The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Sony Pictures Facebook Page & Website Hacked again ! The hacking group Anonymous has confirmed that they have once again hacked Sony Pictures, gaining access to their Facebook account and website. Anonymous did threaten Sony for supporting the controversial SOPA bill and now it seems that the threats materialized. The hack hit the Sony Pictures Facebook page and its web site homepage, according to reports and tweets from those involved. Comments were left on the web pages, but have since been removed. The attacks carry the name Op Sony and were noted through the @s3rver_exe Twitter account. " #OpSony SonyPictures Hacked! by s3rver.exe , Anonnerd and N3m3515 ," says a tweet from that user, who continued, " I uploaded a @YouTube video (link removed) Sony Pictures Hacked By Anonymous. " " Your support of the act is a signed death warrant to Sony Company and Associates. Therefore, yet again, we have decided to destroy your network. We will dismantle your phanto

From the In-Security Land to Security in the Cloud " This article aims to share with you some thoughts and concepts associated with Cloud Computing and the risks involved for those who want to venture into the benefits it offers " --  Mariano M. Río " From the In-Security Land to Security in the Cloud " will try to reflect how true it is that the cloud is dangerous or more dangerous than "land" and in turn how much of what is required to the cloud is rarely seen implemented on the ground. When companies begin their assessment to go to the cloud, the first comments are generally related to the "dangers" associated with privacy and confidentiality of information, the availability of services and other issues that represent the cloud as an undesirable place to visit. This turns out to be real, but as real as could be the situation of exposure of the information in an organization that does not have security program information or at least care with

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

BackBox Linux 2.01 released The BackBox team is proud to announce the release 2.01 of BackBox Linux.The new release include features such as Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8.0. The ISO images (32bit & 64bit) can be downloaded from the following location: https://www.backbox.org/downloads What's new System upgrade Performance boost New look Improved start menu Bug corrections New sections such as Forensic Analysis, Documentation & Reporting and Reverse Engineering New Hacking tools and updated tools such as dradis 2.8, ettercap 0.7.4.2, john 1.7.8, metasploit 4.2, nmap 5.51, set 2.5.2, sleuthkit 3.2.1, w3af 1.0, weevely 0.5, wireshark 1.6.3, etc. System requirements 32-bit or 64-bit processor 256 MB of system memory (RAM) 4.4 GB of disk space for installation Graphics card capable of 800×600 resolution DVD-ROM drive or USB port

I'm a firm believer in multitasking. I tend to work on several things simultaneously; the more monitors I have connected the more things I can do in parallel, and I can bounce back and forth between tasks, given that no one interrupts me. When I find an application that can do more than one thing for me, I become very interested, and when it can do three things well, I have myself a winner! GFI LanGuard is just that; a winner, that multitasks for me by providing patch management, network security, and vulnerability scanning into a unified application which makes my network maintenance tasks quick and easy. The latest version was released just a few weeks ago so I decided to take the app out for a spin, really kick the tires, and see what it has to offer. I'll rate each area on a ten point scale, where high scores are better. Here's how my test drive went. 0-60 in an instant The 124MB download came down in an instant, and my trial key was in my inbox before the download was

#Enter_at_your_own_Risk Cyber Awareness Magazine Issue January edition Released As we promised last month, The Hacker News along with Security-FAQs, SecManiac, Korben, Security-Shell, SecTechno have come together to bring you an outstanding array of internet security and hacking information. You can   Download Here  Special Magazine January 2012 Edition. Previous Editions  available Here . Sit back, read and enjoy : Lee Ives from London, England talk about internet security for your children and what to watch out for and how to protect them and yourself. Security Expert, Pierluigi Paganini takes us on a visit to China and makes us wonder just how influential China's hacking is on world internet security. Read and decide for yourself. Get political emotions warmed up reading " Anatomy of a Revolution " by our own editorial staff.  Mourad Ben Lakhoua takes us on a scary journey of what new Malwares are lurking about and what to expect in the future. Avram Marius Gabriel , who

9 Top Patch Management Practices for Businesses Security I've spent most of the past decade in information security, with a pretty big focus on incident response. It never ceases to amaze me how many security incidents (pronounced hacks) customers suffer as a result of unpatched systems. Patch management is not an art form; it's an underappreciated and often ignored part of what should be daily care and feeding of your infrastructure. Here are the nine best patch management practices I've learned over the years: 1. Automate your patching If your patch management strategy depends upon manual effort, you're doing it wrong. Only the smallest businesses can handle patching by hand. You need a system that can deploy patches to all your systems; workstations and servers. 2. In-depth reporting Automating doesn't mean ignoring. You should be able to see the state of your patch management at any point in time and know exactly which systems are in need of attention. 3. Tes

Nmap 5.61TEST4 released with Web Spidering Feature ! Nmap release today an interesting version nmap 5.61TEST4 with number of interesting features. Also, to improve the user experience, the Windows installer nowinstalls various browser toolbars, search engine redirectors, andassociated adware. a spidering library and associated scripts for crawling websites. 51 new NSE scripts, bringing the total to 297. a substantial decrease in the size of the Mac OS X installer due to the removal of PPC support. a new vulnerability management library which stores and reports found vulnerabilities. Mac OS X packages are now x86-only (rather than universal), reducing the download size from 30 MB to about 17. Change Log can be found here  and Download Here  .

400000 Israeli Credit Cards & Information Leaked by Saudi Arabia Hackers Hacker named " 0xOmar " from group-xp, largest Wahhabi hacker group of Saudi Arabia claim to Hack lot of Israeli servers, lot of information about Israeli people including their name, address, city, zipcode, Social Security Numbers (Israeli IDnumbers), mobile phone number, home phone number, credit card number (including exp year, month and CVV). According to announcements from the credit card companies, 6,600 of the stolen cards belong to Isracard Ltd., 4,000 to Leumi Card Ltd., and 3,000 to Israel Credit Cards-Cal Ltd. (ICC-Cal) (Visa). Hacker says " We daily use these cards to solve our problems, purchasing VPNs, VPSes, softwares, renting GPU clusters, renting cloud servers and much more! ". They Claim themselves as part of Anonymous hacking Group from Saudi Arabian. " my goal is reacing 1 million non-duplicate people, which is 1/6 of Israel's population. " He said. Qu

ColdFusion Zero day vulnerability : Remote File Disclosure of Password Hashes Yesterday  Blackhatacademy Released Fully automated MySQL5 boolean based enumeration tool . Today Another post expose the most critical ColdFusion vulnerability affects about a tenth of all ColdFusion servers at the present. It chains together multiple exploits, and it provides a 30 second window into the Administrator panel. The ColdFusion Administrator panel can then be used to write out a shell. ColdFusion Markup Language is an interpreted language utilizing a Java backend. It allows direct access to Java via its cfscript tags, while simultaneously offering a simple web wrapper. It is vulnerable to a variety of attacks, but mainly LFD and SQLi. ColdFusion scripts are commonly run as an elevated user, such as NT-Authority\SYSTEM (Windows) or root (Linux), making them especially susceptible to web-based attacks. Patching a ColdFusion instance from the LFD->Bypass->RCE exploit can only be done o

30 Pakistan government Sites goes down ! Indian Hacking Group Indishell claiming to hack and Bring down 30 30 Pakistan government websites, Including  Police and Navy Sites also. Hacker attack on webserver located at 50.23.225.39 IP address. List of all Hacked Sites is Here  and Mirror of Deface Pages can be checked Here .