#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Search results for Facebook | Breaking Cybersecurity News | The Hacker News

Internet Explorer vulnerable to Cookie-jacking

Internet Explorer vulnerable to Cookie-jacking

May 26, 2011
Internet Explorer vulnerable to Cookie-jacking A security researcher has devised an attack that remotely steals digital credentials used to access user accounts on Facebook and other websites by exploiting a flaw in Microsoft's Internet Explorer browser. Independent researcher Rosario Valotta demonstrated his "cookiejacking" proof of concept last week at the Hack in the Box security conference in Amsterdam. It exploits a flaw that's present in all current versions of IE to steal session cookies that Facebook and other websites issue once a user has entered a valid password and corresponding user name. The cookie acts as a digital credential that allows the user to access a specific account. The proof of concept code specifically targets cookies issued by Facebook, Twitter and Google Mail, but Valotta said the technique can be used on virtually any website and affects all versions of Windows. "You can steal any cookie," he told The Register. "There is a huge customer base
Superfish-like Vulnerability Found in Over 12 More Apps

Superfish-like Vulnerability Found in Over 12 More Apps

Feb 23, 2015
'SuperFish' advertising software recently found pre-installed on Lenovo laptops is more widespread than what we all thought. Facebook has discovered at least 12 more titles using the same HTTPS-breaking technology that gave the Superfish malware capability to evade rogue certificate. The Superfish vulnerability affected dozens of consumer-grade Lenovo laptops shipped before January 2015, exposing users to a hijacking technique by sneakily intercepting and decrypting HTTPS connections, tampering with pages and injecting advertisements. Now, it's also thought to affect parental control tools and other adware programmes. Lenovo just released an automated Superfish removal tool to ensure complete removal of Superfish and Certificates for all major browsers. But, what about others? SSL HIJACKING Superfish uses a technique known as " SSL hijacking ", appears to be a framework bought in from a third company, Komodia, according to a blog post written
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Google to Introduce New Photo-Sharing Platform to Kill Instagram

Google to Introduce New Photo-Sharing Platform to Kill Instagram

May 21, 2015
Google is reportedly going to launch a new online photo-sharing service and storage option at its developer conference later this month, which Bloomberg says , will not be a part of its Google+ social network. At the moment, Google offers a photo sharing service known as " Google+ Photos ," which comes pre-installed with every Android device. Google+ Photos automatically backs up photos in the device to Google cloud storage. However, the new photo service will not be a part of Google+ network . It seems like the company's attempts to bolster its product lineup and compete with the increasingly popular rivals like Facebook or Twitter to grow its user base. Just the way like Facebook, who acquired the popular mobile photo-sharing service Instagram in 2012 and increased its user base to more than 300 Million users in one shot. There aren't many details about How the new Google photo service will work? Whether the online photo storage part of the service
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Indian Army blames Facebook for Violence in Kashmir !

Indian Army blames Facebook for Violence in Kashmir !

Feb 02, 2011
The Indian Army believes that arch amusing networking armpit Facebook has played a key role in annoying abandon in Jammu & Kashmir. According to the Army, Facebook and some added amusing networking sites are actuality acclimated to advance abrogating attack adjoin the Army and added aegis agencies. S A Hasnain, General Officer Commanding of the Srinagar-based 15 Corps bidding his apropos while acclamation the mediapersons at an Army action at Khanabal in South Kashmir. The acceleration of amusing media has already brought anarchy in abounding countries, including Egypt. The Army believes that these amusing media sites may afflict the accord and accord in the basin in future.
Malware attack on Apple employees by hackers who targeted Facebook

Malware attack on Apple employees by hackers who targeted Facebook

Feb 20, 2013
The same ring of hackers that are responsible for hacking into at least 40 companies including Facebook and Twitter are reportedly also infected the computers of some Apple employees, the company acknowledged Tuesday. The purpose of hack considered an effort to steal company secrets, research and intellectual property that they can sell. Investigators tracked at least one server being used by the hacker ring to a hosting company in the Ukraine. " Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers, " the company said in its statement. " The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network ." Apple isolated the infected systems from its network and said there was no indication that any data
WhatsApp Blocks Links to Telegram Messenger (Its biggest Competitor)

WhatsApp Blocks Links to Telegram Messenger (Its biggest Competitor)

