#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Registry Hack: Get Windows XP Security Updates until 2019

Registry Hack: Get Windows XP Security Updates until 2019

May 26, 2014
Microsoft ended its support for Windows XP officially more than a month ago on April 8, 2014 . This made a large number of users to switch to the latest version of Windows, but still a wide portion of users are using Microsoft oldest and most widely used operating system, despite not receiving security updates. While some companies and organizations who were not able to migrate their operating system's running Windows XP to another operating system before the support phase ended, are still receiving updates by paying Microsoft for the security patches and updates. Now a relatively simple method has emerged as a trick for the XP users which makes it possible to receive Windows XP security updates for the next five years i.e. until April 2019. It makes use of updates for Windows Embedded POSReady 2009 based on Windows XP Service Pack 3, because the security updates which are being released for POSReady 2009 are inevitably the same updates Microsoft would have rolled out...
ProtonMail: 'NSA-Proof' End-to-End Encrypted Email Service

ProtonMail: 'NSA-Proof' End-to-End Encrypted Email Service

May 26, 2014
The Edward Snowden revelations triggered a large-scale movement worldwide towards deploying encryption across the Internet for secure services, which is something the government agencies like NSA and GCHQ have targeted repeatedly, as exemplified by abruptly shutting down Lavabit , a Texas-based Encrypted Email Service. In response, a group of young developers at the European Organization for Nuclear Research (CERN) has launched a new email service which offers end-to-end encryption and securing communications that could put an end to government snooping and will keep away our personal data from prying eyes. PROTONMAIL - AN END-to-END ENCRYPTED EMAIL This new encrypted email service, called ProtonMail is a super-secure email service created in collaboration with the scientists from Harvard, the Massachusetts Institute of Technology and the European research lab CERN. ProtonMail offers a user-friendly experience with full "end-to-end" encryption . It encrypts the data on the browser...
Spam Tweets 'US Government Trying to Shut Down Bitcoin' Spreading Malware

Spam Tweets 'US Government Trying to Shut Down Bitcoin' Spreading Malware

May 25, 2014
The Security Software company Malwarebytes has discovered a malicious scam spreading through rogue tweets by a number of fake Twitter accounts with a link to a story that says the United States Government is trying to ban cryptocurrency Bitcoin. " The majority of the accounts pushing these things are clearly fake, using gathered Twitter handles to launch the barrage of malicious spam at the Twitterverse, " wrote Adam Kujawa of Malwarebytes in a blog post on Thursday. In most cases, cybercriminals use to spread the malicious software via an email, but distribution of malware through social media is relatively new tantrum of cyber criminals, as more people are fond of social media platforms now a days. Adam discovered the scam and according to him the worst part of this new Twitter scam is that even without realizing the impact of this fake news, other Twitter users are retweeting from their accounts, making the malware scam more worse. The tweets contain links lead...
cyber security

New Webinar: Identity Attacks Have Changed — Have Your IR Playbooks?

websitePush SecurityThreat Detection / Identity Security
With modern identity sprawl, the blast radius of a breach is bigger than ever. Are you prepared? Sign up now.
Between Buzz and Reality: The CTEM Conversation We All Need

Between Buzz and Reality: The CTEM Conversation We All Need

Jun 24, 2025Threat Exposure Management
I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead , Director of Cybersecurity at Avidity Biosciences, brings a forward-thinking security perspective that reflects the innovation behind Avidity's targeted RNA therapeutics. Last but not least, Michael Francess , Director of Cybersecurity Advanced Threat at Wyndham Hotels and Resorts, leads the charge in protecting the franchise. Each brought a unique vantage point to a common challenge: applying Continuous Threat Exposure Management (CTEM) to complex production environments. Gartner made waves in 2023 with a bold prediction: organizations that prioritize CTEM will be three times less likely to be breached by 2026. But here's the kicker -...
Hacking Cable TV Networks to Broadcast Your Own Video Channel

