#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

website hacked | Breaking Cybersecurity News | The Hacker News

Russia Today (RT) Hacked, "Russian" replaced with "Nazi" in News Headlines

Russia Today (RT) Hacked, "Russian" replaced with "Nazi" in News Headlines
Mar 02, 2014
' Russia Today ', Moscow based Russia's biggest news channel website ( RT.com ) has been hacked and defaced by an unknown group of hackers. Hackers have replaced " Russia " or " Russians " with " Nazi " or " Nazis "  word from the headlines, as shown. " RT website has been hacked, we are working to resolve the problem, "  Russia Today tweeted from  the official Twitter account. Modified headline, i.e. i.e.   Russian Senators Vote To Use Stabilizing Nazi Forces on Ukrainian territory. Another modified headline stated: " Up to 143,000 Nazis requested asylum in Russia in two weeks ,"   The changes to the ' Russia Today '  website remained in place for nearly 30 minutes and  at the time of reporting, the hack was restored.  " Hackers deface https://RT.com website, crack admin access, place "Nazi" in every headline. Back to normal now. "  RT acknowledged the issue. Recently the   Anonymous group has also announced '

Crowd-Funding site Kickstarter Hacked! It's time to change your Password

Crowd-Funding site Kickstarter Hacked! It's time to change your Password
Feb 16, 2014
If you have an account at the popular crowd funding site Kickstarter , it's time to change your account's password. Kickstarter's CEO Yancey Strickle r says that the company has been hacked by an unknown hacker earlier this week. Kickstarter said in a blog post that no credit card information was stolen in Data Breach , but users' personal information has been compromised and they also haven't found evidence of unauthorized activities on accounts. Data accessed and stolen by hackers included usernames, email addresses, mailing addresses, phone numbers and encrypted passwords of the users. Facebook usernames and logins were not compromised for those who use that log-in system to get on Kickstarter. According to a Kickstarter's team member, the older users' passwords were encrypted using salted SHA1  and newer users' passwords are encrypted with a stronger hashing algorithm called ' bcrypt '. Hackers could attempt to crack the encrypted pa

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl
Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte

Forbes Hacked by Syrian Electronic Army; Website and Twitter accounts Compromised

Forbes Hacked by Syrian Electronic Army; Website and Twitter accounts Compromised
Feb 14, 2014
Forbes  is the latest victim in a long line of high-profile attacks by the Syrian Electronic Army (SEA) , sending a reminder to the international community that cyber warfare is alive and well. The pro-Assad group also took responsibility for hacking multiple Forbes websites and hijacked three Twitter accounts related to the website. According to the screenshots published by the team, it appears the hackers gained the access to the Wordpress administration panel of Forbes website and  edited several articles posted earlier on Forbes by authors Travis Bradberry, Matthew Herper, Andy Greenberg, John Dobosz, Steve Forbes  and titled then as " Hacked by Syrian Electronic Army ". Hackers tweeted, " Syrian Electronic Army was here " from the compromised Twitter accounts, including accounts of Social media editor Alex Knapp @TheAlexKnapp and Personal finance report Samantha Sharf  @Samsharf , and @ForbesTech account. The  Syrian Electronic Army  attack

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

800,000 Customers' detail stolen in Data Breach at French Telecom 'Orange'

800,000 Customers' detail stolen in Data Breach at French Telecom 'Orange'
Feb 03, 2014
One of the world's largest mobile operator ' Orange ' has been hit by data breach. The French multinational telecommunication company announced recently, it was targeted by unknown hackers on 16th January 2014, who allegedly gained access to the accounts of up to 800,000 customers of Orange website. According to a report published on the PC INpact website, the company warned their customers in an email that their Client Area website orange.fr was hacked and personal data of 3% customers have been stolen, but the passwords are not affected. The hacker has successfully stolen customers' names, mailing address, email, landline and mobile phone numbers. The company warned, with the information lost in this attack, hackers can perform phishing attacks, allowing them to steal personal data, including bank account details and passwords by sending emails that look as if they have come from official sources. Orange has confirmed the data breach, and afte

