The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Bug Bounty program, where white hat hackers and researchers hunt for serious security vulnerabilities and disclosing them only to the vendor for a patch , In return vendors rewards them with money. Various famous websites like Facebook , Google , Paypal , Mozilla, Barracuda Networks and more other giving away bug bounties in thousands of Dollars to hackers for finding vulnerabilities. Most common vulnerabilities reported maximum time on various sites is Cross site scripting and each month hackers submit lots of such vulnerabilities to companies. In case  your report is duplicate, i.e. Someone else before you submit the same vulnerability - company will reject you from the bug bounty program. But there is no proof or an open Panel where hacker can verify that is someone already reported for same bug before or not. If company reply you - " The bug was already discovered by another researcher" , can you do anything  even after knowing that you are very first per

A 16 years old Spanish Whitehat hacker going by name " The Pr0ph3t " found XSS Vulnerability on Apple website. The Vulnerability reported in Apple subdomain -  https://locate.apple.com , where users can choose a service center location. About Cross site scripting : Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. The malicious script can access any cookies, session tokens, or other sensitive information retained by your browser. This vulnerability may be used by attackers to bypass access controls such as the same origin policy. After capturing HTTP headers, hacker found that there is a parameter called "location" which is actually not filtered for malicious inputs. Hacker. For proof of concept , he inject a JavaScript code - as shown in image.  Vulnerability existence verified by The Hacker News team and its still vulnerable.

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

Kosova Warriors Group deface a subdomain (https://events.nawaat.org/) of Nawaat Portal.. Its an independent collective blog hosted by Tunisians. It gives a voice to all those who, through their civic engagement, take the cover and spread. Our editorial decisions are guided by among other concerns that affect the lives of our countrymen and our fellow man. It seems that hacker is able to hack into the server and have control over two subdomains. After talking with hacker, we came to know that there is one more panel open for hackers at https://facebook.nawaat.org/ , where by default anyone is logging as admin user id. Zone-h Records of defacement are : https://www.zone-h.org/mirror/id/18587592 https://www.zone-h.org/mirror/id/18587594

3 Days ago " English Defence League " was hacked and Defaced by " ZCompany Hacking Crew ". Today same hacking crew expose a list of 25 people who give Donations to EDL. Leaked information include Donator's Names, addresses and Email addresses, posted in a note . Hackers said," If you donate to EDL and your name is not in the list, you should not breathe a sigh of relief ZHC will find you and expose you one day. " I talk with hackers to know the reason of exposing the donator list, and reply was - " We will expose every person who support racist organisations like EDL " Last Friday defaced page read, " Fuck Zionist Jews! – Boycot israel! – Fuck the American Government! - Fuck fascist Organizations like EDL " On the time writing this article, website of " English Defence League " (https://www.englishdefenceleague.org/) is giving " 403 Forbidden " and Hackers told 'The Hacker News' that

From Yesterday CloudFlare Security team receiving various reports of a Phishing Scam, which is targeting customers by saying that " you have exceeded bandwidth ". In a blog post , CloudFlare said, " Some CloudFlare customers are currently being targeted with a phishing email that was not sent by CloudFlare. Please do not click on the links in the email. " Scammer asking users to visit a phishing link (removed from sample for readers security). In case you open the URL, we request you to do not enter your username and password in the URL. Please choose a strong password for CloudFlare to save your Domains.

Researchers over at Intego have recently discovered a new variant of  OSX/Imuler the data-stealing Mac malware, detected as OSX/Imuler.E which is believed to be targeting Tibetan rights activists. " This backdoor Trojan family was first discovered in September 2011 as a Mac PDF Trojan horse and has been targeting activist organizations with emails containing what appear to be pictures. Each variant has tried different tactics, either trying to scare or entice their target into opening the file. " explained . The cyber criminals behind the campaign are relying on the fact that by default, Mac OS X doesn't display full file extensions, and therefore are attempting to trick end and corporate users into thinking that they're about the view a JPG image file. The Imuler Trojan has two main methods of stealing information, It searches the system for user data OR It can also take screenshots. Then, This data is then uploaded to the controller's server. Last week, Thousand

Multiple malware attacks against both Israeli and Palestinian systems, likely to be coming from the same source, have been seen over the last year. Researchers in Norway have uncovered evidence of a vast Middle Eastern espionage network that for the past year has deployed malicious software to spy on Israeli and Palestinian targets. Israel has banned its police force from connecting to the Internet and from using memory sticks or disks in an effort to curb a cyberattack. The ban, enacted last week, is meant to prevent a malware program called Benny Gantz-55 named after Benny Gantz, Israel's Chief of General Staff from infecting the police's computer network  Trend Micro has obtained samples of malware implicated in a recent incident, The attack began with a spammed message purporting to come from the head of the Israel Defense Forces, Benny Gatz. The From field has the email address, bennygantz59(at)gmail.com and bore the subject IDF strikes militants in Gaza Strip following

