The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Intercepter-NG New Sniffing Tool [Intercepter-NG] offers the following features: + Sniffing passwords\hashes of the types: ICQ\IRC\AIM\FTP\IMAP\POP3\SMTP\LDAP\BNC\SOCKS\HTTP\WWW\NNTP\CVS\TELNET\MRA\DC++\VNC\MYSQL\ORACLE + Sniffing chat messages of ICQ\AIM\JABBER\YAHOO\MSN\IRC\MRA + Promiscuous-mode\ARP\DHCP\Gateway\Smart Scanning + Raw mode (with pcap filter) + eXtreme mode + Capturing packets and post-capture (offline) analyzing + Remote traffic capturing via RPCAP daemon + NAT + ARP MiTM + DNS over ICMP MiTM + DHCP MiTM + SSL MiTM + SSL Strip Works on Windows NT(2K\XP\2k3\Vista\7). Download Intercepter-NG 0.9

Sudan Airways mailbox database leaked Sudan Airways mailbox database Hacked By Sudan Cyber Army - SD. Alsa7r and Leaked on Pastebin . The Targeted domains are  sudanair.com  & omyalphaserver.com . This Include more than 100's of Usernames, Emails, Passwords. Sudan Cyber Army in past hack lots of Sudan Government Sites.

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

SecurityTube Metasploit Framework Expert Certification Launched ! Not so long ago, we had posted the launch of the SecurityTube Wi-Fi Security Expert (SWSE) program. The certification has been a success and it has students from over 25+ countries from around the world. The SecurityTube Metasploit Framework Expert (SMFE) is an online certification on the Metasploit Framework. This course is ideal for penetration testers, security enthusiasts and network administrators. The course leading to the certification exam is entirely practical and hands-on in nature. The final certification exam is fully practical as well and tests the student's ability to think out of the box and is based on the application of knowledge in practical real life scenarios. A brief list of topics to be covered in this course includes: Metasploit Basics and Framework Organization Server and Client Side Exploitation Meterpreter - Extensions and Scripting Database Integration and Automated Exploitation Pos

Joomscan Security Scanner - Detect more than 550 Joomla vulnerabilities Joomscan Security Scanner updated recently with new database have 550 vulnerabilities. Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla web site. Last update for this tool was in August, 2009 with 466 vulnerabilities. How to Use Joomscan, read here . In joomscan you can check for new updates with command: ./joomscan.pl check or ./joomscan.pl update . Download for Windows (141 KB) Download for Linux (150 KB ) More Info

New Approach to automatically detecting bugs and vulnerabilities in Linux Australian researcher Silvio Cesare , PhD student at Deakin University has released a tool capable of automatically detecting bugs and vulnerabilities in embedded Linux libraries. Developers may "embed" or "clone" code from 3rd party projects. This can be either statically link against external library or maintaining an internal copy of a library's source or fork a copy of a library's source. The Approach of this tools is that if a source package has the other package's filenames as a subset, it is embedded, Packages that share files are related. A graph of relationships has related packages as cliques. Graph Theory is used to perform the analysis. Linux vendors have previously used laborious manual techniques to find holes in libraries. Debian alone manually tracks some 420 embedded packages, Cesare said at Ruxcon 2011. Silvio's tool also automates identifying if embedded packages have outstanding vulne

Web App Pentesting - Pentest Magazine The significance of HTTP and the Web for Advanced Persistent Threats Web Application Security and Penetration Testing Developers are form Wenus, Application Security guys from Mars Pulling legs of Arachni XSS BeeF Metaspolit Exploitation Cross-site request forgery. In-depth analysis First the Security Gate, then the Airplane Download Magazine Here

WAFP : Web Application Finger Printer Tool WAFP is a Web Application Finger Printer written in ruby using a SQLite3 DB. WAFP fetches the files given by the Finger Prints from a webserver andchecks if the checksums of those files are matching to the given checksums from theFinger Prints. This way it is able to detect the detailed version andeven the build number of a Web Application. Sample Scan Result:    wafp.rb --verbose -p phpmyadmin https://phpmyadmin.example.de    VERBOSE: loading the fingerprint database to the ram...    Collecting the files we need to fetch ...    Fetching needed files (#432), calculating checksums and storing the results to the database:    ............................................................................................    VERBOSE: request for "/themes/darkblue_orange/img/b_info.png" produced "Connection refused - connect(2)" for 1 times - retrying...    ................................................................

Cotton Candy USB with Dual-Core Computer can turns Any Screen Into an Android Station Norwegian company FXI Technologies has been showing a USB stick-sized portable computer prototype, featuring with a dual-core 1.2-GHz CPU, 802.11n Wi-Fi, Bluetooth, HDMI-out and a microSD card slot for memory. Codenamed Cotton Candy because its 21 gram weight is the same as a bag of the confection, the tiny PC enables what its inventor calls "Any Screen Computing," the ability to turn any TV, laptop, phone, tablet, or set-top box into a dumb terminal for its Android operating system. The Cotton Candy has a USB 2.0 connector on one end and an HDMI jack on the other. When connected to an HDTV, it uses the HDMI port for video, the USB for power, and Bluetooth to connect to a keyboard, mouse, or tablet for controlling the operating system. The device can output up to 1080p so even a full HD screen can display the Candy's preloaded Android 2.3 operating system at its native resolution. The dual core CP

Is it hard to crack full Disk Encryption For Law Enforcement ? If you'd rather keep your data private, take heart: disk encryption is a lot harder to break than techno-thriller movies and TV shows make it out to be, to the chagrin of some branches of law enforcement. MrSeb writes with word of a paper titled " The growing impact of full disk encryption on digital forensics " that illustrates just how difficult it is. According to the paper, co-authored by a member of US-CERT. Abstract of Paper is available here , and Short Info written below: The increasing use of full disk encryption (FDE) can significantly hamper digital investigations, potentially preventing access to all digital evidence in a case. The practice of shutting down an evidential computer is not an acceptable technique when dealing with FDE or even volume encryption because it may result in all data on the device being rendered inaccessible for forensic examination. To address this challenge, there is

PHP Vulnerability Hunter v.1.1.4.6 - Automated fuzz testing tool This is the application that detected almost all of the web application vulnerabilities listed on the advisories page. PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool capable of triggering a wide range of exploitable faults in PHP web applications. Minimal configuration is necessary to begin a scan; PHP Vulnerability Hunter doesn't even need a user specified starting URI. At the core of the PHP Vulnerability Hunter scan algorithm is dynamic program analysis. Unlike many vulnerability scanners and fuzz tools that rely on static analysis, PHP Vulnerability Hunter analyzes the program as it's running to get a clear view of all input vectors. That means better code coverage and as a result greater confidence in code security. ChangeLog: Added code coverage report Updated GUI validation Several instrumentation fixes Fixed lingering connection issue Fixed GUI and report viewer crashes related