The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: how to hack website

Researchers Uncover Brazilian Hacktivist's Identity Who Defaced Over 4800 Sites

Researchers Uncover Brazilian Hacktivist's Identity Who Defaced Over 4800 Sites

May 28, 2020Ravie Lakshmanan
It's one thing for hackers to target websites and proudly announce it on social media platforms for all to see. It's, however, an entirely different thing to leave a digital trail that leads cybersecurity researchers right to their doorsteps. That's exactly what happened in the case of a hacktivist under the name of VandaTheGod, who has been attributed to a series of attacks on government websites since July 2019. In a report shared with The Hacker News, researchers from Check Point said they were able to map VandaTheGod's activity over the years, and eventually zero down the attacker's real identity to a Brazilian individual from the city of Uberlândia. The cybersecurity firm said it notified concerned law enforcement of its findings for further action, adding the social media activities on profiles associated with VandaTheGod came to a halt towards the end of 2019. A Long Social Media Trail VandaTheGod has a long history of going after government we
SHEIN-Fashion Shopping Site Suffers Data Breach Affecting 6.5 Million Users

SHEIN-Fashion Shopping Site Suffers Data Breach Affecting 6.5 Million Users

September 25, 2018Swati Khandelwal
U.S. online fashion retailer SHEIN has admitted that the company has suffered a significant data breach after unknown hackers stole personally identifiable information (PII) of almost 6.5 million customers. Based in North Brunswick and founded in 2008, SHEIN has become one of the largest online fashion retailers that ships to more than 80 countries worldwide. The site has been initially designed to produce "affordable" and trendy fashion clothing for women. SHEIN revealed last weekend that its servers had been targeted by a "concerted criminal cyber-attack" that began in June this year and lasted until August 22, when the company was finally made aware of the potential theft. Soon after that, the company scanned its servers to remove all possible backdoored entry points, leveraging which hackers could again infiltrate the servers. SHEIN assured its customers that the website is now safe to visit. Hackers Stole Over 6.42 Million SHEIN Customers' Data
Another Critical Flaw Found In Drupal Core—Patch Your Sites Immediately

Another Critical Flaw Found In Drupal Core—Patch Your Sites Immediately

April 19, 2018Swati Khandelwal
It's time to update your Drupal websites, once again. For the second time within a month , Drupal has been found vulnerable to another critical vulnerability that could allow remote attackers to pull off advanced attacks including cookie theft, keylogging, phishing and identity theft. Discovered by the Drupal security team, the open source content management framework is vulnerable to cross-site scripting (XSS) vulnerability that resides in a third-party plugin CKEditor which comes pre-integrated in Drupal core to help site administrators and users create interactive content. CKEditor is a popular JavaScript-based WYSIWYG rich text editor which is being used by many websites, as well as comes pre-installed with some popular web projects. According to a security advisory released by CKEditor, the XSS vulnerability stems from the improper validation of " img " tag in Enhanced Image plugin for CKEditor 4.5.11 and later versions. This could allow an attacker to
Joomla Joomla! Two Critical Flaws Discovered — Update to Protect Your Site

Joomla Joomla! Two Critical Flaws Discovered — Update to Protect Your Site

October 25, 2016Mohit Kumar
Joomla – the world's second popular open source Content Management System (CMS) software packages, has just released the latest version of its CMS, which includes patches for two critical security vulnerabilities and a bug fix. The two critical flaws, both exist in the Joomla Core functionalities, include Account Creation Vulnerability ( CVE-2016-8870 ) and Elevated Privileges flaw ( CVE-2016-8869 ) that, if unpatched, could put millions of websites that run on Joomla at risk. The account creation bug could allow any user to register on a website, even if the registration process has been disabled, while the elevated privileges flaw could enable users to perform advanced functions on a registered site that ordinary users are not authorized to do. Both the critical vulnerabilities affect Joomla version 3.4.4 through 3.6.3. The update also includes a bug fix for Two-Factor Authentication. Millions of websites used in e-commerce and other sensitive industries used Joomla,
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.