The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Customer service software provider Zendesk announced a security breach, that affected three major Zendesk clients i.e Tumblr, Pinterest and Twitter and allowed hackers into their systems. The hacks come just days after Apple , Twitter and Facebook revealed that their employees computers fell victim to unauthorized access. The company believes the hacker downloaded the email addresses of Tumblr, Twitter, and Pinterest customers who attempted to get support from the companies.  Stolen information might be exploited via social-engineering attacks. " Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines. We notified our affected customers immediately and are working with them to assist in their response. " Zendesk discov...

Twitter announced via its blog today that it has begun using a new method called Domain-based Message Authentication, Reporting and Conformance (DMARC) to help prevent email phishing. DMARC is actually a standard for preventing email spoofing, in order to make it harder for attackers to send phishing emails that appear to come from twitter.com addresses. Sometimes it's not easy to figure out if an email is legitimate or not. It implementing the SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) email message validation and authentication systems. Twitter says it started using the DMARC earlier this month. While the DMARC specification does need support from e-mail services, outfits including AOL, Gmail, Hotmail or Outlook and Yahoo already make use of it. It has also been implemented by services like Facebook, PayPal, Amazon and now Twitter. If you don't use Gmail or one of the other email providers listed above, you may not be protected. It ...

Facebook OAuth is used to communicate between Applications & Facebook users, to grant additional permissions to your favorite apps. To make this possible, users have to ' allow or accept ' the application request so that app can access your account information with required permissions. As a normal Facebook user we always think that it is better than entering your Facebook credentials, we can  just allow specific permissions to an app in order to make it work with your account. Today whitehat Hacker ' Nir Goldshlager ' reported ' The Hacker News ' that he discovered a very critical vulnerability in Facebook's OAuth system, that allowed him to get full control over any Facebook account easily even without ' allow or accept ' options. For this purpose he hunt the flaw in a very mannered way i.e Step 1) Understanding the OAuth URL Step 2) Finding a way to use custom parameters in URL Step 3) Bypassing OAuth ' Allow '...

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead , Director of Cybersecurity at Avidity Biosciences, brings a forward-thinking security perspective that reflects the innovation behind Avidity's targeted RNA therapeutics. Last but not least, Michael Francess , Director of Cybersecurity Advanced Threat at Wyndham Hotels and Resorts, leads the charge in protecting the franchise. Each brought a unique vantage point to a common challenge: applying Continuous Threat Exposure Management (CTEM) to complex production environments. Gartner made waves in 2023 with a bold prediction: organizations that prioritize CTEM will be three times less likely to be breached by 2026. But here's the kicker -...

Today Adobe released a patch for two critical vulnerabilities (CVE-2013-0640 and CVE-2013-0641) that are already being exploited by attackers. Adobe released version 11.0.02 of its Adobe Reader and Adobe Acrobat Pro applications.  Vulnerabilities affect Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 9.5.3 and earlier for Windows and Mac OS X systems. " These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system ." security advisory  reads . Exploits were discovered by security company FireEye and researchers with antivirus provider Kaspersky Lab have confirmed the exploit can successfully escape the Adobe sandbox. Users can update the software through the built-in updater or by downloading a copy of the  Windows ,  Mac , or  Linux  installer directly from Adobe's website. 

A new malware threat for the Mac has been discovered that attempting to set up a secure connection for a remote hacker to connect through and grab private information. Dubbed " Pintsized " that uses a modified version of OpenSSH to potentially set up a remote connection into Mac accounts. This backdoor Trojan can be used to conduct distributed denial of service (DDoS) attacks, or it can be used to install additional Trojans or other forms of malicious software. Since the connection between the hacker and the machine is encrypted, it becomes very hard for the Trojan to be detected or traced. The threat has the potential to become serious, as it uses an exploit in OS X to bypass Gatekeeper and establish a reverse shell that creates a secure connection.  Trojan stays hidden by disguising itself as a file that is used for networked printers in Mac OS X. The location of the malware has been traced to this particular directory. This tactic conceals the Trojan an...

The same ring of hackers that are responsible for hacking into at least 40 companies including Facebook and Twitter are reportedly also infected the computers of some Apple employees, the company acknowledged Tuesday. The purpose of hack considered an effort to steal company secrets, research and intellectual property that they can sell. Investigators tracked at least one server being used by the hacker ring to a hosting company in the Ukraine. " Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers, " the company said in its statement. " The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network ." Apple isolated the infected systems from its network and said there was no indication that...

If you are a BlackBerry Enterprise Network user, here is something you need to be careful about. BlackBerry Enterprise Server (BES) users have been warned that an image-based exploit could allow hackers to access and execute code on the servers used to support corporate users of BlackBerry smartphones.  The flaw that been rated as high severity and actual vulnerability in BlackBerry Enterprise Servers resulted from how the server processes image files. Scenario to Exploit Vulnerability :  A malicious person writes a special code and then embeds it in a TIFF image file. The person then convinces a Blackberry smart phone user (whose phone is connected to a corporate BES) to view the TIFF file. As soon as the image file loads on the phone, the code runs on the Blackberry Enterprise server and either opens up a back door in the network or causes the network to crash altogether as instructed in the basic code. " RIM is not aware of any attacks on or speci...

