The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

UK's Serious Organised Crime Agency 's website taken offline after DDoS attack The Serious Organised Crime Agency's website was temporarily shut down today after a cyber attack.It was the victim of a scam known as distributed denial of service (DDOS) whereby an internet address is flooded with bogus traffic, effectively making it unreachable. It is the second time in a year that the website has fallen victim to hackers." We elected to take the website offline temporarily at about 10:00 pm (2100 GMT) last night ," a SOCA spokesman said. SOCA was the first target of the AntiSec campaign launched back in June by Anonymous and LulzSec. Soon after, 19-year-old Ryan Cleary was arrested and charged with allegedly playing a role in the DDoS attack that took down the SOCA Web site. Since then, the site was seemingly operating as expected. A Twitter news feed that claims links to the Anonymous hacking collective publicised the DDoS on Thursday, but did not claim respon

Google got Pwned ? NO Few  Algerian Script Kiddies  try to spread fake rumours that they Hack and Deface the Giant Search engine " Google Iranian " domain  https://www.google.co.ir/  . As the above screenshot shown a Algerian flag on it  and Page Titles : " H4Ck3D By vaga-hacker dz and DR.KIM". As mentioned by hacker, the team include hackers named : " V4Ga-Dz,Dz0ne,DR-KIM King-Dz,BroX0 aghilass elite jrojan password kha&mix wasim -dz " . It is not confirmed that, either these are member from some Anonymous Hackers but they try to use Anonymous Hackers Tag line :  We Dont Forget ,  We Dont Forgive,  Expect Us!   to get some publicity. According to further investigation by " The Hacker News " Technical Team, we found that " google.co.ir " possibly not belongs to GOOGLE because site rank is " 3141379 "  , that means the site should have less than 100 Visitors/Day approx. Also we check  WHO.IS  records of this domain an

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Un-Patched PHP-CGI remote code execution bug can expose Source Codes A serious remote code execution vulnerability in PHP-CGI disclosed. PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. The developers were still in the process of building the patch for the flaw when it was disclosed Wednesday, But the vulnerability can only be exploited if the HTTP server follows a fairly obscure part of the CGI spec. According to advisory (CVE-2012-1823) , PHP-CGI installations are vulnerable to remote code execution. You can pass command-line arguments like the " -s " switch " show source " to PHP via the query string. For example, You could see the source via " https://localhost/test.php?-s " . A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server. The team that found the bug, known as Eindbazen . They said that it had

Google's rogue engineer want to Stumble WI-FI Networks on Globe ? European privacy regulators said Wednesday that they were considering reopening their inquiries into Google's collection of personal e-mails and Web searches for its Street View service. Google's public version of events of how it came to secretly intercept Americans' data sent on unencrypted Wi-Fi routers over a two-year period doesn't quite mesh with what the search giant told federal regulators. A newly unredacted report from federal investigators and fresh information about the engineer behind the data collecting software are casting doubt on Google's assurances that it did not realize that its street-mapping cars were snatching personal data from Wi-Fi networks used by millions of unsuspecting households. A former state investigator identified YouTube programmer Marius Milner as 'Engineer Doe' at the center of Google's Street View scandal. Google's claim that it was one rogue engineer w

Hacker claims to hack  European Space Agency , NASA, US Air Force and  Military , French Ministry of Defence Hackers with group name " The Unknowns " claimed to Hack European Space Agency, NASA, US military, US Air Force, Harvard.Renault Company, French Ministry of Defence, Bahrain Ministry of Defecene and Thai Royal Navy and Many more. Lots of Data, Screenshot and Login Credentials exposed via a Pastebin Notes : Part 1 and Part 2 . Hackers comment on these hacks " We have hacked this with a reason.The security of those important sites are low.It was very easy to infiltrated the sites.We hope the sites will improve their defence. " Full Message Posted by Hackers: We are The Unknowns; Our Knowledge Talsk and Wisdom Listens... Victims, we have released some of your documents and data, we probably harmed you a bit but that's not really our goal because if it was then all of your websites would be completely defaced but we know that within a week or two, the

