website hacking | Breaking Cybersecurity News | The Hacker News

Hackers claiming affiliation with the hacktivist group "Anonymous" have allegedly leaked more than 13,000 username and password combinations for some of the worlds most popular websites, including Amazon, Xbox Live and Playstation Network . The stolen personal information was released in a massive text document posted to the Internet file-sharing website Ghostbin  (now deleted) , on Friday. The document contains a huge number of usernames and passwords, along with credit card numbers and expiration dates. The news came just a day after the hacker group Lizard Squad compromised Sony's Playstation and Microsoft's Xbox Live gaming networks on Christmas day, which is estimated to have affected Xbox's 48 million subscribers and PlayStation's 110 million users, making it a total of more than 150 million users worldwide. However, data breach of 13,000 users is not the biggest data breach we've ever seen. When millions of passwords are used for sites ar

Surprisingly, from yesterday a cartoon picture of the supreme leader of the Democratic People's Republic of Korea (North Korea) named Kim Jong-un appearing on The Pirate Bay website 's homepage, but WHY? At the beginning of this month, The Pirate Bay — an infamous Torrent website predominantly used to share copyrighted material such as films, TV shows and music files, free of charge — went dark from the internet during a raid operation carried out by Swedish Police. However, a number of clones and rumors of rebirths of the infamous The Pirate Bay (TPB) appeared online, but the official domain of The Pirate Bay ( ThePirateBay.se ) remained inaccessible, until last week. ThePirateBay.se , the official domain of TPB returned to life, but without an archive of torrent files and now showing a ticking clock, with the Jolly Roger (skull and crossbones Pirate flag) waving in the background, and an image with apparently random characters with the filename AES.png , hintin

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Syrian Electronic Army (SEA) , a pro-hacker group supposed to be aligned with Syrian President Bashar al-Assad has again gain media attention by compromising a number of popular news websites and displayed a Thanksgiving popups informing people that they've been hacked. The Forbes, The Independent, The Chicago Tribune , The Daily Telegraph , The London Evening Standard, broadcaster CNBC, PC World and the US National Hockey League were among those popular websites affected by the group. This time they apparently targeted a third-party widget that is used by all those compromised websites. It is being reported that the hacker group found a way into registrar GoDaddy to compromise DNS records for the Gigya , a customer identity management platform used by all the sites. Although all site visitors were not affected by the attack, but some visitors using a line of Javascript were redirected to SEA web pages with the message " You've been hacked by the Syrian Elec

Yahoo! was recently impacted by a critical web application vulnerabilities which left website's database and server vulnerable to hackers. A cyber security expert and penetration tester, Ebrahim Hegazy a.k.a Zigoo from Egypt , has found a serious SQL injection vulnerability in Yahoo's website that allows an attacker to remotely execute any commands on its server with Root Privileges. According to Hegazy blog post , the SQLi vulnerability resides in a domain of Yahoo! website i.e. https://innovationjockeys.net/tictac_chk_req.php . Any remote user can manipulate the input to the " f_id " parameter in the above URL, which could be exploited to extract database from the server. While pentesting, he found username and password ( encoded as Base64 ) of Yahoo!' admin panel stored in the database. He decoded the Administrator Password and successfully Logged in to the Admin panel. Furthermore, SQL injection flaw also facilitate the attacker to exploit Remote Cod

The official website of a prominent Israel-based, Middle East foreign policy-focused think tank, the Jerusalem Center for Public Affairs (JCPA) , has been compromised and abused by attackers to distribute malware . The Israeli think tank website JCPA – an independent research institute focusing on Israeli security, regional diplomacy and international law – was serving the Sweet Orange exploit kit via drive-by downloads to push malware onto the computers of the website's visitors by exploiting software vulnerabilities, researchers from security firm Cyphort reported on Friday. The Sweet Orange is one of the most recently released web malware exploitation kits, available for sale at selected invite-only cyber crime friendly communities and has been around for quite some time. However, Sweet Orange has also disappeared but in October 2013, shortly after the arrest of Paunch, the author of BlackHole , experts observed a major increase in the use of Sweet Orange. The