Dec 01, 2015
It seems like Facebook-owned popular messaging service WhatsApp is blocking links to rival messaging applications – at least Telegram app  for now. Telegram users are noticing that WhatsApp is blocking any links to the privacy-oriented messaging service Telegram.me. Although users are free to send or receive Telegram links on WhatsApp, the links appear as non-clickable that you cannot copy or forward. This strange behavior was first noticed this morning by Telegram users over on Reddit. The URLs – which are generally automatically made clickable – still appeared as plain text messages, but they didn't register as hyperlinks, blocking users from copying or forwarding them to other users or other apps. Read Also: How to Auto-BackUp Your WhatsApp Data to Google Drive with Encryption . In general, this odd behavior is done with malicious URLs such as malware or spam. The Culprit However, this strange behavior was not exhibited on every device. Only W
This Flaw Could Have Allowed Hackers to Hack Any Instagram Account Within 10 Minutes

This Flaw Could Have Allowed Hackers to Hack Any Instagram Account Within 10 Minutes

Jul 15, 2019
Watch out! Facebook-owned photo-sharing service has recently patched a critical vulnerability that could have allowed hackers to compromise any Instagram account without requiring any interaction from the targeted users. Instagram is growing quickly—and with the most popular social media network in the world after Facebook, the photo-sharing network absolutely dominates when it comes to user engagement and interactions. Despite having advanced security mechanisms in place, bigger platforms like Facebook, Google, LinkedIn, and Instagram are not completely immune to hackers and contain severe vulnerabilities. Some vulnerabilities have recently been patched , some are still under the process of being fixed, and many others most likely do exist, but haven't been found just yet. Details of one such critical vulnerability in Instagram surfaced today on the Internet that could have allowed a remote attacker to reset the password for any Instagram account and take complete contr
Brazil blocks WhatsApp for 72-Hours — Here's Why

Brazil blocks WhatsApp for 72-Hours — Here's Why

May 03, 2016
In Brief For the second time in past five months, a Brazil court ordered local telecommunications companies to block the popular messaging app WhatsApp for 72 hours, afterFacebook-owned WhatsApp company refused to hand over information requested in a drug trafficking investigation. The WhatsApp's shutdown is affecting more than 100 million users throughout the country. Moreover, if Brazilian telecommunications companies do not comply, they could face a fine of $143,000 per day. Brazil just blocked its roughly 100 Million citizens from using WhatsApp, the popular messaging service owned by Facebook, for 72 hours (3 days). A Brazilian Judge ordered the blackout after WhatsApp failed to comply with a court order asking the company to help a branch of civil police access WhatsApp data tied to a criminal investigation. This is for the second time in last five months when a Brazil court ordered local telecommunications companies to block access to the popular messaging servi
Microsoft becomes latest victim of Cyber attack

Microsoft becomes latest victim of Cyber attack

Feb 23, 2013
Microsoft has become the latest victim of to Cyber attack and confirm that small number of its computers, including some in its Mac software business unit, were infected with malware . Microsoft added , malicious software used in a cyber attack is very similar to those experienced by Facebook and Apple recently. Microsoft gave few other details about the break-in, " We have no evidence of customer data being affected and our investigation is ongoing. " " During our investigation, we found a small number of computers, including some in our Mac business unit that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing, " Microsoft said. " This type of cyber attack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries ," the company said. Last week, Apple said its
Meta Launches Paid Ad-Free Subscription in Europe to Satisfy Privacy Laws

Meta Launches Paid Ad-Free Subscription in Europe to Satisfy Privacy Laws

Oct 31, 2023 Privacy / Online Security
Meta on Monday announced plans to offer an ad-free option to access Facebook and Instagram for users in the European Union (EU), European Economic Area (EEA), and Switzerland to comply with "evolving" data protection regulations in the region. The ad-free subscription, which costs €9.99/month on the web or €12.99/month on iOS and Android, is expected to be officially available starting next month. The company's proposal for a subscription version of its service was  first reported  by The Wall Street Journal earlier this month. "In November, we will be offering people who use Facebook or Instagram and reside in these regions the choice to continue using these personalized services for free with ads, or subscribe to stop seeing ads," the company  said . "While people are subscribed, their information will not be used for ads." While the fee covers all linked accounts for a user, beginning March 1, 2024, the company plans to levy an additional fee
New Firefox add-on "Firesheep" - hijacks Facebook, Twitter sessions

