The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Uzbek Embassy in Singapore Owned By SimMz K Uzbekistan.Org.Sg    Uzbek Embassy in Singapore Owned By SimMz K (Founder of Kashmir Exploit Worms – Currently Having One Members Only) Hacked Site :  https://www.uzbekistan.org.sg/admin/images/SimMz.htm   Mirror :  https://www.mirror-az.com/mirror/?id=14514

Pwn2Own, the annual three-day browser hackathon, has already claimed its first two victims: IE8 on Windows 7 64-bit, and Safari 5 on Mac OS X. Google Chrome looks set to survive for its third year in a row. Internet Explorer 8 was thoroughly destroyed by independent researcher Stephen Fewer. "He used three vulnerabilities to bypass ASLR and DEP, but also escape Protected Mode. That's something we've not seen at Pwn2Own before," said Aaron Portnoy, the organizer of Pwn2Own. Safari 5, running on a MacBook Air, was compromised in just five seconds by French security company Vupen. Both attackers netted $15,000 for successfully compromising a browser. The contest continues today and tomorrow. Firefox 3.6 is yet to be attacked, and tomorrow will see the very first mobile browser deathmatch. Windows Phone 7, iOS, Android and RIM OS, all with their stock browsers, will be attacked by security researchers to find out just how secure mobile browsing is. Again, $15,000 is...

EU cyber security agency ENISA has warned that ISPs, end users and governments all have a role to play in stopping the global menace of botnet-related cyber crime. Botnets, such as the one that uses the infamous Zeus malware to infect machines, are growing in scope and scale, and ENISA has released two reports in which it attempts to understand the root of the problem and how to tackle it. The security agency warned that combating botnet attacks will take a co-ordinated response and should only be tackled after careful consideration of their impact and motivation. "The botnet numbers define the political agenda and they determine hundreds of millions of euros of security investments. We should understand what is behind them," said Giles Hogben, the report editor. "Size is not everything - the number of infected machines alone is an inappropriate measure of the threat." ENISA's main report, Botnets: Measurement, Detection, Disinfection and Defence (PDF) is a...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

A short while ago, I decided to prepare a presentation on web vulnerabilities and specifically on XSS attacks. This involved studying the way today's filtration systems work. I selected the most popular Russian social networking website, VKontakte.ru, as a test bed. One thing that grabbed my attention was the updated user status system. The HTML code in the part of the page where users edit their status messages is shown below: As you can see, filtering is performed by the infoCheck() function. The status itself is located in this string: What we have here is two-step filtration. The first step is performed when the user enters the status message. The second step involves converting the status message to text and returning it to the page in the shape in which other users will see it. While the second step definitely works well and it would clearly be impossible to convert to active XSS, things are not as simple where the first step is concerned, so it is that step that we will look ...

'EC-Council Academy'  server compromised ! EC-Council Academy , Here a image show above that  https://www.eccouncilacademy.org  got rooted by a hacker. The image clear expose the shell on the server and via putty the hacker is login as root on their server :P Update : I wanna clarify that ' EC-Council  Academy' is not a part of 'EC-Council Organisation' , Actually in above image we have just shown that Academy's  web hosting server had been compromised, it  was not actually defaced by hacker. " I wish to clarify to our partners, clients and friends that the EC-Council Academy Sdn. Bhd. is neither a subsidiary, associate nor a sister concern of the International Council of Electronic Commerce Consultants (EC-Council). EC-Council Academy is purely one of the 450 training locations EC-Council has in over 80 countries. However, it is officially sanctioned to use the EC-Council name as it is a licensee of EC-Council's trai...

#Anonymous : An Open Letter To Broadcast Music, Inc. Anonymous Hackers just Release a new open letter for Broadcast Music , as shown Below : To: Broadcast Music, Incorporated Greetings from Anonymous, As you have no doubt gathered from various media outlets and our own information disseminated across the internet, we are an internet activist group independent of any and all national, political, or religious affiliations. Despite our differences, we are united in the preservation of intellectual freedom and fair copyright laws. Too long have the music and cinema industries, among others, abused copyright for their own gain. Legislation serves to protect artists not the companies managing them and should never attempt to prevent the spread of creativity to the general public. We have seen BMI consistently copyright legislation and consequently have decided to take action against it to show that the people will not stand for its crimes against the public. As of the time of the writ...

Summary The Facebook Translations tool's search feature was vulnerable to a simple reflected XSS attack. How did it work? The  Translations tool  allows users to perform phrase searches within translations. In this case, when a search query returned 0 results, the script displayed a message ("Your search for "YOUR PHRASE HERE" did not match any results.") which contained unsanitized user input (the search query). Why is this important? The XSS vulnerability was on Facebook.com. An attacker could have used it to access or change information on people's accounts. Despite Facebook's claims that they've  eliminated   XSS vulnerabilities , it's clear that some portions of the site are better protected than others (ie: Translations was probably not using XHP). Lesser used portions of the site, like the Translations tool, are often the most vulnerable since they're not updated as often or tested as frequently. More Information I want to thank Facebook for responding to ...

ClubHack : CHMag Issue 14th, March 2011 Download ! Description: 14th issue of ClubHACK magazine is out. Contents of this issue: Tech Gyan - Remote Thread Execution in System Process Tool Gyan - JS Recon: Java Script Network Reconnaissance Tool Mom's Guide - Choosing Right Secure Mobile Legal Gyan - Law Related Unauthorized Access Command Line Gyan - Backup & Bulk Copy Maruix Vibhag - Introduction Part 1 PDF download link: https://chmag.in/issue/mar2011.pdf News Source :  Abhijeet Patil URL: https://chmag.in