eBay and PayPal UK website hacked by Syrian Electronic Army

eBay and PayPal UK website hacked by Syrian Electronic Army
Feb 02, 2014
A pro-hacker group, aligned with president Bashar al-Assad, very well known as Syrian Electronic Army (SEA) has again gained the media attention by adding the popular sites, i.e. eBay UK and PayPal UK to its victim list. After targeting websites of various media agencies, government organizations and big enterprises, including the latest defaced CNN and Microsoft, today they targeted and defaced the official websites of UK's Ebay ( ebay.co.uk ) and PayPal ( paypal.co.uk ). The group also left a deface page along with a message on the hacked PayPal UK site: " Hacked by Syrian Electronic Army! Fuck the United States Government. " It is clear that the attack on PayPal could put millions of peoples' bank information at risk, but the group said that the attack is not to target account information of people instead was ' Purely a Hacktivist Operation ' with the reason behind is the discrimination of Syrian citizens by PayPal company. " For denying Syrian citizens

Bangladeshi Hackers defaced BCCI website after Board approves ICC takeover proposal

Bangladeshi Hackers defaced BCCI website after Board approves ICC takeover proposal
Jan 27, 2014
Apart from various Government websites falling victim to Hacking attacks, the latest to be targeted by hackers belongs to the world's richest cricket Board, the Board of Control for Cricket in India (BCCI). Late night on 26th January ( 65th Republic Day of India ), the official website of Indian cricket's Governing body, BCCI.TV has been defaced by Bangladeshi hacker who goes by the name Ashik Iqbal Chy . The ' About Us ' page on the website has the message " Don'T MesS UP WitH TiGeRs! " along with the image of the Bangladesh national cricket team running with the Bangladeshi Flag. The ' Attack ' on BCCI's website is most likely in response to the latest draft proposal, which aims to shift the control of global cricket from the hands of International Cricket Council (ICC) into the hands of top three cricket boards BCCI, Cricket Australia (CA), England and Wales Cricket Board (ECB) ; therefore the fate of cricket in smaller countries like Bangladesh, New Zeala

Yahoo fixes Critical Remote Command Execution vulnerability

Yahoo fixes Critical Remote Command Execution vulnerability
Jan 26, 2014
Cyber Security Expert and Penetration tester, Ebrahim Hegazy has found a serious vulnerability in Yahoo's website that allows an attacker to remotely execute any commands on the server i.e. Remote Command Execution vulnerability. According to Ebrahim blog post , the vulnerability resides in a Chinese subdomin of Yahoo website i.e. https://tw.user.mall.yahoo.com/rating/list?sid= $Vulnerability Any remote user can manipulate the input to the sid parameter in the above URL, that passes the parameter value to an eval() PHP function on the server end. If an attacker is able to inject a PHP code into this web application, it forces the server to execute it, but this method only limited by what PHP is capable of. In a POC Video he has successfully demonstrated few Payloads: Example-1: https://tw.user.mall.yahoo.com/rating/list?sid= ${@print(system("dir"))} Example-2: https://tw.user.mall.yahoo.com/rating/list?sid= ${@print(system("ps"))} Last week, He

MIT University website defaced by Anonymous hackers in honor of Aaron Swartz

MIT University website defaced by Anonymous hackers in honor of Aaron Swartz
Jan 11, 2014
Today is January 11, 2014 and the last year on the same day a 26-year-old, young hacker, Reddit cofounder and the digital Activist, Aaron H. Swartz committed suicide. He found dead in his Brooklyn, New York apartment, where he had hanged himself. Swartz was indicted by a federal grand jury in July 2011, accused of hacking the MIT JSTOR database and stealing over four million documents with the intent to distribute them. He could have prison for 50 years and $4 million in fines by the Court, but before that he committed suicide in fear. Swartz's father, Robert, later blamed the MIT and the judiciary system for his son's death. On the first Anniversary of Aaron Swartz , today the Anonymous group of hackers defaced the sub-domain of the Massachusetts Institute of Technology (MIT) website ( https://cogen.mit.edu/ ) for about an hour as part of #OPLASTRESORT. Defacement page was titled ' THE DAY WE FIGHT BACK '. The message posted on it, " Remember The Day We Fight Back,

