#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Twitter, As secondary publisher could be sued for an illegal tweet

Twitter, As secondary publisher could be sued for an illegal tweet

Mar 06, 2012
Twitter, As secondary publisher  could be sued  for an illegal tweet If a Twitter user posts an illegal tweet, they could get sued, but Twitter could be sued itself as a secondary publisher according to  Zack Whittaker . Legal analysis site Out-Law published a very interesting, theoretical piece, which describes how Twitter could fall foul of the law through no apparent fault of its own but by giving its users free reign over what they say. A case of mistaken identity in Australia illustrates the point. Someone wrote a hateful blog about writer and television personality Marieke Hardy. She wrote a blog post accusing Joshua Meggitt of being its author and used her Twitter account to draw attention to her post.Hardy was wrong to finger Meggitt as the author of the original material and she reportedly paid Au$15,000 (£10,000) to settle the case. Will Twitter still be held liable for the libel? One more thing, Those who retweeted are not being pursued. Under the country's defamati
Anonymous : A Declaration of the Independence of CyberSpace

Anonymous : A Declaration of the Independence of CyberSpace

Mar 05, 2012
Anonymous : A Declaration of the Independence of CyberSpace Anonymous declare a Note on Independence of Cyber Space : Governments of the Industrial World, you weary giants of flesh and steel, we come from the Internet, the new home of Mind. On behalf of the future, we ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather. We have no elected government, nor are we likely to have one; therefore we address you with no greater authority than that with which liberty it always speaks. We declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us, nor do you possess any methods of enforcement we have true reason to fear. You are toothless wolves among rams, reminiscing of days when you ruled the hunt, seeking a return of your bygone power. Governments derive their just powers from the consent of the governed. You have neither solicited nor
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Hackers steal Michael Jackson's entire back catalog from Sony

Hackers steal Michael Jackson's entire back catalog from Sony

Mar 05, 2012
Hackers steal Michael Jackson 's entire back catalog from Sony Entertainment giant Sony has confirmed that hackers accessed its systems and compromised Michael Jackson's entire back catalogue, including many unreleased songs. Michael Jackson's entire back catalogue has been stolen by Internet hackers. Sony music suffered its second major security breach in a year, with thieves targeting songs and unreleased material by the superstar singer. It's alleged they downloaded more than 50,000 music files worth $253 million in the biggest ever cyberattack on a music company.The news comes just a year after Sony paid $395 million for the seven-year rights to the songs following Jacko's death. The buy-up came with a stash of unreleased tracks including duets Jacko did with the late Queen singer FreddieMercury and Black Eyed Peas star will.i.am, 36. Sony had been planning to release them on up to 10 albums, which would have netted a fortune. It is thought that the hack occ
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
The Mole v0.3 Released : Automatic SQL Injection Exploitation Tool

The Mole v0.3 Released : Automatic SQL Injection Exploitation Tool

Mar 05, 2012
The Mole v0.3  Released : Automatic SQL Injection Exploitation Tool Nasel has just released the new version of The Mole, an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. This release has introduced new features compared with the previous one, among these you can find that The Mole is now able to exploit injections thourgh cookie parameters. A new promising feature is that now you can exploit injections that return binary data, to achieve this the mole uses uses HEAD requests and analyzes the headers received (the size of the binary to download usually differs when the query was successful or not) and does not need to download the full binary data. In this release there has been a major change in the The Mole's architecture, and now allows to easily insert filters in order to bypass IPS/IDS rules or mod
FOCA PRO 3.1 and MetaShield Protector Released

FOCA PRO 3.1 and MetaShield Protector Released

Mar 05, 2012
FOCA PRO 3.1  and MetaShield Protector Released Forensic FOCA New latest version of FOCA announced today, in this case a Forensic FOCA. This tool is specially created for forensic analyst, allowing them to crawl metadata from files and to create a powerful time-line of metadata. This information lets you to reconstruct what happen in a machine just analyzing what documents were created between two dates, or what files where created by one user in a period of time, or what users where working in one single machine at one single day. The tool allows to export all the data, even with the hash of the files, to XML reports, that can be easily integrated in any other reporting system. License of Forensic FOCA is only 20 € per year, and you can buy it on line or test the trial version. More info at: https://www.informatica64.com/ForensicFOCA/ New FOCA PRO with Plugins FOCA got new version of FOCA PRO with plugin support. Right now FOCA PRO comes with a set of plugins to analyze .SVN/Ent
GitHub hacked with Ruby on Rails public key vulnerability

GitHub hacked with Ruby on Rails public key vulnerability

Mar 05, 2012
GitHub hacked with Ruby on Rails public key vulnerability Github, the service that many professional programmers use to store their work and collaborate on coding, was hacked over the weekend. A young Russian developer Egor Homakov exploited a gaping vulnerability in GitHub that allowed him (or anyone else with basic hacker know-how) to gain administrator access to projects such as Ruby on Rails, Linux, and millions of others. When Github saw what happened, they suspended Homakov's account, which created a firestorm of protest. A blog post entitled, Github, You Have Let Us All Down . Github has succumbed to a public key vulnerability in Ruby on Rails allowing a user administrator access to the popular Rails Git. Homakov's actions were relatively simple - he merely uploaded his public key to the repository so Git thought he was an approved administrator of that project. This would not only entitle Homakov to commit files but he could effectively wipe the entire project and its
Twitter releases data to Law Enforcements for criminal inquiry

