The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Invitation for DEF-CON Chennai (DC602028) Meet We like to invite all the  Like Minded People , who are interested in Cyber Security to attend the meet. We are DEF-CON registered Group.  Our Group ID is DC602028 [ Tickets for the Meet] We have very limited tickets for the DEF-CON Chennai(DC602028) Meet. For General Public 700 INR  For Students 500 INR To book the ticket mail to  dc602028@gmail.com [ Time of the Meet ] On 11th September 2011 From 2:30 PM to 7PM [ Venue of the Meet ] The Venue is going to be at Le Waterina Hotel, a 4 Star Resort. Le Waterina – The Boutique Hotel No 35 Kaveri Nagar (near Bella Ciao) Waterland Drive,Thiruvanmiyur Kottivakkam Beach.Chennai 600041.

Kernel.org Server Rooted and 448 users credentials compromised The main kernel.org page is currently carrying a notice that the site has suffered a security breach. " Earlier this month, a number of servers in the kernel.org infrastructure were compromised. We discovered this August 28th. While we currently believe that the source code repositories were unaffected, we are in the process of verifying this and taking steps to enhance security across the kernel.org infrastructure. " As the update mentions, there's little to be gained by tampering with the git repositories there anyway. The infection occurred no later than August 12 and wasn't detected for another 17 days. The systems were infected by an off-the-shelf, a self-injecting rootkit known as Phalanx that has attacked sensitive Linux systems before. What happened? Intruders gained root access on the server Hera. We believe they may have gained this access via a compromised user credential; how they man

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

WikiLeaks.org under Cyber Attack after releasing U.S. diplomatic cables The WikiLeaks website, which contains thousands of U.S. embassy cables, has crashed in an apparent cyberattack. The anti-secrecy organization said in a Twitter message Tuesday that Wikileaks.org "is presently under attack." Wikileaks.org today released 250,000 U.S. diplomatic cables that have apparently caused grave concern in Western governments. The documents have already revealed that the U.S. has been spying on the United Nations Secretary General. State Department spokeswoman Victoria Nuland would not confirm the authenticity of the latest documents, but said " the United States strongly condemns any illegal disclosure of classified information. "

Bangladesh Police website hacked by RetnOHacK Anonymous Albanian Hacker Some Anonymous Hacker " RetnOHacK " from Albanian claim to hack Bangladesh Police website as shown in Screenshot. Hacker claim to hack this just for Fun and using Sql Injection Vulnerability on website.

Google+ Hacker  Florian Rohrweck Hired By Google for Security Austrian blogger/developer Florian Rohrweck, who discovered unreleased Google+ features by exploring the source code, was hired by Google. Rohrweck's main claim to fame was a period of snooping on the code behind Google's various web apps, during which time he uncovered pre-launch evidence of things like Google+ Games, telling the world of the impending release and somewhat taking the wind of of Google's sails. On his blog Rohrweck now has posted that he " has gone Google ": "Or at least I will be have gone soon. Or something like that  I will post new articles again. Not so much about leaks but more about the dark arts of mastering Google products and APIs. Or something else. Time will tell! Thanks to all of you, who supported me on my way and made my work so much fun and enjoyable! You guys are awesome! Rock on!" Few Days ago a big tech company " Apple " has plucked an outsider notorious i

Qubes OS  : An Operating System Designed For Security Qubes is an open source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers. In the future it might also run Windows apps. Key architecture features: Based on a secure bare-metal hypervisor (Xen) Networking code sand-boxed in an unprivileged VM (using IOMMU/VT-d) No networking code in the privileged domain (dom0) All user applications run in "AppVMs", lightweight VMs based on Linux Centralized updates of all AppVMs based on the same template Qubes GUI virtualization presents applications like if they were running locally Qubes GUI provides isolation between apps sharing the same desktop Storage drivers and backends sand-boxed in an unprivileged virtual machine(*) Secure system boot based on Intel TXT(*) Download Qubes Os

