The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Universal Music Portugal database dumped by Hackers Another Latest Tip come in my Inbox today about the leak of Database of Universal Music Portugal 's website. Hacker did not mention his name,or Codename, But he enumerate the Database and Extract it by Hacking the Site. 100's of Tables from Database and Users Data has been leaked via a pastebin File . It includes the Usernames, Passwords and Emails ID's of Users of Site. Immediate after the Hack, The Universal Group taken down the site for maintenance.

Zulu - Zscaler Malware Scanning Service Zscaler has launched a new freE online service called Zulu that can assess the security risk associated with URLs by analyzing the content they point to, as well as the reputation of their corresponding domain names and IP addresses. Zulu allows security savvy users who investigate various web attacks to choose what User-Agent and Referrer headers the scanner will use when accessing a URL. " A unique benefit of this approach is that we can deliver a risk score even when the page content is no longer available ," said Michael Sutton, vice president of security research at Zscaler. " While we can't access the page, we can still assess the URL and host and when they deliver a high risk score despite a lack of page content, one can often conclude the page was indeed malicious but has since been taken down ," he explained. Depending on the type of content a URL points to, Zulu can perform an antivirus scan using the Vir...

CVE-2012-0056 Linux privilege escalation [Video Demonstration] The Linux kernel is prone to a local privilege-escalation vulnerability.Attackers can exploit this issue to gain escalated privileges and execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.Linux kernel 2.6.39 and later versions are affected. The mem_write function in Linux kernel 2.6.39 and other versions, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper . Read More Here . Video Demonstration: You Can Find Exploit Here .

Video Conferencing Systems Vulnerable To Hackers According to a story published earlier this week by the New York Times , A security expert at Rapid 7 found that common videoconferencing equipment could give hackers access to company conference rooms and boardrooms. An investigation led by chief security officer HD Moore with Rapid 7 began when he wrote a program to scan the Internet for videoconferencing systems. HD Moore and Mike Tuchen of Rapid7 discovered that they could remotely infiltrate conference rooms in some of the top venture capital and law firms across the country, as well as pharmaceutical and oil companies and even the boardroom of Goldman Sachs all by simply calling in to unsecured videoconferencing systems that they found by doing a scan of the internet. Moore's scan covered about 3 percent of the addressable internet and found 250,000 systems using the H.323 protocol, a specification for audio and video calls. Moore said he found more than 5,000 organization...

Cross Site Scripting (XSS) Vulnerability in Google Ucha Gobejishvili Hacker with codename " longrifle0x " discovered another Cross Site Scripting (XSS) Vulnerability in Google's Website. He already reported about the Vulnerability to Google Security Experts. Proof of Concept: Open https://www.google.com/a/cpanel/premier/new3?hl=en  and Click Find Domain . Put xss code: <IFRAME SRC="javascript:alert('XSS');"></IFRAME> Another XSS Vulnerabilities Discovered by longrifle0x  http://xssed.com/archive/author=longrifle0x/special=1/

Hcon’s Security Testing Framework (Hcon STF) v0.4 [Fire base] Hcon respects & salutes to all of the freedom fighters of India, without whom we can never be able get our freedom.A tribute to all of the freedom fighters of all the countries we present HconSTF version 0.4 codename ‘ Freedom ’.Hope this year brings freedom for everyone on the internet form different governments & companies which are making the internet users their slaves.For this purpose HconSTF 0.4 has integrated many functions for anonymity and OSINT. Some Highlight Features : Categorized and comprehensive toolset Contains hundreds of  tools and features and script for different tasks like SQLi,XSS,Dorks,OSINT to name a few HconSTF webUI with online tools (same as the Aqua base version of HconSTF) Each and every option is configured for penetration testing and Vulnerability assessments Specially configured and enhanced for gaining easy & solid anonymity Works for web app testing assessments...

Fake CNBC 's Website for Internet Fraud The beauty of the Internet is that you can make a truckload of money out here. Yes, you really could quit your full time job if you work hard.The bad news is most people either don't want to work at it, or they buy into some scam that causes them to waste money they could have used to invest in a real, legitimate venture. Today I got a mail from some random Email ID and with Subject  Wow ! thehackernews.com : My family sees the money I'm bringing in every week and they're simply proud of me. http://tinyurl.com/7lmetym I just Click the link provided in Email body and Here we notice a website with subdomain www.cnbc.com-exclusive.us , which having same mirror look like original CNBC website. In first sight the site seems to be legit because of Domain resemblance. Actually, the top level domain of this fraud site is  com-exclusive.us and Admin create another subdomain in it with name cnbc . Now complete URL look similar to...

Saudi Presidency of Meteorology & Environment Protection Hacked A hacker with name Yourikan (you-r!-k@n) Deface the Website of Saudi's “ Presidency of Meteorology & Environment Protection ”.  Yourikan perform this Hack to give message to Saudi Hacker  0xOmar , Who leaks the thousands of Israeli credit cards few weeks back. [ Source ]