#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

New Approach to automatically detecting bugs and vulnerabilities in Linux

New Approach to automatically detecting bugs and vulnerabilities in Linux

Nov 23, 2011
New Approach to automatically detecting bugs and vulnerabilities in Linux Australian researcher Silvio Cesare , PhD student at Deakin University has released a tool capable of automatically detecting bugs and vulnerabilities in embedded Linux libraries. Developers may "embed" or "clone" code from 3rd party projects. This can be either statically link against external library or maintaining an internal copy of a library's source or fork a copy of a library's source. The Approach of this tools is that if a source package has the other package's filenames as a subset, it is embedded, Packages that share files are related. A graph of relationships has related packages as cliques. Graph Theory is used to perform the analysis. Linux vendors have previously used laborious manual techniques to find holes in libraries. Debian alone manually tracks some 420 embedded packages, Cesare said at Ruxcon 2011. Silvio's tool also automates identifying if embedded packages have outstanding vulne
Web App Pentesting - PenTest Magazine

Web App Pentesting - PenTest Magazine

Nov 23, 2011
Web App Pentesting - Pentest Magazine The significance of HTTP and the Web for Advanced Persistent Threats Web Application Security and Penetration Testing Developers are form Wenus, Application Security guys from Mars Pulling legs of Arachni XSS BeeF Metaspolit Exploitation Cross-site request forgery. In-depth analysis First the Security Gate, then the Airplane Download Magazine Here
Pentera's 2024 Report Reveals Hundreds of Security Events per Week

Pentera's 2024 Report Reveals Hundreds of Security Events per Week

Apr 22, 2024Red Team / Pentesting
Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac
WAFP : Web Application Finger Printer Tool

WAFP : Web Application Finger Printer Tool

Nov 22, 2011
WAFP : Web Application Finger Printer Tool WAFP is a Web Application Finger Printer written in ruby using a SQLite3 DB. WAFP fetches the files given by the Finger Prints from a webserver andchecks if the checksums of those files are matching to the given checksums from theFinger Prints. This way it is able to detect the detailed version andeven the build number of a Web Application. Sample Scan Result:    wafp.rb --verbose -p phpmyadmin https://phpmyadmin.example.de    VERBOSE: loading the fingerprint database to the ram...    Collecting the files we need to fetch ...    Fetching needed files (#432), calculating checksums and storing the results to the database:    ............................................................................................    VERBOSE: request for "/themes/darkblue_orange/img/b_info.png" produced "Connection refused - connect(2)" for 1 times - retrying...    ................................................................
cyber security

SaaS Security Buyers Guide

websiteAppOmniSaaS Security / Threat Detection
This guide captures the definitive criteria for choosing the right SaaS Security Posture Management (SSPM) vendor.
Cotton Candy USB with Dual-Core Computer can turns Any Screen Into an Android Station

Cotton Candy USB with Dual-Core Computer can turns Any Screen Into an Android Station

Nov 21, 2011
Cotton Candy USB with Dual-Core Computer can turns Any Screen Into an Android Station Norwegian company FXI Technologies has been showing a USB stick-sized portable computer prototype, featuring with a dual-core 1.2-GHz CPU, 802.11n Wi-Fi, Bluetooth, HDMI-out and a microSD card slot for memory. Codenamed Cotton Candy because its 21 gram weight is the same as a bag of the confection, the tiny PC enables what its inventor calls "Any Screen Computing," the ability to turn any TV, laptop, phone, tablet, or set-top box into a dumb terminal for its Android operating system. The Cotton Candy has a USB 2.0 connector on one end and an HDMI jack on the other. When connected to an HDTV, it uses the HDMI port for video, the USB for power, and Bluetooth to connect to a keyboard, mouse, or tablet for controlling the operating system. The device can output up to 1080p so even a full HD screen can display the Candy's preloaded Android 2.3 operating system at its native resolution. The dual core CP
Is it hard to crack full Disk Encryption For Law Enforcement ?

Is it hard to crack full Disk Encryption For Law Enforcement ?

Nov 21, 2011
Is it hard to crack full Disk Encryption For Law Enforcement ? If you'd rather keep your data private, take heart: disk encryption is a lot harder to break than techno-thriller movies and TV shows make it out to be, to the chagrin of some branches of law enforcement. MrSeb writes with word of a paper titled " The growing impact of full disk encryption on digital forensics " that illustrates just how difficult it is. According to the paper, co-authored by a member of US-CERT. Abstract of Paper is available here , and Short Info written below: The increasing use of full disk encryption (FDE) can significantly hamper digital investigations, potentially preventing access to all digital evidence in a case. The practice of shutting down an evidential computer is not an acceptable technique when dealing with FDE or even volume encryption because it may result in all data on the device being rendered inaccessible for forensic examination. To address this challenge, there is
PHP Vulnerability Hunter v.1.1.4.6 - Automated fuzz testing tool

PHP Vulnerability Hunter v.1.1.4.6 - Automated fuzz testing tool

Nov 21, 2011
PHP Vulnerability Hunter v.1.1.4.6 - Automated fuzz testing tool This is the application that detected almost all of the web application vulnerabilities listed on the advisories page. PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool capable of triggering a wide range of exploitable faults in PHP web applications. Minimal configuration is necessary to begin a scan; PHP Vulnerability Hunter doesn't even need a user specified starting URI. At the core of the PHP Vulnerability Hunter scan algorithm is dynamic program analysis. Unlike many vulnerability scanners and fuzz tools that rely on static analysis, PHP Vulnerability Hunter analyzes the program as it's running to get a clear view of all input vectors. That means better code coverage and as a result greater confidence in code security. ChangeLog: Added code coverage report Updated GUI validation Several instrumentation fixes Fixed lingering connection issue Fixed GUI and report viewer crashes related
Cybersecurity Resources