Social Media Management tool HootSuite today face technical issue and expose email address's of thousands of users. Due of error lots of people receive email reminders with warning that their free 60-day HootSuite Pro trial was about to end, but also included the names and email addresses of other people using the service. Image Source : TNW According to Hootsuite, the incident occurred to under 4000 emails and many of the users who are getting the email spam were not even signed up for HootSuite's Pro trial. In a blog post HootSuite said, " At this time, we are requesting that recipients destroy the messages in order to help us contain the issue. Privacy is a paramount concern for HootSuite and this is in no way a reflection of the respect we have for our users and their privacy ." " Given HootSuite's recent acquisition of Seesmic, we could speculate that the mass of emails could be down to a failed import of user accounts. We have, of course, re

John McAfee, who started the antivirus software giant named after him, has been accused of murder in Belize and wanted.  Gizmodo reports that McAfee has been living in Belize for a while now, spending most of his time there experimenting with drugs. McAfee's marketing slogan: " Safe is not a privilege. It is a right. " This news comes just a few days after Gizmodo ran a long story about McAfee's increasingly erratic and borderline criminal behavior. In it, he sounds paranoid as he talks about people wanting to take his money and kill him and he admits to having associated with gangsters in Belize. McAfee had taken to " posting on a drug-focused Russian message board...about his attempts to purify the psychoactive compounds colloquially known as 'bath salts, '" Gizmodo wrote. The scariest aspect of this story may be the fact that an entire lab was constructed for John McAfee's research purposes. Because of his efforts to extract chemicals

Carrying reputation of being India's choicest and oldest hacker's conference, Team ClubHack proudly brings the 6th edition of ClubHack Hacking and Security Conference with more exciting activities. ClubHack 2012 hacker's convention will be held from Nov. 30th to Dec 3rd, 2012 in Pune, India. ClubHack in true sense is a community event and is always the most cost effective yet biggest security event of India. ClubHack 2012 is highly technical conference with 2 days of Technical Briefings and 2 days of hand-on training workshops. ClubHack2012 is loaded with more number of talks, more workshops and a special event HackNight. Event includes specialized hands-on training workshops for Network Admins, DBAs, Developers, Researchers, Architects, Managers, Govt. Agencies, Auditors and Students. For the first time ClubHack introduces a new event for hackers & developers – HackNight, a night where actual hackers spend time not to "break" into someone but to "make" something i

Cyber criminals become hyper active during festivals. Diwali is no exception. Shantanu Ghosh, Vice-President and Managing Director (India Product Operations) of Internet security solutions company Symantec has observed that malware authors and spammers are using Diwali (The festival of lights that's celebrated across the world (primarily in the Indian sub-continent) as the latest event to lure unsuspecting users into downloading malware, buying products, and falling for scams. Shantanu said cyber criminals attempt to 'poison' web search engine results to take advantage of huge rush in search activity during popular events. " We have observed that cyber attackers are using various techniques to make the most of Diwali, " he warned. Cyber-attackers make use of social engineering tactics to lure users to purchase from or register on unknown websites. Users may be exposing personal information to Internet scammers. " Before giving into the temptation of clicking on a link in

CIA Director was uncovered when a woman described as close to him received harassing emails and complained to authorities. The FBI traced the emails and found that they had been sent by Paula Broadwell, who wrote a highly favorable book on the former Army general's life and work. While initially investigating the reports, the FBI feared the CIA director's personal email account may have been hacked, but the sexual nature of the email exchanges exposed the affair. A Yahoo email account belonging to former CIA Director David Petraeus may have been compromised by the group Anonymous. The personal email account was exposed during the the leak of commercial intelligence company STRATFOR by Anonymous Hackers, among other millions of email accounts of customers belongs to the company.  The emails sent by Broadwell indicated that she perceived the other woman as a threat to her relationship with Petraeus, law enforcement officials. Anonymous also obtained email logins to ST

Imagine someone getting access to your computer, encrypting all your family photos and other priceless files, and then demanding a ransom for their safe return. That is what ransomware is all about. Symantec's latest research report suggests police-themed ransomware could be a replacement to the once-lucrative fake antivirus scareware trade. According to  report , Ransomware distributors are raking in around $5 million dollars a year and the spoils are being spread among just 16 crime groups. Symantec's estimates suggest a significant but not yet thriving crime business, which delivers each operation, on average, $300,000 a year. Reticently identified Oracle Java SE Remote Java Run time Environment vulnerability (  CVE-2012-5076 ) leads to  Geo located   Ransomware Malware . Java vulnerability actually can allows attacker to unauthorized disclosure of information, unauthorized modification and disruption of service. This Ransomware shows a bogus notification, that preten

Guadeloupe is a Caribbean island located in the Leeward Islands, in the Lesser Antilles. Today a hacker going by name "UR0B0R0X" claimed to hack into the " Network Information Center Guadeloupe " (nic.gp), which is Guadeloupe National Domain registrar having control over domains of big companies like Google.gp, Paypal.gp, twitter.gp, Yahoo.gp,  and many more. Hacker claimed to hack server of  nic.gp and leak credentials (encrypted) of 1271 Guadeloupe domains and user accounts including usernames, email addresses and phone numbers from server as shown via a  paste-bin note . and complete database uploaded on a  file sharing  site.