New Firefox add-on "Firesheep" - hijacks Facebook, Twitter sessions

Oct 30, 2010
A new Firefox add-on lets "pretty much anyone" scan a Wi-Fi network and hijack others' access to Facebook, Twitter and a host of other services, a security researcher warned today. The add-on, dubbed "Firesheep," was released Sunday by Eric Butler, a Seattle-based freelance Web application developer, at the ToorCon security conference, which took place Oct. 22-24 in San Diego. Butler said he created Firesheep to show the danger of accessing unencrypted Web sites from public Wi-Fi spots. Although it's common for sites to encrypt user log-ons with HTTPS or SSL, few encrypt the actual traffic. "This leaves the cookie, and the user, vulnerable," said Butler in a post to his personal blog . "On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy." With a user's cookie in hand, a criminal can do anything the user can do on a site, Butler noted. Among the sites that Fires
Sony Hiring Information Security Engineers & Facebook Hire George Hotz

Sony Hiring Information Security Engineers & Facebook Hire George Hotz

Jun 29, 2011
Sony Hiring Information Security Engineers After 14 Hacks, Finally Sony open  job recruitment for " Sr Application Security Analyst ". Sony Estimates 171 Million Dollar Loss due to PSN Hack. Also Sony CEO sorry for PSN hack, offers data theft insurance. Social network Facebook has hired a computer hacker who was recently sued by Sony for hacking the online game system PlayStation 3. Facebook did not reveal what 21-year-old George Hotz will do for the firm.  Hotz - also known by the alias "GeoHot" - gained notoriety in 2008 when he developed a software for unlocking the iPhone and allowing it to be used by other networks. He also released instructions on Sony PlayStation 3 that helped owners modify their consoles to run unauthorized applications and pirated games. It's been two months since the personal details of 100 million PSN and SOE users were stolen and Sony is still dealing with the fall-out. From SONY (Taleo): You will act as a Sr Informat
Hackers exploit Bin Laden death on Facebook !

Hackers exploit Bin Laden death on Facebook !

May 02, 2011
Hackers exploit Bin Laden death on Facebook ! A tip to the newbies starting out, reads a post from a man at the Black Hat World forums, now's a good time to make some money out of Bin Laden's death. The news is awash with reports about Bin Laden shot by the US and then buried at sea. Twitter and Facebook are full of either jokes, or ghoulish approval of the death of the international terrorist. One poster says it's time to monetise the reports, "NOW!" There are four easy steps, he says. Tap into the collective hive-mind of the patriotic American by starting a fan page, "something like Osama Bin Laden Dead - Rot in Hell". Next, invite people. Watch it go viral, you'll "probably get 90% USA FB users." Then, crucially, save it so you can promote a product later on. Source : https://www.hackinthebox.org
Bug Hunter Found Ways to Hack Any Instagram Accounts

Bug Hunter Found Ways to Hack Any Instagram Accounts

May 21, 2016
How to hack an Instagram account? The answer to this question is difficult to find, but a bug bounty hunter just did it without too many difficulties. Belgian bug bounty hunter Arne Swinnen discovered two vulnerabilities in image-sharing social network Instagram that allowed him to brute-force Instagram account passwords and take over user accounts with minimal efforts. Both brute-force attack issues were exploitable due to Instagram's weak password policies and its practice of using incremental user IDs. "This could have allowed an attacker to compromise many accounts without any user interaction, including high-profile ones," Swinnen wrote in a blog post describing details of both vulnerabilities. Brute-Force Attack Using Mobile Login API Swinnen discovered that an attacker could have performed brute force attack against any Instagram account via its Android authentication API URL, due to improper security implementations. According to his blog post , fo
Twitter will now Track EVERY App You have Installed on Your Smartphone

Twitter will now Track EVERY App You have Installed on Your Smartphone

Nov 27, 2014
Like Facebook and Google, Twitter will soon be collecting your smartphone data in order to provide a " more personal Twitter experience " by serving targeted advertisements. The popular microblogging service Twitter said Wednesday that it will start collecting information about the other applications its users have installed onto their smartphones or tablet in a bid to better target ads and content, which some users may consider as another threat to their online privacy. In the Security and Privacy section of its support site, Twitter says that it will be " collecting and occasionally updating the list of apps installed on your mobile device so we can deliver tailored content that you might be interested in ." The company has updated its app with this new feature for iOS platform on Wednesday, and Android will integrate this new feature in the next week. The app update is opt-out , which means Twitter will start collecting information from users aut
Police Can't Force You To Unlock Your Phone Using Face or Fingerprint Scan

