The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

50000 WordPress Sites infected with spam The attack consists of contacting the domain wplinksforwork.com to get a list of links to be displayed on the compromised sites. However, that domain has been down for the last few days and all the sites compromised. These sites supposed to be compromised. Most of the hacked sites had outdated versions of WordPress installed. Infected sites have following message at Footer : Warning: file_get_contents(https://wplinksforwork.com/56132.. 47509328/p.php?host=… failed to open stream: php_network_getaddresses: getaddrinfo failed: Name or service not known in ..

Kazakhstan calls for global cyber security treaty to deter hackers at United Nations Today's security professionals - whether they are black hats, white hats or something in between - all have one thing in common: The knowledge of their craft probably did not come from a book or a classroom. Today's security skills - both good and bad - we learn online, in the unstructured jungle of the Internet. President Nursultan Nazarbayev told the debate's opening session – held at United Nations Headquarters in New York – that it was worrying that "not a single international convention or multilateral treaty governs information processes. " Is it not the reason why, in practical terms, most hacker attacks on banks, businesses, government institutions, [the] military and even nuclear facilities have been carried out with impunity? " he asked. Mr. Nazarbayev stressed the need for what he called " an international legal framework of the global information space ." He said such a le

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

More Android vulnerabilities exposed [Video Demonstration] It's been more than a month since researchers reported two serious security vulnerabilities in Android, but so far there's no indication when they will be purged from the Google-spawned operating system that's the world's most popular smartphone platform. Oberheide and Lanier are set to teach a two-day mobile security training course at SOURCE Barcelona this November where they will presumably refer to this and other Android vulnerabilities. Let's hope, for the sake of Android's reputation, that these things are resolved much sooner. The first vulnerability is known as a " Permission escalation vulnerability ", and allows attackers to install additional " arbitrary applications with arbitrary permissions ", without first asking the user if they want to permit such actions. This would allow attackers to access call records, texts, web browsing history and media stored on the device. The second bug

Visual DuxDebugger Debugger - Disassembler for Windows 64-bit Main features Fully support 64-bit native processes Fully support 64-bit .NET processes Full code analysis Full memory analysis Code edition Memory edition Module export formats (EXE/DLL/CSV) Debug multiple processes Debug multiple child processes Minimum Requirements O.S: Windows 7 64-bit / Windows Server 2008 R2 Processor: Pentium 4 3.0 GHz Recommended Requirements O.S: Windows 7 64-bit / Windows Server 2008 R2 Processor: Dual Core 2.5 GHz Display: 1920 x 1080 Download

Vulnerability in its Identity Services Engine of Cisco Cisco is warning users of a critical vulnerability ( CVE-2011-3290 ) in its Identity Services Engine (ISE). In its security advisory, the company says that the underlying database used by ISE, its identity and access control policy platform, contains three sets of default credentials that could be exploited by a remote attacker without any end-user interaction. Using these credentials, an attacker could modify the configuration and settings, or even gain complete administrative control of a device. All hardware appliance and software-only versions of Cisco ISE prior to 1.0.4.MR2 are affected.The company says that it will release a free update to the software to address the vulnerability on 30 September 2011; no temporary workaround is available. Once released, the updates will be available to download from the Cisco Software Center. [ Source ]