The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Security Alert : vBulletin 4.X  -  SQL Injection & CSRF/XSRF  Exploits available ! Two Serious Security Flaws are detected in  vBulletin 4.X Versions and also their Security SQL Injection & CSRF/XSRF Exploits are now also available. Impact of these Flaws: Lots of big Forums are on  vBulletin 4.X version and these Forums can be hacker easily using the exploits by any hacker. We would like to Request Admins to Patch their Forums as soon as possible. vBulletin 4.X Security Patch https://www.vbulletin.com/forum/showthread.php/376995-vBulletin-4.X-Security-Patch?AID=804495&PID=564936 Exploits are available at SQL Injection  :  https://www.1337day.com/exploits/16147 CSRF/XSRF     :   https://www.1337day.com/exploits/16160

Smsgwadapter Server Admin Credentials Revealed ! A Indian hacker, hack into the one of the SMS Server (Smsgwadapter) at 122.165.52.84 IP address. According to the hacker, This is the most unsecured Server got owned by a simple password guessing. In screenshot you can see the desktop of same server after login by him. This IP address actually was of https://smsgwadapter.dadp.com  which is client of  Reliance Industries Limited, That can be checked here :   . https://whois.domaintools.com/dadp.com  . The Domain looks to be down, But server at  122.165.52.84 is working and at Risk !  The Server name is "RIMSMS" and User "administrator" , Cant share password for Security Reasons. If you are a Server admin, Then the 1st rule is always that keep some special characters in your password, well in this case the password is  a very simple word. News Provied by : Saurav (  hack ersbay.in  )

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Comodo Hacked - Reseller private data exposed ! Another official reseller of SSL certificate authority Comodo has suffered a security breach that allowed attackers to gain unauthorized access to data. Brazil-based ComodoBR is at least the fourth Comodo partner to be compromised this year. Customer details like organization names, addresses, telephones, domain names, type of web servers, serial numbers and more, are also included. There is also a list of what appears to be employee accounts, with @comdobr.com email addresses and hashed passwords. The password for an account called validacao@comodobr.com (validation@) is listed in plain text. Posted at  https://pastebin.com/9qwdL1pA  &  https://pastebin.com/F5nUf5kr

What is hashbot? Hashbot is a forensic web tool to acquire and validate, over time, the status of an individual web page or web document. Feature : Acquire Follow these steps to acquire a web document: Insert the document's URL (ie: https://www.evilwebpage.com/image.jpg or https://www.evilwebpage.com/page.html) in the text input. Select your favorite user agent. Click on Submit. A captcha code will be required, for security reason. Wait for acquisition service finish and click on download to save the result. Validate Validation informations are stored in the -code.txt file in "Validate Info". Insert the keycode in "CODE" field. Insert the file hash chosing between MD5 or SHA1 in the "HASH FILE" field. Select the file hash type according with the hash type filled in the previous field. Click on Submit. A captcha code will be required, for security reason and wait for server response. Tool :  https://www.hashbot.com/

Microsoft recently patched a Hotmail security flaw that enabled attackers to access a user's e-mails and contacts. "The vulnerability was actively being exploited using emails that contained malicious scripts,  Trend Micro researcher Karl Dominguez  said Monday," writes The Register's Dan Goodin . "Successful attacks required only that a Hotmail user open the malicious email or view it in a preview window." "Trend  first disclosed the bug  on May 13," Goodin writes. "Monday's blog post said Microsoft has since plugged the hole, which resided in CSS, or cascading style sheet functionality, but didn't say when." Go to " Exploited Hotmail bug stole email without warning " to read the details.

