The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Apache 2.4 Comes Out, Major update after 6 years The Apache Software Foundation officially released the Apache 2.4 today as the first major update to this leading open-source web-server in more than a half-decade. Apache 2.4 is slated to deliver superior performance to its 2.2 predecessor and better compete with the growingly-popular NGINX web-server. It is the first major release of Apache in six years, coincides with the software's 17th anniversary. Besides much faster performance, among the many enhancements to the Apache 2.4 HTTP Server is better a-synchronous support in its core, run-time loadable MPMs, reduced memory usage compared to Apache 2.2.x, several new modules, enhancements to existing modules, and much more. " This release delivers a host of evolutionary enhancements throughout the server that our users, administrators, and developers will welcome ," Apache server vice president Eric Covener wrote in a statement. " We've added many new modules

Hackers to release 0-days in comics Hackers frequently disclose vulnerabilities in various products, but taking it to a whole new level, now hackers and malware coders are planning to release actual 0-days through their own comic books. The Malware conference, Malcon announced it on their groups yesterday. In the making from last three months, the comic is planned for release with objective of simplifying and helping coders understand the art behind malcoding for offensive defense and security. It is learned that there will be two formats for the comic - a web and a printed version. The printed version will be specifically for the Indian Government officials, Intelligence agencies and Law enforcement groups, who are regular attendees at the conference. This is also seen as a remarkable and significant point in the history and evolution of hackers and also points at things to come in wake of real threats with respect to cyber warfare capabilities of India in future. On condition of

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

India demands Real time monitoring on Indian Gmail & Yahoo Emails Looks like the Government Of India is really after the digital communication in India. Internet content providers Yahoo, Gmail and others would be asked to route all emails accesed in India through the country even if the mail account is registered outside the country. In a written statement filed in a civil court here, Yahoo India has dubbed a suit filed against it and several other websites alleging that they hosted objectionable content as " motivated " and an " abuse of the process of law ." The Government Of India wants that all the email accessed by Indians should route through servers physically located in India even if the email account was created outside India. Government is ensuring that the security agencies will have direct, real-time access to the digital communication among Indians. The need for this was felt after security agencies failed to access accounts of suspected terrorists of Indian Mujahid

Call for Paper - DEF CON Rajasthan March 2012 Meet DEF CON Rajasthan - March 2012 Jaipur Meet, Call For Papers is now officially Open and will close on March 10, 2012. DEF CON Rajasthan (DC91141) is a DEF CON Registered group of people interested in exploring technology and it implications in security. It mostly consists of information assurance professionals and enthusiasts. The main purpose of this group is to organize technical talks and hands on experience on topics of interest. While seasoned speakers will be invited to present for the initial several presentations. Our intention is to have local people with less experience present as well. This will allow younger professionals and researchers to get used to preparing a technical presentation and sharing it with an audience. We are inviting unique and fresh research papers for DEF CON Rajasthan - March 2012 Jaipur Meet. Call of Paper :-  Paper shold be.. -> Paper should be of current subject and not more than 1 year ol

Confusing Attackers with Artillery By Dave Kennedy (ReL1K) Dave Kennedy (ReL1K) , A security ninja & penetration tester develop Another amazing tool for Linux Protection, Named " Artillery ". This Article is written by Dave for our January Issue of The Hacker News Magazine , We like to share with our website Readers also: I've traditionally been on the offensive side of security through my career. With tools that I've developed like Fast-Track and The Social-Engineer Toolkit (SET), it's primarily focused on the attack front. Awhile back I had an idea of creating a more defensive tool around both Windows and *nix systems and keep things open-source as usual. I started Artillery about three months ago with the intent of developing an open-source project that does a bit of everything. The name " Artillery " spawns from one of my favorite techno bands Infected Mushroom and enhances the overall security of whatever touches it. Artillery supports both Linux and Windows and