'The Washington Post' compromised 3rd time in the last 3 years

'The Washington Post' compromised 3rd time in the last 3 years
Dec 20, 2013
Security experts at Mandiant intelligence firm have discovered a new intrusion into the network of The Washington Post , it is the third time in the last three years. In time I'm writing it is still not clear the extension of the attack neither an estimation of the losses. Mandiant reported the incident to The Washington Post this week, confirming that exposed data include employees' credentials hash. " Hackers broke into The Washington Post's servers and gained access to employee user names and passwords, marking at least the third intrusion over the past three years, company officials said Wednesday. " a post of the news agency said. Early 2013 the New York Times has announced that during the previous months it was a victim of cyber espionage coordinated by Chinese hacker s, similar attacks was conducted against principal Americans news agencies. The hackers have tried to compromise the email account of journalists to steal sensitive information, they tried

Russian hackers stole Personal details of 54 million Turkish Citizens

Russian hackers stole Personal details of 54 million Turkish Citizens
Dec 17, 2013
The Publicized Hacks, Cyber attacks and Data breaches continue to increase, and the majority of attacks are from outsiders. Recently, Some unknown Russian hackers have reportedly stolen Personal details of nearly 54 million Turkish citizens, about 70% of the whole Turkish population. According to a report published by ' Hurriyet News ', Researchers from  KONDA  Security firm revealed that the hackers have stolen data from a political party's  vulnerable  system that include Name, ID numbers and address of 54 million voters across the Nation. Researchers claimed that the hacked system (being used for Database and website Management) did not have any antivirus product installed and voter information was also uploaded online on a vulnerable website. This was really a bad idea, and they mentioned that " in two hours hackers downloaded all the information. " In another statement, they mentioned that some government institutions share citizen's personal data online with o

OpenX Advertising Network hacked and backdoor Injected

OpenX Advertising Network hacked and backdoor Injected
Aug 07, 2013
OpenX, a leading provider of digital and mobile advertising technology has accordingly served backdoors that are injected into the Code and allows hackers to control over your Web server. German tech site the Heise notified Germany's computer emergency response team (CERT) this week about the OpenX Ad Server (2.8.10) backdoor, allowing an attacker to execute any PHP code via the "eval" function  and could have provided attackers full access to their web sites. The OpenX team has confirmed the breach  and OpenX senior application security engineer Nick Soracco said that two files in the binary distribution of 2.8.10 had been replaced with modified files that contained a remote code execution vulnerability . The attack code is written in PHP but is hidden in a JavaScript file that is part of a video player plugin ( vastServeVideoPlayer ) in the OpenX distribution. This vulnerability only applies to the free downloadable open source product, OpenX Source.

Daily Dot News portal hacked by Syrian Electronic Army with phishing attack

Daily Dot News portal hacked by Syrian Electronic Army with phishing attack
Jul 23, 2013
Pro-Assad hacker group the Syrian Electronic Army claims to have breached the online news portal " Daily Dot " and deleted an article with a caricature of Syrian President Bashar al-Assad. SEA hackers gave an advance warning to Daily Dot editorial team via twitter , said " Dear @dailydot, please remove the attached picture in this article: https://www.dailydot.com/news/syrian-electronic-army-tango-me/ … or we will do something you will not like it. " But Daily Dot refused to comply, and hackers broke into the Gmail account of one of its staff, then into the site's administration panel and removed the article in question altogether, as challenged ! The attackers have published several pictures, including ones of emails sent out to Daily Dot staff about the Syrian Electronic Army's threat. Staff have been warned that the hackers use phishing emails to trick them into handing over their account credentials. " The stupid @dailydot administra

