The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Jobvite , a recruiting platform for the social web, is found vulnerable to the most common, but critical web application vulnerabilities that could allow an attacker to compromise and steal the database of the company's website. Jobvite is a Social recruiting and applicant tracking created for companies with the highest expectations of recruiting technology and candidate quality. Growing companies use Jobvite's social recruiting, sourcing and talent acquisition solutions to target the right talent and build the best teams. An independent security researcher Mohamed M. Fouad from Egypt, has found two major flaws in Jobvite website  that could be used by an attacker to comprise the company's web server. As a responsible security researcher, Fouad also reported the critical flaws three months ago to the Jobvite team, but the company didn't fix it till now. According to Fouad, Jobvite is vulnerable to Boolean SQLi (SQL injection) and LFI (local file inclusion) v...

Malware is nothing but a malicious files which is stored on an infected computer system in order to damage the system or steal sensitive data from it or perform other malicious activities. But security researchers have uncovered a new and sophisticated piece of malware that infects systems and steals data without installing any file onto the targeted system. Researchers dubbed this  persistent malware as Poweliks , which resides in the computer registry only and is therefore not easily detectable as other typical malware that installs files on the affected system which can be scanned by antivirus or anti-malware Software. According to Paul Rascagneres , Senior Threat Researcher, Malware analyst at GData software, due to the malware's subsequent and step-after-step execution of code, the feature set was similar to a stacking principles of Matryoshka Doll approach. Paul has made a number of name ripping malware and bots to uncover and undermine cyber crimes. He won l...

Mozilla on Friday notified users of its Mozilla Developer Network (MDN) that the company has accidentally exposed the e-mail addresses and cryptographically protected passwords of thousands of Mozilla developers. The email addresses of over 76,000 members of its Developer Network, along with 4000 "salted" passwords were disclosed through a database glitch that may have been exploited by hackers, Mozilla officials warned Friday. The database glitch caused due to a data " sanitization " process failure, that was lasted for a month beginning on June 23, which inadvertently published the records of members of the MDN and left on a publicly accessible server for around a month until one of the outfit's web developers discovered their presence on a server accessible to the general public around a couple of weeks back, according to a blog post . " As soon as we learned of it, the database dump file was removed from the server immediately, and the process that ge...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

President Barack Obama signed a bill into law Friday that aims to make it legal for consumers to "unlock" their cell phones in order to change their cell phone service providers without paying for a new phone. The bill is known as the Unlocking Consumer Choice and Wireless Competition Act , which orders the U.S. Library of Congress (LoC) to allow cell phone owners to " unlock " their devices – typically " locked ," to a specific service provider like AT&T or Verizon – for its use on other networks without the permission of their service provider. " As long as their phone is compatible and they have complied with their contracts, consumers will now be able to enjoy the freedom of taking their mobile service - and a phone they already own - to the carrier that best fits their needs, " the White House said in a statement . UNLOCKING Vs. JAILBREAKING Unlocking means the device can only access the network of a particular telecomm, like AT&T or Veriz...

While the rest of the world was engaged in cyber security and privacy, an Indian patriotic hacker targeted 43 major Pakistani Government official websites, including 'President of Pakistan', 'Government of Pakistan', 'Ministry of Defence' , and whole Ministry of Pakistan . Indian hacker Godzilla claimed responsibility to hack into one of the main proxy server of the Pakistan Government, which is being used to manage all the government websites. Once the hacker gained the access to the proxy server, he managed to take down those websites. The attack on the websites are supposed to be severe as it has been over 24 hours and the websites are still down at the time of writing. The hacker posted a message on his Facebook profile saying, " Poor Pakistan no matter how hard you try we can bypass those security anytime we want. Before making a statement in media against India think twice. " Godzilla aka G.O.D is the same hacker who launched a cyber attack last year on a number of ser...

The hacktivist group Anonymous has reportedly taken down the official website of the Israeli intelligence agency Mossad against Israel's military incursion in Gaza, which has resulted in hundreds of civilian casualties. The government of Israel has yet to comment on the Mossad hack attack. The ' Hacktivists ' were able to take down Mossad's website in a Distributed Denial of Service (DDoS) attack early morning, claims a statement on one of the Anonymous hacker's Twitter account. The attack on the website is supposed to be severe as it has been over 10 hours and the site is still down at the time of writing. OPERATION SAVE GAZA The Anonymous group has already targeted a number of other Israeli organizations as part of a campaign titled " Operation Save Gaza " in the mission to stop this " massacre ." Anonymous group has also claimed responsibility of taking down multiple Israeli government sites following the death of one of the organization's members. The member n...