Resellerclub and Directi Registrars Hacked Various Domains and Sudomains of two largest Reseller focused Registrars in the world got hacked by GrayHatz turkish Group of hackers. ResellerClub is one of the largest private label Web Solutions Providers globally. ResellerCLub's products represent an ongoing R&D effort of over 8 years and powers millions of websites. Hacked Domains and Mirrors : resellerclub.com https://www.zone-h.org/mirror/id/17046730 tr.resellerclub.com https://www.zone-h.org/mirror/id/17046737 br.resellerclub.com https://www.zone-h.org/mirror/id/17046731 china.resellerclub.com https://www.zone-h.org/mirror/id/17046732 de.resellerclub.com https://www.zone-h.org/mirror/id/17046733 es.resellerclub.com https://www.zone-h.org/mirror/id/17046734 india.resellerclub.com https://www.zone-h.org/mirror/id/17046735 russia.resellerclub.com https://www.zone-h.org/mirror/id/17046736 uk.resellerclub.com https://www.zone-h.org/mirror/id/17046738 careers

Iran will Develop their own security Software , No more foreign Solution According to latest report, Iran's Information and Communications Technology Minister announce that - Iran has prohibited import of foreign computer security software. Because International sanctions stopped Iran from obtaining anti-virus software. So, Iran stressed that no foreign software for computer security will be imported into the country, adding that Iran will rely on its own software, made by local developers. The Bonian Daneshpajouhan Institute has about 25 smaller firms that develop domestic security software of various nature, and country will rely on it.  A senior Iranian intelligence official has claimed that an estimated 16,000 computers were infected by the Stuxnet virus, which targeted the country's nuclear facilities and other industrial sites in 2010. The ban is intended to push Iran into the production of its own malware defense instruments. Whether the Stuxnet virus affected only

Three Greek Anonymous hackers arrested for defacing Government Sites According to a press release by the Greek police,They has arrested an eighteen-year-old and identified two other teenagers it accuses of having defaced the Greek Ministry of Justice website. The attack happened at the start of February, Aged 16, 17 and 18, the three targeted schoolboys are suspected of taking part in this group under the nicknames ' delirium ', ' nikpa ' and ' extasy '. The Greek Cybercrime division has found electronic traces that supposedly lead to the subjects and claim that they've attacked many sites in the past. Besides the arrests, the unit also seized 12 HDD and 3 notebooks. A police statement says the three claim to be part of the international " Anonymous " activist collective, which has attacked computers in several countries. Hackers posted a video and messages on the Justice Ministry website on February 3, protesting the Greek government's signing of a global copyright treaty and it

Facebook Hacking - Student jailed for eight months 26-year-old Glenn Steven Mangham, a student in the UK, has been sentenced to eight months in prison for hacking into Facebook from his bedroom at his parents house. Facebook spent $200,000 (£126,400) dealing with Mangham's crime, which triggered a "concerted, time-consuming and costly investigation. Glenn Mangham, 26, admitted to infiltrating the website between April and May of last year. Apparently no user details were taken, as he went straight for "invaluable" intellectual property instead. Facebook alerted the authorities last May after they discovered the breach. The FBI took care of the rest, tracing it all back to the UK address. He found his way in by hacking into the account of a Facebook employee. Facebook operates a bug bounty program in which it pays ethical hackers up to $US 500 for quietly disclosing vulnerabilities. According to reports of Mangham's court appearances, the software development student cl

FAQ : DNSChanger Trojan, Impact and Solutions Two days before we (THN) Reported that FBI will shutdown Internet on 8th March , Title seems to be more Attention seeking , Why ? Well ! Our job is to aware you about the Internet Security. If we are looking for some extra attention from our Readers then its part of our small effort to make Internet more secure space for all. Today we are going to Explain all about DNSChanger Trojan, its Impact on Internet users and the biggest challenge for FBI to resolve it, and How a non technical user can check and Restore its computer, Hope you will share this article with your Friends, Followers and On your Site to aware them about this Serial Internet Killer . What is DNS (Domain Name System) ? is an Internet service that converts user-friendly domain names into the numerical Internet protocol (IP) addresses that computers use to talk to each other. When you enter a domain name, such as www.thehackernews.com , in your web browser address bar,

