The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Yahoo! Contributors Network ( contributor.yahoo.com ), the network of authors that generated the contents such as photographs, videos, articles and their knowledge to more than 600 million monthly visitors, was vulnerable to a Time based Blind SQL Injection vulnerability. Behrouz Sadeghipour, a security researcher reported the Blind SQLi vulnerability in Yahoo! 's website that could be exploited by hackers to steal users' and authors' database, containing their personal information. Behrouz reported this flaw to Yahoo! Security team few months back. The team responded positively and within a month they patched the vulnerability successfully. Unfortunately after that Yahoo! announced to shut down ' Yahoo Contributors Network ' due to its decreasing popularity and removed all the contents from the web, except some of the "work for hire" content may remain on the web. The critical vulnerability was able to expose the database which carried sensitive and personal inform...

On Tuesday, Indian and Pakistani army forces continued to exchange fire along the Line of Control (LoC) in Jammu and Kashmir, which was started when Pakistan's military fired machine guns and mortars at about 60 Indian army posts during last week. Tensions between the two countries have intensified since Bilawal Bhutto Zardari, the only son of former Pakistani President Asif Ali Zardari and former Prime Minister Benazir Bhutto, made a statement that his Pakistan People's Party (PPP) would take back entire Kashmir from India. However, the Indian political party described his statement as " childish " and " irresponsible ." Different reactions came from different people out there from India for the chairman of Pakistan People's Party and Central Executive Committee Bilawal Bhutto, but Hackers have their own way of expressing their part. Here Bilawal Bhutto said that he would not leave an inch of Kashmir with India, and there an Indian Hacker defac...

Money is always a perfect motivation for cyber criminals who tries different tricks to solely target users with card skimmers that steal debit card numbers, but now the criminals are using specialized malware that targets ATM (Automated Teller Machine) systems to withdraw cash even without the need of a card. The new backdoor program, dubbed as " Tyupkin ," requires physical access to the ATM system running 32-bit Windows platforms and booting it off of a CD in order to install the malware. According to the researchers, the threat has continued to evolve in recent months, infecting ATMs in Asia, Europe, and Latin America. There are no details relating to the criminal gang behind the attacks, but they have already stolen "millions of dollars" from ATMs worldwide using the sophisticated malware, security firms Kaspersky and Interpol, who are working together in an attempt to foil the criminal gang, said in a joint statement released on Tuesday. " Over t...

The leaks of celebrity photos continue, revealing their first male victim in the fourth wave. As a result of the Fappening 4, Nick Hogan, the son of Hulk Hogan, became the first celebrity male to fall victim to the leaked private photos. The first three 'celebs photos leaks' usually include images of female celebrities, such as Jennifer Lawrence, Ariana Grande, Scarlett Johansson, Kim Kardashian, Kate Upton, Selena Gomez, Cara Delevingne, and others. The latest celebrity leaks include photos of Nick Hogan's private life. In this leak, Winona Ryder, 90210 star AnnaLynne McCord, Victoria's Secret model Erin Heatherton, singer Ingrid Michaelson, and a bunch of other stars have their selfies shared widely on social networks. According to several news outlets, this latest wave of celebrity undressed photographs is part of the "Fappening" controversy that started on Thursday. However, Reddit and 4Chan simply forced the forum to be closed and denied access in res...

A critical zero-day vulnerability discovered in Mozilla's popular Bugzilla bug-tracking software used by hundreds of prominent software organizations, both private and open-source, could expose sensitive information and vulnerabilities of the software projects to the hackers. The critical flaw allows an attacker to bypass email verification part when registering a new Bugzilla account, which clearly means that an attacker can register accounts using any email addresses of their choice without the need to access the actual inbox for validation purposes. VALIDATION BYPASS AND PRIVILEGE ESCALATION BUG Security firm Check Point Software Technologies disclosed the flaw ( CVE-2014-1572 ) on Monday and said that it's the first time when a privilege-escalation vulnerability has been found in the Bugzilla project since 2002. The Mozilla foundation has also confirmed that this particular bug exists in all versions of Bugzilla going back to version 2.23.3 from 2006. An analysis...