#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Source Code is the New Hacker Currency !

Source Code is the New Hacker Currency !

May 02, 2011
Source Code is the New Hacker Currency ! No doubt you've been paying attention to the data breaches pile up lately... but have you noticed a trend? If you wade through the hype and hyperbole, dig into the details of the most prolific intrusions in recent history you'll notice one thing that shines like a neon sign. "Source code" is the new hotness on the hacker market. It's quite interesting to see this evolution primarily because many of us are used to defending the 'endpoints'... because that's where the data is, right? I think we may be seeing a shift here. Much like the tectonic plates that cause earthquakes, there are some though-forces that are currently colliding deep under the surface and may cause certain mayhem. "There are no borders" For many years now, much like you I've been reading articles and hearing talks about how the enterprise attack surface is fractured and splintered -causing an ever-increasing opportu
Hacker posts screenshot of sex video on SPAD website !

Hacker posts screenshot of sex video on SPAD website !

May 02, 2011
Hacker posts screenshot of sex video on SPAD website ! The Land Public Transport Commission (SPAD) website was hacked yesterday and a screenshot of the controversial sex video allegedly involving a top politician was posted on its main page. Appearing on the website were two images, one depicting the alleged politician in the sex video and the other of Opposition Leader Datuk Seri Anwar Ibrahim after court proceedings, with the shots time-stamped Feb 21 and Feb 22 respectively. A check by The Star showed that the website, www.spad.gov.my was also inaccessible to users. Accompanying the images was an address link to controversial blogger PapaGomo (Powered by Papa Gomo www.papagomo.com) which featured clips of the sex video after it surfaced on online portal YouTube. It was believed that SPAD was the only government agency website to be hacked and defaced. The website was restored at about 7pm. SPAD chairman Tan Sri Syed Hamid Albar expressed surprise and regret that the
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Bahrain says Iranian hackers hit government website

Bahrain says Iranian hackers hit government website

May 02, 2011
Bahrain says Iranian hackers hit government website Bahrain's authorities said late Saturday that Iranian hackers hit a government website. In retaliation, the Bahrain Chamber for Commerce and Industry is urging a boycott of Iranian goods, The Associated Press reported. According to the government Bahrain News Agency, Iranian computer hackers tried to access the official website of the Housing Ministry in attempts to seek data on aid recipients. But the agency gave no further details, although the hacking could be conceivably linked to Shiite allegations that a disproportionate share of housing aid goes to Sunnis. To retaliate, the Bahrain Chamber for Commerce and Industry called for a countrywide boycott of all Iranian goods and services because of "blatant interference in Bahrain's domestic affairs and threats to the kingdom's national security." The chamber also appealed for other nations in the six-member Gulf Cooperation Council to join the proposed embargo. "It will
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
#Anonymous attacks Iranian state websites

#Anonymous attacks Iranian state websites

May 02, 2011
#Anonymous attacks Iranian state websites The infamous Anonymous hacking group has crippled a string of Iranian state websites including those of the Office of the Supreme Leader, state police and the Islamic Revolutionary Guards in attacks launched yesterday. The coordinated Distributed Denial of Service attacks were launched at 5am GMT and targeted more than a dozen Iranian Government sites under the so-called Operation Iran. Anonymous had timed the attacks to coincide with International Workers' Day, commemorating the first nation-wide general strike in the US, which took place on May 1 in 1886. "OpIran attacks the governmental websites responsible for oppressing freedom of speech, information or ideas," the group wrote in a statement explaining the reasons for the attacks. The website of the Office of the Supreme Leader, Sayyid Ali Khamenei, was taken offline about an hour after attacks according to the groups' hit list but had been reinstated at the ti
ArpON 2.2 released - ARP handler inspection !

ArpON 2.2 released - ARP handler inspection !

