The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

OWASP Zed Attack Proxy (ZAP) v.1.3.2 Released The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox. Some of ZAP's features: Intercepting Proxy Automated scanner Passive scanner Brute Force scanner Spider Fuzzer Port scanner Dynamic SSL certificates API Beanshell integration Download and Details

Israeli Prime Minister Netanyahu 's Website Defaced by Egyptian Hacker An Egyptian hacker managed on Sunday to hack into the website of Israeli Prime Minister, Benjamin Netanyahu, and placed a picture of Egyptian soldiers raising the Egyptian flag in Sinai during the October, 6, 1973, on the sites' homepage. The hacker who managed to penetrate the webpage of Netanyahu wrote " Anti Zionism "; the site was then gradually taken offline. The hack is seen as a symbolic message to Netanyahu regarding the ongoing Israeli military escalation, and illegal occupation of Palestine and Arab territory. The hacker also wrote " Egypt is the greatest civilization, established more than 7000 years ago, but the terrorist state of Israel stole the Palestinian lands, and killed children ". The hacker said, " Do you know that Israel was established on paper in 1948! Before Egypt installed its railways, do you know that you, and your state, are nothing, nothing, nothing ", and added, " I know you will

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Phone Hacker Forced to Disclose name, Who Told Him to Hack ! Court tells private investigator he must identify 'News of the World' executives who asked him to intercept voicemails. A private detective jailed for illegally intercepting voice-mail messages on behalf of a journalist at one of Rupert Murdoch's British newspapers has been ordered to reveal who asked him to carry out the phone hacking. Coogan's lawyers believe that the release of the names will demonstrate that there was widespread knowledge and authorisation of phone hacking among the defunct Sunday newspaper's senior figures. John Kelly of law firm Schillings told that Mulcaire, who is suing News International himself after it stopped paying his legal fees, would have to answer their questions in a formal document to be filed at the court before September. " He will now have to identify exactly who at the News of the World asked him to access the mobile phones of the named individuals and who

JonDoFox 2.5.3 - Browser Optimized for anonymous and secure web surfing The JonDoFox research team has uncovered a new attack on web browsers: Affected are the web browsers Firefox, Chrome and Safari. By a hidden call over of a URL with HTTP authentication data, third party sites could track a user over several web sites, even if the user blocks all cookies and other tracking procedures. JonDoFox now contains an integrated protection against this attack. Third party sites may now no longer receive HTTP authentication data from the browser. Moreover, the protection against cache and referer tracking has been enhanced. Furthermore, some detail enhancements were added, and JonDoFox is now fully compatible with the new Firefox 6. Users may therefore easily update to the new browser version. JonDoFox is both a profile and an extension for the popular Mozilla Firefox web browser. It protects the user's privacy while surfing the web by removing identifying information from the browser.

DarkComet-RAT v4.0 Fix1 Released - Fully Cryptable DarkComet-RAT v4.0 Change log - DarkComet-RAT is now compiled on Delphi XE instead of Delphi 2010. - Synthax highlighter added in remote keylogger. - Multithreading is now more efficient, no more freezing, using a new powerfull and stable methode (still using pure Win32 API both side for it) - Get hard drive information added in file manager - Bot logs in main form had change, it is more efficient / fast and user friendly - Whole system parser is now far stable and faster - No-IP was moded and is now better ;) - All global settings were redisigned in a new form that will contain all necessary stuff for Client side - Flags manager has been ported to the main client settings form - Now you can change the default size Width and Height of the users thumbnails - No more menu in the top of the SIN (Main Window - Users list...) so it is more clear - The [+] button is one of the way to add a new port to listen else go to Socket/

Danish Government database of 1,000,000 companies private info leaked by #Antisec Anonymous Hackers upload a file on Torrent contain of the snapshot the the Danish Government database of companies. The contents of the database is currently browsable on the cvr.dk website, but the database is not available in bulk unless you purchase a license. The snapshot was obtained during the summer of 2011 by systematically harvesting data from the public parts of the cvr.dk website. The Leak Include : CVRfull.zip : Archive containing xml files with company information, including html from cvr.dk CVRCompact: As above, but without html cvr: CVR-number (8-digit unique id, last digit is a checksum) corporationtype: Integer denoting type of company incorporated: Date of registration dissolved: Date of dissolution, if dissolved industry: Code of the company main areas of business documentcontent: Html of company page from cvr.dk (minus header and footer) The other fields are nam

350,000 Epson Korea customers data breached Epson Korea Co., Ltd. said that hackers had breached the personal data of its 350,000 registered customers last week. An official at the South Korean affiliate of Seiko Epson Corp. said the company has reported the case to the communications regulator. It said personal information, including phone numbers, email addresses, names and coded data of customers registered on its website had been compromised. " We are still investigating the case and tracking down the attackers, " said the official, who declined to be named. Late last month, hackers who the state-run Korea Communications Commission alleged were from China attacked the Nate Internet portal and the Cyworld blogging site, both run by SK Comms, accessing the personal information of up to 35 million users in the country's biggest cyber attack so far.

Nepal Telecommunications Authority Hacked by w3bd3f4c3r Hacker with name "w3bd3f4c3r" or "T34mT!g3R" today hack into the Nepal Telecommunications Authority website using SQL injection Vulnerability. The Vulnerability Information and screenshot is posted by hacker on pastebin : The Leaked info include the various database and tables of Nepal Telecommunications Authority website and Administrator password in Hashes as shown below:

Skype zero day HTML/(Javascript) code injection Noptri Public Security Advisory has publised a working skype zero day vulnerability with POC for skype. Skype users need be aware of this vulnerability. Affected Software: Software: Skype <= 5.5.0.113 Affected Platforms: Windows (XP, Vista, 7) Problem Description: Skype suffers from a persistent code injection vulnerability due to a lack of input validation and output sanitization of following profile entries:     [+] home     [+] office     [+] mobile Proof of Concept: The following HTML codes can be used to trigger the described vulnerability: --- SNIP ---     [+] Home Phone Number:     <b>INJECTION HERE</b>     [+] Office Phone Number:     <center><i>INJECTION HERE</i></center>     [+] Mobile Phone Number:     <a href="#">INJECTION HERE</a> Impact: An attacker could for example inject HTML/Javascript code. It has not been verified though, if it's po

Libya Registry & Telecom websites hacked by Electr0n A Hacker with codename " Electr0n " has deface the two Important websites of Libya. One is Domain Registry website and Other one is Telecom Website . Both sites had same deface page as shown above. You can check cache link here . Its not confirm that  Electr0n is in support of Anonymous or not, But According to Defacement page, the hack is performed for some other reason, rather than operation Libya by Anonymous.