The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

With providing easy accessibility, the battle is not won! Server-side Vulnerabilities have been reported by a security researcher in the popular Pocket add-on that comes attached with the Firefox browser. The security flaws could have allowed hackers to exfiltrate data from the company's servers as well as populate reading lists with malicious links. The Pocket button in the Firefox browser allows you to save links, videos, web pages, or articles to your Pocket account with just a click, making it easier for you to read them later, usually offline. However, the vulnerabilities discovered by security researcher Clint Ruoho was such that it could allow hackers to get an unrestricted root access to the server hosting the application, the researcher wrote in his blog post . For this to be done, a hacker only needs: A browser The Pocket Mobile app Access to an Amazon EC2 Server which costs 2 cents an hour The researcher, with the goal of exploiting the service's main functionality ...

The Impact Team – Wait, Cheaters! We haven't yet done. The group of hackers behind the breach of Ashley Madison , the popular cheater's dating service, have released a second, even much bigger 'cheat sheet' exposing sensitive materials that include sensitive corporate information. Two days ago, the hackers   released nearly 10GB of its customers ' personal data online, which included 36 million emails and hashed passwords , 9.6 Million Credit Card Transactions records and their associated usernames. Nearly 20GB of Ashley Madison Internal Data LEAKED This time, the Impact Team leaked nearly 20GB worth of what appears to be internal data – not customers' data – from the adultery website on the dark Web. The leaked data appears to include the source code for the site, as well as a massive amount of e-mail from Ashley Madison parent company's Avid Life Media CEO Noel Biderman. According to the researcher, who analysed the leaked data, the TL;D...

WhatsApp Web client support is now available for iOS users. That's right, now iOS users can access their instant messaging facility on the web; without taking the other route (via jailbreaking). Eight months ago, on January 21, 2015, WhatsApp was made available on web browsers , and let Android, Windows Phone 8.0 and 8.1, Nokia S60, Nokia S40 Single SIM EVO, BlackBerry and BB10 smartphones enjoy the service. However, there was no web solution for iOS users at that time because of limitations of the platform and high-security standards adopted by Apple, so they were forced to wait for the service. However, iOS users' wait for WhatsApp Web is over now, and they can also enjoy WhatsApp Web – Same WhatsApp account on iPhone and desktops. Yesterday, WhatsApp enabled its web client interface for iPhone users. How to Use WhatsApp on iPhone and iOS Devices? Interested WhatsApp users simply need to open Safari browser and navigate to https://web.whatsa...

AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can't easily see. These "invisible" non-human identities (NHIs) now outnumber human accounts in most cloud environments, and they have become one of the ripest targets for attackers. Astrix's Field CTO Jonathan Sander put it bluntly in a recent Hacker News webinar : "One dangerous habit we've had for a long time is trusting application logic to act as the guardrails. That doesn't work when your AI agent is powered by LLMs that don't stop and think when they're about to do something wrong. They just do it." Why AI Agents Redefine Identity Risk Autonomy changes everything: An AI agent can chain multiple API calls and modify data without a human in the loop. If the underlying credential is exposed or overprivileged, each addit...

Yes, you heard it right. It's the dirty truth that's featuring what is being called the largest privacy breach ever. Billions of cell phone users are at risk of a vulnerability in the SS7 inter-carrier network that allows hackers and spies agencies to track locations and intercept all voice calls from anywhere in the world. This is something we already know from the last year's Snowden leaks that explained the National Security Agency (NSA) capabilities to gather nearly 5 Billion records a day on mobile phone locations around the world. But, it's worse than we have thought. The famous Australian TV programme " 60 Minutes " demonstrated that it is possible for anyone to track cell phone location and intercept calls and text messages. This time, not due to a security vulnerability in the phone's operating system, but due to a serious flaw in the very system our cell phones use to communicate with each other around the world – The globa...

Fed up with the NSA-Snowden updates ? Wait a second...there's some more! Back in May 2013, when former NSA employee Edward Snowden leaked classified documents from the U.S. National Security Agency (NSA), we doubted the relationship between NSA and telecommunications giant AT&T. But, now their relationship has been revealed – NSA and AT&T are Best Friends . Yes, that's right, as recent revelations say that how desperately NSA relied on AT&T for its vast spying operations in the United States. NSA–AT&T's 30-Years-Old Friendship AT&T provided telecommunication interception facility to the United States' National Security Agency (NSA), and since 1985 they have been working hand in hand . AT&T cooperated in provided technical assistance in a manner that followed a secret court order which permitted the wiretapping of all Internet communications at the United Nations headquarters (also a customer of AT&T). Acc...