Tech News | Breaking Cybersecurity News | The Hacker News

Researchers at Mocana, a security technology firm in San Francisco, recently demonstrated the ease with which they could hack into a popular Internet-ready HDTV model. They exploited a vulnerability in the software that displays websites on the TV, allowing them to control the information sent to the television. This flaw enabled them to create fake screens for sites like Amazon.com, prompting users to enter their credit card details. Additionally, they could monitor data sent from the TV to other sites. "Consumer electronics makers seem to be rushing to connect all their products to the Internet," said Adrian Turner, Mocana's CEO. "The design teams at these companies have not put enough thought into security." Mocana, along with similar firms, sells technology to protect devices and often highlights potential threats. This test underscores a warning from security experts: the rise of Internet TVs, smartphones, and other web-ready gadgets creates new opportun...

Opera releases monthly data generated by its users. In November 2010, Opera reported significant increases in unique users, pages viewed, and data consumed via its Mini browser. Around 80 million people used the Opera Mini browser in November, viewing 44.6 billion pages. According to Opera, its server-side compression reduced 6.3 petabytes of data. Year-over-year, Opera Mini's page views grew by 103.1%. The number of unique users increased by 28.4%, with the average user viewing 422 web pages per month. Each user consumed about 10MB of data, with the average web page size being just 2KB. In 2009, Facebook was the most visited mobile site, according to Opera. This year, Google regained the top spot globally. The top 10 websites globally, as ranked by Opera, are: Google Facebook Vkontakte.ru YouTube Odnoklassniki.ru Yandex.ru Yahoo My.opera Mail.ru Getjar In the U.S., the top 10 websites are more familiar: Google Facebook YouTube Wikipedia Yahoo My.opera Accuwe...

Facebook has confirmed that the recent issue with posts was on their end. A representative told SecurityWeek via email, "We began removing the posts immediately upon discovering them and shortly after they were made. They were caused by a temporary bug on Facebook that allowed certain posts requested by an application to be rendered when they shouldn't have. Upon discovering the bug, we immediately began work to fix it. It's now been resolved, and these posts can no longer be made. We're not aware of any cases in which the bug was used maliciously." A representative from Sendible stated that they had discussed the issue with Facebook over the phone. Facebook acknowledged the problem but could not reproduce it on their end. "They've agreed to patch the issue by the end of the day. In the meantime, we've agreed to remove the feature on Sendible that allows fans of Facebook pages to automate posts." Several Facebook Pages, including those of large...

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk.  A gap in access control in Microsoft Entra's subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them.  All the guest user needs are the permissions to create subscriptions in their home tenant, and an invitation as a guest user into an external tenant. Once inside, the guest user can create subscriptions in their home tenant, transfer them into the external tenant, and retain full ownership rights. This stealthy privilege escalation tactic allows a guest user to gain a privileged foothold in an environment where they should only have limited access. Many organizations treat guest accounts as low-risk based on their temporary, limited access, but this behavior, which works as designed, opens the door to known attack paths and lateral movement within the resource t...

Two years after fixing a security bug in the Windows version of its Safari browser, Apple apparently has decided that Mac users can go without a fix. Apple was initially unimpressed by Nitesh Dhanjani's work developing what's known as a "carpet bomb" attack, the security researcher said in an interview Monday. "I told Apple about it two years ago, and they responded back, saying it was more of an annoyance than anything else." That turned out to be the wrong assessment. Soon after Dhanjani went public with the flaw in May 2008, another security researcher showed how carpet bombing could be combined with another Windows attack to run unauthorized software on a Windows PC. Apple then shipped a fix for Safari on Windows, but not for Safari on Mac OS X. Nobody has shown how to do this on the Mac OS X version of Safari, but Dhanjani still thinks Apple should fix the issue on both platforms. In a carpet bomb attack, the victim visits a malicious website,...