The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Facebook privacy flaw exposes Mark Zuckerberg private photos A flaw in Facebook has granted prying users access to supposedly private photographs, including those of the website's chief executive, Mark Zuckerberg. In total 14 pictures of Mr Zuckerberg were posted to image site Imgur under the headline: " It's time to fix those security flaws Facebook ".The bug in the website's photo reporting tool - which Facebook says was only temporary and has now been fixed - meant that users could access others' pictures even if they were private. The flaw was first reported on the forums of BodyBuilding.com, presumably because the users of that website like taking photos of themselves and putting them online. The bug exploits the way the offensive photograph reporting tool works. Facebook has been heavily criticised in the last few years for matters of privacy and so there are people who will leap on this story as yet another example of how the company simply doesn't take its u...

DNS cache poisoning attack on Google, Gmail, YouTube, Yahoo, Apple Hacker with nickname AlpHaNiX deface Google, Gmail, Youtube, Yahoo, Apple etc domains of Democratic Republic of Congo. Hacker use strategy so-called DNS cache poisoning. DNS cache poisoning is a security or data integrity compromise in the Domain Name System (DNS). The compromise occurs when data is introduced into a DNS name server's cache database that did not originate from authoritative DNS sources. It may be a deliberate attempt of a maliciously crafted attack on a name server. Hacked websites are : https://apple.cd/ https://yahoo.cd/ https://gmail.cd/ https://google.cd/ https://youtube.cd/ https://linux.cd/ https://samsung.cd/ https://hotmail.cd/ https://microsoft.cd/ [ Source ]

MySQL.com Once again Compromised using Sql Flaw A hacker with name " D35M0ND142 " claim to hack MySql.com website using Sql Injection Flaws. In September,  Mysql.com was hacked and it was serving BlackHole exploit malware on the site. In a pastebin dump Hacker Exposes various Admin user credentials and Database info. The Compromised Usernames and Passwords are from  Blog site  of MySql. MySql website is pretty embarrassed for not securing its own database's properly, Even hacker share that " Robin Schumacher is MySQL's Director of Product Management andhas over 20 years of database experience in DB2, MySQL, Oracle, SQLServer and other database engines. Before joining MySQL, Robin wasVice President of Product Management at Embarcadero Technologies. " Besides the hack on MySQL.com, D35M0ND142 also managed to breach the systems of the Urbino University in Italy and the Universal Language & Computer Institute in Nepal and Stream Database.

Python supply chain attacks are surging in 2025. Join our webinar to learn how to secure your code, dependencies, and runtime with modern tools and strategies.

Android Bloatware , Another Serious Android Privacy Issue Researchers have found that some Android smartphones are more vulnerable to attacks than others, thanks to add-on software and skins that get installed by handset makers before they ship their smartphones to subscribers. It's not just Carrier IQ that Android users need to be worried about. A team of researchers from North Carolina State University discovered the security vulnerability on eight different smartphones from Google, HTC, Motorola and Samsung. Black hat hacker can exploit these vulnerabilities to record phone calls (see proof of concept video below), wipe out your phone, call or text premium rate numbers, and read your private messages and emails, all without your permission, of course. According to the paper published by the team. " Our results with eight phone images show that among 13 privileged permissions examined so far, 11 were leaked, with individual phones leaking up to eight permissions. By exploi...

Protecting Your BlackBerry Smartphone with Security Wipe The BlackBerry device is a wonderful thing. We load our BlackBerries with various softwares and applications to increase our productivity and customize them with interesting themes and ringtones. We watch movies and play games and track day to day activities. All of these things require passwords and usually involve storing data on our devices that is sensitive in nature. So what if you want to wipe your BlackBerry clean? There are a number of reasons why you might want to wipe out your Blackberry. Perhaps you have switched jobs and need to submit your BlackBerry into your new IT department so they can set it up for their network. You wouldn't want them to have access to your previous employers data would you? Perhaps you have purchased a new model of BlackBerry and would like to gift your previous model to a friend or sell it on ebay. The same rule applies, you do not want them to see what you were using your Blackberry...

Another United Nations Web Site Hacked, Barack Obama info Leaked ! Hackers of Team Sector 404 have breached the Spanish Web site for the United Nations Refugee Agency ACNUR . Group claims to be working with Anonymous. Hackers was able to breach site with SQL Injection vulnerability . They leaked Barack Obama's email address, username, password (not in clear text), personal phone number and a login ID as shown. Other individuals whose information was leaked are Dirk Wildt from Die Netzmacher and Schaffstein from a non-profit organization called TYPO3 .Info of Other United Nation members also leaked from database. The team of hackers include  PHANTOM, RAWR, IO93, V, ZD4P50N, SPECTRUS, ANONGUS, FIBO,HACKW32, ADREX,NEKA, JJ, & ESCUADRON SPY PEOPLE Y HACKERSMX219 involve in this Hack as  Sector 404.

