The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

DPScan : Drupal Security Scanner Released The First Security scanner for Drupal CMS has been released by Ali Elouafiq , on his Blog . His team develop a tool that will enumerate at least the modules used by Drupal so we can simulate a White Box audit on our private machines. This small tool is public and accessible to you for use however you please. It may help other auditors or penetration testers do their job faster, Here is a little demonstration. After downloading the script (in python), you simply type: > python DPScan.py [website url] You can download Drupal Security Scanner here .

FBI will shutdown the Internet on March 8 The Internet could go dark for millions of users as early as March 8 because of a virus that has corrupted computers in more than 100 countries. Last year, authorities in Estonia apprehended six men believed responsible for creating a malicious computer script called the DNSChanger Trojan. Once set loose on the Web, the worm corrupted computers in upwards of 100 countries, including an estimated 500,000 in America alone. Must Read :  FAQ : DNSChanger Trojan, Impact and Solutions The primary impact of this infection is that it caused web surfers to be sent to fraudulent websites by changing what is called the DNS settings on compromised computers.The Domain Name System (DNS) is the backbone of the Internet's address scheme and DNS servers are special computers around the world that act as Internet traffic cops providing directions to websites that you wish to visit. Though the FBI has shut down the DNSChanger network and put up surrog

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

Teyana Taylor 's Twitter Hacked, Nude image Leaked R&B singer  Teyana Taylor was the latest victim of an Internet scandal when a nude photo of her hacked and spread around the Internet. The topless photo and other pictures claiming to be of the " Google Me " singer reportedly appeared online by way of her Yfrog account. The embarrassing nude photo that is trending on Twitter shows someone who has similar features like Taylor, showing off her breasts and is seen wearing nothing but her underwear and a pair of socks. The person's face in the picture is not shown and it hasn't been confirmed that it is in fact the rapper. But Twitter users believe that it us the rapper and has said that Taylor's phone was either stolen or she has uploaded the photo of herself. Read her open letter below: Look I'm human, & just like every girl in this world, I admire my body so i take pics just like EVERY other human being. However my phone that was stolen Wit

Anonymous Hackers Develop WebLOIC DDOS Tool for Android Mobiles These Days Anonymous Hacker Group using a new tool WebLOIC . This tool is even easier to use than LOIC DDOS tool, requiring no download, it sends requests using Javascript in the user's browser. Just like LOIC, it is a quick path to prison, sending thousands of requests from your IP address to the target, accompanied by a slogan. Recently Hackers Release and New Interface of WebLOIC, ie. for Android Mobile in the form of an Application named " LOIC para Android by Alfred ". They Spread this tool via Anonymous social network accounts to execute the new attack in Various Anonymous operations against Argentinian government - such as #opargentina #iberoamerica. When Attacker will click " Fire ", a JavaScript will sends 1,000 HTTP requests with the message " We are LEGION! " that perform DoS attacks of Given Target URL. This Application is Available to Download here .

The Syrian spyware to target the opposition activists CNN News reported about malicious programs used to target the Syrian opposition, Its a computer viruses that spy on them and according to report a Syrian opposition group and a former international aid worker whose computer was infected. They steal the identities of opposition activists, then impersonate them in online chats, then they gain the trust of other users, pass out Trojan horse viruses and encourage people to open them. Security Researcher in the Malware Detection Team (MDT) at Norman analyse the packages and found that there are two malicious programs, one which displays message about downloading a free security program, and one which showed no action when executed. He said that Most of the ones we've seen come as selfextracting RAR executables that extract a malicious program. The malicious programs have been Visual Basic executables that primarily are downloaders and keyloggers  they download an encrypted update

How Hackers can Track your Mobile phone with a cheap setup ? Cellular phones have become a ubiquitous means of communications with over 5 billion users worldwide in2010, of which 80% are GSM subscribers. Due to theiruse of the wireless medium and their mobile nature, thosephones listen to broadcast communications that could reveal their physical location to a passive adversary. University of Minnesota researchers found a flaw in AT&T and T-Mobile cell towers that reveals the location of phone users. The attack, described in a Research paper (Click to Download Pdf) , is most useful for determining whether a target is within a given geographic area as large as about 100 square kms or as small as one square kilometer. It can also be used to pinpoint a target's location but only when the attacker already knows the city, or part of a city, the person is in. Ph.D. student Denis Foo Kune says, " Cell phone towers have to track cell phone subscribers to provide service efficiently

Tenable Release Nessus 5.0 vulnerability scanner Tenable Network Security announced Nessus 5.0 vulnerability and configuration assessment solution for enterprises and security professionals. Nessus version 5.0 introduces key features and improvements, separated into the four major phases of the vulnerability scanning process: Installation and management (for enhanced usability) - Nessus 5.0 simplifies the installation and configuration for non-technical users. Configuration and management: Nessus v5.0 configuration and management is now done 100% through the GUI Scan policy creation and design (for improved effectiveness) - Users now enjoy improved effectiveness when creating scan policies. Over two dozen new pre-built plugin filters make it easy for security and compliance professionals to simplify policy creation for laser-focused scans on the areas that matter most. Users can quickly select multiple filter criteria, such as, Vulnerability Publication Date, public vulnerabilit

Anonymous deface National Consumer sites & Federal Trade Commission sites  against #ACTA Today, Anonymous Hackers deface multiple National Consumer websites over ACTA, the protests and hactivism continues against ACTA - 'The Anti-Counterfeiting Trade Agreement' is a proposed plurilateral agreement for the purpose of establishing international standards on intellectual property rights enforcement. Hackers Deface following sites : business.ftc.gov consumer.gov ncpw.gov ftcstaging.mt.fhdbeta.com ncpw.gov consumer.ftc.gov ftcdev.mt.fhdbeta.com Mirror of Defacements : https://zone-h.org/mirror/id/16983974 Mysql Username, Emails and Passwords of all usres leaked by Hackers on Deface page as shown. Hackers also post a video on The Top of page to show there view about ACTA. Last Month, Prime Minister Donald Tusk's web site was still offline, following attacks by hackers protesting against Poland signing the Anti-Counterfeiting Trade Agreement (ACTA), designed to combat

Armitage Update : Graphical cyber attack management tool for Metasploit Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don't use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you. Armitage Changelog 14/Feb/12 - Added ports 5631 (pc anywhere) and 902 (vmauthd) to the MSF Scans feature. - Several cosmetic tweaks to the spacing in Armitage tables. - Moved table render code from Sleep to Java to avoid potential lock conflicts - Added support for vba-exe payload output type. - Payload generation dialog now sets more appropriate default options for the vba output type when it is selected. - Meterp command shell "read more stuff?" heuristic now accounts for Yes/No/All - Fixed ExitOnSession

Internet users in dozens of countries around the world where governments tend to look askance at freedom and civil liberties have come to rely on the Tor network for dependable, anonymous access to the Web. But those governments and some popular websites have caught on to the game and begun to make it more difficult for users to connect to the Tor network. If you live in an area with little or no Internet censorship, you may want to run a Tor relay or a Tor bridge relay to help other Tor users access an uncensored Internet.The Tor network relies on volunteers to donate bandwidth. The more people run relays, the faster and more secure the Tor network will be. To help people using Tor bypass Internet censorship, set up a bridge relay rather than an ordinary relay. Now, new version of the software include a feature that enables users to connect to one of several " bridges ," or Tor relays whose IP addresses aren't listed in the Tor directory. Bridges to Tor is a step forwa