The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Italian Researcher Michele Spagnuolo recently revealed a serious vulnerability in the popular Mailbox iPhone app . Mailbox is a tidy iOS the email app recently purchased by Dropbox , has a pretty wide-open hole that could allow bad actors to hijack your device. The flaw occurs in the latest version of Mailbox (1.6.2) currently available from the App Store, that  executes any Javascript which is present in the body of HTML emails. With exploitation of this vulnerability, users could be subject to account hijacking, spam and phishing attacks by simply opening an HTML email containing embedded javascript. You can see a video demonstration below: The good news is that the problem is probably not as bad as it looks, because iOS is tightly sandboxed, its security features are built with this functionality in mind and normally do not allow any potentially harmful operation to take place without the user's permission. Mailbox's statement on this issue,...

Last week a 21-year-old chartered accountant student from Hyderabad was arrested for hacking into E-taxation Account of Industrialist Anil Ambani. During the probe Mumbai Police's crime branch has emerged that Anil Ambani's account was also fraudulently accessed from Noida. After investigation, Police were able to track another CA student who not only accessed Ambani's account,  but also of popular cricketers and film stars including Sachin Tendulkar, MS Dhoni, Shah Rukh Khan and Salman Khan. 22 years-old CA student named, Sanchit Katiyal -- who is doing his articleship at  Vishal Kaushal Company, an accountancy firm in Noida,  had hacked into Ambani's account on 26th June.  His computer and hard disks were seized by Cyber Crime Cell. He first accessed the accounts of Shah Rukh and Salman on 22nd June, Dhoni's account on 24th June and then broke into Ambani's account.  He again accessed Dhoni's account on June 28, and Tendulkar's on July ...

There is currently a Mega cyber attack campaign being launched on a large number of WordPress websites across the Internet.  In April, 2012 we reported about a large distributed brute force attack against millions of WordPress sites were occurring, out of that hackers are successful to compromise 90,000 servers to create a large Botnet  of Wordpress hosts. According to the DDOS attack logs report  received from a ' The Hacker News ' reader ' Steven Veldkamp ', victim's website was under under heavy DDOS attack recently, coming from various compromised Wordpress based websites. Possibly using the brute force attack on WordPress administrative portals with the a world list of the most commonly used username and password combinations, attackers are taking control of many poorly secured WordPress Hosts. After analyzing the piece of a DDOS attack Log file from timing 23/Sep/2013:13:03:13 +0200 to 23/Sep/2013:13:02:47 +0200, we found that in 26 second att...

On Wednesday, Chief of National Security Agency (NSA) , General Keith Alexander defended US surveillance programs as part of a Noble Mission to protect the nation. He said that the collection of bulk phone records by U.S. Intelligence agencies are essential to preventing terrorist attacks. He referenced the criticism thrown at the intelligence services in late 2001 for not connecting the dots that led up to the Sept. 11 attacks. " We need our nation to understand why we need these tools, and what those tools mean for civil liberties and privacy and what they mean to defend this country, " General Keith Alexander said during a keynote speech at the Billington Cyber Security Summit in Washington. In recent months NSA has been targeted for severe criticism from privacy advocates, members of Congress and foreign allies of America, whose citizens may have been targets of this surveillance. Alexander pleaded for support of NSA programs during his speech at ...

If you lose your device, Google lets you secure it instantly from afar through Android Device Manager, that let you locate and remotely wipe your phones and tablets. The latest update to Android Device Manager enables remote password locking, overrides the built-in Pattern, PIN code, Face unlock or password-based security, making sure your data doesn't fall into wrong hands. To get started, go to google.com/android/devicemanager on your computer and go through your list of devices that are connected to your Google account. I tried the process with my Samsung Galaxy S4, and it worked like a charm. Google's new feature is a very useful one for those who don't have a lock on their phone and want to make sure their data is protected. A lock request will immediately secure any device connected to Wi-Fi or a cellular network, even if it's actively being used. If a thief has turned off a phone or enabled Airplane Mode, the lock will take effect as soon as a data co...