The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A Serious vulnerability in Facebook has recently been reported that could allow anyone to delete your complete Facebook photo album without having authentication. Security Researcher Laxman Muthiyah told The Hacker News that the vulnerability actually resides in Facebook Graph API mechanism, which allows "a hacker to delete any photo album on Facebook . Any photo album owned by an user or a page or a group could be deleted." DELETING FACEBOOK PHOTO ALBUMS According to Facebook developers documentation, its not possible to delete albums using the Graph API, but Indian security researcher has found a way to delete not just his own, but also others Facebook photo albums within few seconds. " I decided to try it with Facebook for mobile access token because we can see delete option for all photo albums in Facebook mobile application isn't it? Yeah and also it uses the same Graph API ," he said. In general, Facebook Graph API requires an access tok...

Nearly 40,000 organisations running MongoDB , a NoSQL high performance and cross-platform document-oriented database, are found to be unprotected and vulnerable to hackers. Three students from University of Saarland in Germany at the Centre for IT Security – Kai Greshake, Eric Petryka and Jens Heyens – discovered that MongoDB databases running at TCP port 27017 as a service on several thousands of commercial web servers are easily accessible on the Internet. MongoDB is an open-source database used by companies of all sizes, across all industries for a wide variety of applications. MongoDB is built for scalability, performance and high availability, scaling from single server deployments to large, complex multi-site architectures. By leveraging in-memory computing, MongoDB provides high performance for both reads and writes. The German researchers said that they were able to get "read and write access" to the unsecured MongoDB databases without using any sp...

The GHOST vulnerability is a buffer overflow condition that can be easily exploited locally and remotely, which makes it extremely dangerous. This vulnerability is named after the GetHOSTbyname function involved in the exploit. Attackers utilize buffer overflow vulnerabilities like this one by sending specific packets of data to a vulnerable system. The attack allows the attacker to execute arbitrary code and take control of the victim's vulnerable machine. Unfortunately, the vulnerability exists in the GNU C Library (glibc) , a code library originally released in 2000, meaning it has been widely distributed. Many derivative programs utilize the glibc to carry out common tasks. Although an update released by Linux in 2013 mitigated this vulnerability, most systems and products have not installed the patch. What Can I Do About GHOST Vulnerability? Like with any vulnerability, the best way to mitigate GHOST vulnerability is to identify vulnerable systems, prioritiz...

Remember RapidShare ? Once one of the world's most popular and first ever one-click online file hosting and cloud storage website on the Internet. The company has announced that it will shut down its business at the end of next month. RapidShare file hosting service announced its shut down Tuesday through a notice on its official website, saying that it will stop active service on March 31, 2015. All user accounts on the website will no longer be available after this date, and all files will be deleted automatically. WHAT RAPIDSHARE USERS MUST DO ? " We strongly recommend all customers to secure their data. After March 31st, 2015 all accounts will no longer be accessible and will be deleted automatically ," the notice on RapidShare official website reads. Just two days back, the most popular Torrent website KickAss Torrents banned by the .so registry (Somalian registry), forcing the site's operators to switch to another domain. Now, suddenly the ol...

Microsoft just issued a critical patch to fix a 15-year-old vulnerability that could be exploited by hackers to remotely hijack users' PCs running all supported versions of Windows operating system . The critical vulnerability — named " JASBUG " by the researcher who reported the flaw — is due to a flaw in the fundamental design of Windows that took Microsoft more than 12 months to release a fix. However, the flaw is still unpatched in Windows Server 2003, leaving the version wide open to the hackers for the remaining five months. HACKERS CAN EASILY HIJACK YOUR WINDOWS MACHINE The vulnerability ( CVE-2015-0008 ) could allow an attacker to easily hijack a domain-configured Windows system if it is connected to a malicious network – wirelessly or wired, giving attacker consent to do various tasks including, to go forth and install programs; delete, alter or peruse users' data; or to create new accounts with full user rights. However, Jasbug vulnerability do not affects h...

Last year, the founder of the Social Network giant highlighted the future of universal Internet access, the dream that Facebook founder Mark Zuckerberg wants to fulfill — Making Internet access available to everyone across the world just like a service as essential as of 911 in the case of an emergency. Dreams are transforming into Reality!! Facebook's Internet.org app has launched in India to offer free Internet access to a set of websites for users in seven different circles, including Mumbai, Maharashtra, Gujarat, Andhra Pradesh, Chennai, Tamil Nadu and Kerala. Internet.org , with motto ' Internet for All ' , named after a project developed by the world's biggest social network site Facebook to expand Internet access to "the next 5 billion people" around the world who currently don't have it. Facebook has tied up with India's Reliance Communications in an effort to provide free Internet services to users on mobile phones, making India ...

