The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Microsoft.com.br (Brasil) hacked by TG hacker Microsoft Brasil https://microsoft.com.br/ Got defaced by Hacker named " TG ". Hacker redirect  server address microsoft.com.br  to the page of Microsoft Brazil. Instead of being sent to the developer page of Windows, the Internet user that accesses the address is faced with a message published by hackers as  " Ms Brazil 0wn3d by TG " .  The forwarding service is hosted on an external server.

Oracle website vulnerable to SQL injection vulnerability Oracle database website itself vulnerable to SQL injection attack. The website having a loophole by which any attacker can easily hack into it. The vulnerability is found and submitted by Hacker " m@m@ ". Oracle provides the world's most complete, open, and integrated business software and hardware systems to more than 370,000 customers including 100 of the Fortune 100 that represent a variety of sizes and industries in more than 145 countries around the globe. The combination of Oracle and Sun means that customers can benefit from fully integrated systems the entire stack, from applications to disk that are faster, more reliable, and lower cost. But the website now itself compromised with SQL injection attack. I am providing the link and a screen sort show that you can easily sort out the vulnerability.  Here is the link:  https://labs.oracle.com/dmp/patents.php?uid=mherlihy'%20and%201=0%20union%20sele

Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit edge-case vulnerabilities. Instead, they often use commonly available tools and exploit multiple vulnerability points. By simulating a real-world network attack, security teams can test their detection systems, ensure they have multiple choke points in place, and demonstrate the value of networking security to leadership. In this article, we demonstrate a real-life attack that could easily occur in many systems. The attack simulation was developed based on the MITRE ATT&CK framework, Atomic Red Team,  Cato Networks ' experience in the field, and public threat intel. In the end, we explain why a holistic secur

Iframe Injection & Blind SQL Injection vulnerability on Apple.com exposed by Idahc(lebanese hacker) After Sony hacks, Idahc(lebanese hacker) is back to strike Apple.com . He found two vulnerability on  https://consultants.apple.com/  as listed below. Iframe Injection : Click here Blind SQL INjection: C lick Here Examples of the injections: Example One Example two Two days before Another sub-domain of Apple's database was hacked with SQL injection by Anonymous : Read Here Hacker Expose the Database ,extracted using Blind Sql injection on a pastebin link .  According to Hacker " I am Idahc(lebanese hacker) I found a Blind SQLI and Iframe Injection on AppleI am not one of Anonymous or Lulzsecand I am against The ANTISEC OPERATIONBUt this is a poc with not confidential informationI didn't dump users,emails,passwords........ ".

Stuxnet Source Code Released Online - Download Now Stuxnet is a Microsoft Windows computer worm discovered in July 2010 that targets industrial software and equipment. While it is not the first time that crackers have targeted industrial systems,it is the first discovered malware that spies on and subverts industrial systems,and the first to include a programmable logic controller (PLC) rootkit. Stuxnet is designed to programmatically alter Programmable Logic Controllers (PLCs) used in those facilities. In an ICS environment, the PLCs automate industrial type tasks such as regulating flow rate to maintain pressure and temperature controls. Source Code Download Another Video Presentation on Stuxnet by Hungry Beast .

Apple database hacked with SQL injection by Anonymous Anonymous hackers announce on twitter that Apple can be there next target. They expose one SQL vulnerability on Apple domain with One table "Users" data. Vulnerable Link :   https://abs.apple.com:8080/ssurvey/survey?id= Exposure Link :   https://pastebin.com/tkmZDG9m These all hacks now consider under Operation Antisec by Anonymous and Lulzsec Members.

4 big business sites database backup leaked by Serious BLack  ! One of the Indian hacker "Serious BLack " found the SQL database backup on the 4 big business sites. These SQL dumps are hosted by Site admins on FTP that has been leaked. Sites are:  https://www.assembla.com/   =>  https://pastebin.com/YpdfGsQN https://www.nganhoa.co.cc/hoa.sql https://www.seoguru.co.uk/seogurl.sql https://www.33photo.com/backup.sql

WebSurgery v0.5 - Web app testing tool Released WebSurgery is a suite of tools for security testing of web applications. Itwas designed for security auditors to help them with the web applicationplanning and exploitation. Currently, it uses an efficient, fast and stableWeb Crawler, File/Dir Bruteforcer and Fuzzer for advanced exploitation ofknown and unusual vulnerabilities such as SQL Injections, Cross sitescripting (XSS), brute-force for login forms, identification offirewall-filtered rules etc. Download Setup Download Portable Documentation