would qualify under terms of the Pwn2Own contest that is scheduled to start on Wednesday. The "incredibly low-hanging naive persistent XSS" allowed attackers to to remotely install malicious apps on Android handsets by tricking users into clicking a link on their phones or computer browsers while logged into a Google account. Oberheide later learned that the vulnerability didn't run afoul of contest rules, allowing him to collect $15,000 and a free handset if he was successful. But he recently discovered Google closed the security hole. The $1,337 awarded to Oberheide under Google's bug bounty program, is little consolati...

In coordination with Metasploit Express and Metasploit Pro, version 3.6 of the Metasploit Framework is now available. Hot on the heels of 3.5.2, this release comes with 8 new exploits and 12 new auxiliaries. A whopping 10 of those new auxiliary modules are Chris John Riley's foray into SAP, giving you the ability to extract a range of information from servers' management consoles via the SOAP interface. This release fixes an annoying installer bug on Linux where Postgres would not automatically start on reboot. The feature I am most excited about is the new Post Exploitation support. I hinted at this new module type in the 3.5.2 release announcement and with 3.6, more than 20 new modules are available. Post modules are a new, more powerful, replacement for meterpreter scripts. Scripts were clearly tied to a single platform: meterpreter for Windows. With modules it is much easier to abstract common tasks into libraries for any platform that can expose a session. For example, f...