#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

GENERAL NEWS | Breaking Cybersecurity News | The Hacker News

iPad Finally Has a Facebook Application

iPad Finally Has a Facebook Application

Oct 12, 2011
iPad Finally Has a Facebook Application Facebook has just released its official iPad app . The tablet device was unveiled in January 2010, but development and negotiations with Apple stalled the release of Facebook's app until now. Facebook for iPad is now available in App Store . We've been waiting for a Facebook iPad app almost as long as there's been an iPad, and there has been talk that Facebook has been working on the app for more than a year. The lack of an app for Facebook has been a pretty massive hole in the functionality of the iPad, given the social network's unrivaled popularity. And tons of third-party apps have sprung up to fill the void – but none of them were the official, sanctioned apps of Mark Zuckerberg, and none included the kind of power that Facebook has baked into its own native app. Here are some of the top Features of the new app: Bigger, better photos: Photos appear bigger and in high-resolution with easy to flip and rotate features in the photo album
FBI shut down 18 Child Porn Websites

FBI shut down 18 Child Porn Websites

Oct 11, 2011
FBI shut down 18 Child Porn Websites A man was recently indicted on federal charges of running 18 Chinese-language child pornography websites out of his apartment in Flushing, New York. The websites were being advertised to Chinese-speaking individuals in China, in the U.S., and other countries. According to the FBI, " Virtually every day, children are lured away from their families by cyber sexual predators. We're committed to stopping these crimes through our Innocent Images National Initiative. Based in Maryland, it joins FBI agents and local police in proactive task forces around the country that work online undercover to stop those who prey on our kids. " In late 2010, the FBI - through their legal attaché office in Beijing - received information from Chinese officials about their investigation of a large-scale child pornography website housed on U.S. servers. One of their main suspects, a Chinese-born man, was living in New York. The FBI's New York office op
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
[Call for Article] The Hacker News Magazine - November 2011 Edition

[Call for Article] The Hacker News Magazine - November 2011 Edition

Oct 09, 2011
[ Call for Article ] The Hacker News Magazine - November 2011 Edition The Hacker News is starting to prepare the next issue of ' The Hacker News Magazine '. Submissions are invited for a 6th up coming special November Issue as " Anniversary Edition ". If you have something interesting to write, please drop us an email at : thehackernews@gmail.com Yes ! We are going to Celebrate ' The Hacker News '  1st Anniversary on 1 November, 2011 . Each Issue/Article of our Magazine and Website aims to spread Awareness and Knowledge about Cyber Security. We gather articles from young minds that deal closely with the topic of Security and Hacking Threats. Topics of interest include, but are not limited to the following: - New Attack and Defense Techniques - Vulnerability discovery - Small Tactics & Techniques - Big Attacks & Impact - Mobile Hacking - Professional Exploit Development - Security and Hacking Events Around The World - Technical Book Revie
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
GPU cracks 6 character password in 4 seconds

GPU cracks 6 character password in 4 seconds

Oct 06, 2011
GPU cracks 6 character password in 4 seconds An nVidia GeForce GT220 graphics card, which costs about £30, is capable of cracking strong passwords in a matter of hours. Security experts were able to crack a  6 character password in 4 seconds, a 7 character password in less than 5 minutes, and 8 character password in four hours. " People have worked out that the processing power of graphics cards, due to the architecture of the chips, is more powerful than a normal processor for doing certain tasks ," said Neil Lathwood, IT director at UKFast.
Celebrating 5th Birthday of Wikileaks (Born : 4th Oct 2006)

Celebrating 5th Birthday of Wikileaks (Born : 4th Oct 2006)

Oct 03, 2011
Celebrating 5th Birthday of Wikileaks  (Born : 4th Oct 2006) The wikileaks.org domain name was registered on 4 October 2006. The website was unveiled, and published its first document, in December 2006. The site claims to have been " founded by Chinese dissidents, journalists, mathematicians and start-up company technologists, from the US, Taiwan, Europe, Australia and South Africa ". The creators of WikiLeaks have not been formally identified. It has been represented in public since January 2007 by Julian Assange and others. Assange describes himself as a member of WikiLeaks' advisory board. News reports in The Australian have called Assange the " founder of WikiLeaks ". According to Wired magazine, a volunteer said that Assange described himself in a private conversation as "the heart and soul of this organisation, its founder, philosopher, spokesperson, original coder, organizer, financier, and all the rest". 2006–08 WikiLeaks posted its fi
Contest Winners Announcement : Wireless Penetration Testing Guide book

