#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

database program | Breaking Cybersecurity News | The Hacker News

Facebook Sued for illegally Scanning Users' Private Messages

Facebook Sued for illegally Scanning Users' Private Messages

May 20, 2016
Facebook is in trouble once again regarding its users' privacy. Facebook is facing a class-action lawsuit in Northern California over allegations that the company systematically scans its users' private messages on the social network without their consent and makes the profit by sharing the data with advertisers and marketers. According to the lawsuit filing, Facebook might have violated federal privacy laws by scanning users' private messages. Facebook routinely scans the URLs within users' private messages for several purposes like anti-malware protection and industry-standard searches for child pornography, but it has been claimed that the company is also using this data for advertising and other user-targeting services. Also Read:   Google to Face a Record $3.4 Billion AntiTrust Fine in Europe The plaintiffs, Matthew Campbell, and Michael Hurley argue that the Facebook is scanning and collecting URLs-related data in a searchable form, violating both the
"NASA Own3d Again" - NASA Database Leaked by r00tw0rm

"NASA Own3d Again" - NASA Database Leaked by r00tw0rm

Feb 12, 2012
" NASA Own3d Again " - NASA Database Leaked by r00tw0rm Hackers from Team  r00tw0rm again hit NASA . According to Latest tweet by Hackers,  They claim to hack the one of the Sudomain of Nasa (Link is not exposed by hackers and claimed to be reported for Fix). Hackers claim to hack GB's of database and they  Leaked sample of database include Users names, emails and Passwords , Contact as shown: Same Hackers Yesterday Hack and Expose the Database of United States Census Bureau and Vulnerable link was also Exposed.
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
United States Census Bureau Hacked and Vulnerability Exposed

United States Census Bureau Hacked and Vulnerability Exposed

Feb 12, 2012
United States Census Bureau Hacked and Vulnerability Exposed A Group of Hackers from  r00tw0rm found SQL injection Vulnerability on  United States Census Bureau and Hackers successfully exploit the Database and Leak it online today. The United States Census Bureau is the government agency that is responsible for the United States Census. It also gathers other national demographic and economic data. As part of the United States Department of Commerce, the Census Bureau serves as a leading source of data about America's people and economy. The Pastebin Note include the complete Database Structure as shown: There is no reason mentioned for this attack yet by Hacker, But Hacker suggest United States Census Bureau to fix their loopholes as soon as possible. The Note include the Greets to other Hacking Groups like Inj3ct0r , TeaMp0isoN and Anonymous, seems that its a collective hack for #Antisec.
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
63 Vulnerabilities on United Nation Website Exposed Online !

63 Vulnerabilities on United Nation Website Exposed Online !

Feb 10, 2012
63 Vulnerabilities on United Nation Website Exposed Online ! Latest Notification in The Hacker News Vault by a Hacker named " Xenu (Casi) " from r00tw0rm Team that There are  63 Blind SQL injection Vulnerabilities exist on United Nation's Website (www.un.org). Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application rather then getting a useful error message they get a generic page specified by the developer instead. This makes exploiting a potential SQL Injection attack more difficult but not impossible. An attacker can still steal data by asking a series of True and False questions through sql statements. Information purported to be stolen from the organization was posted on the site Pastebin on Thursday morning.  Martin Nesirky , a spokesperson for the Secretary General of the United Nations, confirmed the breach." A case of unauthorized access to the UN website is still being investigated ,&quo
Hacker hits the Embassy of Indonesia in Hungary

Hacker hits the Embassy of Indonesia in Hungary

Feb 10, 2012
Hacker Hits the Embassy of Indonesia in Hungary Hacker from Team thec7crew today claim to Hack the Official Website  Embassy of Indonesia in Hungary. Hacker Hack the Database of Site also Expose various Server Parameters on Pastebin . As Database name mentioned " indone01_web " - There are 30 tables and Hacker also Extract and Expose the Admin's Emails and Passwords in Note. Reason of Hacking is Unknown, But this Hack will really effect the Security of officials at Embassy.
Hackers Claims to compromise Intel's Sensitive Data

Hackers Claims to compromise Intel's Sensitive Data

Feb 10, 2012
Hackers Claims to compromise Intel 's Sensitive Data A security researcher under the name of " WeedGrower ", or " X-pOSed " has been on a roll since the start of 2012. He has ambushed huge sites such as AOL, NASA, Hotmail, Myspace, Xbox, USBank, Yahoo, and VISA, he has also leaked sensitive data on most of those websites. Hackers today Claiming that he compromise Intel's Sensitive Data like User Base & Credit Cards. He found a way to expose sensitive data via the subscriber section on Intel.com and he also has access to the INTEL.com database which reveals Credit Card Numbers, Social Security Numbers, Emails, Passwords, and more. "WeedGrower", or "X-pOSed" has threatened that he's going to be leaking this soon if he doesn't get a response from Intel.com carriers. Hacker said ," I've got to give some applause to all these pseudo-security technicians out there. I cut Intel a break, I have access to a database and a
University of Washington Vulnerable and Database Leaked by Hacker

