The Pirate Bay is back online. An Anonymous traitor who goes by the name AnonNyre has claimed responsibility for the Distributed Denial of Service (DDoS) attack that kept the site offline for days.

Anonymous turns its DDoS cannons on India

An Android handset produced by Chinese manufacturer ZTE allegedly has a backdoor installed that could enable an attacker to take control of an affected device remotely and run arbitrary code. The manufacturer has acknowledged the issue in the ZTE Score...

Lewys Martin distributed malware that harvested bank login details, credit card information and Internet passwords.

Cyber spies have planted Java- and Flash-exploiting malware on websites focused on human rights, defense, and foreign policy. Over the last two weeks, the Shadowserver Foundation, a nonprofit group that tracks Internet threats, has discovered several...

Southwark Crown Court has sentenced a 21-year-old British man to a jail in prison after he admitted hacking into the Facebook account of a US citizen, and accessing private messages.

The hacker says the attack was motivated by the fact that hes highly against Anonymous.

Hong Kong CERT wants bigger team to tackle cyber threats

After losing nearly 800,000 residents personal information the State of Utah admits to not encrypting the data, leaving default passwords in place and not performing regular audits to find the mistakes.

Monrovia's website hacked in the name of global warmingSan Gabriel Valley Tribune"If we will, we will." Mayor Mary Ann Lutz said it's a shame people consider it fun to hack websites since "it causes havoc and costs money." Adams said city officials need...

GTSP IT security hacking, training providerITWebThe VMware Security course will focus on implementing security in your virtual environment. This is a very new and exciting service that GTSP provides to its customers. This service will focus on protecting...

E-admission vulnerable to hackingIBNLive.comBHUBANESWAR: Just days after the launch of the 'hack-proof' Utkal University Examination Management System (UUEMS), a group of ethical hackers has hacked into the system exposing the vulnerability in the e-admission...

After banning the word "jailbreak" from its app store and music library, Apple today reversed course and again permits the term - slang for hacking into a device to download unauthorized content -- to appear on iTunes and its App Store.On Thursday bloggers...

The malware, identified as TSPY_BANKER.EUIQ, redirects users to spoofed banking Web sites.

The hacker says the attack was motivated by the fact that he's 'highly against Anonymous.'

Lewys Martin distributed malware that harvested bank login details, credit card information and Internet passwords.

Here's a listing of my 5 favorite on-line security articles, papers and blog posts that I read in the past week: Why the Public Cloud Shuns Security by Branden Williams SEC Guidance Is a Really Big Deal by Richard Bejtlich How Long Until Apple iOS Needs...

Cloud security tool basics: GPGTools, checksums, fingerprints, and digital signaturesarticle rootsdgwegweMore characteristics, novel style,varieties,and good quality low pricehttp://iol.io/sdger

After a security breach, the company still does not 'get it' about securityTo be gentle, I will not name names. A security professional I know was recently offered a senior level security analyst position at a company that suffered a really epic

Metropolitan Police Service (MPS) investigators will get quicker access to data from the mobile phones of suspects after announcing the controversial deployment of the Radio Tactics ACESO data extraction system.

Brad Bird started his ViewSonic ViewPad 10Pro tablet transformation process by purchasing accessories, installing a larger SSD hard disk, and upgrading to Android 2.2.

Earlier this week, I researched the top websites blacklisted by Google. I've looked at more of these websites over the last three days to better understand the most common attacks. 1The findings are quite disappointing. First, most infected websites are...

1Google Safe Browsing is the most popular security blacklist in use. It is leveraged by Firefox, Safari and Google Chrome. As such, being blacklisted by Google is a big deal - users of these three browsers are warned not to visit the sites and Google...

by Jason Ding - Barracuda Labs Many Facebook users have the same burning questions - who viewed their Facebook profile? And who viewed them the most? Facebook has officially explained on its FAQ page, that such functionality is not provided either through...

by Dave Michmerhuizen & Luis Chapetti - Security Researchers Spammers and Phishers are constantly looking for ways to convince people to type in their passwords and press "Log In".  One of the newest strategies we've seen them use are specially crafted...

Scam lotteries have been a frequent issue in the past and they continue to exist following the media trend. Total Defense Intelligence Service (Research ISI Team) today caught an interesting email pretending to come from Facebook's CEO Mark Zuckerberg. The...

