The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

The Mole v0.3  Released : Automatic SQL Injection Exploitation Tool Nasel has just released the new version of The Mole, an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. This release has introduced new features compared with the previous one, among these you can find that The Mole is now able to exploit injections thourgh cookie parameters. A new promising feature is that now you can exploit injections that return binary data, to achieve this the mole uses uses HEAD requests and analyzes the headers received (the size of the binary to download usually differs when the query was successful or not) and does not need to download the full binary data. In this release there has been a major change in the The Mole's architecture, and now allows to easily insert filters in order to bypass IPS/IDS rules or mod

FOCA PRO 3.1  and MetaShield Protector Released Forensic FOCA New latest version of FOCA announced today, in this case a Forensic FOCA. This tool is specially created for forensic analyst, allowing them to crawl metadata from files and to create a powerful time-line of metadata. This information lets you to reconstruct what happen in a machine just analyzing what documents were created between two dates, or what files where created by one user in a period of time, or what users where working in one single machine at one single day. The tool allows to export all the data, even with the hash of the files, to XML reports, that can be easily integrated in any other reporting system. License of Forensic FOCA is only 20 € per year, and you can buy it on line or test the trial version. More info at: https://www.informatica64.com/ForensicFOCA/ New FOCA PRO with Plugins FOCA got new version of FOCA PRO with plugin support. Right now FOCA PRO comes with a set of plugins to analyze .SVN/Ent

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

GitHub hacked with Ruby on Rails public key vulnerability Github, the service that many professional programmers use to store their work and collaborate on coding, was hacked over the weekend. A young Russian developer Egor Homakov exploited a gaping vulnerability in GitHub that allowed him (or anyone else with basic hacker know-how) to gain administrator access to projects such as Ruby on Rails, Linux, and millions of others. When Github saw what happened, they suspended Homakov's account, which created a firestorm of protest. A blog post entitled, Github, You Have Let Us All Down . Github has succumbed to a public key vulnerability in Ruby on Rails allowing a user administrator access to the popular Rails Git. Homakov's actions were relatively simple - he merely uploaded his public key to the repository so Git thought he was an approved administrator of that project. This would not only entitle Homakov to commit files but he could effectively wipe the entire project and its

Twitter releases data to Law Enforcements   for criminal inquiry Twitter handed over subscriber information yesterday for one Twitter account indirectly tied to the Occupy Boston protest, ending a court battle fought behind closed doors as Boston law enforcement investigated hacking attacks on the Police Department and a police union. as reported by Boston . According to Twitter spokesman Matt Graves, the company provided the subscriber information for @pOisAnON, an account that is associated with the name of Guido Fawkes. "We provided information on a single user,'' Graves said in a telephone interview yesterday. Twitter ignored the Suffolk D.A.'s request for secrecy, and forwarded the subpoena to @pOiSAnOn in accordance to Twitter's Guidelines for Law Enforcement . A spokesman for the Suffolk County D.A. told The Boston Herald it was satisfied with the information received this week." We are not interested in the information of a large number of people who have used t

GCC 4.6.3 Released with 70 bug-fixes The GNU Compiler Collection version 4.6.3 has been released. Jakub Jelinek of Red Hat announced the release this morning of GCC 4.6.3. Over GCC 4.6.2 there's over 70 bug-fixes and other work. However, all of the exciting work meanwhile is going into what will become GCC 4.7. The GNU Compiler Collection (GCC) is a compiler system produced by the GNU Project supporting various programming languages. GCC is a key component of the GNU toolchain. As well as being the official compiler of the unfinished GNU operating system, GCC has been adopted as the standard compiler by most other modern Unix-like computer operating systems, including Linux, the BSD family and Mac OS X. GCC 4.7 will offer some performance improvements, new CPU support, language enhancements, mature Intel Sandy/Ivy Bridge support, and initial Intel Haswell support. GCC 4.7 should be officially released in March or April. Read More here

BackTrack 5 R2 Released, New Kernel, New Tools Hacker are your Ready ? Backtrack 5 R2 finally released with bug fixes, upgrades, and the addition of 42 new tools. With the best custom-built 3.2.6 kernel, the best wireless support available at maximum speed. This release have included Metasploit 4.2.0 Community Edition, version 3.0 of the Social Engineer Toolkit, BeEF 0.4.3.2, and many other tool upgrades. Backtrack also added the following new tools to R2: arduino bluelog bt-audit dirb dnschef dpscan easy-creds extundelete findmyhash golismero goofile hashcat-gui hash-identifier hexorbase horst hotpatch joomscan killerbee libhijack magictree nipper-ng patator pipal pyrit reaver rebind rec-studio redfang se-toolkit sqlsus sslyze sucrack thc-ssl-dos tlssled uniscan vega watobo wcex wol-e xspy Along with this, Backtrack added Wiki about Building a Pyrit Cluster, Creating a John the Ripper Cluster, Enabling PAE in BT5 R2 and Installing VMware P

#THN Monthly ( February ) News Archive,If you miss Something ! # Censorship - Global Concern, THN Magazine March Edition :  https://goo.gl/bktRz # Forget terrorists attacks here are 2012's Most Vulnerable Cities At Risk for Cyber Crime (Idiots) : https://goo.gl/4VYGf # Slum Dog India demands Real time monitoring on Indian Gmail & Yahoo Emails. Do they really have nothing better to do?   https://goo.gl/iYO5H # Iran will probably drop nuclear development cause they think they need to Develop their own security Software, No more foreign Solution, they might suggest banning the Burka too! : https://goo.gl/QVheH # Three Greek Anonymous hackers arrested for defacing Government Sites. They couldn't make the street protest! : https://goo.gl/EyMux # Facebook Hacking - Student jailed for eight months. They ought to jail Facebook for having such a stupid site : https://goo.gl/PwkHt # FAQ : DNSChanger Trojan, Impact and Solutions :   https://goo.gl/IE2Qh # How Hackers can Tr

Siemens and Canon 's Databases exploited by Team INTRA Recently a hacker known as " JoinSe7en " from Team INTRA claims to have hacked into subdomains of Canon and Siemens. Apparently, the hacker has found and exploited a Blind SQL Injection vulnerability in Canon's website and a Error based SQL Injection in Siemens. He published a full disclosure on both of the databases on pastebin: Siemens : https://pastebin.com/HBL966wh Canon : https://pastebin.com/fbL0s9aS These pastebin notes include the vulnerable links of respective sites and extracted database info with usernames and passwords of Siemens Users & Canon forum, sites user credentials.

Censorship - Global Concern : THN Magazine March Edition It is March Madness at The Hacker News as we release the latest edition of our magazine which gives internet security a thorough look and and a fascinating read. Pierluigi Paganini gives a great interview on the woes of internet security and Mourad Ben Lakhousa provides you with a comprehensive guide on what tools are available to keep your web activity private. Check out Lee Ives opinion piece on the plethora of DDOS attacks and stand firm with our Editor, Patti Galle as we tell the world we won't stand for internet piracy. Laugh with us as we take a hilarious look at recent internet security news and we promise you won't be disappointed in all the articles touching on matters important to us all. Enjoy! RAR Format  |  PDF Format