The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

If you're a user of the Buffer app, the social-media management service that let you cross-posting to various social networks, be aware that the service got hacked yesterday, with spam messages going out over Facebook.  " Buffer was hacked around 1 hour ago, and many of you may have experienced spam posts sent from you via Buffer. I can only understand how angry and disappointed you must be right now. " Buffer team said, in an email sent to users and also posted to Buffer’s blog . It’s not yet clear how many of Buffer’s 1 million or so users were affected by the hack, but buffer maintains that user passwords are safe nor has any "billing or payment information been affected or exposed" . Photo Credit : The Next Web It appears that Buffer's Facebook and Twitter spam messages were first sent at around 2:20 p.m. ET. Hackers have used the exploit to spam user accounts on Facebook, Twitter, Google+, and other sites. Just recently, Instagram saw a viral wa...

Your LinkedIn profile is your digital resume. Yesterday, LinkedIn launched a new app for for iOS devices called Intro ' LinkedIn Intro '. With this feature an email on your iPhone will display a picture of the sender, with useful profile info from LinkedIn. Basically, to use the service, a LinkedIn user must route all of their emails (any provider i.e. Hotmail, Gmail, Yahoo, etc.) through LinkedIn's 'Intro' servers, which will inject fancy business centric HTML profile right in your emails, as shown. But this also means that LinkedIn is now able to read the complete content of your emails and also can store the passwords to users' external email accounts. The feature is enough to destroy the security and privacy of your mails. Another point to be noted that, Apple does not provide any APIs or frameworks for developers that would allow this kind of modification of its interface. Instead, LinkedIn is acting as a ‘ man in the mid...

Last Tuesday, The National Police Agency of South Korea warned the people that many Malware infected video games being offered in the South Korean markets with the purpose of launching Cyber attacks on the Country. That Malware is collecting location data and IP addresses of infected users and according to experts, malware is sending data back to its master servers based in North Korea . Just today the Korea's largest anti-virus software firm AhnLab  confirmed that they have detected distributed denial-of-service (DDoS) attacks on local companies' websites. According to the report, about 16 websites of 13 companies, including Daum, MSN and the JoongAng Ilbo newspaper had been affected. AhnLab said that some 10-thousand computers have been hit, mainly because they failed to install a vaccination program or update an existing one since the last cyber attack in July. The attack was detected around 4:00 p.m. on Thursday, infecting around 10,000 compute...

A very profitable line for mobile malware developers is Android Banking Trojans, which infect phones and steal passwords and other data when victims log onto their online bank accounts. One recent trend is Android malware that attacks users in specific countries, such as European Countries, Brazil and India.  The Antivirus software maker Malwarebytes noticed that a new threat distributed via file sharing sites and alternative markets in the last few months, targets Korean users. Dubbed as ' Android/Trojan . Bank . Wroba ', malware disguises itself as the Google Play Store app and run as a service in the background to monitor events.  " This enables it to capture incoming SMS, monitor installed apps and communicate with a remote server. " According to the researcher, after installation - malware lookup for existence of targeted Banking applications on the device, remove them and download a malicious version to replace. " The malicious v...

If you are today trying to visit the php.net website, an official website of the PHP scripting language, you will likely see the above shown result, instead of the original website. Chrome and Firefox is currently flagging the site as " suspicious " and contains malware that can harm your computer. According to Google's Webmaster Tools, the script at http://static.php.net/www.php.net/userprefs.js  was included as suspicious, and Google's Safe Browsing diagnostics  for php.net do suggest that malware has been present on the site in the last 90 days: " Of the 1513 pages we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent. " " Malicious software includes 4 trojan(s). Malicious software is hosted on 4 domain(s), including cobbcountybankruptcylawyer.com/, stephaniemari.com/, northgadui.com/ . 3 domain(s) appear to be functioning as intermediaries for ...