#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Nmap 6.25 released with 85 new NSE scripts

Nmap 6.25 released with 85 new NSE scripts

Dec 03, 2012
After five months NMAP team release latest version of open source utility for network exploration or security auditing - NMAP 6.25 . It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Updates: integration of over 3,000 IPv4 new OS fingerprint submissions, over 1,500 service/version detection fingerprints, and of the latest IPv6 OS submissio
Multiple MySQL database Zero-day vulnerabilities published

Multiple MySQL database Zero-day vulnerabilities published

Dec 03, 2012
Researcher discovered Multiple Zero-day vulnerabilities in MySQL database software including Stack based buffer overrun, Heap Based Overrun, Privilege Elevation, Denial of Service and  Remote Preauth User Enumeration. Common Vulnerabilities and Exposures (CVE) assigned as : CVE-2012-5611 — MySQL (Linux) Stack based buffer overrun PoC Zeroday CVE-2012-5612 — MySQL (Linux) Heap Based Overrun PoC Zeroday CVE-2012-5613 — MySQL (Linux) Database Privilege Elevation Zeroday Exploit CVE-2012-5614 — MySQL Denial of Service Zeroday PoC CVE-2012-5615 — MySQL Remote Preauth User Enumeration Zeroday Currently, all reported bugs are under review and most of the researchers believed that some of these can be duplicate of an existing bugs. CVE-2012-5612 and CVE-2012-5614 could cause the SQL instance to crash, according to researchers. Where as another interesting bug CVE-2012-5615 allow attacker to find out that either any username exist on the Mysql server or not by repl
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Sensitive information of 1 Million people breached at Nationwide Insurance

Sensitive information of 1 Million people breached at Nationwide Insurance

Dec 03, 2012
Nationwide Insurance was breached last week and Sensitive information of about 1 Million people is at risk. The FBI is investigating a breach, including policy and non-policy holders. Nationwide mailed notices to all affected individuals last Friday. Insurance Commissioner Ralph Hudgens issued the following statement Monday concerning the unauthorized access of Nationwide Insurance's website. Spokeswoman Elizabeth Giannetti confirmed a statement by the California Department of Insurance earlier in the day which said "names, social security numbers, and other identifying information" of one million policyholders and non-policy holders were exposed. No credit card details were revealed. About 30,000 people in Georgia were affected, as well as more than 12,000 in South Carolina. Are you affected ? call  The Nationwide at number 800-760-1125.  Affected members and applicants free credit monitoring and identity theft protection services from Equifax for at least one year
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Remote 0day Exploit for Tectia SSH Server released

Remote 0day Exploit for Tectia SSH Server released

Dec 03, 2012
Hacker @kingcope discovered critical vulnerability in Tectia SSH Server. Exploit working on SSH-2.0-6.1.9.95 SSH Tectia Server (Latest available version from www.tectia.com) that allow attacker to bypass Authentication remotely. Description :  An attacker in the possession of a valid username of an SSH Tectia installation running on UNIX (verified on AIX/Linux) can login without a password. The bug is in the "SSH USERAUTH CHANGE REQUEST" routines which are there to allow a user to change their password. A bug in the code allows an attacker to login without a password by forcing a password change request prior to authentication. Download Exploit Code : Click Here A default installation on Linux (version 6.1.9.95 of Tectia) is vulnerable to the attack. Eric Romang posted a Demo video on Youtube, hope you will like it :) Command Source : https://goo.gl/BHqWd
New Linux Rootkit Attacks Internet Users

New Linux Rootkit Attacks Internet Users

Dec 02, 2012
Security researchers have discovered what appears to be an experimental Linux rootkit designed to infect its highly select victims during a classic drive-by website attack. The malware allows hackers to inject code directly in any infected web page. The new malware, discovered on November 13 of this year, was written especially for servers that run Debian Squeeze and NGINX, on 64 bits. About Rootkit :  Rootkit.Linux.Snakso.a is designed to infect the Linux kernel version 2.6.32-5-amd64 and adds an iframe to all served web pages by the infected Linux server via the nginx proxy.  Based on research, the rootkit may have been created by a Russia-based attacker. The recently discovered malware is very dangerous because it does not infect a specific website. It infects the entire server and this can endanger all websites hosted on that server. Drive-by-downloads expose web surfers to malicious code that attempt to exploit unpatched software vulnerabilities in the web visitor&#
Acer Domains Defaced and 20k Credentials leaked

Acer Domains Defaced and 20k Credentials leaked

Dec 02, 2012
While Exploring Zone-H , today we found that Turkish Ajan Hacker Group hacked into few Acer Indian domains and Deface the sites.  Hacker also dump the complete data of 20,000 users and upload the file on a file sharing website . 6 sub domains are reported to be hacked 24 hours before and having deface page their at the time of writing. Deface Page shows that, Hacker performed the hack to show their protest against bombing by Israel on Gaza. Hacked Sites https://acn.acer.co.in/index.html https://adn.acer.co.in/index.html https://aln.acer.co.in/index.html https://asn.acer.co.in/index.html https://humanet.acer.co.in/index.html https://select.acer.co.in/index.html Mirrors of Hacks: https://www.zone-h.org/mirror/id/18681361 https://www.zone-h.org/mirror/id/18681333 https://www.zone-h.org/mirror/id/18681316 https://www.zone-h.org/mirror/id/18681313 https://www.zone-h.org/mirror/id/18681314 https://www.zone-h.org/mirror/id/18681315
 #OpSyria : Teamr00t Hack Syrian Government Sites