Twitter releases data to Law Enforcements for criminal inquiry

Mar 05, 2012
Twitter releases data to Law Enforcements   for criminal inquiry Twitter handed over subscriber information yesterday for one Twitter account indirectly tied to the Occupy Boston protest, ending a court battle fought behind closed doors as Boston law enforcement investigated hacking attacks on the Police Department and a police union. as reported by Boston . According to Twitter spokesman Matt Graves, the company provided the subscriber information for @pOisAnON, an account that is associated with the name of Guido Fawkes. "We provided information on a single user,'' Graves said in a telephone interview yesterday. Twitter ignored the Suffolk D.A.'s request for secrecy, and forwarded the subpoena to @pOiSAnOn in accordance to Twitter's Guidelines for Law Enforcement . A spokesman for the Suffolk County D.A. told The Boston Herald it was satisfied with the information received this week." We are not interested in the information of a large number of people who have used t
GCC 4.6.3 Released with 70 bug-fixes

GCC 4.6.3 Released with 70 bug-fixes

Mar 05, 2012
GCC 4.6.3 Released with 70 bug-fixes The GNU Compiler Collection version 4.6.3 has been released. Jakub Jelinek of Red Hat announced the release this morning of GCC 4.6.3. Over GCC 4.6.2 there's over 70 bug-fixes and other work. However, all of the exciting work meanwhile is going into what will become GCC 4.7. The GNU Compiler Collection (GCC) is a compiler system produced by the GNU Project supporting various programming languages. GCC is a key component of the GNU toolchain. As well as being the official compiler of the unfinished GNU operating system, GCC has been adopted as the standard compiler by most other modern Unix-like computer operating systems, including Linux, the BSD family and Mac OS X. GCC 4.7 will offer some performance improvements, new CPU support, language enhancements, mature Intel Sandy/Ivy Bridge support, and initial Intel Haswell support. GCC 4.7 should be officially released in March or April. Read More here
BackTrack 5 R2 Released, New Kernel, New Tools

BackTrack 5 R2 Released, New Kernel, New Tools

Mar 01, 2012
BackTrack 5 R2 Released, New Kernel, New Tools Hacker are your Ready ? Backtrack 5 R2 finally released with bug fixes, upgrades, and the addition of 42 new tools. With the best custom-built 3.2.6 kernel, the best wireless support available at maximum speed. This release have included Metasploit 4.2.0 Community Edition, version 3.0 of the Social Engineer Toolkit, BeEF 0.4.3.2, and many other tool upgrades. Backtrack also added the following new tools to R2: arduino bluelog bt-audit dirb dnschef dpscan easy-creds extundelete findmyhash golismero goofile hashcat-gui hash-identifier hexorbase horst hotpatch joomscan killerbee libhijack magictree nipper-ng patator pipal pyrit reaver rebind rec-studio redfang se-toolkit sqlsus sslyze sucrack thc-ssl-dos tlssled uniscan vega watobo wcex wol-e xspy Along with this, Backtrack added Wiki about Building a Pyrit Cluster, Creating a John the Ripper Cluster, Enabling PAE in BT5 R2 and Installing VMware P
#THN Monthly ( February ) News Archive, If you miss Something !

#THN Monthly ( February ) News Archive, If you miss Something !

Mar 01, 2012
#THN Monthly ( February ) News Archive,If you miss Something ! # Censorship - Global Concern, THN Magazine March Edition :  https://goo.gl/bktRz # Forget terrorists attacks here are 2012's Most Vulnerable Cities At Risk for Cyber Crime (Idiots) : https://goo.gl/4VYGf # Slum Dog India demands Real time monitoring on Indian Gmail & Yahoo Emails. Do they really have nothing better to do?   https://goo.gl/iYO5H # Iran will probably drop nuclear development cause they think they need to Develop their own security Software, No more foreign Solution, they might suggest banning the Burka too! : https://goo.gl/QVheH # Three Greek Anonymous hackers arrested for defacing Government Sites. They couldn't make the street protest! : https://goo.gl/EyMux # Facebook Hacking - Student jailed for eight months. They ought to jail Facebook for having such a stupid site : https://goo.gl/PwkHt # FAQ : DNSChanger Trojan, Impact and Solutions :   https://goo.gl/IE2Qh # How Hackers can Tr
Siemens and Canon's Databases exploited by Team INTRA

Siemens and Canon's Databases exploited by Team INTRA

Mar 01, 2012
Siemens and Canon 's Databases exploited by Team INTRA Recently a hacker known as " JoinSe7en " from Team INTRA claims to have hacked into subdomains of Canon and Siemens. Apparently, the hacker has found and exploited a Blind SQL Injection vulnerability in Canon's website and a Error based SQL Injection in Siemens. He published a full disclosure on both of the databases on pastebin: Siemens : https://pastebin.com/HBL966wh Canon : https://pastebin.com/fbL0s9aS These pastebin notes include the vulnerable links of respective sites and extracted database info with usernames and passwords of Siemens Users & Canon forum, sites user credentials.
Censorship - Global Concern : THN Magazine March Edition

Censorship - Global Concern : THN Magazine March Edition

Mar 01, 2012
Censorship - Global Concern : THN Magazine March Edition It is March Madness at The Hacker News as we release the latest edition of our magazine which gives internet security a thorough look and and a fascinating read. Pierluigi Paganini gives a great interview on the woes of internet security and Mourad Ben Lakhousa provides you with a comprehensive guide on what tools are available to keep your web activity private. Check out Lee Ives opinion piece on the plethora of DDOS attacks and stand firm with our Editor, Patti Galle as we tell the world we won't stand for internet piracy. Laugh with us as we take a hilarious look at recent internet security news and we promise you won't be disappointed in all the articles touching on matters important to us all. Enjoy! RAR Format  |  PDF Format
Cybersecurity Resources