Contest Winners Announcement : Wireless Penetration Testing Guide book

Oct 02, 2011
Contest Winners Announcement : Wireless Penetration Testing Guide book We ran a competition for the book " Backtrack 5 Wireless Penetration Testing " last week. Today, Vivek Ramachandran, the author of the book and Founder of SecurityTube.net is announcing the winners in the video below. We will be contacting the winners via email soon. Two Best Comments Selected by Author are : Scott Herbert : For me it's the "man-in-the middle" and other cutting edge wireless attacks that make it a book worth getting (even if I don't win). neutronkaos : What interests me most about this book is that it is dedicated to wireless hacking. In an age where almost everybody is rocking a wireless AP, this book could do alot in offense and defense. I have been a Backtrack fan since Backtrack 3 and I have seen several of Mr. Ramachandran's primers on security tube. I am currently deployed to Afghanistan and I am working towards a degree in Network Security. I would love to have this boo
QR codes - Next way for Android Malware

QR codes - Next way for Android Malware

Oct 02, 2011
Once a user scans the QR code, the code redirects them to a site that will install a Trojan on their Android smart phones. Kaspersky's SecureList blog has a report of a malicious QR code on a web site which when scanned directs the user to a URL; the linked site doesn't have a file matching the name in the URL, but it does redirect the browser to another site where the file jimm.apk is downloaded.  The file is a trojanized version of the Jimm mobile ICQ client, infected with Trojan-SMS.AndroidOS.Jifake.f which sends a number of SMS messages to a $6 a message premium rate service. Once installed, the Trojan will send a number of SMS messages to premium-rate numbers, which will end up costing the victim some money, depending on how quickly she is able to find and remove the Trojan. Kaspersky's Denis Maslennikov reports that the malware itself is a Trojanized Jimm application (mobile ICQ client) which sends several SMS messages to premium rate number 2476 (US$6.00 e
Security Solutions for Beast attack against SSL/TLS Vulnerability

Security Solutions for Beast attack against SSL/TLS Vulnerability

Sep 30, 2011
Security Solutions for Beast attack against SSL/TLS Vulnerability Juliano Rizzo and Thai Duong presented a new attack on Transport Layer Security (TLS) at the Ekoparty security conference in Buenos Aires, Argentina. The researchers found that encryption, which should protect us, when we connect to some sites over HTTPS, may be compromised. The researchers say that their code is called BEAST (Browser Exploit Against SSL / TLS) prove to the world that any cryptographic protocol designed to TLS 1.1, is vulnerable and can be quite easily deciphered. Researchers try to decode the authentication cookies used to login to your account PayPal, within 10 minutes, far faster than anyone expected. If successful, the faith of Internet users in one of the pillars of online safety is fully dissipated.BEAST is different from the many published attacks against HTTPS, - said Dwan. - While other attacks are focused on property, authenticity SSL, BEAST Attacks privacy protocol. As far as we know, BE
"SecurityTube Wi-Fi Security Expert" (SWSE) online certification Launched

"SecurityTube Wi-Fi Security Expert" (SWSE) online certification Launched

Sep 29, 2011
"SecurityTube Wi-Fi Security Expert" (SWSE) online certification Launched SecurityTube released their first fully online certification today - " SecurityTube Wi-Fi Security Expert " (SWSE) .  The most interesting thing and key difference from other certifications, is that they are giving out the entire course material free of charge! You only pay if you need the certification. If you are a hobbyist or a causal security enthusiast, the course material is free for you :) The SWSE is based on the Wi-Fi Security Megaprimer which we posted about a while back: https://www.securitytube.net/downloads Full details of the certification is available here: https://www.securitytube.net/certifications For an introductory price of $200 till October 15th, 2011 (only limited seats), they are providing all of the following: - Lifetime access to the Students Portal - Lifetime access to Bi-Monthly Webinars with Full Course Coverage and Live Doubt Clearing sessions - Lifetime
Firefox Java update ready to stop BEAST attacks

Firefox Java update ready to stop BEAST attacks

Sep 29, 2011
Firefox Java update ready to stop BEAST attacks Firefox developers searching for a way to protect users against a new attack that decrypts sensitive web traffic are seriously considering an update that stops the open-source browser from working with Oracle's Java software framework. Johnath, the alias for Firefox Director of Engineering Johnathan Nightingale, weighed in: " Yeah - this is a hard call. Killing Java means disabling user functionality like facebook video chat, as well as various java-based corporate apps (I feel like Citrix uses Java, for instance?) " He went on to say that Firefox already has a mechanism for " soft-blocking " Java that allows users to re-enable the plugin from the browser's addons manager or in response to a dialogue box that appears in certain cases. " Click to play or domain-specific whitelisting will provide some measure of benefit, but I suspect that enough users will whitelist, e.g., facebook that even with those mechanisms (which don&
[Hurry Up] Hacker Halted 2011 Special Offer For The Hacker News Readers