Cain & Abel v4.9.43 Released Cain & Abel is a password recovery tool for Microsoft operating systems.It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using dictionary and brute force attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. Change Log : Added SAP R/3 sniffer filter for SAP GUI authentications and SAP DIAG protocol decompression. Added support for Licensing Mode Terminal Server connections to Windows 2008 R2 servers in APR-RDP sniffer filter. Added support for MSCACHEv2 Hashes (used by Vista/Seven/2008) in Dictionary and Brute-Force Attacks. Added MSCACHEv2 Hashes Cryptanalysis via Sorted Rainbow Tables. Added MSCACHEv2 RainbowTables to WinRTGen v2.6.3. MS-CACHE Hashes Dumper now supports MSCACHEv2 hashes extraction from Windows Vista/Seven/2008 machines and offline registry files. Fixed a bug (crash) in Certificate Collector wit...

Biggest Independent Russian Election site Hacked on election day Popular Russian media websites, the major LiveJournal social network and the website of the country's biggest independent election watchdog, were inaccessible in hacking attacks for several hours on Sunday in what their employees said was an attempt to jam information on parliamentary elections. " The attack on the website on election day is apparently tied to an attempt to publish information about violations ," chief editor of the independent-minded Ekho Moskvy radio Aleksei Venediktov wrote in his Twitter blog. Websites of Forbes Russia, Bolshoi Gorod and New Times magazines, Slon.ru news portal, Golos election watchdog and its Kartanarusheniy.ru website that was supposed to map vote fraud were down throughout most of Sunday.These media organizations and the watchdog have pledged to report voting violations from all over Russia live.Independent and opposition media, as well as the LiveJournal social network that ha...

XSS Vulnerability On Twitter Found by 15 Years Old Expert A 15 years old XSS Expert " Belmin Vehabovic(~!White!~) " discovered XSS Vulnerability On Twitter and report us. The Vulnerable link is here . Even He also Discovered XSS Vulnerability in Facebook also as tweeted by him Yesterday  &Facebook is offering him $700 as Bounty.

Invitation for DEF-CON Chennai January Meet 2012 (DC602028) We like to invite all of you for our 4th meet which is going to held on 29th January 2012. DEF-CON Chennai is a registered group of DEF-CON, our group id is DC602028. [ Tickets for the Meet] For General Public : 700 INR For Students: 600 INR To book the tickets mail to dc602028@gmail.com [ Time of the Meet ] On 29th January 2012 From 2 PM to 7 PM Do make sure that your at the venue by 1:45 PM [ Venue of the Meet ] The Venue is going to be at Le Waterina Hotel, a 4 Star Resort. Le Waterina – The Boutique Hotel No 35 Kaveri Nagar (near Bella Ciao) Waterland Drive,Thiruvanmiyur Kottivakkam Beach.Chennai 600041. Refer: https://www.defcontn.com/DC602028/invitation-for-the-january-meet-2012/

THN December Magazine Released ! Who We are at The Hacker News ?  It is hard to re-cap the past year and all the excitement and hard work we have experienced launching an online magazine.  The subject, Hacking, is even more exciting as the technology world awakens to the security issues facing all internet users from government, large corporations and personal users. We have tried very hard to keep the readers informed and up to date regarding security threats and security breaks world wide.  Our daily news aims to give business and personal PC users an understanding of what is happening in computer security developments and what criminal activity is breaching security systems. Mostly, we understand the importance of disseminating information and keeping the internet free of restrictions.  We believe that information and opinion are the foundation of a healthy society and we strive constantly to address the political and social issues facing our new world of ele...

Voodoo Carrier IQ detector application released for Android An Android developer recently discovered a clandestine application called Carrier IQ built into most smartphones that doesn't just track your location; it secretly records your keystrokes, and there's nothing you can do about it. A new Android app to identify whether your smartphone has any Carrier IQ tracking/monitoring software installed on it has been released, the Voodoo Carrier IQ detector , giving users a simple way to put their minds to rest on privacy. The handiwork of Android app developer supercurio, the tool is only a few hours old and only partially finished, with the consequent warning that the results can't be entirely relied on yet. supercurio has offered up the source code under an open-source license for those who want to help refine the tool, so we're guessing the rough edges and reliability will be polished off in short order. Download Application Download Source Code

McAfee drafted Five Steps to Avoiding bad apps on Pc & Mobile Malicious applications are one of the most serious threats to smartphone users today. Not only can a dangerous app infect your phone and steal your personal information, it can even spy on you. Read our five easy tips for avoiding bad apps, and keep your device and information safe. An Android developer recently discovered a clandestine application called Carrier IQ built into most smartphones that doesn't just track your location; it secretly records your keystrokes, and there's nothing you can do about it. In this digital age, privacy is more important than ever. Just because you " don't have anything to hide ," does not mean that you shouldn't value your privacy or fight for it when companies do things like this, especially with something as personal as your cell phone. McAfee has come up with five " Common sense " practices that you might not have thought about before, but they actually do make sense fo...