Jobvite , a recruiting platform for the social web, is found vulnerable to the most common, but critical web application vulnerabilities that could allow an attacker to compromise and steal the database of the company's website. Jobvite is a Social recruiting and applicant tracking created for companies with the highest expectations of recruiting technology and candidate quality. Growing companies use Jobvite's social recruiting, sourcing and talent acquisition solutions to target the right talent and build the best teams. An independent security researcher Mohamed M. Fouad from Egypt, has found two major flaws in Jobvite website  that could be used by an attacker to comprise the company's web server. As a responsible security researcher, Fouad also reported the critical flaws three months ago to the Jobvite team, but the company didn't fix it till now. According to Fouad, Jobvite is vulnerable to Boolean SQLi (SQL injection) and LFI (local file inclusion) v

While the rest of the world was engaged in cyber security and privacy, an Indian patriotic hacker targeted 43 major Pakistani Government official websites, including 'President of Pakistan', 'Government of Pakistan', 'Ministry of Defence' , and whole Ministry of Pakistan . Indian hacker Godzilla claimed responsibility to hack into one of the main proxy server of the Pakistan Government, which is being used to manage all the government websites. Once the hacker gained the access to the proxy server, he managed to take down those websites. The attack on the websites are supposed to be severe as it has been over 24 hours and the websites are still down at the time of writing. The hacker posted a message on his Facebook profile saying, " Poor Pakistan no matter how hard you try we can bypass those security anytime we want. Before making a statement in media against India think twice. " Godzilla aka G.O.D is the same hacker who launched a cyber attack last year on a number of ser

The users of WordPress, a free and open source blogging tool as well as content management system (CMS), that have a popular unpatched wordPress plugin installed are being cautioned to upgrade their sites immediately. A serious vulnerability in the WordPress plugin, MailPoet , could essentially allows an attacker to inject any file including malware, defacements and spam, whatever they wanted on the server and that too without any authentication. MailPoet, formerly known as Wysija Newsletter , is a WordPress plugin with more than 1.7 million downloads that allows developers running WordPress to send newsletters and manage subscribers within the content management system. In a blog post, the security researcher and CEO of the security firm Sucuri , Daniel Cid, pointed out the vulnerability to be serious and said that within three weeks since the vulnerability unveiled, over 50,000 websites have been remotely exploited by the cybercriminals to install backdoors targeting the vulner

If you own a mobile version for your Wordpress website using the popular WPtouch plugin, then you may expose to a critical vulnerability that could potentially allow any non-administrative logged-in user to upload malicious PHP files or backdoors to the target server without any admin privileges. WordPress is a free and an open source blogging tool as well as a content management system (CMS) with 30,000 plugins, each of which offers custom functions and features enabling users to tailor their sites to their specific needs. That is why, it is easy to setup and used by more than 73 million of websites across the world, and about 5.7 million them uses WPtouch plugin, making it one of the most popular plugins in the WordPress plugin directory. WPtouch is a mobile plugin that automatically enables a user friendly and elegant mobile theme for rendering your WordPress website contents on the mobile devices. User can easily customize many aspects of its appearance by the adm

The FBI officers have arrested a 20-year-old Tennessee man and charged with federal computer hacking for allegedly conspiring to launch cyber attacks on five organizations in 2013, including two universities and three companies in the US and Canada, federal law enforcement officials announced today. The accused named Timothy Justin French , who go online by the name " Orbit ," is a key member of the collective "NullCrew" hacking group , that claimed responsibility for dozens of high-profile computer attacks against corporations, educational institutions, and government agencies. NullCrew is a hacktivist group that came into light in 2012 after a successful cyber attack against the World Health Organization (WHO) and Public Broadcasting Service (PBS) in 2012, which resulted in plain-text username and passwords being posted online on Pastebin. The group, represent itself as a part of Anonymous hacking collective, has since 2012 carried out a number of similar high profi

