#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

mohit kumar hacker | Breaking Cybersecurity News | The Hacker News

Vulnerability in Facebook discloses Primary Email Address of any account

Vulnerability in Facebook discloses Primary Email Address of any account

Jul 09, 2013
When you sign up on Facebook, you have to enter an email address and that email address becomes your primary email address on Facebook. In a recent disclosure by a Security researcher, Stephen Sclafani - The Social Networking site Facebook was  vulnerable to disclosure of primary email address of any Facebook user to hackers and spammers . The flaw resides in the invitation mechanism of Facebook, using which one can invite his all contacts emails to Facebook for making new account. As shown in following screenshot, an invitation received on an email, where one need to click the Signup URL: After clicking that URL, invited user will be redirected to a signup page filled in with the email address and the name of a person who used the link to sign up for an account was displayed: There are two parameters in this URL, i.e "re" and "mid". According to Stephen changing some part of "mid" parameter can expose the email address of another user. http:/
Hack Battle at 'The Hacker Conference 2013' with CTF365

Hack Battle at 'The Hacker Conference 2013' with CTF365

May 22, 2013
The Hacker Conference partnered up with CTF365 to provide the best CTF experience during the conference. While trying to find out more about their product and also about their CTF surprise, I got an interview with Marius Corici Co-founder and CEO for CTF365. Q: November 2012 was when you first announced about this project which was supposed to start at the begin-ning of 2013. What happened that made you delay the starting date? A: Well, we're definitely enthusiastic about making CTF365 the greatest CTF platform out there, and this proves to be much more difficult than initially anticipated. I won't get into detail, because, as it happens, the story is like something pulled out from the theater of the absurd. If we would ever get a chance to make a making-of- CTF365 movie, I'm sure it would be amusing and tragic at the same time. What I will say [and repeat], is that we are putting our best efforts into making CTF365 work, we are a small and committed team, which is a problem [for
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
Exploiting Google persistent XSS vulnerability for phishing

Exploiting Google persistent XSS vulnerability for phishing

Nov 14, 2012
Yesterday we have reported that How Bug Bounty programs can play unfair with hackers and researchers, where hackers are submitting their legitimate findings to companies and no surprise if they are getting replies that " Someone else already reported this, you are not eligible for Bounty ". But the main issue is, if companies are really aware about the issue , then why they have not fixed it yet ?  Today we are going to Talk about Google, that How a ignored vulnerability can be brilliantly crafted and exploited by Hackers for phishing users. On 11th September this year, I have reported a persistent XSS vulnerability in Google and reply from Google Security Team was," It seems the XSS you reported actually executes on one of our sandboxed domains (googleusercontent.com). The sandboxed domain does not contain any session cookies for google services, nor does it have access to any Google.com data " I said its okay if they are sure about it that it
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
PayPal Bug Bounty Program - playing fair ?

PayPal Bug Bounty Program - playing fair ?

Nov 13, 2012
Bug Bounty program, where white hat hackers and researchers hunt for serious security vulnerabilities and disclosing them only to the vendor for a patch , In return vendors rewards them with money. Various famous websites like Facebook , Google , Paypal , Mozilla, Barracuda Networks and more other giving away bug bounties in thousands of Dollars to hackers for finding vulnerabilities. Most common vulnerabilities reported maximum time on various sites is Cross site scripting and each month hackers submit lots of such vulnerabilities to companies. In case  your report is duplicate, i.e. Someone else before you submit the same vulnerability - company will reject you from the bug bounty program. But there is no proof or an open Panel where hacker can verify that is someone already reported for same bug before or not. If company reply you - " The bug was already discovered by another researcher" , can you do anything  even after knowing that you are very first per
'The Hacker News' Celebrating 2nd Birthday

'The Hacker News' Celebrating 2nd Birthday

Oct 28, 2012
One of the most awaited occasions in a year is your birthday, same way we are today celebrating ' The Hacker News ' 2nd Birthday week from on 28th October-3rd November 2012. Originally founded on 1st November 2010 by Mohit Kumar , ' The Hacker News ' was the very First dedicated Hacking and Security News website available on Internet, Now been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers. We are happy to announce that this project is now Supported and endorsed by thousands of Security Experts, administrators and members of various underground hacking groups and communities worldwide.  With the need for information security solutions becoming more critical, In these two years we served updates to over 30 Million Readers through various projects including Daily happenings of Hacking & Security community via The Hacker News , A most comprehensive and informative collection of security, hacking, a
Cybersecurity Resources