Japanese Game maker Club Nintendo's 24,000 accounts Hacked

Japanese Game maker Club Nintendo's 24,000 accounts Hacked
Jul 08, 2013
Japanese video game maker Nintendo recently revealed that one of its main fan sites Club Nintendo got hacked and Out of 15.5 million login attempts in brute-force process, almost 24,000 user accounts have been hijacked early last month. Nintendo said it first became aware of the illicit logins on Tuesday evening after a large number of access errors on the site. However the security team believe that the hackers obtained the logins and passwords from an outside resource. The fan site, Club Nintendo, allows 3DS and Wii owners, as well as other fans of Nintendo games and hardware to answer survey questions and register their products. Members can do all this in exchange for "coins" or points. These can later be traded for other goods or services on the site. The site is open to users from all over the world, about four million of which are located in Japan. These accounts contain secure data of users' real names, addresses, phone numbers and email information. " The

50 million customers compromised in LivingSocial hack

50 million customers compromised in LivingSocial hack
Apr 27, 2013
LivingSocial, a daily deals website part-owned by Amazon Inc ., hit by a cyber attack that may have affected more than 50 million customers and will need to reset their passwords. LivingSocial says it has 70 million members worldwide. Leaked data includes names, e-mail addresses, dates of birth and encrypted passwords. Customers' credit card information and merchants' financial and banking information were not affected by the hack, LivingSocial said. So it looks like some personal info may have fallen into the wrong hands, but credit card and other financial details should be safe. The cyberattack affected LivingSocial customers in North America, Australia, New Zealand, United Kingdom, Ireland and Malaysia and its LetsBonus users in Southern Europe and Latin America. So if you're among the affected users, the hackers have just the right amount of information to phish you. The site is sending out emails to customers advising them to change their passwords.

World's largest Digital documents library 'Scribd' Hacked

World's largest Digital documents library 'Scribd' Hacked
Apr 04, 2013
World's largest Digital documents library 'Scribd' announced that, they were hacked in a recent attack and  hacker potentially able to compromise general user information, which includes usernames, emails, and encrypted passwords of partial database. " Even though this information was accessed, the passwords stored by Scribd are encrypted " They emailed every user whose password was potentially compromised with details of the situation and instructions for resetting their password. " Earlier this week, Scribd's Operations team discovered and blocked suspicious activity on Scribd's network that appears to have been a deliberate attempt to access the email addresses and passwords of registered Scribd users. " Scribd team said on blog post. If your account was among those affected, visit https://www.scribd.com/password/check and Check that you are one of the lucky victim or not, I got " Good news - your password was not among thos

NIST National Vulnerability Database hacked

NIST National Vulnerability Database hacked
Mar 14, 2013
The U.S. government repository of standards based vulnerability management website National Vulnerability Database (NVD) was hacked by some unknown attacker last week. The website of NVD ( https://nvd.nist.gov/index.html ) is down since Friday due to a malware infection on two web servers, discovered on Wednesday. The main page of website reads," The NIST National Vulnerability Database (NVD) has experienced an issue with its Web Services and is currently not available. We are working to restore service as quickly as possible. We will provide updates as soon as new information is available ." According to a post available on Google+ by Kim Halavakoski , who contacted NIST Public Inquiries Office to know about the issue," On Friday March 8, a NIST firewall detected suspicious activity and took steps to block unusual traffic from reaching the Internet. NIST began investigating the cause of the unusual activity and the servers were taken offline. Malware was

