The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Scammers have again targeted more than one billion active users of the popular social networking giant Facebook, to infect as many victims as possible. Not by serving fake post, neither by providing malicious video link, instead this time scammers have used a new way of tricking Facebook users into injecting or placing malicious JavaScript or client-side code into their web browsers. This malicious code could allow an attacker to gain access to victims' accounts, thereby using it for fraud, to send spams, and promoting further attacks by posting the scam on timeline to victims' friends. This technique is known as Self Cross-site Scripting or Self XSS. Self-XSS (Self Cross-Site Scripting) scam is a combination of social engineering and a browser vulnerability , basically designed to trick Facebook users' into providing access to their account. Once an attacker or scammer gets access to users' Facebook account, they can even post and comment on things on users' behalf.

Chinese hackers infiltrated the databases of three Israeli defense contractors and stole plans for Israel's Iron Dome missile defense system, according to an investigation by a Maryland-based cyber security firm ' Cyber Engineering Services Inc. (CyberESI) '. Not just this, the hackers were also able to nab plans regarding other missile interceptors, including Unmanned Aerial Vehicles, ballistic rockets and the Arrow III missile interceptor which was designed by Boeing and other U.S.-based companies. The intrusions were thought to be executed by Beijing's infamous " Comment Crew " hacking group – a group of cyber warriors linked to the Chinese People's Liberation Army (PLA) – into the corporate networks of top Israeli defense technology companies, including Elisra Group, Israel Aerospace Industries, and Rafael Advanced Defense Systems, between 10 October 2011 and 13 August 2012. The three Israeli defense technology companies were responsible for the developmen

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

In the era of Government surveillance, ensuring the security and safety of our private communications regardless of platform – email, VOIP, message, even cookies stored – should be the top priority of the Internet industry. Some industry came together to offer Encryption as the protection against government surveillance, but some left security holes that may expose your personal data. A critical issue on Instagram's Android Application has been disclosed by a security researcher that could allow an attacker to hijack users' account and successfully access private photos, delete victim's photos, edit comments and also post new images. Instagram , acquired by Facebook in April 2012 for approximately US$1 billion, is an online mobile photo-sharing, video-sharing and social networking service that enables its users to take pictures and videos, apply digital filters, and share them on a variety of social networking services, such as Facebook, Twitter, Tumblr and Flickr.

A leading provider of advanced threat, security and compliance solutions, Tripwire , has announced that Craig Young , a security researcher from its Vulnerability and Exposure Research Team (VERT) , is working on a paper about SSL vulnerabilities that will be presented at DEF CON 22 Wireless Village . There are thousands of websites over Internet that contain serious mistakes in the way that Secure Sockets Layer and Transport Layer Security (SSL/TLS) is implemented, leaving them vulnerable to man-in-the-middle (MitM) attacks that could compromise sensitive user data such as banking credentials, credit card numbers and other information. MitM attack is one of the common and favorite techniques of attackers used to intercept wireless data traffic. Cyber criminals could able to intercept sensitive user data, including credit card numbers, PayPal credentials and social network credentials as well. Young has unearthed various situations where poor SSL implementations in co

Great news for Hackers and Backtrack Linux fans! Offensive Security, the developers of one of the most advance open source operating system for penetration testing known as ' KALI Linux ', has finally announced the release of the latest version i.e. Kali Linux 1.0.8 . Kali Linux is based upon Debian Linux distribution designed for digital forensics and penetration testing, including a variety of security/hacking tools. It is developed, maintained and funded by Offensive Security constantly providing users with the latest package updates and security fixes available. The new release supports Extensible Firmware Interface (EFI) boot  that allows you to start Kali Linux 1.0.8 using a USB stick on recent hardware, and especially on Apple Macbooks Air and Retina models. " This new feature simplifies getting Kali installed and running on more recent hardware which requires EFI as well as various Apple Macbooks Air and Retina models ," reads the blog post . Although

The Russian government is offering almost 4 million ruble which is approximately equal to $111,000 to the one who can devise a reliable technology to decrypt data sent over the Tor , an encrypted anonymizing network used by online users in order to hide their activities from law enforcement, government censors, and others. The Russian Ministry of Internal Affairs (MVD) issued a notice on its official procurement website, originally posted on July 11, under the title " шифр «ТОР (Флот)» " ;which translates as " cipher 'TOR' (Navy) " an open call for Tor-cracking proposals whose winner will be chosen by August 20. The MIA specifically wants researchers to " study the possibility of obtaining technical information about users and users' equipment on the Tor anonymous network, " according to a translated version of the Russian government's proposal. Only Russian nationals and companies are allowed to take part in the competition " in o

Data security is a big task for businesses as well as a challenge for IT leaders, whether it be securing networks or devices. Past few months, we often came across various data breaches, the largest among all was Target data breach , which cost a business nearly $50,000 in lost productivity, replacement and data recovery.  Once a bad actor has stolen your hardware or compromised your network, the ability to lock down sensitive data is predominant. To help mitigate these threats in order to protect businesses against data breaches without even damaging performance, Intel has announced its latest enterprise-class solid state drives (SSDs) that are self-encrypting, packaged with some powerful security and management features. The New Intel SSD 2500 Pro Series of solid state drives offers significant performance with hardware-based 256-bit self-encryption to reduce the impact on the performance. Intel SSD 2500 Pro Series will be offered in both 2.5-inch SATA and M.2