The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Exposing 25 Facebook phishing websites Geeks at Security Web-Center Found 25 Facebook and list them. Sometimes spammers create fake pages that look like the Facebook login page. When you enter your email and password on one of these pages, the spammer records your information and keeps it. This is called phishing . The fake sites, like the one below, use a similar URL to Facebook.com in an attempt to steal people's login information. The people behind these websites, then use the information to access victims' accounts and send messages to their friends, further propagating the illegitimate sites. In some instances, the phishers make money by exploiting the personal information they've obtained. List of Fake Sites Collected by  Security Web-Center : http://www.sanagustinturismo.co/Facebook/ http://www.facebook.pcriot.com/login.php http://deadlyplayerx.binhoster.com/Facebook/securelogin.php http://facelook.shop.co/login.php http://sigininto.horizon-host.com/facbook/fa...

National program for Cyber army to be launched in India Increasing attacks on cyberspace in India has brought several professionals and experts from the Industry, in support with the Government of India to jointly form a national level program to identify credible and valuable information security experts. The program " National Security Database " is all set to launch this Saturday in Mumbai at a major Information security conference, MalCon. The database will include ethical hackers and programmers who can protect country’s cyberspace. They will all be registered with the National Security Database, a brainchild of Information Sharing and Analysis Centre (ISAC) , a non profit foundation which works closely with the Government on the issue of cyber security. The need of such database originated after 2008 attacks in Mumbai when the cyber security professionals realised that a lot needed to be done in the area. "It is observed that some or other form of electronic n...

Intercepter-NG New Sniffing Tool [Intercepter-NG] offers the following features: + Sniffing passwords\hashes of the types: ICQ\IRC\AIM\FTP\IMAP\POP3\SMTP\LDAP\BNC\SOCKS\HTTP\WWW\NNTP\CVS\TELNET\MRA\DC++\VNC\MYSQL\ORACLE + Sniffing chat messages of ICQ\AIM\JABBER\YAHOO\MSN\IRC\MRA + Promiscuous-mode\ARP\DHCP\Gateway\Smart Scanning + Raw mode (with pcap filter) + eXtreme mode + Capturing packets and post-capture (offline) analyzing + Remote traffic capturing via RPCAP daemon + NAT + ARP MiTM + DNS over ICMP MiTM + DHCP MiTM + SSL MiTM + SSL Strip Works on Windows NT(2K\XP\2k3\Vista\7). Download Intercepter-NG 0.9

Sudan Airways mailbox database leaked Sudan Airways mailbox database Hacked By Sudan Cyber Army - SD. Alsa7r and Leaked on Pastebin . The Targeted domains are  sudanair.com  & omyalphaserver.com . This Include more than 100's of Usernames, Emails, Passwords. Sudan Cyber Army in past hack lots of Sudan Government Sites.

SecurityTube Metasploit Framework Expert Certification Launched ! Not so long ago, we had posted the launch of the SecurityTube Wi-Fi Security Expert (SWSE) program. The certification has been a success and it has students from over 25+ countries from around the world. The SecurityTube Metasploit Framework Expert (SMFE) is an online certification on the Metasploit Framework. This course is ideal for penetration testers, security enthusiasts and network administrators. The course leading to the certification exam is entirely practical and hands-on in nature. The final certification exam is fully practical as well and tests the student's ability to think out of the box and is based on the application of knowledge in practical real life scenarios. A brief list of topics to be covered in this course includes: Metasploit Basics and Framework Organization Server and Client Side Exploitation Meterpreter - Extensions and Scripting Database Integration and Automated Exploitation Pos...

Joomscan Security Scanner - Detect more than 550 Joomla vulnerabilities Joomscan Security Scanner updated recently with new database have 550 vulnerabilities. Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla web site. Last update for this tool was in August, 2009 with 466 vulnerabilities. How to Use Joomscan, read here . In joomscan you can check for new updates with command: ./joomscan.pl check or ./joomscan.pl update . Download for Windows (141 KB) Download for Linux (150 KB ) More Info

New Approach to automatically detecting bugs and vulnerabilities in Linux Australian researcher Silvio Cesare , PhD student at Deakin University has released a tool capable of automatically detecting bugs and vulnerabilities in embedded Linux libraries. Developers may “embed” or “clone” code from 3rd party projects. This can be either statically link against external library or maintaining an internal copy of a library’s source or fork a copy of a library’s source. The Approach of this tools is that if a source package has the other package’s filenames as a subset, it is embedded, Packages that share files are related. A graph of relationships has related packages as cliques. Graph Theory is used to perform the analysis. Linux vendors have previously used laborious manual techniques to find holes in libraries. Debian alone manually tracks some 420 embedded packages, Cesare said at Ruxcon 2011. Silvio's tool also automates identifying if embedded packages have ou...

Web App Pentesting - Pentest Magazine The significance of HTTP and the Web for Advanced Persistent Threats Web Application Security and Penetration Testing Developers are form Wenus, Application Security guys from Mars Pulling legs of Arachni XSS BeeF Metaspolit Exploitation Cross-site request forgery. In-depth analysis First the Security Gate, then the Airplane Download Magazine Here