Hacking Cable TV Networks to Broadcast Your Own Video Channel

May 25, 2014
I was watching my favorite show on the television and it was just half over when I saw something which was definitely not a part of the show I was watching. My television screen gone blank for a couple of seconds and then what I saw was totally unbelievable for my eyes. It was my friend ' Rahul Sasi ' on the television and I was still wondering that how did he interrupted in between a television show like happens in Sci-Fi movies, someone hijacks television or computer to deliver some kind of message or warning. Also like in some horror movies in which sometime ghostly images interrupts between the television and suddenly comes out. Oh my god! But, nothing happened like that in my case, my friend didn't came out. Just few minutes later I was again redirected to the same show I was watching, only a part of it I missed, but never mind I'll watch it on the YouTube later. I think you might be thinking as if I am kidding, but it's true. My friend Rahul Sasi is a well kn...
Vulnerability in Yahoo Websites Allows Hackers to Delete Any Comment

Vulnerability in Yahoo Websites Allows Hackers to Delete Any Comment

May 24, 2014
Two months ago, we reported a critical vulnerability on the Yahoo Answers platform that allowed a hacker to delete all the posted thread and comments from Yahoo's Suggestion Board website. Recently, a similar vulnerability has been reported by another Egyptian security researcher ' Ahmed Aboul-Ela ', that allows him to delete any comment from all Yahoo Services, including Yahoo News , Yahoo Sports , Yahoo TV , Yahoo Music , Yahoo Weather, Yahoo Celebrity , Yahoo Voices and more. HOW TO DELETE ANY COMMENT When yahoo users comment on any article or post on any of the Yahoo services, they are allowed to delete their own comment anytime. But the reported vulnerability discovered by Ahmed allows them to delete all the comments, even if they are posted by others. To delete a comment, one can initiate the request by clicking on the delete button and once clicked, the page sends a POST request to the Yahoo server with some variables i.e. comment_id and content_id , where comm...
New Point-of-Sale Malware Compromises 1,500 Devices Worldwide

New Point-of-Sale Malware Compromises 1,500 Devices Worldwide

May 24, 2014
In past few months, the malware developers are more focusing on proliferating and upgrading malicious malwares to target Point-of-Sale (POS) machines. Due to the lack of concern and security measures, point-of-sale (POS) systems have become an attractive target for cybercriminals and malware writers. BlackPOS malware caused massive data breaches in various US retailers targeting POS machines and the largest one is TARGET data breach occurred during the last Christmas holidays. The third-largest U.S. Retailer in which over 40 million Credit & Debit cards were stolen, used to pay for purchases at its 1500 stores nationwide in the U.S. Neiman Marcus, Michaels Store were also targeted involving the heist of possibly 110 million Credit-Debit cards, and personal information. BlackPOS malware was embedded in point-of-sale (POS) equipment at the checkout counters to collect secure data as the credit cards were swiped during transactions. Now the latest one is the ' Nemanj...
Apple Patches 22 Safari WebKit Vulnerabilities

Apple Patches 22 Safari WebKit Vulnerabilities

May 24, 2014
Apple has just released a pair of software updates for its Safari web browser addressing multiple Webkit vulnerabilities in Mac OS X, providing its users with 21 security patches. The critical bug resides in the Safari 7.0.4 for Mac OS X Mavericks 10.9.3 and Safari 6.1.4 for OS X Lion 10.7.5, OS X Lion Server 10.7.5 and Mountain Lion 10.8.5. According to Apple's security advisory , All of the 21 security flaws address the iOS browser vulnerabilities proliferating through the Safari's open-source Webkit rendering engine. This webkit vulnerability allows a malicious website to execute an arbitrary code on the host computer or unexpected termination of an application in an effort to compromise users' confidential information. " Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution ," Apple warned in the advisory. Security updates tackle a number of flaws including: CVE-2013-2875 CVE-2013-2927 CV...
Worst Day for eBAY, Multiple Flaws leave Millions of Users vulnerable to Hackers

Worst Day for eBAY, Multiple Flaws leave Millions of Users vulnerable to Hackers

May 23, 2014
It's not been more than 36 hours since eBay revealed it was hacked and we just come to know about three more critical vulnerabilities in eBay website that could allow an attacker to compromise users' account once again, even if you have already reset your account password after the last announcement. Yesterday eBay admitted to the massive data breach that affected 145 million registered users worldwide after its database was compromised. eBay urged its 145 million users to change their passwords after the cyber attack, but are passwords enough? eBay Data breach happened mainly because of their vulnerable infrastructure, not weak passwords. I think eBay's morning just going to be bad to worse as today, three Security researchers came forward with three more different types of critical flaws in eBay website that leave its 145 million users vulnerable to hackers. HACKER UPLOADED SHELL ON eBAY SERVER (UNPATCHED) A critical security flaw in the eBay website for i...
SNMP Reflection DDoS Attacks on the Rise