Two months ago, we reported a critical vulnerability on the Yahoo Answers platform that allowed a hacker to delete all the posted thread and comments from Yahoo's Suggestion Board website. Recently, a similar vulnerability has been reported by another Egyptian security researcher ' Ahmed Aboul-Ela ', that allows him to delete any comment from all Yahoo Services, including Yahoo News , Yahoo Sports , Yahoo TV , Yahoo Music , Yahoo Weather, Yahoo Celebrity , Yahoo Voices and more. HOW TO DELETE ANY COMMENT When yahoo users comment on any article or post on any of the Yahoo services, they are allowed to delete their own comment anytime. But the reported vulnerability discovered by Ahmed allows them to delete all the comments, even if they are posted by others. To delete a comment, one can initiate the request by clicking on the delete button and once clicked, the page sends a POST request to the Yahoo server with some variables i.e. comment_id and content_id , where comm

It's more than a month since we all were warned of the critical OpenSSL Heartbleed vulnerability , but that doesn't mean it disappeared. The critical bug compromised many popular websites and after been discovered the problem was solved. But is that so? No, not at all! A recent finding from the security researcher Robert David Graham claims that there are still more than 300,000 servers apparently remain vulnerable to the most critical OpenSSL bug, Heartbleed, which is admittedly down in numbers from the previous which resulted in over 600,000 systems a month ago. Graham announced on the Errata Security blog that he arrived at the number through a recently done global internet scan (or at least the important bits: port 443 of IPv4 addresses), which reveals that exactly 318,239 systems are still vulnerable to the OpenSSL Heartbleed bug and over 1.5 million servers still support the vulnerable "heartbeat" feature of OpenSSL that allowed the critical bug. "

When it comes to Digital Forensics, Penetration and Security testing, we mostly relies on Kali Linux distribution (also known as Backtrack), which is designed for security professionals and packed with more than 300 security testing tools. But Today, Mailing List sub-domain of Kali Linux get hacked and defaced by Libyan hacking group known as ' The GreaT TeAm (TGT) '. A mailing list is simply a list of email addresses to which the same information is being sent. A discussion list is used to allow a group of people to discuss topics amongst themselves, with everyone able to send mail to the list and have it distributed to everyone in the group. Mailing lists have become a popular way for Internet users to keep up with topics they're interested in. At the time of writing, The Homepage of Kali Linux mailing list domain was displaying two lists, i.e. Kali with description "Hacked By The GreaT TeAm -TGT" Kali-Dev with description "Libyan Hackers" S

Ruby on Rails contains a flaw in its design that may allow attackers to more easily access applications. Websites that rely on Ruby on Rails's default cookie storage mechanism   CookieStore  are at risk. The vulnerability was actually reported two months ago, but still thousands of website are running a vulnerable version of Ruby on Rails that allows a malicious attacker to gain unauthorized access again and again without password, if someone manages to steal users' cookies via via cross site scripting or session sidejacking or with physical access.  More than 10,000 websites are vulnerable to Ruby on Rails's cookie storage mechanism flaw, but this vulnerability requires your user's session cookies to be compromised in the first place. Security researcher G.S. McNamara provided the details of the vulnerability in a blog post , he analyzed nearly 90,000 sites running specialized scripts and discovered 1,897 sites based on old versions of Ruby on Rails ( version 2.0 to ve

If you're a user of the Buffer app, the social-media management service that let you cross-posting to various social networks, be aware that the service got hacked yesterday, with spam messages going out over Facebook.  " Buffer was hacked around 1 hour ago, and many of you may have experienced spam posts sent from you via Buffer. I can only understand how angry and disappointed you must be right now. " Buffer team said, in an email sent to users and also posted to Buffer's blog . It's not yet clear how many of Buffer's 1 million or so users were affected by the hack, but buffer maintains that user passwords are safe nor has any "billing or payment information been affected or exposed" . Photo Credit : The Next Web It appears that Buffer's Facebook and Twitter spam messages were first sent at around 2:20 p.m. ET. Hackers have used the exploit to spam user accounts on Facebook, Twitter, Google+, and other sites. Just recently, Instagram saw a viral wa