University of Washington Vulnerable and Database Leaked by Hacker

Feb 07, 2012
University of Washington Vulnerable and Database Leaked by Hacker A few days back, a Team INTRA member hacked into the University of Washington database and released much data. Today, N0B0DY and N0LIFE hacked into it again, releasing the most recent passwords on  Pastebin . The root MySQL password was also released, as well as many other MySQL users. The information_schema database was accessed, and they released the COLUMNS table completely, having 6363 records. Hackers also expose the vulnerable links in Pastebin note. University of Washington is a public research university, founded in 1861 in Seattle, Washington, United States. The UW is the largest university in the Northwest and the oldest public university on the West Coast. The exposed vulnerabilities are of SQL injection. It is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact
Joomscan Security Scanner updated to 611 Joomla vulnerabilities Database

Joomscan Security Scanner updated to 611 Joomla vulnerabilities Database

Feb 06, 2012
Joomscan Security Scanner updated to 611 Joomla vulnerabilities Database Another huge update coming from Security Team Web-Center that Joomscan Security Scanner is now updated to 611 Joomla vulnerabilities Database. Last update for this tool was in November, 2011 with 550 vulnerabilities in Database. In joomscan you can check for new updates with command: ./joomscan.pl check or ./joomscan.pl update Download for Windows  (141 KB) Download for Linux  (150 KB )
Embassy of Kazakhstan hacked by Anonymous Supporters

Embassy of Kazakhstan hacked by Anonymous Supporters

Jan 30, 2012
Embassy of Kazakhstan hacked by Anonymous Supporters The official website of Embassy of Kazakhstan in Delhi having SQL injection Vulnerability, and Hacker with codename -  Abs0luti0n has successfully Extract the database tables info and leak it on a pastebin note  including Admin's Username and Password. Hacker said," Lately we have been experimenting on some new large targets which will be unveiled soon. However today while we were cruising around in our lulzmobile,we set sights momentarily on another outdated weak vehicle and with great ease put the pedal to the metal, ran all the lights and flew straight through our accquired target ." SQL Injection is a type of web application security vulnerability in which an attacker is able to submit a database SQL command which is executed by a web application, exposing the back-end database. Attackers utilize this vulnerability by providing specially crafted input data to the SQL interpreter in such a manner that the int
Universal Music Portugal database dumped by Hackers

Universal Music Portugal database dumped by Hackers

Jan 28, 2012
Universal Music Portugal database dumped by Hackers Another Latest Tip come in my Inbox today about the leak of Database of Universal Music Portugal 's website. Hacker did not mention his name,or Codename, But he enumerate the Database and Extract it by Hacking the Site. 100's of Tables from Database and Users Data has been leaked via a pastebin File . It includes the Usernames, Passwords and Emails ID's of Users of Site. Immediate after the Hack, The Universal Group taken down the site for maintenance.
Zulu - Zscaler Malware Scanning Service

Zulu - Zscaler Malware Scanning Service

Jan 28, 2012
Zulu - Zscaler Malware Scanning Service Zscaler has launched a new freE online service called Zulu that can assess the security risk associated with URLs by analyzing the content they point to, as well as the reputation of their corresponding domain names and IP addresses. Zulu allows security savvy users who investigate various web attacks to choose what User-Agent and Referrer headers the scanner will use when accessing a URL. " A unique benefit of this approach is that we can deliver a risk score even when the page content is no longer available ," said Michael Sutton, vice president of security research at Zscaler. " While we can't access the page, we can still assess the URL and host and when they deliver a high risk score despite a lack of page content, one can often conclude the page was indeed malicious but has since been taken down ," he explained. Depending on the type of content a URL points to, Zulu can perform an antivirus scan using the Vir
Hcon’s Security Testing Framework (Hcon STF) v0.4 [Fire base]

Hcon's Security Testing Framework (Hcon STF) v0.4 [Fire base]

Jan 26, 2012
Hcon's Security Testing Framework (Hcon STF) v0.4 [Fire base] Hcon respects & salutes to all of the freedom fighters of India, without whom we can never be able get our freedom.A tribute to all of the freedom fighters of all the countries we present HconSTF version 0.4 codename ' Freedom '.Hope this year brings freedom for everyone on the internet form different governments & companies which are making the internet users their slaves.For this purpose HconSTF 0.4 has integrated many functions for anonymity and OSINT. Some Highlight Features : Categorized and comprehensive toolset Contains hundreds of  tools and features and script for different tasks like SQLi,XSS,Dorks,OSINT to name a few HconSTF webUI with online tools (same as the Aqua base version of HconSTF) Each and every option is configured for penetration testing and Vulnerability assessments Specially configured and enhanced for gaining easy & solid anonymity Works for web app testing assessments speciall
Saudi Arabia's King Saud University Database Hacked

Saudi Arabia's King Saud University Database Hacked

Jan 22, 2012
Saudi Arabia's King Saud University Database Hacked The Official Website of  King Saud University (KSU) Got hacked by some unknown Hacker.is a public university located in Riyadh, Saudi Arabia. Database of 812 Users hacked from  https://printpress.ksu.edu.sa/  and dumped on Internet by Hacker on a file sharing site  including Mail address list, mobile phones and passwords. Passwords are not encrypted in any hashes. Most of the Students using same Email ID and Password for Facebook and Other Sites. Its not clear weather its Part of Cyberwar b/w of Israel and Saudi Arabia.
DreamHost Hacked - Change Your Passwords Now !