It's be Just hours Windows Phone 8 has been released - and hackers have already dished out a malware prototype for the platform. Windows Phone 8 is the second generation of the Windows Phone mobile operating system. Windows Phone 8 Microsoft's latest in mobile OS technology - comes in as a direct competition to rivals Apple and Google. The research firm Gartner indicates that by 2016 the increase in Windows Phone users will slightly fall below Apple`s iOS users. To be showcased at the International Malware Conference, MalCon - on 24th November in India, the prototype has been created by Shantanu Gawde, who has previously created a malware that utilized the famed Xbox Kinect. Windows Phone 8 replaces its previously Windows CE-based architecture with one based on the Windows NT kernel with many components shared with Windows 8, allowing applications to be easily ported between the two platforms. While no further details of the malware are available at this point of time, it will

A 15-year-old  UG Nazi hacker  going by the name of Cosmo or Cosmo the God  was sentenced in juvenile court on Wednesday with terms for six years without any computers or Internet, until his 21st birthday. During these 6 years, he'll need approval from his parole officer to access the internet. Wired report that hacker resides in Long Beach, California, and began as a politicized group that opposed SOPA, took down a bevy of websites this year, including those for NASDAQ, CIA.gov, and UFC.com. It redirected 4Chan's DNS to point to its own Twitter feed. Hacker pled guilty to more than a few felonies, with charges ranging from credit card fraud to online impersonation. The probation that Cosmo agreed to as part of his plea limits his use of the internet to solely educational purposes, and all use will be supervised. As part of the hacker group UGNazi, he was able to gain access to accounts on sites including Amazon, PayPal, Microsoft, Netflix, and many more. He is prohibited from

Anonymous hacker deface Kuwaiti Ministry of Awqaf and Islamic Affairs ( https://islam.gov.kw/)  Deface page have Anonymous Mask as shown in screenshot with an Arabic language message . Translated message " Letter to the Kuwaiti people full and without any exception ! Jordan and Palestine red line and pocket Asarthm Bandas ! God bless you, O Saddam and what God has failed them !! Gary trampling upon you and one-and-one, O and Ladd dog !! Strong Protection, is Our Target " At the time of writing, site is defaced, This Anonymous groups seems to to be note related to whole anonymous groups and Operations. Will will update you soon with more updates.

ZCompany Hacking Crew members hack and deface  English Defence League official website (https://englishdefenceleague.org),a far-right British organization . Deface page include text " Fuck Zionist Jews! – Boycot israel! – Fuck the American Government! - Fuck fascist Organizations like EDL" and a screenshot of a email. " EDL admins have been harassing innocent people and stealing money from them to fund their racist adventures " Hacker continue. Hacker trend the hacking operation as # OPEDL and #OpRacism  on twitter. Further message include, " Such a shame! EDL admins! as we ZHC said we will always be one step ahead of you. We will chase you, expose your racism and even remove you from the web. We demonstrated it successfully by deleting your facebook page three times. And we have demonstrated it successfully by defacing and exposing your frauds yet again.But the best is yet to come. Yes right, details of supporters and donors of EDL will be made public soo

The Windows 8 and Windows RT security updates will be the first shipped since those operating systems' launch on Oct. 26. The latest vulnerabilities include three critical security vulnerabilities for Windows 8, and one critical security vulnerability for the Surface-based Windows RT operating system. These flaws are considered "critical" and could allow remote code execution on vulnerable systems. Among the various flaws, versions from Windows XP (Service Pack 3) all the way through to Windows 8 are affected, including versions of the Office suite, and versions of Windows Server. Released only in September, Windows Server 2012 requires patching to maintain maximum security. If you've enabled automatic updates, the patches will automatically install on Tuesday. As usual, the specific details about what is being fixed in these updates won't be revealed until the patches themselves are available for download in order to not give hacker groups an advance

Paul F Renda give an overview that, What and how new long distance and short distance Dead drop techniques are used by National Security Agency for secure communications. What is a dead drop? It is methods that spies use or have used to communicate with associates who have information for them. The dead drop allows them to exchange information without having actual physical contact with each other. The person leaving the information can leave it under a rock or a can or bush. A special type of empty spikes that can be dropped into holes has also been used drop information. The person leaving the information also leaves some kind of signal the drop was made. The signal could be a chalk marks on a tree or pavement. Someone views the signal and retrieves information. Some more unusual dead drops have used dead animals like rabbits, rats and large birds to hide the information. These have been used by both the CIA and KGB. The one problem with this type of dead drop is that other