The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

ColdFusion Zero day vulnerability : Remote File Disclosure of Password Hashes Yesterday  Blackhatacademy Released Fully automated MySQL5 boolean based enumeration tool . Today Another post expose the most critical ColdFusion vulnerability affects about a tenth of all ColdFusion servers at the present. It chains together multiple exploits, and it provides a 30 second window into the Administrator panel. The ColdFusion Administrator panel can then be used to write out a shell. ColdFusion Markup Language is an interpreted language utilizing a Java backend. It allows direct access to Java via its cfscript tags, while simultaneously offering a simple web wrapper. It is vulnerable to a variety of attacks, but mainly LFD and SQLi. ColdFusion scripts are commonly run as an elevated user, such as NT-Authority\SYSTEM (Windows) or root (Linux), making them especially susceptible to web-based attacks. Patching a ColdFusion instance from the LFD->Bypass->RCE exploit can only be done o

30 Pakistan government Sites goes down ! Indian Hacking Group Indishell claiming to hack and Bring down 30 30 Pakistan government websites, Including  Police and Navy Sites also. Hacker attack on webserver located at 50.23.225.39 IP address. List of all Hacked Sites is Here  and Mirror of Deface Pages can be checked Here .

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Android mobile internet tethering become undetectable by carriers When the idea that your smartphone's data connection would be able to be shared by your laptop with no additional charge, everyone seemed to be on board over the past year, carriers have started up extra costs for this and have struck down all attempts by apps to sidestep the process , until now. What one of the most well-known hacker/developers in the world Koushik Dutta, aka Koush, has done is to create a non-market app that allows you to use your smartphone as an internet hotspot, doing so without adding costs to you beyond what that data would cost to you on your smartphone on its own. And it's completely (nearly) undetectable by carriers. " Over the last month, I've been working on a new app. Tether Alpha is a USB[2] tether solution for Mac, Windows, and Linux that allows you to use your phone's data connection to get internet access on your desktop or laptop. " Koushik Dutta said. " I am

Japan developing cyber weapons for Counter Attack Japanese technology firm Fujitsu is developing a ' seek and destroy ' virus which could identify and combat hacking and other cyber threats in a more effective way. The weapon is the culmination of a 179 million yen three-year project entrusted by the government to technology maker Fujitsu Ltd to develop a virus and equipment to monitor and analyse attacks, the daily said. The chief snag for the plan is that Japanese law currently forbids the manufacturing of computer viruses. However, we would suspect that a compromise can be reached in due course, given the project is being carried out in the interest of national security. Japan was a notable victim of hacking in 2011, which proved to be a year in which cyber crimes and threats rose to prominence.  Japan's parliament had its computer system hacked into, while a number of cyber espionage campaigns including one targeting almost 50 US companies were waged on governments and firms a

Fully automated MySQL5 boolean based enumeration tool Blackhatacademy Developers  releases Fully automated MySQL5 boolean based enumeration tool. By default, this script will first determine username, version and database name before enumerating the information_schema information. When the -q flag is applied, a user can supply any query that returns only a single cell If the exploit or vulnerability requires a single quote, simply tack  %27  to the end of the URI. This script contains  error detection : It will only work on a mysql 5.x database, and knows when its queries have syntax errors. This script uses perl's LibWhisker2 for IDS Evasion (The same as Nikto). This script uses the MD5 algorithm for optimization. There are other optimization methods, and this may not work on all sites. GET TOOL SCRIPT HERE .

Zero Day Reflected Cross Site Scripting vulnerability in wordpress 3.3 Two Indian Security Experts : Aditya Modha & Samir Shah from from Net-Square Solutions reveals Zero Day Reflected Cross Site Scripting vulnerability in latest version of wordpress 3.3 ! Vulnerability exploit the comment feature of Wordpress Blog. Following two Steps mentioned in Exploit . Step 1: Post a comment to the target website. Step 2: Replace the value of author tag, email tag, comment tag with the exact value of what has been post in the last comment. Change the value of comment_post_ID to the value of post (which can be known by opening that post and checking the value of p parameter in the url). For example the if the url is https://192.168.1.102/wordpress/?p=6 then the value of comment_post_ID is 6. Get Complete Exploit  Here