#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Browser Forensic Tool v2.0 - Advanced browser history search engine

Browser Forensic Tool v2.0 - Advanced browser history search engine

May 05, 2012
Browser Forensic Tool v2.0 - Advanced browser history search engine Browser Forensic Tool v2.0  , Developed by DarkCoderSc (Jean-Pierre LESUEUR) ,is an advanced local browser history search engine, in less than few seconds it will extract the chosen keywords of most famous web browser, actually Internet Explorer, Google Chrome, Mozilla FireFox, RockMelt, Comodo Dragon and Opera. BFT will attempt to find the keyword(s) in the history title and search, if the keyword is present or suspected to be, it will be display in the result list with his URL and Title. The software also give you the possibility to edit the default keywords and of course add / modify your own keywords, to separate keywords subject you can create your own keywords categories and only scan for some keywords in the chosen category . The program is fully asynchronous so it won't affect your work during the scan time nor it will block the customization of keywords and keylist and can be canceled at anytime. D
Sixth Lulzsec Hacker charged for loss of 60,000 credit card from Stratfor

Sixth Lulzsec Hacker charged for loss of 60,000 credit card from Stratfor

May 04, 2012
Sixth Lulzsec Hacker charged for loss of 60,000 credit card from Stratfor Jeremy Hammond, the former LulzSec member alleged to have been at the center of the hacking of private intelligence company Stratfor, Hammond is believed to have been the driving force behind the group's breach of intelligence firm Stratfor which lead to the loss of some 60,000 credit card numbers from company servers. Stratfor is dubbed a "shadow CIA" because it gathers non-classified intelligence on international crises. Hammond's arrest was announced on March 6 along with charges against the four suspected "AntiSec" members, Donncha O'Cearrbhail and Darren Martyn of Ireland, and Jake Davis and Ryan Ackroyd of Britain. Sabu and Hammond are the only Americans involved in the case, as the other four defendants live in the United Kingdom. The data included sensitive law enforcement documents, approximately 60,000 credit card numbers from Stratfor's servers, and the personal
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
UK's Serious Organised Crime Agency's website taken offline after DDoS attack

UK's Serious Organised Crime Agency's website taken offline after DDoS attack

May 03, 2012
UK's Serious Organised Crime Agency 's website taken offline after DDoS attack The Serious Organised Crime Agency's website was temporarily shut down today after a cyber attack.It was the victim of a scam known as distributed denial of service (DDOS) whereby an internet address is flooded with bogus traffic, effectively making it unreachable. It is the second time in a year that the website has fallen victim to hackers." We elected to take the website offline temporarily at about 10:00 pm (2100 GMT) last night ," a SOCA spokesman said. SOCA was the first target of the AntiSec campaign launched back in June by Anonymous and LulzSec. Soon after, 19-year-old Ryan Cleary was arrested and charged with allegedly playing a role in the DDoS attack that took down the SOCA Web site. Since then, the site was seemingly operating as expected. A Twitter news feed that claims links to the Anonymous hacking collective publicised the DDoS on Thursday, but did not claim respon
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Fake Google Iranian domain defaced by Algerian Script Kiddies

Fake Google Iranian domain defaced by Algerian Script Kiddies

May 03, 2012
Google got Pwned ? NO Few  Algerian Script Kiddies  try to spread fake rumours that they Hack and Deface the Giant Search engine " Google Iranian " domain  https://www.google.co.ir/  . As the above screenshot shown a Algerian flag on it  and Page Titles : " H4Ck3D By vaga-hacker dz and DR.KIM". As mentioned by hacker, the team include hackers named : " V4Ga-Dz,Dz0ne,DR-KIM King-Dz,BroX0 aghilass elite jrojan password kha&mix wasim -dz " . It is not confirmed that, either these are member from some Anonymous Hackers but they try to use Anonymous Hackers Tag line :  We Dont Forget ,  We Dont Forgive,  Expect Us!   to get some publicity. According to further investigation by " The Hacker News " Technical Team, we found that " google.co.ir " possibly not belongs to GOOGLE because site rank is " 3141379 "  , that means the site should have less than 100 Visitors/Day approx. Also we check  WHO.IS  records of this domain an
Un-Patched PHP-CGI remote code execution vulnerability can expose Source Codes