DreamHost Hacked - Change Your Passwords Now !

Jan 21, 2012
DreamHost Hacked - Change Your Passwords Now ! All Dreamhost customers should read this post immediately and change all related passwords (including WordPress ones). Dreamhost said " Last night we detected some unauthorized activity within one of our databases. " They say there's " no evidence that customer passwords were taken ", but they''re pushing out password changes to everyone just to be safe. In addition, you should change any of your other passwords just to be safe that is, if they're at all similar to your DreamHost password.  To edit your password in the panel, please log into the web panel and go to Manage Users . Click edit next to the FTP/shell user on the right and you can change your password there.  This is the second time within week, when hackers targeted to these big websites, Dreamhost don't give any clue of the hack.
Julian Assange interview on Spy Files

Julian Assange interview on Spy Files

Jan 20, 2012
Julian Assange interview on Spy Files " Give me liberty or give me death " is a statement made famous by Patrick Henry but could easily have been stated by the new patriot of justice, Julian Assange. Julian Assange is a journalist and activist best known as the founder and public face of WikiLeaks, the Internet based publisher making headlines around the world by releasing secret or suppressed information revealing government and corporate misconduct.Assange and WikiLeaks have, in the words of 60 Minutes " Rattled the worlds of journalism, diplomacy, and national security. " In December 2011, WikiLeaks released the documents from a database containing hundreds of documents from contractors in what WikiLeaks calls the "mass surveillance industry." or " Spy Files ". 1.) According to Spy Files released by WikiLeaks, intelligence agencies, military forces and police authorities "silently... and secretly intercepted calls and had taken over computers without the help
Zappos a division of Amazon got Hacked

Zappos a division of Amazon got Hacked

Jan 16, 2012
 Zappos a division of Amazon got Hacked A notification mail from Zappos is circulating in Customers that a division of Amazon " Zappos.com " got Hacked by Unknown Hackers. Notification mail indicated that names, email addresses, mailing addresses, and the last four digits of customer's social security numbers have been compromised. Also the databases that contain sensitive billing information, such as credit card numbers, was not accessed by hackers. According to messages from Zappos CEO Tony Hsieh to employees and customers: Zappos are currently working with law enforcement for an investigation.
Fully automated MySQL5 boolean based enumeration tool

Fully automated MySQL5 boolean based enumeration tool

Jan 02, 2012
Fully automated MySQL5 boolean based enumeration tool Blackhatacademy Developers  releases Fully automated MySQL5 boolean based enumeration tool. By default, this script will first determine username, version and database name before enumerating the information_schema information. When the -q flag is applied, a user can supply any query that returns only a single cell If the exploit or vulnerability requires a single quote, simply tack  %27  to the end of the URI. This script contains  error detection : It will only work on a mysql 5.x database, and knows when its queries have syntax errors. This script uses perl's LibWhisker2 for IDS Evasion (The same as Nikto). This script uses the MD5 algorithm for optimization. There are other optimization methods, and this may not work on all sites. GET TOOL SCRIPT HERE .
Tianya, China's biggest online forum 40 million users data leaked

Tianya, China's biggest online forum 40 million users data leaked

Dec 26, 2011
Tianya,  China's biggest online forum 40 million users data leaked Tianya.cn , China's biggest online forum confirmed on Sunday that private information for 40 million users had been leaked, three days after the country's largest programmers' website CSDN reported a similar leak . Tianya is one of the most popular sites in China; it's the nexus of China's online communications, a collection of simple forums, blogs, and groups; due to uber-popularity Tianya is the best place in China's web to find public opinion on social issues, cultural experience, and original fresh content from millions of Chinese users. Based on netizen comments, the Tianya community meets the need for personal interaction, creation and expression. In a family oriented society, Tianya is China's dinner table, where news of the day is discussed in an open, personal fashion. The user account information of several other popular websites in China such as Dodonew.com, 7K7K, Duowan.com, and 178.com
Stratfor hacked by Anonymous Hackers for #AntiSec

Stratfor hacked by Anonymous Hackers for #AntiSec

Dec 24, 2011
Stratfor hacked by Anonymous Hackers for #AntiSec Stratfor who provides strategic intelligence on global business, economic, security and geopolitical affairs just now has been defaced by Anonymous Group of Hackers. Mirror of Hack is available here . Lulzsec Leader, SABU tweeted that " Over 90,000 Credit cards from LEA, journalists, intelligence community and whitehats leaked and used for over a million dollars in donations ". Private Clients List of Stratfor is also leaked on a Pastebin note. For all this clients have been exposed sensible information including credit cards (which supposedly have been used to make $1 million in "donations"), as well as over 200 GB of email correspondence. As a result of this incident the operation of Stratfor's servers and email have been suspended. Anonymous has now exposed two lists of credit card details belonging to people who have subscribed to STRATFOR services, the first one containing 3956 card details and the second one
Cybersecurity Resources