Few weeks after the discovery of the sophisticated cyber espionage campaign against principal US media The Mandiant® Intelligence Center ™ released an shocking report that reveals an enterprise-scale computer espionage campaign dubbed APT1. The term APT1 is referred to one of the numerous cyber espionage campaign that stolen the major quantity of information all over the world. The evidences collected by the security experts link APT1 to China's 2nd Bureau of the People's Liberation Army (PLA) General Staff Department's (GSD) 3rd Department (Military Cover Designator 61398) but what is really impressive is that the operation have been started in the distant 2006 targeting 141 victims across multiple industries. During the attacks the attackers have took over APT1 malware families and has revealed by the report APT1′s modus operandi (tools, tactics, procedures) including a compilation of videos showing actual APT1 activity. The Mandiant has also identified more than ...

The Tizen 2.0 source code and SDK has officially been released. Tizen is a Linux-based open-source software platform backed by Intel and Samsung Electronics, that is designed for smartphones, tablets, smart TVs and in-car systems and it's designed to run apps written using web technologies including HTML5. The list of new features and updates is an extensive one, though a lot of the changes are under-the-hood and aimed at offering a more attractive platform to application developers. Tizen 2.0 adds new APIs that developers can use to access Bluetooth and NFC function on phones with that hardware, as well as improved developer tools. There have been reports recently that Samsung is planning a line of phones built around the Tizen operating system, to reduce its dependence on Android after Google acquired mobile phone competitor Motorola Mobility. Samsung is already one of the top makers of phones and tablets, but right now the company's fortunes are very much...

As part of  Operation Israel ( #OpIsrael )  Anonymous Hackers once again strike on Israeli infrastructure by dumping the 600,000 emails and passwords from one of the most popular Israeli web portal ' Walla ', which is know for providing news, search and e-mail system, among other things. Anonymous Activist knows ' AnonSabre ' dumped email addresses, password MD5 hashes and salts across 95 Pastebin posts containing this sensitive information have been published over the course of 24 hours. Walla also confirmed that the list was posted online, but they said that the information leaked by Hacker is Useless because the password posted by hacker is in Encrypted form.  I think, they are not aware about fastest MD5 cracker ' oclhashcat ' or other cloud based cracking services, anyway they also said," However, we are working on 'hermetically' sealing off user details in Walla! accounts, ". The #OpIsrael campaign was announced last December, a...

Google is again under attack for its apparent mishandling of its users' personal information. An Australian software developer ' Dan Nolan ' revealed that the search giant was sending him the full names, email and post codes of everyone who purchased his app on Google's Play. In a blog post , Nolan said the information was so detailed he would even be able to use it to ' track down and harass users who left negative reviews or refunded the app purchase '. Nolan discovered that he has obtained a fair share of customer info himself after logging into his Google Play merchant account to update his payment details. The main problem is that Google is not asking explicit permission from buyers to share that information with developers, but according to privacy groups and with careful inspection of the policies, Google does not clearly mention that it is sharing personal information to app developers nor does it create a good deal of effort in informing buying custome...

Facebook operator of the largest social network with more than 1 billion members, said on Friday it had been the target of an unidentified hacker group, but that no user information was compromised during the attack. The attack occurred when a handful of the company's employees visited a developer's compromised website, which led to malware being installed on their laptops. ' Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack ,' read the statement , despite the laptops being ' fully-patched and running up-to-date anti-virus software. ' Reports say Facebook knew about the attacks, which likely exploited a zero-day Java software flaw, well before the announcement. " We are working continuously and closely with our own internal engineering teams, with security teams at other companies, and with law enforcement authorities to learn everything we can about the attack, and how to prevent similar incidents in the...

Famous Bangladeshi hacker TiGER-M@TE  known for his big defacements strikes again! This time he teams up with another hacker ' h311 c0d3 ' for another big defacement campaign.  According to mirror records on Zone-H, These hackers managed to deface Malawi Google, Yahoo, MSN, Windows and many more top domains using DNS poisoning attack. During talk with ' The Hacker News ', hackers disclose that they collectively hacked into Malawi (.mw) Domain Registrar website and also target Master and Slave DNS servers. The attackers changed the authoritative DNS records for the affected domains, to point the domain names to their own web server with a deface page hosted on it. All this could have been much worse if the attacker had other goals in his mind rather than defacing famous websites. Imagine how many accounts could have been compromised, if these websites were redirected to a phishing page, instead of a defacement page. At the time of reporting, D...

