The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Free Configuration Check Tool by eEye Digital Security eEye Digital Security, the industry's leading innovator of threat management solutions, just released new research, " Working Toward Configuration Best Practices " . Findings verify that proper configuration and mitigations remain the most effective way to secure IT infrastructure. The research team at eEye also found that the leading mitigations it recommended in 2011 disabling WebDAV and Microsoft Office document converters - prevented even more vulnerabilities in 2011 than in 2010. In the case of turning off the Office document converters, the percentage increased from eight to 10 percent. Combined, the two tactics mitigate 20 percent of vulnerabilities. To put these relatively simple recommendations into action, IT administrators can download a new, free tool from the eEye researchers. It tests for some of the most highly recommended configuration updates and: • Offers a simple pass/fail and informational status

7 Ways to Improve Your Network's Web Security Admins looking to improve on their company's web security often turn to software solutions to help assess and automate their security tasks. Good web security software can make surfing the web safe and secure by protecting users from potential vulnerabilities in their operating systems or browsers, as well as helping them to avoid policy violations. The top web security software packages can help you to improve your network's web security in many ways. Here are seven of the major benefits web security software offers: 1. Automatic blocking of malicious content Compromised websites can lead to compromised workstations. Whether it's a malicious script or a media file, web security software can scan and block data before displaying it in a browser compromises a machine. 2. Scan downloads for malware Users frequently go to the Internet to download files, whether those are programs, music, or screensavers. Web security software can scan those

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Anonymous Deface page - " POPE is not welcome, out out!!!!! " Anonymous blocked access to two websites linked to the upcoming visit to Mexico by Pope Benedict XVI. Anonymous Hispano, the hackers succeeded in temporarily knocking the websites offline and defacing them with their own message: " Hacked system. The POPE is not welcome, out out!!!!! " In its profile on the social network Facebook, Anonymous Hispano said the Comfil site was " hacked for supporting Benedict XVI. " Benedict is scheduled to visit Mexico Friday through Monday, prior to a three-day trip to Cuba. In a video that was posted on YouTube, the hackers said that the pope's visit comes at the start of the campaign ahead of Mexico's July 1 presidential election, and that it seeks to benefit the ruling-party candidate. The Roman Catholic church, the video said, seeks " to keep the population shrouded in lies ." According to Anonymou s, the pope will not see either the poverty or the violence

Hacktivism Breached 174 Million Records in 2011 According to the Verizon 2012 Data Breach Investigations Report released on Thursday, Hacktivists stole more data from large corporations than cybercriminals in 2011, according to a study of significant security incidents. The report surveyed 855 data breaches, where a combined 174 million digital records were purloined. Although a large number of records were compromised in 2011, the year was only the second-highest since Verizon began collecting breach information in 2004. " While a few 2011 breach victims estimated their losses to be in the hundreds of millions of dollars, most did not get near to that amount ," it said. " In fact, the large majority of them emerged relatively unscathed from their troubles. " In the report, Verizon, pointing to the " Arab Spring " protests, called 2011 " a year of civil and cultural uprising ."Certainly, hacktivists such as LulzSec did hog a good deal of the

Cross-site scripting (XSS) Vulnerability reported on Paypal Paypal is affected by an XSS vulnerability where it fails to validate input on URL shown in above image. PayPal fixed the vulnerability shortly after being notified that its publicly posted. XSS, in general is a vulnerability that allows hackers to inject client side script on webpages and can modify how a user sees the webpage An attacker able to trick a user with a valid Paypal session into clicking a crafted version of the link below (wouldn't be hard, think a link on an eBay auction listing or a phishing e-mail for example) could hijack the user's session and initiate financial transactions on their behalf including money transfers. Alternatively this legitimate URL could be used to redirect the user to a spoofed PayPal web site designed to steal user credentials, which is a fairly common scam except in this case more effective as the user would see an actual PayPal URL to click on. [ Source ]

US Army's CECOM Data leaked by Hacker Hacker Black Jester recently published contract information from a Web site connected to the U.S. Army Communications and Electronics Command (CECOM). " 30 record sets that include names, user IDs, physical addresses, email addresses, telephone numbers, and clear-text passwords were published in a Pastebin document ," writes Softpedia . "' Old crappy server, but has good info inside it. The list is not complete due the lazy condition and msaccess db , enjoy!' the hacker wrote next to the data dump ," Kovacs writes. The Pastebin post doesn't contain the name of the site from where the data was leaked, but the hacker provided us with the IP address associated with it. That IP address led us to a Software Engineering Services site on which only "eligible users" may register.