DPScan : Drupal Security Scanner Released The First Security scanner for Drupal CMS has been released by Ali Elouafiq , on his Blog . His team develop a tool that will enumerate at least the modules used by Drupal so we can simulate a White Box audit on our private machines. This small tool is public and accessible to you for use however you please. It may help other auditors or penetration testers do their job faster, Here is a little demonstration. After downloading the script (in python), you simply type: > python DPScan.py [website url] You can download Drupal Security Scanner here .

FBI will shutdown the Internet on March 8 The Internet could go dark for millions of users as early as March 8 because of a virus that has corrupted computers in more than 100 countries. Last year, authorities in Estonia apprehended six men believed responsible for creating a malicious computer script called the DNSChanger Trojan. Once set loose on the Web, the worm corrupted computers in upwards of 100 countries, including an estimated 500,000 in America alone. Must Read :  FAQ : DNSChanger Trojan, Impact and Solutions The primary impact of this infection is that it caused web surfers to be sent to fraudulent websites by changing what is called the DNS settings on compromised computers.The Domain Name System (DNS) is the backbone of the Internet's address scheme and DNS servers are special computers around the world that act as Internet traffic cops providing directions to websites that you wish to visit. Though the FBI has shut down the DNSChanger network and put up surrog

Teyana Taylor 's Twitter Hacked, Nude image Leaked R&B singer  Teyana Taylor was the latest victim of an Internet scandal when a nude photo of her hacked and spread around the Internet. The topless photo and other pictures claiming to be of the " Google Me " singer reportedly appeared online by way of her Yfrog account. The embarrassing nude photo that is trending on Twitter shows someone who has similar features like Taylor, showing off her breasts and is seen wearing nothing but her underwear and a pair of socks. The person's face in the picture is not shown and it hasn't been confirmed that it is in fact the rapper. But Twitter users believe that it us the rapper and has said that Taylor's phone was either stolen or she has uploaded the photo of herself. Read her open letter below: Look I'm human, & just like every girl in this world, I admire my body so i take pics just like EVERY other human being. However my phone that was stolen Wit

Anonymous Hackers Develop WebLOIC DDOS Tool for Android Mobiles These Days Anonymous Hacker Group using a new tool WebLOIC . This tool is even easier to use than LOIC DDOS tool, requiring no download, it sends requests using Javascript in the user's browser. Just like LOIC, it is a quick path to prison, sending thousands of requests from your IP address to the target, accompanied by a slogan. Recently Hackers Release and New Interface of WebLOIC, ie. for Android Mobile in the form of an Application named " LOIC para Android by Alfred ". They Spread this tool via Anonymous social network accounts to execute the new attack in Various Anonymous operations against Argentinian government - such as #opargentina #iberoamerica. When Attacker will click " Fire ", a JavaScript will sends 1,000 HTTP requests with the message " We are LEGION! " that perform DoS attacks of Given Target URL. This Application is Available to Download here .

The Syrian spyware to target the opposition activists CNN News reported about malicious programs used to target the Syrian opposition, Its a computer viruses that spy on them and according to report a Syrian opposition group and a former international aid worker whose computer was infected. They steal the identities of opposition activists, then impersonate them in online chats, then they gain the trust of other users, pass out Trojan horse viruses and encourage people to open them. Security Researcher in the Malware Detection Team (MDT) at Norman analyse the packages and found that there are two malicious programs, one which displays message about downloading a free security program, and one which showed no action when executed. He said that Most of the ones we've seen come as selfextracting RAR executables that extract a malicious program. The malicious programs have been Visual Basic executables that primarily are downloaders and keyloggers  they download an encrypted update