[Hurry Up] Hacker Halted 2011 Special Offer For The Hacker News Readers

Sep 26, 2011
[Hurry Up] Hacker Halted 2011 Special Offer For The Hacker News Readers Special for all The Hacker News subscribers (Offer ends Sep 30, 2011) Attend EC-Council's signature event in Miami - Hacker Halted USA - and  Get an iPad 2 + 2 nights hotel +  an additional 10% discount , when signing up for the conference pass at public prevailing rates, or for selected training. Held at the Intercontinental Miami from Oct 21 - 27, Hacker Halted USA will feature some of the best infosec superstars including  Bruce Schneier (Internationally acclaimed security guru), Philippe Courtot (Chairman - Qualys), Jeremiah Grossman (CTO - WhiteHat Security),  George Kurtz (Global CTO - McAfee), Dr. Charlie Miller (Accuvant), Moxie Marlinspike, Barnaby Jack and many others. There are a total of more than 70 speakers this year, and a very comprehensive agenda covering the major hot topics surrounding information security across 4 dedicated tracks. There is also a wide selection of training to choose fr
Singapore will setup National Cyber Security Centre

Singapore will setup National Cyber Security Centre

Sep 25, 2011
Singapore will setup National Cyber Security Centre Singapore has said it will boost its national capability to counter cyber security threats through the setting up of a ' National Cyber Security Centre ' in the coming months. The Centre, which will be headed by the Singapore Infocomm Technology Security Authority, will help the government deal more effectively with cyber security threats and vulnerabilities by enhancing capabilities in early detection and prevention, Deputy Prime Minister Teo Chee Hean said. In his address at the Second Singapore Global Dialogue here yesterday, Teo, who is also coordinating minister for national security and home affairs minister, said a safe and functioning cyberspace was critical to " our society, economy and national security. "
Let’s Play a Game of Cyber Security at CSAW CTF 2011

Let's Play a Game of Cyber Security at CSAW CTF 2011

Sep 22, 2011
Let's Play a Game of Cyber Security at  CSAW CTF 2011   Ready for a little game of capture the flag? What if you weren't running around a field like a crazy person trying to grab a flag out of someone's belt, but instead were navigating around a network overcoming technical challenges to find markers that you are awarded points for once submitted? Then CSAW CTF 2011 is where it's at. CSAW CTF 2011 is hosting the qualifying round from Friday September 23, 2011 to Sunday September 25, 2011. The competition will begin at 8PM that Friday night, and is used to determine who will proceed on to the finals taking place in New York November 10-11 at NYU-Poly.   The event is centered on assessing application security abilities. For the qualification round there is no limit to the number of team members you can have, but if you move on to the final round your team will be limited to four players. If you attend the event you'll have the chance to rub elbows with anyone and everyone inter
Win Free Copies of BackTrack 5 Wireless Penetration Testing Guide with The Hacker News

Win Free Copies of BackTrack 5 Wireless Penetration Testing Guide with The Hacker News

Sep 22, 2011
Win Free Copies of BackTrack 5 Wireless Penetration Testing Guide with The Hacker News Fellow hackers would be very pleased to know that to celebrate the release of their new book- BackTrack 5 Wireless Penetration Testing Beginner's Guide , Packt Publishing is giving away 2 copies of the book to The Hacker News readers. Keep reading to find out how you can be one of the Lucky Winner. Here is a quick overview of BackTrack 5 Wireless Penetration Testing Beginner's Guide · Learn Wireless Penetration Testing with the most recent version of Backtrack · The first and only book that covers wireless testing with BackTrack · Concepts explained with step-by-step practical sessions and rich illustrations · Written by Vivek Ramachandran ¬ world renowned security research and evangelist, and discoverer of the wireless "Caffe Latte Attack" Read More How To Win Sound like something you might be interested in? All you need to do is head on over to the bo
Bank of Melbourne Twitter Account Hacked

Bank of Melbourne Twitter Account Hacked

Sep 22, 2011
Bank of Melbourne Twitter Account Hacked Last week, the Twitter account of the Bank of Melbourne was hacked and used to send direct messages containing phishing links to its followers. In a tweet , the bank said that: ATTN: Unauthorised DMs sent bw 4-5pm today, do not click link. No customer/personal data compromised. Apologies for the inconvenience. A recently relaunched subsidiary of Westpac, the Australian bank engages heavily with its customers through its @BankofMelb Twitter account. However, the security of the account proved not to be up to scratch when hackers managed to gain access and used the account to send direct messages containing phishing links.The hacking of corporate Twitter accounts is nothing new, neither are phoney messages claiming to come from a bank. What makes this case rather unique - and worrying - is that the account itself is genuine, thus significantly adding to the credibility of the links. Dancho Danchev believes that this is not the act of an amateu
Radware’s Attack Mitigation System Delivers the First Fully Integrated Solution to Fight Cyber Attacks in Real Time