May 02, 2011
ArpON 2.2 released - ARP handler inspection ! ArpON (ARP handler inspection) is a portable handler daemon that make ARP secure in order to avoid the Man In The Middle (MITM) through ARP Spoofing/Poisoning attacks. It detects and blocks also derived attacks by it for more complex attacks, as: DHCP Spoofing, DNS Spoofing, WEB Spoofing, Session Hijacking and SSL/TLS Hijacking & co attacks. This is possible using three kinds of anti ARP Poisoning tecniques: the first is based on SARPI or "Static ARP Inspection" in statically configured networks without DHCP; the second on DARPI or "Dynamic ARP Inspection" in dinamically configured networks having DHCP; the third on HARPI or "Hybrid ARP Inspection" in "hybrid" networks, that is in statically and dynamically (DHCP) configured networks together. SARPI, DARPI and HARPI protects both unidirectional, bidirectional and distributed attacks: into "Unidirectional protection" is required th
President of Pakistan – Database Hacked By Mohit Pande Aka Toshu

President of Pakistan – Database Hacked By Mohit Pande Aka Toshu

May 01, 2011
President of Pakistan – Database Hacked By Mohit Pande Aka Toshu Hack Proof - https://pastebin.com/Vta6hVWT Hacked Site :  https://www.presidentofpakistan.gov.pk/
12 American Websites Hacked

12 American Websites Hacked

May 01, 2011
12 American Websites Hacked Hacked sites List :  https://pastebin.com/a0pzskam
Escuela Universitaria Diseno - Spain hacked by Fr0664/FCA, 26740 emails/passwords Dumped !

Escuela Universitaria Diseno - Spain hacked by Fr0664/FCA, 26740 emails/passwords Dumped !

May 01, 2011
Escuela Universitaria Diseno - Spain hacked by Fr0664/FCA , 26740 emails/passwords Dumped ! 26740 emails/passwords Preview : https://pastebin.com/AQGxDJgD Full : https://rapidshare.com/files/460080122/esne.edu.7z
Trinity Campus college's website hacked by RdH0X

Trinity Campus college's website hacked by RdH0X

May 01, 2011
Trinity Campus college 's website hacked by RdH0X Trinity Campus college's website hacked and the vulnerabilities reported to the admins and system administrators of the institute. College authority is involving me in their team so as to take adequate steps to secure the website. HACKED SITE :  https://www.trinitycampus.in/uploads/RdH0X_tnt.htm
The PSN hackers logs fresh from EFNET IRC Server !

The PSN hackers logs fresh from EFNET IRC Server !

May 01, 2011
The PSN hackers logs fresh from EFNET IRC Server ! Logs of PS Hackers :  https://173.255.232.215/logs/efnet/ps3dev/2011-02-16 Alternate Link For Logs :  https://pastebin.com/yXP7TDJ3 All Logs from EFNET IRC Server : https://173.255.232.215/logs/efnet/ps3dev/ IRC server Stats :  https://173.255.232.215/logs/efnet/ps3dev/stats
Anonymous Vs Sony : Word By Word Q/A b/w Reporters and Sony during Conference !

Anonymous Vs Sony : Word By Word Q/A b/w Reporters and Sony during Conference !

May 01, 2011
Anonymous Vs Sony : Word By Word Q/A b/w Reporters and Sony during Conference ! Q. The accuracy of approximately 10 million credit flow A. There is no firm evidence of leakage. Cannot say wether a leak or not. There is no report so far. Q. prospect of resuming services. A. We want to restart the service country/region base. Basically approx within a week schedule. (a week from today?.. previously we heard about same "a week matter..) Q. How was it the effect to the business so far? A. Cannot tell it yet, many things to handle one at the time. Q. What was the condition when you firstly sense the trouble? A. Hacking with the high skill technique was undergoing, was confirmed. But we still dont know data was stolen / taken Q. Why did you announce privacy data was stolen then? A. The possibility existed, what/when/how was it still under investigation. account numbers is between 7700000 to 7800000 accounts plus there are double accounts. Q. What was your damage report
Holes in FBI cyber security !!

Holes in FBI cyber security !!

May 01, 2011
About a third of the FBI agents working on cyber investigations lack the networking and counterintelligence expertise to investigate national security intrusions, the Justice Department's inspector general concluded in a new report. The report said the FBI's practice of rotating agents among different offices to promote a variety of work experiences hinders the ability to investigate national security cyber intrusions. The inspector general's audit, based on interviews of 36 agents in 10 offices, emphasized the need for a strong cyber security work force in federal government "is more urgent than ever," said Sen. Susan Collins, the top Republican on the Senate Homeland Security and Governmental Affairs Committee. The FBI has a comprehensive instructional plan in place that includes 12 core courses an agent must take along with on-the-job training. According to the inspector general's report, many agents said training was helpful but that they did not have the time to take the req
Cybersecurity Resources