How Hackers can Track your Mobile phone with a cheap setup ? Cellular phones have become a ubiquitous means of communications with over 5 billion users worldwide in2010, of which 80% are GSM subscribers. Due to theiruse of the wireless medium and their mobile nature, thosephones listen to broadcast communications that could reveal their physical location to a passive adversary. University of Minnesota researchers found a flaw in AT&T and T-Mobile cell towers that reveals the location of phone users. The attack, described in a Research paper (Click to Download Pdf) , is most useful for determining whether a target is within a given geographic area as large as about 100 square kms or as small as one square kilometer. It can also be used to pinpoint a target's location but only when the attacker already knows the city, or part of a city, the person is in. Ph.D. student Denis Foo Kune says, " Cell phone towers have to track cell phone subscribers to provide service efficiently

Tenable Release Nessus 5.0 vulnerability scanner Tenable Network Security announced Nessus 5.0 vulnerability and configuration assessment solution for enterprises and security professionals. Nessus version 5.0 introduces key features and improvements, separated into the four major phases of the vulnerability scanning process: Installation and management (for enhanced usability) - Nessus 5.0 simplifies the installation and configuration for non-technical users. Configuration and management: Nessus v5.0 configuration and management is now done 100% through the GUI Scan policy creation and design (for improved effectiveness) - Users now enjoy improved effectiveness when creating scan policies. Over two dozen new pre-built plugin filters make it easy for security and compliance professionals to simplify policy creation for laser-focused scans on the areas that matter most. Users can quickly select multiple filter criteria, such as, Vulnerability Publication Date, public vulnerabilit

Anonymous deface National Consumer sites & Federal Trade Commission sites  against #ACTA Today, Anonymous Hackers deface multiple National Consumer websites over ACTA, the protests and hactivism continues against ACTA - 'The Anti-Counterfeiting Trade Agreement' is a proposed plurilateral agreement for the purpose of establishing international standards on intellectual property rights enforcement. Hackers Deface following sites : business.ftc.gov consumer.gov ncpw.gov ftcstaging.mt.fhdbeta.com ncpw.gov consumer.ftc.gov ftcdev.mt.fhdbeta.com Mirror of Defacements : https://zone-h.org/mirror/id/16983974 Mysql Username, Emails and Passwords of all usres leaked by Hackers on Deface page as shown. Hackers also post a video on The Top of page to show there view about ACTA. Last Month, Prime Minister Donald Tusk's web site was still offline, following attacks by hackers protesting against Poland signing the Anti-Counterfeiting Trade Agreement (ACTA), designed to combat

Armitage Update : Graphical cyber attack management tool for Metasploit Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don't use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you. Armitage Changelog 14/Feb/12 - Added ports 5631 (pc anywhere) and 902 (vmauthd) to the MSF Scans feature. - Several cosmetic tweaks to the spacing in Armitage tables. - Moved table render code from Sleep to Java to avoid potential lock conflicts - Added support for vba-exe payload output type. - Payload generation dialog now sets more appropriate default options for the vba output type when it is selected. - Meterp command shell "read more stuff?" heuristic now accounts for Yes/No/All - Fixed ExitOnSession

Internet users in dozens of countries around the world where governments tend to look askance at freedom and civil liberties have come to rely on the Tor network for dependable, anonymous access to the Web. But those governments and some popular websites have caught on to the game and begun to make it more difficult for users to connect to the Tor network. If you live in an area with little or no Internet censorship, you may want to run a Tor relay or a Tor bridge relay to help other Tor users access an uncensored Internet.The Tor network relies on volunteers to donate bandwidth. The more people run relays, the faster and more secure the Tor network will be. To help people using Tor bypass Internet censorship, set up a bridge relay rather than an ordinary relay. Now, new version of the software include a feature that enables users to connect to one of several " bridges ," or Tor relays whose IP addresses aren't listed in the Tor directory. Bridges to Tor is a step forwa