The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Anonymous hackers claimed that they compromise over 20 million user accounts worldwide this year to promote Operation Jubilee . Large community web sites were targeted to gain access to users' contact information. Many administrators denied that their databases were at risk while all their data was being downloaded. The reason for one of the largest hacking campaigns in history is to rally people to cancel debt and end the economic crisis. Earlier this month Operation Jubilee came into public view after defacing several popular police forums. Members of the police forums received e-mail inviting them to join the Operation. News of the defaces spread quickly with the help of social media platforms. Until these events, Operation Jubilee was virtually unknown to the general population. Unbeknownst to the public, large web sites were already being attacked for months. Operation Jubilee is a peaceful protest to take place on the 5th of November in front of Parliament in L

A Hacker going by name - " LegitHacker97 " claiming that he successfully access a NASA subdomain website , that actually belongs to a US Government computer, as mentioned on homepage. ***** WARNING ***** This is a US Government computer Hacker also dump a  82.51 MB (compressed or 337 MB uncompressed) Archive five days ago on internet, includes the complete source code of the website (in ASP). After watching the pastebin note , we tried to contact the hacker for collecting more information about the hack. Hacker describe The Hacker News via mail that," This was hacked by a major LFI vulnerability which allowed me to upload my own shell (backdoor to the site) and I took advantage of it by downloading all off the website ! ". He add ," But now vulnerability is fixed ". I download the dump from the link posetd by hacker in pastebin note and tried to match the files with NASA website and subdomains, and found that these file actually belo

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

Most of the readers have question in mind that, How hackers know everything about their target ? How to DOX (finding personal information) someone ? So answer is --  Open Source Intelligence (OSINT). A Patriot Hacker ' The Jester ' (or "th3j35t3r") who made his name after harassing Anonymous activist group, disrupting WikiLeaks and stalking "jihadist" sites has finally list his all time favorite Open Source Intelligence (OSINT) toolset. Open Source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence. Hacker posted list of some free available tools on his blog , includes Maltego, Creepy, Spokeo, CaseFile, FoxOne Scanner (Jester's Edition). OSINT is defined by both the U.S. Director of National Intelligence and the U.S. Department of Defense, as " produced from publicly available information that is coll

Reid Wightman from security firm ioActive reported that there is an undocumented backdoor available in   CoDeSys  software that actually used to manage equipment in power plants, military environments, and nautical ships. The bug allow malicious hackers to access sensitive systems without authorization, Ars said. The CoDeSys tool will grant a command shell to anyone who knows the proper command syntax and inner workings, leaving systems that are connected to the public Internet open to malicious tampering and There is absolutely no authentication needed to perform this privileged command,  Reid mention. This software has been used in industrial control systems sold by 261 different manufacturers. 3S-Smart Software Solutions designs CoDeSys and recently issued an advisory that recommends users set a password, but  he is able to develop two exploit shells , one is  codesys-shell.py (to get the CoDeSys command shell without authentication) and other , codesys-transfer.py (read or w

The whistleblowing website Wikileaks from tonight releasing more than 100 U.S. Defense Department files detailing military detention policies in camps in Iraq and at Guantanamo Bay in the years after the September 11 attacks on U.S. targets - " The Detainee Policies " In a statement , WikiLeaks criticized regulations it said had led to abuse and impunity and urged human rights activists to use the documents to research what it called policies of unaccountability . WikiLeaks says it plans to release the files in chronological order to paint a picture of the evolution of America's military detainee practices. WikiLeaks founder Julian Assange said: " The 'Detainee Policies' show the anatomy of the beast that is post-9/11 detention, the carving out of a dark space where law and rights do not apply, where persons can be detained without a trace at the convenience of the U.S. Department of Defense. It shows the excesses of the early days of war against an unknown

Security researcher Andres Blanco from CoreSecurity discovered a serious vulnerability in two Wireless Broadcom chipsets used in Smartphones. Broadcom Corporation, a global innovation leader in semiconductor solutions for wired and wireless communications. Broadcom BCM4325 and BCM4329 wireless chipsets have been reported to contain an out-of-bounds read error condition that may be exploited to produce a denial-of-service condition. Other Broadcom chips are not affected. The CVE ID given to issue is  CVE-2012-2619 . In advisory they reported that this error can be leveraged to denial of service attack, and possibly information disclosure. An attacker can send a RSN (802.11i) information element, which causes the Wi-Fi NIC to stop responding. Products containing BCM4325 chipsets: Apple iPhone 3GS Apple iPod 2G HTC Touch Pro 2 HTC Droid Incredible Samsung Spica Acer Liquid Motorola Devour Ford Edge (yes, it's a car) Products containing BCM4329 chipsets: Apple iPhone 4 Ap