Hackers and Anti-Government Protests rage across Iraq

Hackers and Anti-Government Protests rage across Iraq
Jan 05, 2013
Four Iraqi Government websites defaced today by hacker going by name " riSky ". Defaced domains include Iraq National Investment Commission website also. Where, Tens of thousands of protesters rallied across Iraq on Friday, charging that Sunni Muslims had been disenfranchised under the Shiite-led government of Prime Minister Nouri Maliki and pressing for detainees to be freed, there internal and externals hackers are also creating trouble for Government. Hacker claiming to hack the server, as proof he offer ' The Hacker News ' some screenshots of cpanel WHM, as shown below: Defaced Domain: investpromo.gov.iq nic.iq investpromo.com istithmar.iq Hack Mirror: https://zone-h.com/mirror/id/18883643 https://zone-h.com/mirror/id/18883647 https://zone-h.com/mirror/id/18883639 On going hacks and Protest in Iraq are driving the protests in the hopes of creating their own semi-autonomous region akin to Kurdistan, emboldened by the belief that the ongoing up

Hacker leaks Bangladesh Intelligence classified Emails

Hacker leaks Bangladesh Intelligence classified Emails
Jan 04, 2013
Indian hacker, Godzilla once again hit Bangladesh government server . Hacker told us about his latest cyber attack on  Directorate General of Forces Intelligence Bangladesh (DGFI -  www.dgfi.gov.bd ) server . He claimed to back up all confidential mails in the server and list of all their agents around the globe. Hacker taunt Bangladesh govt , " To all stupid Intelligence people of Bangladesh do you know what is security??,  Iam really felling pitty for you." Through a paste  note, hacker leak one sample mail (funny one), which is the conversation between Dewan Mamoon and DGFI Director. Some words from email are, " I love the CIA. I love the DGFI. I love the Bangladesh armed forces. I love America and I love Bangladesh. " and " I know that you are the ones to thank for sponsoring me in Bangladesh and the CIA for sponsoring me in America. " Compromised Intelligence server claimed to be full of sensitive information. In past year, Godzilla h

TopTV and Reliance Netconnect websites hacked by Brazilian hackers

TopTV and Reliance Netconnect websites hacked by Brazilian hackers
Jan 02, 2013
The TopTV website and Reliance Netconnect broadband provider websites compromised today by Brazilian hacking crew named " HighTech Brazil HackTeam ". Index.php from Reliance Netconnect and few internal pages of TopTV defaced. Heather Kennedy from TopTV said that they are aware of the breach of security on its website," The IT department was working on the problem all day yesterday, New Year's Day. The site will be restored shortly " Recently the official website of Interpol Indonesia National Central Bureau (interpol.go.id) and many Singapore websites were also hacked by same hackers. The same hacker or group of hackers have also defaced the PG Glass website. The PG Glass home page currently (2 January at 09:30) displays the message " Hackeado por HighTech Brazil HackTeam… " Defaced URLs: https://www.toptv.co.za/index.php?option=com_tvguide&Itemid=29 https://www.reliancenetconnect.co.in/index.php

Three South African government websites hacked

Three South African government websites hacked
Dec 09, 2012
" H4ksniper " hacker claiming responsibility for disrupting three South African government websites. This morning after hack, website of The social development department opened to a black page with a window containing the animated graphic " Website hacked by H4ksniper ". Another message on the deface page was " Hello South Africa :D , Bad News For You IM BACK ! ..You Messed With Us & Now You Must Suffer..From Morocco with love. " On asking, hacker said that the reason of hack is " We all know that SA is the first supporter of the [República Árabe Saharaui Democrática] RASD and the enemy of Morocco since a long time and we are hackers and our goal is defending our country... " From statement, its clear that hacker belongs to Morocco and claiming to defend it from its enemy. Defaced domains : https://www.dsd.gov.za/ https://www.population.gov.za/ https://www.pnc.gov.za/ Mirror Links: https://www.th3mirror.com/mirror/id/146186/ http
Cybersecurity Resources