Zeus continues to strike online bank accounts and users, and technology designed to thwart these Trojan attacks continually fails to keep up. Symantec recently came across a new Zeus file targeting five major banks in Japan. The malware, which has caused serious problems to banking customers in Europe and the U.S, now having maximum concentration on Japanese banks. Target information was reveled by Symantec after decryption of configuration file from new sample. The attacker uses Blackhole exploit kit in order to install Zeus. Zeus, a financially aimed malware, comes in many different forms and flavors. It can be tweaked to hijack personal PCs, or come in the form of a keylogger that tracks keystrokes as users enter them. But once installation over, Zeus malware aims to steal online-banking credentials, and phishing schemes and drive-by downloads are most often the avenues hackers use to spread this increasingly sophisticated and evo...

Apple has faced a number challenges over the last year related to software errors and flaws on its flagship iPhone. According to a latest video posted on YouTube  iPhone and iPad users running the latest iOS 6.1 platform can bypass the lock screen, even when a password is set. Basically, he found that by attempting and canceling an emergency call on the iPhone, holding the lock button and then taking a screenshot took him past the stage where he should have had to enter a password to access the phone. The flaw is relatively easy to exploit and this lets you bypass the security code and use the full Phone app. From there you have access to the address book, and the pictures app by trying to change a contacts picture. Apple promised to fix the iOS 6.1 iOS Exchange bug in a forthcoming software update so perhaps they'll fix this annoying glitch as well. Steps to follow: First part: -Go to emergency call, push down the power button and tap cancel. -D...

An old vulnerability in Word for OS X is being used in increasing levels of attacks,  probably government-sponsored hacking programs  against Uyghur group, including Tibetans, NGOs and human rights organizations. A number of attacks have been seen directed at the World Uyghur Congress, a Munich-based organization that promotes human rights. Potential victims are often tricked by so-called spear phishing attacks, the targets receive an e-mail with a subject relevant to their interests, and a Word document attached.  When they open the document, TinySHell exploits a vulnerability and then infects the computer. Exploit allows long-term monitoring or even control of the compromised system though a backdoor it installs. The malware is configured to connect to command and control servers that have been used for years in APT attacks. All the attacks use exploits for the CVE-2009-0563 (Microsoft Office) vulnerability and The backdoor also includes hard...

Police in Spain have arrested a gang of 11 cyber criminals who used ransomware to demand money from thousands of victims in 30 countries using malware known as Reveton . Police arrested six Russians, two Ukrainians and two Georgians in the Costa del Sol. The gang leader, a 27-year-old Russian, was arrested in Dubai in the United Arab Emirates in December 2012 on an international arrest warrant. Spanish authorities are seeking his extradition. According to researchers from Trend Micro who worked with the Spanish to track down the group, estimate that this ransomware operation netted the group more than 1 million euros a year. The Trojan was distributed using drive by download techniques, in conjunction with the Black Hole exploit kit and initially the malware was focused on German individuals, but in later months began to target other countries, primarily the USA. Trend Micro, said there were 48 different variations of the virus in use and the malware has bee...

A Cross platform back door ' Frutas ' remote access tool (RAT) is available for download on many forums from January 2013. This Trojan builder is completely written in Java. Recently, Symantec experts analyse that Frutas RAT allows attackers to create a connect-back client JAR file to run on a compromised computer. The back door builder provides some minor obfuscation, which allows the attacker to use a custom encryption key for some of the embedded back door functionality. Once a backdoor connection is established, the RAT server alerts the attacker and allows them to perform various back door functions on the compromised computer i.e Browse file systems, Download and execute arbitrary files, Perform denial of service attacks, Open a specified website in a browser. According to Symantec only 2 out of the 46 vendors from Virus Total are detecting it as a threat.

FireEye researchers recently came across a zero-day security flaw in Adobe Reader that's being actively exploited in the wild. The zero-day vulnerability is in Adobe PDF Reader 9.5.3, 10.1.5, 11.0.1 and earlier versions. According to researchers, once malware takes advantage of the flaw, its payload drops two dynamic-link libraries, or DLLs, which are application extensions used by executable files to perform a task. In this case, they allow the infected computer to communicate with a hacker-owned server. No additional details about the zero-day vulnerabilities have been publicly released, and but researchers with antivirus provider Kaspersky Lab have confirmed the exploit can successfully escape the Adobe sandbox. " We have already submitted the sample to the Adobe security team. Before we get confirmation from Adobe and a mitigation plan is available, we suggest that you not open any unknown PDF files ," said FireEye team. But until the vulnerability gets patched,...

Television viewers in Montana, perhaps looking to stay inside from the scary cold outside, got an even scarier surprise when warnings of a zombie apocalypse took over their TV screens. There TV Stations Montana's KRTVMichigan's, WNMU-TV and WBUP-TV were victims of this zombie prank. The channels later said that somebody had hacked into its system. The message warned zombies were attacking the living and warned people not to approach or apprehend these bodies as they are extremely dangerous. Channel said on its website , " Someone apparently hacked into the Emergency Alert System and announced on KRTV and the CW that was an emergency in several Montana counties. The message did not originate from KRTV, and there is no emergency. Our engineers are investigating to determine what happened and if it affected other media outlets. " Officials with the stations in Michigan said law enforcement authorities determined the attack originated outside the U.S. The message was quickly...