Un-Patched PHP-CGI remote code execution vulnerability can expose Source Codes

May 03, 2012
Un-Patched PHP-CGI remote code execution bug can expose Source Codes A serious remote code execution vulnerability in PHP-CGI disclosed. PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. The developers were still in the process of building the patch for the flaw when it was disclosed Wednesday, But the vulnerability can only be exploited if the HTTP server follows a fairly obscure part of the CGI spec. According to advisory (CVE-2012-1823) , PHP-CGI installations are vulnerable to remote code execution. You can pass command-line arguments like the " -s " switch " show source " to PHP via the query string. For example, You could see the source via " https://localhost/test.php?-s " . A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server. The team that found the bug, known as Eindbazen . They said that it had
Google's rogue engineer want to Stumble WI-FI Networks on Globe ?

Google's rogue engineer want to Stumble WI-FI Networks on Globe ?

May 03, 2012
Google's rogue engineer want to Stumble WI-FI Networks on Globe ? European privacy regulators said Wednesday that they were considering reopening their inquiries into Google's collection of personal e-mails and Web searches for its Street View service. Google's public version of events of how it came to secretly intercept Americans' data sent on unencrypted Wi-Fi routers over a two-year period doesn't quite mesh with what the search giant told federal regulators. A newly unredacted report from federal investigators and fresh information about the engineer behind the data collecting software are casting doubt on Google's assurances that it did not realize that its street-mapping cars were snatching personal data from Wi-Fi networks used by millions of unsuspecting households. A former state investigator identified YouTube programmer Marius Milner as 'Engineer Doe' at the center of Google's Street View scandal. Google's claim that it was one rogue engineer w
Hacker claims to hack European Space Agency, NASA, US Air Force and Military, French Ministry of Defence

Hacker claims to hack European Space Agency, NASA, US Air Force and Military, French Ministry of Defence

May 02, 2012
Hacker claims to hack  European Space Agency , NASA, US Air Force and  Military , French Ministry of Defence Hackers with group name " The Unknowns " claimed to Hack European Space Agency, NASA, US military, US Air Force, Harvard.Renault Company, French Ministry of Defence, Bahrain Ministry of Defecene and Thai Royal Navy and Many more. Lots of Data, Screenshot and Login Credentials exposed via a Pastebin Notes : Part 1 and Part 2 . Hackers comment on these hacks " We have hacked this with a reason.The security of those important sites are low.It was very easy to infiltrated the sites.We hope the sites will improve their defence. " Full Message Posted by Hackers: We are The Unknowns; Our Knowledge Talsk and Wisdom Listens... Victims, we have released some of your documents and data, we probably harmed you a bit but that's not really our goal because if it was then all of your websites would be completely defaced but we know that within a week or two, the
Oracle Database new zero day exploit put users at risk

Oracle Database new zero day exploit put users at risk

May 01, 2012
Oracle Database new zero day exploit put users at risk Oracle has recommended workarounds for a zero-day Oracle Database flaw that was not fixed in the company's April critical patch update. Oracle issued a security alert for Oracle TNS Poison, the vulnerability, disclosed by researcher Joxean Koret after he mistakenly thought it had been fixed by Oracle, allows an attacker to hijack the information exchanged between clients and databases. Koret originally reported the vulnerability to Oracle in 2008, four years ago! and said he was surprised to see it had been fixed in Oracle's most recent Critical Patch Update without any acknowledgment of his work. " This vulnerability is remotely exploitable without authentication, and if successfully exploited, can result in a full compromise of the targeted Database ," the company warned.  " This security alert addresses the security issue CVE-2012-1675, a vulnerability in the TNS listener which has been recently disclosed as 'TNS
Flashback malware Creater earning $10,000 per day from Google Ads