SNMP Reflection DDoS Attacks on the Rise

May 23, 2014
The DDoS techniques have massively increased with the attackers becoming more skillful at working around the network security. A massive 300Gbps DDoS attack launched against Spamhaus website almost broke the Internet a year ago and also earlier this year, hackers have succeeded in reaching new heights of the massive DDoS attack targeting content-delivery and anti-DDoS protection firm CloudFlare, reaching more than 400Gbps at its peak of traffic. Akamai's Prolexic Security Engineering and Response Team (PLXsert) issued a threat advisory on Thursday reporting a significant surge in DDoS attacks last month abusing the Simple Network Management Protocol (SNMP) interface in network devices. Simple Network Management Protocol (SNMP) is a UDP-based protocol which is commonly known and often used to manage network devices. SNMP is typically used in devices such as printers, routers and firewalls that can be found in the home and enterprise environments as well. Just as D...
Samsung Plans to add Eye Scanner to its Upcoming Smartphones

Samsung Plans to add Eye Scanner to its Upcoming Smartphones

May 22, 2014
After introducing the Fingerprint scanner to its new release, Samsung next plans to add IRIS scanning technology to its future smartphones to better improve the security of smartphones and for being more innovative too. According to a report released by The Wall Street Journal, Samsung senior Vice President Rhee In-jong told analysts and investors at a forum in Hong Kong that the company is planning to incorporate biometric sensors such as eye scanners into more of its products as a part of its enterprise security software. " We're looking at various types of biometric mechanisms and one of things that everybody is looking at is iris detection, " Rhee said. The move is no doubt in order to bring an added layer of security to its devices. A Smartphone with an eye-scanning feature would most likely to be used in the front-facing camera to scan the unique patterns of the user's iris and once the pattern get matched with the already stored user's iris image in the phon...
Microsoft Outlook App for Android Devices Stores Emails Unencrypted on File System

Microsoft Outlook App for Android Devices Stores Emails Unencrypted on File System

May 22, 2014
If you have an account with Microsoft's popular free email service Outlook.com, and using Outlook app for Android, then there is a bad news for you. Microsoft's Android app for Outlook.com,  provides users to access their Outlook emails on their Android devices, fails to provide security and encryption. LOOPHOLES DISCOVERED Researchers from ' Include Security ' firm claims to have found multiple vulnerabilities in Microsoft's Outlook app for Android, that leaves users' email data vulnerable to hackers and other malicious third party apps. By default, Email attachments are stored into easily accessible folders on the Android filesystem Email Database ( Body, Subject ) is stored locally in an unencrypted manner App's 'Pin Code' feature doesn't protect or encrypt email data. EMAIL ATTACHMENTS ARE ACCESSIBLE TO ANY OTHER APPS Today almost every applications available at Google Play Store generally ask for  READ_EXTERNAL_STORA...
Apple iCloud and Activation Lock Hacked; Allows Hackers to Unlock Stolen Devices

Apple iCloud and Activation Lock Hacked; Allows Hackers to Unlock Stolen Devices

May 22, 2014
A Dutch-Moroccan team of hackers calling itself " Team DoulCi " have reportedly claimed to hack a protective feature on Apple 's iCloud system, that could leverage an attacker to remove security measures on lost or stolen iPhone devices. According to a report from Dutch news organization De Telegraaf , the hackers purchased locked iPhone devices for $50 to $150 each and then bypassed Apple's iCloud activation lock through a serious security vulnerability Apple has failed to patch with its most recent updates. The critical vulnerability in the Apple's iCloud allowed them to unlock stolen iPhones in an instant, which could then be sold for a large profit in the Blackmarket. This is the first time when any hacker group has managed to compromise the highly secured Apple's iCloud service. iCloud is a cloud storage and cloud computing service provided by the Apple Inc. to its users since October 2011 with more than 320 million users across the world. The service all...
Expert Insights Articles Videos
Cybersecurity Resources