AnDOSid the DOS tool for Android A new product released by SCOTT HERBERT  for Android mobile phones,Its  AnDOSid  - the DOS tool for Android Phones. The rise of groups like Anonymous and LuzSec, as well as constant India / Pakistan cyberwar has raised the issue of cyber-security high(er) in the minds of web owners. Pentesting tools exist to simulate such attacks and help website security people defend against them, however for the most part they currently only exist for desktop computers. Mobile phones have, over the last few years, grown from simple devices that send and receive calls to mobile computing platforms which can be purchased for less than $100 a device. AnDOSid fills that gap, allowing security professionals to simulate a DOS attack (An http post flood attack to be exact) and of course a dDOS on a web server, from mobile phones.  AnDOSid is actively being developed and I welcome feedback from the security community as to how you would like the application to evolv

XCode SQLi/LFI/XSS and Webshell Scanning tool XCode Exploit – Vulnurable & webshell Scanner help you to gather the dorks Link from Google. then you may check the results if its Vulnurable to exploit with SQL injection commands, LFI,and XSS. And You may hunt the webshells those uploaded. Download Here [ Source ]

Iranian Man-in-the-Middle Attack Against Google certificate Recently discovered attempts of an SSL man-in-the-middle attack against Google users - spotted by a number of Iranian Internet users - have revealed that Dutch Certificate Authority DigiNotar has issued an SSL certificate for all *.google.com domains. What's worse than discovering that someone has launched a man-in-the-middle attack against Iranian Google users, silently intercepting everything from email to search results and possibly putting Iranian activists in danger? Discovering that this attack has been active for two months. " This is a wildcard for any of the Google domains ," said Roel Schouwenberg, senior malware researcher with Kaspersky Lab, in an email interview Monday. " [Attackers] could poison DNS, present their site with the fake cert and bingo, they have the user's credentials ," said Andrew Storms, director of security operations at nCircle Security. As the problems with the

South Korean domain registrar Gabia hacked,100000 domains and 350000 users data exposed ! Gabia a South Korean domain registrar was hacked on Saturday, affecting the online connection with 100,000 registered domains, according to a report Monday by the Korea Herald. This hack exposing over 100,000 domains and 350,000 users data. The information included names, user IDS, passwords and registration numbers.The website of HSBC Korea was also hacked, paralysing it for over an hour leaving customers unable to access their online banking. There have been 6,000 hacking incidents reported to the state-run Korea Internet Security Agency this year, according to the report. The hacker, known as ' TG ' defaced pages with their Twitter account and picture. It is thought in some cases, data may have been stolen and widespread disruption to services caused. South Korea has suffered many hacks as of late with many concerned at the security of one of the world's most Internet-connected country.

XSS Vulnerability in MSN.com XSS Vulnerability (Cross Site Scripting) in MSN discovered by TeamDX  . Vulnerable Link  is also shown in image.  Last week One of the Security Researcher "Juan Sacco (runlvl)" - Insecurity Research Labs expose the Cross Site vulnerability (XSS) in Bing.com Search Engine.

A Security expert at Italian security firm AIR Sicurezza Informatica has claimed that Google's servers vulnerability allows a hacker to exploit the search giant's bandwidth to launch a distributed denial-of-service (DDoS) attack on any targeted server. On the IHTeam Security Blog , the author of the discovery demonstrates users can make Google's servers act as a proxy to fetch content on their behalf.  Quatrini has written a shell script that will repeatedly prompt Google's servers to make requests to a site of the attacker's choice, effectively using Google's bandwidth rather than their own, in an effort to prevent it from functioning. The advantage of using Google and make requests through their servers, is to be even more anonymous when you attack some site ( TOR+This method ) and the funny thing is that apache will log Google IP addresses. But beware: gadgets/proxy? will send your ip in apache log, if you want to attack, you'll need