Oracle Database new zero day exploit put users at risk Oracle has recommended workarounds for a zero-day Oracle Database flaw that was not fixed in the company's April critical patch update. Oracle issued a security alert for Oracle TNS Poison, the vulnerability, disclosed by researcher Joxean Koret after he mistakenly thought it had been fixed by Oracle, allows an attacker to hijack the information exchanged between clients and databases. Koret originally reported the vulnerability to Oracle in 2008, four years ago! and said he was surprised to see it had been fixed in Oracle's most recent Critical Patch Update without any acknowledgment of his work. " This vulnerability is remotely exploitable without authentication, and if successfully exploited, can result in a full compromise of the targeted Database ," the company warned.  " This security alert addresses the security issue CVE-2012-1675, a vulnerability in the TNS listener which has been recently disclosed as 'TNS

Flashback malware Creater earning $10,000 per day from Google Ads In a recent analysis of the business model behind the Flashback Trojan, Symantec security researchers reported that the main objective of the malware is revenue generation through an ad-clicking component. Security researchers at Symantec are estimating that the cyber-crimibals behind the Flashback Mac OS X botnet may have raked in about $10,000 a day. Dr. Web, the Russian security firm that firm discovered the massive Flashback botnet last month, has provided new data on the number of Macs still infected with the software. The results show that while close to 460,000 machines remain infected, the botnet is shrinking at a rate of close to a hundred thousand machines a week as Mac users get around to downloading Apple's tool for disinfecting their machines or installing antivirus. when an infected user conducts a Google search, Google will return its normal search results. Flashback waits for someone to click on an a

Skype Vulnerability Exposing User IP Addresses Skype is warning users following the launch of a site devoted to harvesting user IP addresses.The Skype IP-Finder site allowed third-parties to see a user's last known IP address by simply typing in a user name. A script has been uploaded to Github that offers these options. According to the page, it can be used to lookup IP addresses of online Skype accounts, and return both the remote and the local IP of that account on a website. The script is for instance available on this site . Just enter the user name of a Skype user, fill out the captcha, and click the search button to initiate the lookup. You will receive the user's remote IP and port, as well as the local IP and port. Adrian Asher, director of product Security, Skype " We are investigating reports of a new tool that captures a Skype user's last known IP address. This is an ongoing, industry-wide issue faced by all peer-to-peer software companies. We are committed to the

Sony Engineers Met With PS3 Hacker - Geohot George Hotz aka " Geohot " first made a name for himself in the PS scene when he not only managed to hack a PlayStation 3, but then proceeded to publish a guide that shared with others how to do it as well. In an effort to improve their security measures, Sony had several of their engineers meet with the computer mastermind to better understand his methods. " We are always interested in exploring all avenues to better safeguard our systems and protect consumers ," said Jim Kennedy, the senior vice-president of strategic communications for Sony Corporation of America. In a story by The New Yorker on the hacker, details were given on the meeting between Sony and Hotz. The two got together after settling things in court, and "Geohot" spoke surprisingly very well of the Sony engineers, noting that they were very "respectful." Geohot once wrote on his blog that " Hacker is to computer as plumber is to pipes ." In the story, Hotz sa

oclHashcat-plus v0.08 Released - fastest password Cracker oclHashcat-plus is Worlds first and only GPGPU based rule engine and Worlds fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. Features Free Multi-GPU (up to 16 gpus) Multi-Hash (up to 24 million hashes) Multi-OS (Linux & Windows native binaries) Multi-Platform (OpenCL & CUDA support) Multi-Algo (see below) Low resource utilization, you can still watch movies or play games while cracking Focuses highly iterated, modern hashes Focuses single dictionary based attacks Supports pause / resume while cracking Supports reading words from file Supports reading words from stdin Integrated thermal watchdog 20+ Algorithms implemented with performance in mind ... and much more Algorithms MD5 Joomla osCommerce, xt:Commerce SHA1 SHA-1(Base64), nsldap, Netscape LDAP SHA SSHA-1(Base64), nsldaps, Netscape LDAP SSHA Oracle 11g SMF > v1.1 OSX v10.4, v10.5, v10.6 MSSQL(2000) MSSQL(2005) MySQL