The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Hackito Ergo Sum 2011 slides available for Download ! HES aims at anticipating the challenges of the security world and gathers together underground or amateur security researchers together with professional security expert researchers and technical decision makers. During three days, HES will feature new research presentations, of the highest technical level, presented by some of the most respected international researchers. Its goal is to support networking and innovation while federating communities and key actors from the industry, from both the public and the private sectors. The topics covered will include : vulnerability analysis, SCADA architectures, reverse engineering, the underground economy, attacks on banking or telecom infrastructures, cloud computing security, botnets, threat intelligence. Slides of the conference are now available on slideshare at  http://www.slideshare.net/event/hackito-ergo-sum-2011/slideshows

Manila Water 's website hacked by Blackrain ! The website of water concessionaire Manila Water was hacked early Sunday, with visitors to the site seeing a small window indicating the breach. "Hacked by Blackrain!" read the message on the smaller window, which pops up when one logs on to the Manila Water site. Users could not access any part of the website until they click on the "Ok" button on the popup window. But aside from the popup, the other parts of the site appeared normal. Manila Water is one of two concessionaires of the Metropolitan Waterworks and Sewerage System, along with Maynilad Water.

Monash University website hacked by yaser007 Monash University has reported to "specialist agencies" the hacking of its website home page, which on Saturday displayed the words "Hacked by yaser007" in red above a picture of the Iranian flag within the outline of a map of the country. In an emailed statement on Sunday, Monash University chief information officer, Mr Ian Tebbett, said the site "was subject to an external hacker breach on Saturday" but that "the situation was quickly identified and dealt with". He said no university data had been compromised and that the effects were "limited to the publishing of non-Monash material on the externally-facing website". Advertisement: Story continues below It appeared, Mr Tebbett said, that neither Monash, nor the wider Australian higher education community, were a "specific target of the attack". Monash's own investigations of the matter were "ongoing", he said...

Lahore University,Shail Vac Engineers,Strengthening Democracy - SQLi Vulnerable found by Lionaneesh Lahore University of Management Sciences(LUMS) : Site : http://econ.lums.edu.pk Vulnerable URL : http://econ.lums.edu.pk/people_detail.php?id=%Inject_Here%6 Shail Vac Engineers website Site : http://www.vacuumsystem.co.in/ Target : http://www.vacuumsystem.co.in/product.php?prod_id=%Inject_Here%13 Strengthening Democracy through Parliamentary Development (sdpd) Site : http://www.sdpd.org.pk Vulnerable URL : http://www.sdpd.org.pk/news_detail.php?ID=’82 Found by : Lionaneesh

326 Websites Hacked by   Hacked sites list :  http://pastebin.com/Q1er7vKh

OpenStack ' floating Linux kernel ' rides VMware hypervisor ! OpenStack – the open source "infrastructure cloud" project founded by Rackspace and NASA – has released a third version of its platform, offering support for all major hypervisors. With the new release, codenamed "Cactus", developers have added support for VMware's vSphere hypervisor – without help from VMware. The vSphere code was built mostly by Citrix, which had previously coded support for the Xen and XenServer hypervisors. "We're so committed to OpenStack and its hypervisor-agnostic approach that we felt it was important, since VMware wasn't going to contribute vSphere support, that we should do it ourselves," Gordon Mangione, vice president of business development for Citrix's datacenter and cloud division, tells  The Register According to Mangione, VMware has "always been invited" to contribute to the project. But this has yet to happen. The virtuali...

Emergency Adobe Flash Player patch coming today ! Less than a week after warning that hackers were embedding malicious Flash Player files (.swf) into Microsoft Word documents to launch targeted malware attacks, Adobe plans to release an emergency Flash Player patch today to fix the underlying problem. The patch will fix a “critical” vulnerability in Flash Player 10.2.153.1 and earlier versions for Windows, Mac OS X Linux and Solaris. According to this Secunia advisory, the flaw allows a hacker to completely hijack a vulnerable Windows computer: A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to an error when parsing ActionScript that adds a custom function to the prototype of a predefined class. This results in incorrect interpretation of an object (i.e. object type confusion) when calling the custom function, which causes an invalid pointer to be dereferenced. ...

We blogged about the Epsilon data breach to give our customers a heads-up on the situation. Recently, our ThreatSeeker® Network discovered a Web attack that takes advantage of the unfortunate news. As with anything our ThreatSeeker Network discovers, Websense customers are protected by ACE, our Advanced Classification Engine. The attack is hosted on a Web page that has a very professional look and feel, and uses convincing social engineering techniques to lure victims. The attack page is basically a cut-and-paste copy of the HTML code from the original Epsilon press release. This provides the professional appearance of the Epsilon site to lure victims. The big difference is that the attack page provides a malicious binary download. Screenshot of the attack page source code: The attack page tries to get visitors to download the malicious binary by convincing them that there was an update to the press release dated April 8th. The "update" states that Epsilon's inv...

Oracle to release 73 security vulnerabilities security patch update ! Oracle plans to release a large number of security patches for its various software products next week, including six bug-fixes for its flagship database software. All told, there will be 73 security vulnerabilities fixed across Oracle's various product lines. Oracle releases patches quarterly for all of its software, except the Java virtual machine, in a set of patches it calls the Critical Patch Update (CPU). Next week's CPU is due on Tuesday. There are nine fixes set for Oracle Fusion middleware, 14 for the PeopleSoft Suite and eight for the JD Edwards Suite. Two of the database flaws are considered critical, meaning they "may be exploited over a network without the need for a username and password," Oracle said in a statement posted to its website . The updates are set to come one week after Microsoft issued one of the largest collections of security patches it has ever issued. They a...