Flashback malware Creater earning $10,000 per day from Google Ads

May 01, 2012
Flashback malware Creater earning $10,000 per day from Google Ads In a recent analysis of the business model behind the Flashback Trojan, Symantec security researchers reported that the main objective of the malware is revenue generation through an ad-clicking component. Security researchers at Symantec are estimating that the cyber-crimibals behind the Flashback Mac OS X botnet may have raked in about $10,000 a day. Dr. Web, the Russian security firm that firm discovered the massive Flashback botnet last month, has provided new data on the number of Macs still infected with the software. The results show that while close to 460,000 machines remain infected, the botnet is shrinking at a rate of close to a hundred thousand machines a week as Mac users get around to downloading Apple's tool for disinfecting their machines or installing antivirus. when an infected user conducts a Google search, Google will return its normal search results. Flashback waits for someone to click on an a
Skype Vulnerability Exposing User IP Addresses

Skype Vulnerability Exposing User IP Addresses

May 01, 2012
Skype Vulnerability Exposing User IP Addresses Skype is warning users following the launch of a site devoted to harvesting user IP addresses.The Skype IP-Finder site allowed third-parties to see a user's last known IP address by simply typing in a user name. A script has been uploaded to Github that offers these options. According to the page, it can be used to lookup IP addresses of online Skype accounts, and return both the remote and the local IP of that account on a website. The script is for instance available on this site . Just enter the user name of a Skype user, fill out the captcha, and click the search button to initiate the lookup. You will receive the user's remote IP and port, as well as the local IP and port. Adrian Asher, director of product Security, Skype " We are investigating reports of a new tool that captures a Skype user's last known IP address. This is an ongoing, industry-wide issue faced by all peer-to-peer software companies. We are committed to the
Sony Engineers Met With PS3 Hacker - Geohot

Sony Engineers Met With PS3 Hacker - Geohot

May 01, 2012
Sony Engineers Met With PS3 Hacker - Geohot George Hotz aka " Geohot " first made a name for himself in the PS scene when he not only managed to hack a PlayStation 3, but then proceeded to publish a guide that shared with others how to do it as well. In an effort to improve their security measures, Sony had several of their engineers meet with the computer mastermind to better understand his methods. " We are always interested in exploring all avenues to better safeguard our systems and protect consumers ," said Jim Kennedy, the senior vice-president of strategic communications for Sony Corporation of America. In a story by The New Yorker on the hacker, details were given on the meeting between Sony and Hotz. The two got together after settling things in court, and "Geohot" spoke surprisingly very well of the Sony engineers, noting that they were very "respectful." Geohot once wrote on his blog that " Hacker is to computer as plumber is to pipes ." In the story, Hotz sa
oclHashcat-plus v0.08 Released - fastest password Cracker

oclHashcat-plus v0.08 Released - fastest password Cracker

May 01, 2012
oclHashcat-plus v0.08 Released - fastest password Cracker oclHashcat-plus is Worlds first and only GPGPU based rule engine and Worlds fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. Features Free Multi-GPU (up to 16 gpus) Multi-Hash (up to 24 million hashes) Multi-OS (Linux & Windows native binaries) Multi-Platform (OpenCL & CUDA support) Multi-Algo (see below) Low resource utilization, you can still watch movies or play games while cracking Focuses highly iterated, modern hashes Focuses single dictionary based attacks Supports pause / resume while cracking Supports reading words from file Supports reading words from stdin Integrated thermal watchdog 20+ Algorithms implemented with performance in mind ... and much more Algorithms MD5 Joomla osCommerce, xt:Commerce SHA1 SHA-1(Base64), nsldap, Netscape LDAP SHA SSHA-1(Base64), nsldaps, Netscape LDAP SSHA Oracle 11g SMF > v1.1 OSX v10.4, v10.5, v10.6 MSSQL(2000) MSSQL(2005) MySQL
Cybersecurity Resources