Radware's Attack Mitigation System Delivers the First Fully Integrated Solution to Fight Cyber Attacks in Real Time

Sep 21, 2011
Radware's Attack Mitigation System Delivers the First Fully Integrated Solution to Fight Cyber Attacks in Real Time The solution blocks the new breed of sophisticated attacks that target Multiple layers of the IT infrastructure .  Today's point security tools for IT infrastructures are not enough to protect against the new wave of sophisticated cyber attacks. That's why  Radware  (NASDAQ: RDWR), a leading provider of  application delivery  and  application security  solutions for virtual and cloud data centers, today announced Radware Attack Mitigation System (AMS), the industry's first fully integrated IT security strategy and portfolio that protects the application infrastructure in real time against network and application downtime, application vulnerability exploitation, malware spread, information theft, Web service attacks and Web defacement. Additional Resources   ·                 AMS Brochure   ·                 CTO Expert Article   ·                 ERT Inci
#DEFCON Chennai September 2011 meet - Another Success !

#DEFCON Chennai September 2011 meet - Another Success !

Sep 19, 2011
#DEFCON Chennai September 2011 meet - Another Success !  DEF-CON Chennai (DC602028) Meet held on On 11th September 2011 From 2:30 PM to 7PM was a Great Success.  List of Speakers 1) Abhinab 2) Viknesh 3) Ravi Kumar 4) Aditya Gupta 5) Rahul Tyagi 6) Sophan 7) Suman Some Awesome moments of Meet DefCon message to all Groups " DC Groups are up and running all around the world! Defcon would like to thank the founders of the groups for all of their hard work and input. We invite you to attend a DC group meeting in your area and if your city isn't listed, START ONE! Got ideas? Share them! ". View Complete Album here
0-Day SCADA Exploits Publicly Exposed by Italian researchers

0-Day SCADA Exploits Publicly Exposed by Italian researchers

Sep 17, 2011
0-Day SCADA Exploits Publicly Exposed by Italian researchers An Italian researcher has uncovered at least a dozen security flaws in software used in utilities and other critical infrastructure systems, prompting security advisories from the U.S. government. Security researcher Luigi Auriemma disclosed the attacks against six SCADA (Supervisory Control and Data Acquisition) systems including US giant Rockwell Automation.The step-by-step exploits allowed attackers to execute full remote compromises and denial of service attacks.Some of the affected SCADA systems were used in power, water and waste distribution and agriculture.Such zero-day information disclosure was generally frowned upon in the information security industry because it exposed customers to attack while published vulnerabilities remained unpatched.Attacks against SCADA systems were particularly controversial because exploits could affect a host of machinery from lift control mechanisms to power plants. The advisories
McAfee DeepSAFE - Anti-rootkit Security Solution

McAfee DeepSAFE - Anti-rootkit Security Solution

Sep 14, 2011
McAfee DeepSAFE - Anti-rootkit Security Solution McAfee previewed its DeepSAFE hardware-assisted security technology for proactively detecting and preventing stealthy advanced persistent threats (APTs) and malware. The technology, which was co-developed with Intel, sits below the OS, providing the ability to fundamentally change the security game, according to the companies. According to McAfee Labs, more than 1,200 new rootkits per day are detected - equating to 50 per hour every single day. The DeepSAFE technology, which was demonstrated at the Intel Developer Forum in San Francisco, was able to detect and stop a zero-day Agony rootkit from infecting a system in real time. This technology is expected to launch in products later in 2011. Key attributes of McAfee DeepSAFE: Builds the foundation for next-generation hardware-assisted security operating beyond the operating system Provides a trusted view of system events below the operating system Exposes many attacks that are un
BruCON – Belgium’s First Security Conference

BruCON – Belgium's First Security Conference

Sep 13, 2011
BruCON – Belgium's First Security Conference BruCON, Belgium's first security conference is back for it's third edition on 19-22 September. After witnessing greater success in the past two years, this year's event is expected to attract more then 400 people from around Europe. BruCON conference aims to create bridge between the various actors active in computer security world, included but not limited to hackers, security professionals, security communities, non-profit organizations, CERTs, students, law enforcement agencies,academic researchers, etc. BruCON is organized as a non-profit event by volunteers. A group of security enthusiasts decided that it was time in Belgium to have its own security conference. A lot of countries around the world already had these kind of conferences to discuss and present research on computer security and related subject matters. This group of volunteers wanted Belgium not to be the last to have a similar conference. The event features more then 27
Cybersecurity Resources