In this episode we discuss the origin of legacy vulnerabilities. We also discuss the Amnesty International hack and how it takes a special jackass to hack a charity. Links for this episode: http://tinyurl.com/HNTV-AVIRA http://tinyurl.com/HNTV-LION-PASSWORDS...

This time on the show, local and remote forwarding with SSH, persistent connections in Linux with AutoSSH, Windows tunnels that don't quit (with a GUI front-end for Plink), and a whole lot of technolust. All that and more, this time on Hak5!

Today on HakTip I will be focusing on some easy commands to get you started in the Linux Terminal.

Traversing NAT firewalls couldn't be easier with a well crafted SSH proxy. This week Darren and Shannon break down reverse shells and persistence using a WiFi Pineapple and some autossh-fu. Plus, SSHFS GUIs for Linux, ClientAliveMaxCounts, Putty keys...

In this episode we have a special guest. Larry from Hack Naked At Night.

Complete Cross-site Scripting Walkthrough

Authors: Torbjörn Lofterud Tags: credit card PCI DSS compliance Event: Chaos Communication Camp 2011 Abstract: The PCI DSS standard require strong cryptography or secure hashing as ways to protect cardholder information. But one important factor is missing;...

Authors: Martin Vuagnoux Tags: WiFi Event: Chaos Communication Congress 27th (27C3) 2010 Abstract: In this paper, we present several weaknesses in the stream cipher RC4. First, we present a technique to automatically reveal linear correlations in the...

Tags: hacking Event: Chaos Communication Congress 27th (27C3) 2010 Abstract: We demonstrate that automated, architecture-independent gadget search is possible. Gadgets are code fragments which can be used to build unintended programs from existing code...

In this tutorial, you will learn how to unpack any UPX packed Executable file using OllyDbg

HULK is a web server denial of service tool written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server's direct resource pool.

This python script looks for a large amount of possible administrative interfaces on a given site.

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Bluelog is a simple Bluetooth scanner designed to tell you how many discoverable devices there are in an area as quickly as possible. It is intended to be used as a site survey tool, identifying the number of possible Bluetooth targets there are in the...

TrueCrack is a brute-force password cracker for TrueCrypt volume files. It works on Linux and it is optimized with Nvidia Cuda technology. It works with cripted volumes with the following algorithms: PBKDF2 (defined in PKCS5 v2.0) based on RIPEMD160 Key...

LA-New Orleans, Deloitte & Touche LLP's ("Deloitte & Touche's") Audit and Enterprise Risk Services business has a risk–based approach, experienced professionals, comprehensive methodologies, and technical resources. Deloitte & Touche's services combine...

VA-Arlington, Deloitte & Touche LLP's ("Deloitte & Touche's") Audit and Enterprise Risk Services business has a risk–based approach, experienced professionals, comprehensive methodologies, and technical resources. Deloitte & Touche's services combine...

a Security Analyst for a 9-12 month contract in Richmond, VA. Purpose: The Security Analyst role is to support and promote the Security Program. The Security... 1From SLAIT Consulting - 19 May 2012 09:13:28 GMT1- View all Glen Allen jobs

TX-Houston, CyberCoders - Be Selective Location Houston, TX; Pasadena, TX Salary Unspecified Education Bachelor of Science Category Information Technology Experience Required At least 2 Years Short Description Cisco Security Solutions / Network Engineer...

developers in a security role Secure application architecture Security software products (DLP IDSIPS IAM SIEM etc) Strong familiarity with InfoSec standards... $140,000 a year1From Dice - 18 May 2012 17:43:15 GMT1- View all Stamford jobs

Posted by webvulscan on May 18Hi All,1There is a new web application vulnerability scanner available. It is called WebVulScan and it is open source. Here is the link for it if you want to check it out: http://code.google.com/p/webvulscan/1Regards,1Dermot...

Posted by SEC Consult Vulnerability Lab on May 18SEC Consult Vulnerability Lab Security Advisory < 20120518-0 > ===1title: libwpd WPXContentListener::_closeTableRow() memory1overwrite1product: OpenOffice.org1vulnerable version: 3.3.0/3.4 Beta 1 and probably...

Mandriva Linux Security Advisory 2012-078 - Multiple vulnerabilities has been found and corrected in imagemagick. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create...

Ubuntu Security Notice 1444-1 - It was discovered that BackupPC did not properly sanitize its input when processing RestoreFile error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user...

Secunia Security Advisory - Multiple vulnerabilities have been discovered in PHP-addressbook, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.