9 Pakistani websites hacked By D-f33t Cr3\v/ D-f33t Cr3\v/ an Indian hacker deface 9 websites of Pakistan. The hacked sites listed here :  https://pastebin.com/9Jqnyrkj

Sony Ericsson  Got Hacked by Idahc - Lebanese hacker  ! Again, DAMN ... Whats Going on with Sony ?.. Idahc , A Lebanese hacker hack The database of ca.eshop.sonyericsson.com with a simple sql injection. Two attacks on Sony in one day. Today's Morning  LulzSec Leak Sony's Japanese websites Database  and Now Sony Ericsson's Eshop Database Hacked. Email, Password and names of 1000's of users are exposed via text file on pastebin. The news is provided by Hacker via email that they have extract the whole database and they leak the data online via their Facebook/Twitter Accounts. The Pastebin link is  https://pastebin.com/4YGAWxQZ  .  Now Its 10th Attack on Sony . Well Sony getting Free of cost Auditing by several hackers ,I think sony should be the most secure brand in future because their security holes out, and Now its Sony's Duty to Fix them as soon as possible.  Even Now every hacker is trying to hack various Sony's sites just to get fame, because now

Fedora 15 "Lovelock" released - Download Now ! This is the latest version of the Fedora Linux operating system's Desktop Edition. It's everything you need to try out Fedora — you don't have to erase anything on your current system to try it out, and it won't put your files at risk. Take Fedora for a test drive, and if you like it, you can install Fedora directly to your hard drive straight from the Live Media desktop if you like. Features :  https://fedoraproject.org/wiki/Releases/15/FeatureList FEDORA 15 DESKTOP EDITION Download Now

Impassioned Framework Download - Another Crimeware Available for Free ! Russo is the creator of Impassioned Framework - Browser Exploitation Kit , a subscription-based software vulnerability exploit service. He is 23 year old the young hacker, This toolkits designed to be stitched into a Web site and probe visitor PCs for security holes that can be used to surreptitiously install malicious software. Impassioned Framework Recent Attack : Security weaknesses in the hugely popular file-sharing Web site thepiratebay.org have exposed the user names, e-mail and Internet addresses of more than 4 million Pirate Bay users using this Kit. Browsers Affected : - Chrome - Firefox - Msie 6 - Msie 7 - Msie 8 - Opera - Safari Os Affected : - Windows x - Unix and OS X NON AFFECTED Best exploits currently available: - MS09_002 - MS09_043 - MS Dshow - iepeers.dll - Firefox escape - Firefox CompareTo - Java Calendar - Adobe Reader Lib - Adobe Reader newPlayer - Adobe Fla

LulzSec Leak Sony's Japanese websites Database ! Update : 10th Attack on Sony -->  Sony Ericsson Got Hacked by Idahca (Lebanese hacker Group) LulzSec Hacking team today Release the Sony's Japanese website Database dump via their Twitter Account. This is the 9th Attack on Sony. This attack is also using SQL Injection method. The vulnerable Links are: SQLi #1: https://www.sonymusic.co.jp/bv/cro-magnons/track.php?item=7419 SQLi #2: https://www.sonymusic.co.jp/bv/kadomatsu/item.php?id=30&item=4490 Database Structure Has been Leaked on a text file via Pastebin.com :  https://pastebin.com/NyEFLbyX LulzSec are the guys who cracked the Fox.com login database , including emails and passwords. Then LulzSec Hack & Leak pointless ATM information also. Last attack on Sony was also using SQL injection, Sony BMG Greece Hack . The attack on Sony are Continues , But still Sony's Security Experts are busy in only making PlayStation Live again. Their other si

Delicious.com Getting Problem with SSL Certificate Just now we have notice that Delicious.com  ( https://delicious.com/ ) getting some problem with their SSL Certificate. The Certificate is Valid unto 4/30/2012 as you can see below : But Secure SSL site Link :  https://delicious.com/  is Down and showing Error as shown :

DNA-Stuxnet.in Hacked & Database Leaked By Shadow008 (PakCyberArmy) Sites Hacked : https://dna-stuxnet.in/home/ Mirror : https://zone-h.com/mirror/id/14090295 Database BackUp -   https://www.multiupload.com/180BT14ZGK