The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Sky News Twitter account Hacked Hackers yesterday accessed the Twitter account for Sky News business desk and posted a tweet claiming that James Murdoch had been arrested by London police. It has also lately been used by hacker groups to simply raise their profile and make the public aware of their existence. Soon re-twitted by many followers, the fake news created quite a stir.The false tweet was erased within minutes, but not before other Twitter users had shared it across the network. Sky News is likely to find out soon whether the hack was executed by an insider - possibly as a joke - or by hackers.

Uniscan 5.2 is released -  vulnerability scanner Uniscan is a open source vulnerability scanner for Web applications. Uniscan 2.0 is a perl vulnerability scanner for RFI, LFI, RCE, XSS and SQL-injection. features: Identification of system pages through a Web Crawler. Use of threads in the crawler. Control the maximum number of requests the crawler. Control of variation of system pages identified by Web Crawler. Control of file extensions that are ignored. Test of pages found via the GET method. Test the forms found via the POST method. Support for SSL requests (HTTPS). Proxy support. Generate site list using Google. Generate site list using Bing. Plug-in support for Crawler. Plug-in support for dynamic tests. Plug-in support for static tests. Plug-in support for stress tests. DOWNLOAD UNISCAN 5.2 Tutorials to create your plug-ins: https://www.uniscan.com.br/tutorial1.php https://www.uniscan.com.br/tutorial2.php https://www.uniscan.com.br/tutorial3.php

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

Duqu computer virus Detected by Iran civil defense organization The virus is called W32.Duqu, or just Duqu create fear after the opening Pandora's Box of Stuxnet. The head of Iran's civil defense organization told the official IRNA news agency that computers at all main sites at risk were being checked and that Iran had developed software to combat the virus. First, Duqu is not deigned to harm industrial automation. The software basically attacks windows systems. Instead of sabotaging industrial control, Duqu has been general remote access capabilities. Duqu has a key logger and can save passwords etc.. The malware uses HTTP and HTTPS to communicate to a command and control (C&C) server at 206.183.111.97, which is hosted in India, the IP is inactive as of October 18th. Duqu infiltrates systems directly it is not a worm like Stuxnet and needs to be placed directly, e.g. through infected mails.Duqu also the certificate of C-Media Electronics Incorporation, a Taiwanese audio ch

SAHER HoneyNet : A Tunisian Honeynet Project A honeynet is a network set up with intentional vulnerabilities; its purpose is to invite attack, so that an attacker's activities and methods can be studied and that information used to increase network security. A honeynet contains one or more honey pots, which are computer systems on the Internet expressly set up to attract and "trap" people who attempt to penetrate other people's computer systems. Although the primary purpose of a honeynet is to gather information about attackers' methods and motives, the decoy network can benefit its operator in other ways, for example by diverting attackers from a real network and its resources. The Tunisian honeynet project " Saher-HoneyNet " is an initiative launched by the Tunisian CERT, in order to mitigate threats related to malicious traffic in order to improve the national cyberspace security by ensuring preventive and response measures to deal with malware infections.

Bizztrust : The Most Secure Android Phone With companies these days justifiably concerned about the security of the mobile devices provided to their workforce, many workers find themselves carrying around two mobile phones - one for personal use and another for business. Sure, mobile phones aren't the huge pocket-stretching devices they once were but for the sake of convenience, one is most definitely better than two. A new German project makes Android phones significantly more secure for business communications--this could change the way people use smartphones, entirely.The Germans are an efficient lot, and when it comes the quality of their automobiles, well Mercedes Benz, BMW and Audi says it all, don't they? The Swedish are also in with a shout for the safest car in the market, but when it comes to having the world's most secure Android-powered phone, the Germans have it down pat after discovering a method to develop super-secure virtual "work phones" on Android-powered devi

PwnieExpress : Pentesting suite for the Nokia N900 PwnieExpress providing one of the best Pentesting suite for the Nokia N900 .It  Includes Aircrack, Metasploit, Kismet, GrimWEPa, SET, Fasttrack, Ettercap, nmap, and more, Custom pentesting screen with shortcuts to macchanger, injection on/off, etc. Built-in wireless card supports packet injection, monitor mode, and promiscuous mode also available : Try It