Pretty good news for privacy-oriented people! BitTorrent unwraps its new instant messaging program that doesn't store your metadata and helps you with encrypted communication to keep your online conversations private, whether its voice or text communications. BitTorrent named its Online chat service as " Bleep ", a decentralised peer-to-peer voice and text communications platform that offers end-to-end encryption, therefore is completely safe from the prying eyes. In order to spread users' voice and text conversations, Bleep make use of the BitTorrent distributed network rather than a centralised server. Unlike Skype or Google Hangouts, Bleep comes with with a completely decentralized design, giving you extremely strong anonymity. WHY BLEEP? " We never see your messages or metadata, " said Jaehee Lee, the senior product manager for Bleep, in a blog post announcing the new app on Wednesday. " As far as we're concerned, anything you say is 'bleep'...

Earlier this month, the founder of the Social Networking giant highlighted the future of universal Internet access, the dream that Facebook founder Mark Zuckerberg wants to fulfil, in an effort to make Internet access available to everyone across the world just like a service as essential as of 911 in the case of an emergency. Dream comes true! Facebook Inc. (FB) in partnership with Bharti Airtel Ltd. (BHARTI) of India today launches its first Android and web application with free data access to a wide range of services, according to Guy Rosen, a product management director at Facebook. This new offering from Facebook is launching in Zambia before coming to other developing countries eventually, and provided through a mobile application known as Internet.org , named after a project developed by the world's biggest social networking site to expand Internet access to the developing world. "Right now, only 15% of people in Zambia have access to the internet, Zuckerberg s...

Just few days after the announcement that Russian government will pay almost 4 million ruble (approximately equal to $111,000) to the one who can devise a reliable technology to decrypt data sent over the Tor , now the government wants something which is really tough. APPLE & SAP, HAND OVER YOUR SOURCE CODES Russian government has asked Apple to provide the access to the company's source code in an effort to assure its iOS devices and Macintoshes aren't vulnerable to spying. Not just this, the government has demanded the same from SAP as well, which is an enterprise software that manages business operations and customer relationships. Russia proposed this idea last Tuesday when Communications Minister Nikolai Nikiforov met SAP's Russian managing director Vyacheslav Orekhov , and Apple's Russian general manager Peter Engrob Nielsen, and suggested that both the companies give Russian government access to their source code. APPLE iOS BACKDOOR CONTROVERSIES The idea...

A critical vulnerability in Tor — an encrypted anonymizing network considered to be one of the most privacy oriented service, which is used by online users in order to hide their activities from law enforcement, government censors and others — was probably being used to de-anonymize the identity of Tor users, Tor project warned on Wednesday. 115 MALICIOUS ToR RELAYS WERE DE-ANONYMIZING USERS According to a security advisory , Tor Team has found a group of 115 malicious fast non-exit relays (6.4% of whole Tor network), those were actively monitoring the relays on both ends of a Tor circuit in an effort to de-anonymize users. " While we don't know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected, " Tor said. When you use Tor anonymizing network, your IP address remains hidden and it appears that your connection is coming from the IP address of a Tor exit rela...

Two days ago, we reported at The Hacker News about a critical issue in the most popular image and video sharing service, Instagram app for mobiles , that allows an attacker to hijack users' account and successfully access private photos, delete victim's photos, edit comments and also post new images. Yesterday, a London developer Stevie Graham has released a tool called " Instasheep " a play on the 2010 Facebook stealer Firesheep , a Firefox extension that can be used to compromise online accounts in certain circumstances automatically using a click of mouse. Graham discovered the Instagram issue years ago and was shocked when he realized it hadn't been fixed by Facebook yet. He released the tool after claiming Facebook refused to pay a bug bounty for his reported vulnerabilities affecting the Instagram iOS mobile application. Graham tweeted about the issue: " Denied bug bounty. Next step is to write automated tool enabling mass hijacking of accounts, " he wrote. " ...

Good News for Privacy Lovers!! An open source software group Open Whisper Systems has released the first free and Open Source phone call application for iPhone users, which is specifically designed to make secure and encrypted calls. When we talk about the privacy of our messages and voice calls, Open Whisper Systems has usually a very strong track record. Whisper is the company behind the development of RedPhone and TextSecure for Android, providing encrypted calls and texts respectively to users. Moving on to iOS devices , the company decided to produce simplest and easiest interfaces yet. Better known as Signal , a free iOS app designed to enable easy and strongly encrypted voice calls . The Signal application for iPhone is completely compatible with OWS's time-tested and well-known RedPhone . Eventually, Signal will be a combination of both RedPhone and TextSecure in a single Android application , according to a blog post . Signal makes use of end-to-en...