Google has found an excellent idea to celebrate Safer Internet Day . The search engine giant is offering a nice perk for its users who complete a quick Security Checkup by February 17th. No doubt, its willing to bribe us, , but you probably should review your security settings anyway, and I loved the idea. Now, what's the perk?? Google is providing you 2GB of extra space in your Google Drive account and there's an easy way to fetch the offer. You just have to check your account security, and for that, simply follow the steps given below: In the next week, head to Google's security checkup page Then, follow some simple instructions given on the page Under the Security Checkup process, a user will go through simple confirmations, like: Your backup email address Ensures your account recovery information is current Lets you review recent sign-in activity Confirms the list of apps that access your account information. The process will hardly take 5 minutes or so t...

A security researcher has publicly released a set of 10 Million usernames and passwords, which he collected from multiple data breaches over the last decade for the purpose of his research. These 10 million usernames and passwords are collective of leaked database dumps those were already available publicly on the Internet. However, Mark Burnett, a well-known security consultant who has developed a specialty collecting and researching passwords leaked online, marked his decision to publish the password dump as legally risky, but necessary to help security researchers. WHY IS THE RESEARCHER WILLING TO SHARE PASSWORDS ? The researcher says the released set of passwords and usernames is like a sample data, which is important for other researchers to analyze and provide great insight into user behavior and is valuable for encouraging password security . Also, the researcher was frequently receiving lots of requests from students and other security researchers to submit a copy ...

A year ago, the U.S. government's Defense Advance Research Projects Agency (DARPA) announced a project to create a powerful new search engine that could find things on the deep web that isn't indexed by Google and other commercial search engines. The project, dubbed Memex Deep Web Search Engine , is well underway, and for the first time on Sunday night, we got an early look at Memex search engine — the crime-fighting search engine in action. The Pentagon's research agency gave Scientific American a preview of the software and 60 Minutes exclusive looks at the technology. The Deep Web is a heap of illegal activity, pervade with child pornography , drug deals, Cyber crime and human trafficking. But because the dark web is 'buried' so deeply that it is out of the reach of mainstream search engines and law enforcement agencies, however, that's until now. Memex Search Engine attempts to secure the Internet from hackers, human traffickers and other c...

So far, the torrent users didn't forget the incident of The Pirate Bay seizer, that another most popular Torrent website, KickAss Torrents , has been kicked off by the Somalian registry. KickAss Torrent download website has lost access to its Kickass.so - the Somalian domain with millions of unique visitors per day and the most visited torrent website on the Internet. The domain is currently offline and, according to TorrentFreak, the Somalia based KickAss Torrent download domain was recently listed as "banned" by the .so registry, forcing the site's operators to switch to another domain. Just like The Pirate Bay , KickAss Torrents is also a well-known torrent download service that has often been criticized for providing easy access to pirated content, so it's no surprise that the ban came following a complaint received by Somalian authorities. KickAss Torrents website stopped working around 4 am ET and is still offline and will not be returning. Howeve...

Is Your Smart TV Spying On You?  You just need to make sure you don't hold any private conversations in front of the internet-connected TV. IS SMART TV GETTING TOO SMART? Smart TVs are connected to the Internet, and they are capable of collecting and transmitting our data. Samsung's Smart TV uses voice recognition technology to enable voice commands, but its privacy policy defined by the company says " if your spoken words include personal or other sensitive information, that information will be captured and transmitted to a third party. " In other words, Samsung's Voice Recognition feature is always listening you, unless you deactivate it. So these internet-enabled smart devices can be exploited to reveal a wealth of personal. " In addition, Samsung may collect and your device may capture voice commands and associated texts so that we can provide you with Voice Recognition features and evaluate and improve the features. " Samsung S...

The hacktivist group Anonymous has launched a massive cyber attack against the Islamic State of Iraq and Syria (ISIS) — the radical Islamic terrorist group who were  responsible for the terrorist attack against the Paris offices of satirical magazine Charlie Hebdo . With huge social media presence, ISIS is the most active terror group on Facebook, Twitter, YouTube and Instagram accounts. But unluckily, over dozens of Facebook and Twitter accounts linked to ISIS has recently been taken by the Anonymous group. In a video appeared on Youtube, Anonymous group and RedCult announced the operation  #OpISIS  and claimed to have carried out cyber attack against hundreds of Twitter and Facebook accounts used by ISIS for its own propaganda and to recruit new members. According to the video, Operation  #OpISIS  is coordinated by "Muslims, Christians, Jews"  alike and a masked individual discusses the aim of the campaign. They are " ...