#OpSyria : Teamr00t Hack Syrian Government Sites

Dec 02, 2012
The Syrian government is almost certainly responsible for a blackout Thursday that shut down virtually all Internet service in the country. However, The Syrian government blamed the outage in internet service and mobile coverage in some areas on the armed groups' sabotage acts against cellular broadcast centers. Hacker with name Teamr00t has hacked and defaced Syrian government and showed their support for the people of Syria against President Bashaar Al-Assad's latest actions in shutting down the internet. Deface message President Bashaar Al-Assad You have taken a step too far in shutting down the internet so the outside world cannot see the horrific crimes you are committing upon your own people and this will not be tolerated by the world watching! The Syrian people have the right to freedom of speech, the right to live a normal happy life and the right to have access to the internet to connect with the rest of the world. By shutting down the internet you have denied your
Shylock malware : Undetectable virus stealing bank account information

Shylock malware : Undetectable virus stealing bank account information

Dec 01, 2012
Shylock, a financial malware platform discovered by Trusteer in 2011, is a non-Zeus-based information-stealing trojan that improved methodology for injecting code into additional browser processes to take control of a computer, and an improved evasion technique to prevent malware scanners from detecting its presence. Why this Name ?  Shylock named after the ruthless money lender in Shakespeare's The Merchant of Venice, also deletes its installation files, runs solely in memory, and begins the process again once the infected machine reboots. Shylock has gained a new trick: The ability to detect whether it's running in a virtual machine (VM) that is being analyzed by malware researchers. What New ?  Latest Shylock dropper detects a remote desktop environment by feeding invalid data into a certain routine and then observing the error code returned. It uses this return code to differentiate between normal desktops and other "lab" environments. In particular, when execu
Malware Swipes Rocket Data from Japanese space agency

Malware Swipes Rocket Data from Japanese space agency

Dec 01, 2012
Japan's space agency says it is investigating a possible leak of data about its Epsilon rocket due to a computer virus. Malware Case :  The Japan Aerospace Exploration Agency said the virus, in a computer at its Tsukuba Space Centre, north-east of Tokyo, was found to be secretly collecting data and sending it outside the agency. JAXA said in a statement that information about the Epsilon , due to be launched next year, its M-5 rocket and H2A and H2B rockets may have been compromised. The agency said that it was unclear if the virus was a cyberattack. The agency said it is tightening security to prevent any further leaks. China behind this Cyber Attack ?  Recently, however, Japanese defense companies have been targets of similar information-stealing viruses, some of which had been traced back to China. The Epsilon, whose first launching is scheduled for next autumn, will also feature new technology that will allow it to be remotely controlled by a personal computer. Japan is hopi
European Space Agency SQL vulnerability exploited

European Space Agency SQL vulnerability exploited

Dec 01, 2012
The European Space Agency (ESA) is an intergovernmental organisation dedicated to the exploration of space. Hacker going by name "SlixMe" find and exploit SQL Injection vulnerability on a sub domain of website. Hacker upload dump on his website, where he disclose the SQLi vulnerable link and Database tables also. Hacker also mention that other 5 domains are also hosted on same server, that can be exploited if he will be successful to exploit one site completely. Exploited Domain :  https://television.esa.int/ Method mentioned as "PostgreSQL AND error-based - WHERE or HAVING clause". In further discluse the PayLoad of injection also published. Site is vulnerable at time of publishing this article.
Spam Text message offers gift card to Target

Spam Text message offers gift card to Target

Dec 01, 2012
A popular scam that always seems to pop up around the holiday shopping season has once again resurfaced.Have you gotten a text message promising a free gift card? All you have to do is click on a link? However, it was a scam. Case :  A text message has been popping up on Central New Yorkers' phones saying they've won a Target gift card worth $1,000. It's a scam – do not click on it and quickly delete it. Links within the message connect you to bogus websites that are designed to collect sensitive, private information from people who think they've really won a prize. The text messages most frequently come from Target, Best Buy or Walmart. How did someone get your number?   How many times have we filled out things for either restaurant surveys or fill out this survey and get a coupon? If that information isn't being properly secured, it's very easy to get that data if its saved in clear text or unencrypted data. People have their cell phone numbers on Facebook, and wha
Syria suffers nationwide communications outage

Syria suffers nationwide communications outage

Nov 30, 2012
The Syrian situation is getting worse day by day, the regime is attacking dissident mercilessly meanwhile the world wide community is standing by and watch helplessly stopped by prohibition of military intervention imposed by Russia and China, historical allies of Damascus. Syria regime is fierce against the rebels in the streets as in cyber space, we have already discussed of the persecution of opposition made using spyware to catch the rebels. Syrian regime is also convinced that leaks from the country on the massacres by the regime might aggravate the position of the government and then several times in the last year the government has stopped internet access in the country thanks to a kill switch. In this hours it has been registered an unprecedented national internet blackout while the battle with rebels raging in the country and in the capital. This time the blackout as totally isolated the country blocking also land lines and cellphone networks. On the incident is started a m
Cybersecurity Resources