Operation Brotherhood Shutdown  : Multiple Sites taken down by Anonymous Hackers Anonymous Hackers take down the The Muslim Brotherhood websites. The hacking group had made an announcement Tuesday in which they threatened to launch "Operation Brotherhood Takedown," on all Brotherhood sites at 8pm on Friday, 11 November. According to a video released by them on youtube as shown above. They claim to taken down following sites: As of 2:24 PM EST, ikhwanonline.com IS DOWN. As of 2:26 PM EST, ikhwanweb.com IS DOWN. The Brotherhood claimed in a statement released on Saturday morning that the attacks were coming from Germany, France, Slovakia and San Francisco in the US, with 2000-6000 hits per second. The hackers later escalated their attack on the site to 380 thousand hits per second.Under the overload, four of the group's websites were forced down temporarily.Anonymous is made up of a group of unidentified hackers who have previously attacked Israeli, Russian and NATO sites. &quo

Android facial recognition based unlocking can be fooled with photo Another Android Feature Exploited, Funny that Android facial recognition based unlocking can be fooled with photo . Check out the video below, courtesy of Malaysia's SoyaCincau : He said " While some of you think that it is a trick and I had set the Galaxy Nexus up to recognise the picture, I assure you that the device was set up to recognise my face. I have a few people there watching me do the video and if any one of them is watching this video I hope you can confirm that this test is 100% legit .".

#Anonymous : Now is the Time to evolve or Die Anonymous was formed and birthed on the internet message board 4chan in 2003. The moniker Anonymous was derived as homage to 4chan. At the time, if someone posted to 4chan's forums and no name was given then the post was credited to "Anonymous". Seizing onto the premise or the idea that actions can be taken anonymously by the lesser or powerless "Anonymous" moved beyond 4Chan and morphed into sometime larger and more potent. The original premise of "Anonymous" appeared to be a limited but noble idea; attempting to keep the internet open and free because governments and corporations were earnestly trying and demanding limits and restrictions to the freedom of expression on the internet. To date "Anonymous" has remained a banner that many channers, as well as hacktivists and IRC users, post under and are loosely grouped together. Allied under the umbrella of "Anonymous" with no real command structure in the group, "Anonymous" rem

Bangladesh Supreme Court website hacked The official website of the Supreme Court was hacked yesterday.Information technology experts of the court, however, recovered it around 8:00pm. According to the message posted on the site, the hackers identified themselves as " Bangladeshi UnderGround Hacker 3xp1r3 Cyber Army ".They, however, claimed that all the data is safe and not being tampered with or deleted." Some other hackers are trying to hack Bangladeshi sites!! And delete all the data !! (sic), " they warn. Head of IT department of the apex court Quddus Zaman confirmed the restoration of the site, www.supremecourt.gov.bd. Earlier, Supreme Court registrar A K M Shamsul Islam told , " A person from Singapore called me up in the morning and said the website of the Supreme Court has been hacked. Several others also phoned me later and complained about it ."

Burp Suite Pro v1.4.03 released - CSRF generator, SSL strip Added There is a new CSRF generator, which produces proof-of-concept HTML for generating virtually any HTTP request. You can access this feature by right-clicking any item within Burp, and using the engagement tools context menu to select "generate CSRF PoC". Some useful features are: Support for all form encoding types: standard URL encoding, multipart encoding, and plain text encoding. Auto-detection of the optimal encoding type, with manual override. Ability to edit both the request and response in-place, to fine tune attacks. In-browser testing, by pasting a URL into your browser that will cause Burp Proxy to serve up the CSRF PoC in its response. Download/Buy from here

Possible Credit Card Theft in Steam Website Hacking Valve CEO Gabe Newell has contacted all users of the Steam game distribution platform to let them know that the company has suffered a security breach. Right before going offline, users saw a new category in the forum that directed them to open a site named "Fkn0wned." Many users also complained that their email ids related to Steam accounts were "spammed with ads for the web site. Valve recommends all users to keep closely watched the activity of their credit cards because the hackers had access to that information during the attack. Forums Steam are closed for the moment, but the program itself is running. " We have no evidence that the numbers encrypted credit card or personal identifying information was taken by intruders, or the protection of card numbers or passwords have been cracked . We are still investigating , "Newell wrote. " At the moment we have no evidence of misuse of credit cards b