If you are today trying to visit the php.net website, an official website of the PHP scripting language, you will likely see the above shown result, instead of the original website. Chrome and Firefox is currently flagging the site as " suspicious " and contains malware that can harm your computer. According to Google's Webmaster Tools, the script at https://static.php.net/www.php.net/userprefs.js  was included as suspicious, and Google's Safe Browsing diagnostics  for php.net do suggest that malware has been present on the site in the last 90 days: " Of the 1513 pages we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent. " " Malicious software includes 4 trojan(s). Malicious software is hosted on 4 domain(s), including cobbcountybankruptcylawyer.com/, stephaniemari.com/, northgadui.com/ . 3 domain(s) appear to be functioning as intermediaries for

Hackers are focusing on vulnerabilities in the PHP web application development platform threatening 80% websites in the world, including many big website i.e. Facebook and Wikipedia. PHP has several predefined variables that are called SuperGlobals i.e. POST, GET, COOKIES, FILES etc. Imperva Releases Hacker Intelligence Initiative Report , particularly concerned about two vulnerabilities that can be used to execute code on servers running PHP and fail to stop PHP SuperGlobal parameter variables being modified by external sources. Dubbed as  CVE-2011-2505 , describes a vulnerability in the authentication feature in PhpMyAdmin (PMA) that enables attackers to modify the  _SESSION  SuperGlobal variable. CVE-2010-3065 describes a problem in the PHP's session serialization mechanism. By injecting malicious value into an internal variable using PHP's Superglobal mechanism, the attacker is able to change the application flow and execute arbitrary commands to take control over

Pakistan Army site (pakistanarmy.gov.pk) and Three Facebook pages hacked by an Indian hacker 'Godzilla '. Hacker told ' The Hacker News ' that, using a CMS vulnerability they got access into the Pakistan army website using credentials i.e. Username: mag_admin password: #$%modern! .  Then they left a malicious PDF magazine document in their content management system of magazine portal for the Pakistan army, which was later clicked by the Administrator and that installed a piece of malware on the administrator's computer. " For security they have taken down the login page of content management but failed to remove my backdoor " hacker told The Hacker News. Using an infected system of the Administrator, he has also gained unauthorized access to three Pakistan Army Facebook pages. Pakistan Army Official Facebook Page ( www.facebook.com/OfficialPakArmy ) Pakistan Army Officers Club Facebook Page ( www.facebook.com/fb.paoc ) Pakistan Army Fan Facebook Page

It seems that German Video Game company 'Crytek' has been the latest victim of hacking attacks on its website and few forums, and caused Crytek's family of websites to go offline. According to the company, " Our Crytek.com, Mycryengine.com, Crydev.net and MyCrysis.com sites were all subject to a security breach that may have resulted in some users' login data being compromised ,". Strangely, Crysis.com has not been taken down and is still running as normal. " We recently became aware of suspicious activity relating to some of Crytek's websites and acted quickly to take those websites offline for security reasons. We thank you for your patience, and expect to have these sites fully operational soon ." " Although it is uncertain whether the incident led to the copying and decryption of email addresses and passwords ", it continued, " it is possible that users with accounts on these websites have had personal data copi

If you're making a lot of money and you want to keep records of your transactions, then using PayPal 's Reporting system you can effectively measure and manage your business. Nir Goldshlager , founder of Breaksec and Security Researcher reported  critical flaws in Paypal Reporting system that allowed him to steal private data of any PayPal account. Exploiting the  vulnerabilities  he discovered, allowed him to access the financial information of any PayPal user including victim's shipping address Email addresses, Phone Number, Item name, Item Amount, Full name, Transaction ID, Invoice ID,  Transaction, Subject, Account ID, Paypal Reference ID etc. He found that PayPal is using the Actuate Iportal Application (a third party app) to display customer reports, so Nir downloaded the trial version of this app for testing purpose from its official website. After going deeply through the source code of trial version, Nir located a file named getfolderitems.