The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Since we are living in an era of Mass surveillance conducted by Government as well as private sector industries, and with the boom in surveillance technology, we should be much worried about our privacy. According to the companies that create surveillance solutions for law enforcement and intelligence agencies, the surveillance tools are only for governments. But, reality is much more disappointing. These surveillance industries are so poorly regulated and exceedingly secretive that their tools can easily make their way into the hands of repressive organizations. Private surveillance vendors sell surveillance tools to governments around the world, that allows cellular networks to collect records about users in an effort to offer substantial cellular service to the agencies. Wherever the user is, it pinpoint the target's location to keep every track of users who own a cellphone — here or abroad. We ourselves give them an open invitation as we all have sensors in our...

If you came across a Kindle e-book download link from any suspicious sources or somewhere other than Amazon itself, check twice before you proceed download. As downloading an eBook could put your personal information at risk. A security researcher has uncovered a security hole in Amazon's Kindle Library that could lead to cross-site scripting ( XSS ) attacks and account compromises when you upload a malicious ebook. AMAZON CREDENTIALS – BOON FOR HACKERS The flaw affects the “ Manage Your Content and Devices ” and “ Manage your Kindle ” services in Amazon's web-based Kindle Library, which could allow a hacker to inject and hide malicious lines of code into into e-book metadata, such as the title text of an eBook, in order to compromise the security of your Amazon account. Gaining access to your Amazon account credentials is one of the biggest boons for hackers, as they can set-up new credit cards in your account or max out the current ones on file with some big...

Apple's iPhone 6 FREE ? Of course not ! It’s only a hoax, but scammers have announced the just release iPhone 6 free. Another Facebook scam is circulating across the popular social networking website just days after Apple unveiled its upcoming iPhone 6 and iPhone 6 Plus, as scammers take advantage of all the hype and use them to lure Facebook users. THREE SIMPLE STEPS AND iPHONE 6 IS YOURS — REALLY? As usual, This new scam promises a chance to Win a free iPhone 6 to those users who complete a series of steps, as reported by Hoax-Slayer. You just need to go through "three easy steps" to get a chance to win the device: Like the Facebook page created to propagate the scam Share the page with your Facebook friends Download a "Participation Application" But before you proceed to the last step, a pop-up window leads you to participate in a survey before you can download the application. The survey will ask you to share your name, address, p...

A Serious vulnerability has been discovered in the Web browser installed by default on a large number (Approximately 70%) of Android devices, that could allow an attacker to hijack users' open websites, and there is now a Metasploit module available to easily exploit this dangerous flaw. The exploit targets vulnerability ( CVE-2014-6041 ) in Android versions 4.2.1 and all older versions and was first disclosed right at the start of September by an independent security researcher Rafay Baloch, but there has not been much public discussion on it. The Android bug has been called a " privacy disaster " by Tod Beardsley, a developer for the Metasploit security toolkit, and in order to explain you why, he has promised to post a video that is " sufficiently shocking ." “ By malforming a javascript: URL handler with a prepended null byte, the AOSP, or Android Open Source Platform (AOSP) Browser) fails to enforce the Same-Origin Policy (SOP) browser secur...

At the beginning of this month, just like other social networks, Twitter also started paying individuals for any flaws they uncover on its service with a fee of $140 or more offered per flaw under its new Bug Bounty program, and here comes the claimant. An Egyptian Security Researcher, Ahmed Mohamed Hassan Aboul-Ela , who have been rewarded by many reputed and popular technology giants including Google, Microsoft and Apple, have discovered a critical vulnerability in Twitter’s advertising service that allowed him deleting credit cards from any Twitter account. FIRST VULNERABILITY Initially, Aboul-Ela found two different vulnerabilities in ads.twitter.com, but both the flaws was having the “ same effect and impact. ” First flaw exists in the Delete function of credit cards in payments method page, https://ads.twitter.com/accounts/[account id]/payment_methods By choosing the Delete this card function, an ajax POST request is sent to the server. The post parameter...