Police Can't Force You To Unlock Your Phone Using Face or Fingerprint Scan

Jan 15, 2019
Can feds force you to unlock your iPhone or Android phone? ..."NO" A Northern California judge has ruled that federal authorities can't force you to unlock your smartphone using your fingerprints or other biometric features such as facial recognition—even with a warrant. The ruling came in the case of two unspecified suspects allegedly using Facebook Messenger to threaten a man with the release of an "embarrassing video" to the public if he did not hand over money. The federal authorities requested a search warrant for an Oakland residence, seeking to seize multiple devices connected to the suspects and then compel anybody on the premises at the time of their visit to unlock the devices using fingerprint, facial or iris recognition. However, Magistrate Judge Kandis Westmore of the U.S. District Court for the Northern District of California turned down the request, ruling the request was "overbroad and neither limited to a particular person nor
Hackers Posed as Aerobics Instructors for Years to Target Aerospace Employees

Hackers Posed as Aerobics Instructors for Years to Target Aerospace Employees

Jul 28, 2021
An Iranian cyberespionage group masqueraded as an aerobics instructor on Facebook in an attempt to infect the machine of an employee of an aerospace defense contractor with malware as part of a years-long social engineering and targeted malware campaign. Enterprise security firm Proofpoint attributed the covert operation to a state-aligned threat actor it tracks as TA456, and by the wider cybersecurity community under the monikers Tortoiseshell and Imperial Kitten. "Using the social media persona 'Marcella Flores,' TA456 built a relationship across corporate and personal communication platforms with an employee of a small subsidiary of an aerospace defense contractor," Proofpoint  said  in a report shared with The Hacker News. "In early June 2021, the threat actor attempted to capitalize on this relationship by sending the target malware via an ongoing email communication chain." Earlier this month, Facebook  revealed  it took steps to dismantle a &quo
Want to Hire a Hacker? Check Out Hacker's List Website

Want to Hire a Hacker? Check Out Hacker's List Website

Jan 19, 2015
Want to hack someone's Facebook account? or Gmail account? or break into somebody's network? But don't have hacking skills to do so. There's no need to worry at all. A new service is out there for you guys where you can search for professional hackers and hire them to accomplish any hacking task. Dubbed Hacker's List , a new service that offers to connect customers and "professional" hackers for hire. The service would made any tech-illiterate person capable to break into his boss' email address. This really sounds like something that happens mostly in movies. As if I'm hiring a hacker to accomplish crimes for me. " Hiring a hacker shouldn't be a difficult process, we believe that finding a trustworthy professional hacker for hire should be a worry free and painless experience, " reads a description on the website. " At Hacker's List we want to provide you with the best opportunity to find your ideal hacker and for professional hackers
28% of Internet Users know the Importance of Online Privacy Tools

28% of Internet Users know the Importance of Online Privacy Tools

Jan 23, 2014
Privacy is "workings of your mind". We share our personal moments captured in images, credit card details, thoughts that are personal or professional with a person or a certain group at different instances of time and want it to be safe and secure. We use an electronic gadget to share something trusting blindly the service provider company which may have to obey some unveiled laws of that country to which it belong and our data might be at risk. The surveillance programs can force these companies to store the information and share it with the Government and can even sniff all the data passing through the channels i.e. Wire or Air, and hence compromise our privacy. Though surveillance programs were in existence before Snowden's leaks, but after the revelation of NSA's surveillance programs, we need to think twice when it comes to our privacy. 28% of all Internet users, i.e. 415 Million people say that they use some sort of privacy tool for their Internet browsing sessio
Will everyone Please get the Facts Right - FREE ASSANGE NOW!

Will everyone Please get the Facts Right - FREE ASSANGE NOW!

Sep 08, 2012
Julian Assange's mother, Christine Assange has done an excellent job of compiling the facts surrounding the issue of Julian's extradition case. Please, everyone share this, copy it, email it and send it to your elected officials and congressional representatives. The truth is what will set Julian Assange free and he must be freed immediately. Assange Extradition Fact Sheet 1) Julian Assange is not charged with anything in Sweden or any other country. [Source: @wikileaks ] 2) Julian Assange did not flee Sweden to avoid questioning. He was given permission to leave the country on the 15th September 2010, after remaining 5 weeks in Sweden for the purpose of answering the allegations made against him. [Source: Undue delay for Julian Assange's interrogation ] 3)  The case against Julian Assange was initially dropped, and deemed so weak it could not warrant investigation. After the intervention of a Swedish politician close to American diplomats, it was revived by a different prosec
Cybersecurity Resources