The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Facebook bounty hunter Laxman Muthiyah from India has recently discovered his third bug of this year in the widely popular social network website that just made a new record by touching 1 Billion users in a single day. At the beginning of the year, Laxman discovered a serious flaw in Facebook graphs that allowed him to view or probably delete others photo album on Facebook, even without having authentication. Just after a month, Laxman uncovered another critical vulnerability in the social network platform that resided in the Facebook Photo Sync feature , that automatically uploads photos from your mobile device to a private Facebook album, which isn't visible to any of your Facebook friends or other Facebook users. However, the flaw discovered by Laxman could allowed any third-party app to access and steal your personal photographs from the hidden Facebook Photo Sync album. Hacking Any Facebook Page Now, the latest bug in Laxman's list could allow atta...

Yesterday, Facebook Co-founder and Chairman Mark Zuckerberg broadcast in his Facebook post, that Monday Facebook made a record by counting ONE BILLION people accessing Facebook in a single day. Zuckerberg shared his happiness and thanked the world. He was overwhelmed with the milestone Facebook has touched and even shared a video expressing his emotions. "[Facebook] just passed an important milestone," Zuckerberg wrote in a Facebook post on Thursday. "For the first time ever, one billion people used Facebook in a single day." That means roughly 1 in 7 people on Earth connected with their friends and family using Facebook in a single day. Feeling Connected Indeed! So far, Facebook is the world's largest online social networking website with 1.5 Billion monthly active users . Comparatively, Twitter has 316 Million monthly active users . Zuckerberg felt proud of the Facebook community. As they are the ones, who helped him to reach such...

We could expect Ashley Madison to cross any limits when it comes to cheating, but this is WORSE . After all the revelations made by the Impact Team past week, this was something different from the leaked data that had names, password and other details of Ashley Madison client s. A dump from the leaked files unfold awful strategy of Avid Life Media (ALM), Ashley Madison's parent company, to launch an app called " What's your wife worth ." As the name says it all, the app allows men to Rate each others Wives. Know Your Wife Worth ' What's your wife worth ' was discovered in a June 2013 email exchanged between Noel Biderman , ALM's chief executive and Brian Offenheim , ALM's vice president of creative and design, which said that Biderman suggested Offenheim about the probable outlook of the app. He suggested options like " Choice should be 'post your wife' and 'bid on someone's wife' ," also ...

This is Really Insane!! Germany's top intelligence agency handed over details related to German citizen metadata just in order to obtain a copy of the National Security Agency's Main XKeyscore software , which was first revealed by Edward Snowden in 2013. According to the new documents obtained by the German newspaper Die Zeit, the Federal Office for the Protection of the Constitution ( BfV - Bundesamtes für Verfassungsschutz ) traded data of its citizens for surveillance software from their US counterparts. Germany and the United States signed an agreement that would allow German spies to obtain a copy of the NSA's flagship tool Xkeyscore, to analyse data gathered in Germany. So they covertly illegally traded access to Germans' data with the NSA. XKeyscore surveillance software program was designed by the National Security Agency to collect and analyse intercepted data it obtains traveling over a network. The surveillance software is powerful...

A critical security vulnerability has been discovered in the global e-commerce business PayPal that could allow attackers to steal your login credentials , and even your credit card details in unencrypted format. Egypt-based researcher Ebrahim Hegazy discovered a Stored Cross Site Scripting (XSS) vulnerability in the Paypal's Secure Payments domain. As it sounds, the domain is used to conduct secure online payments when purchasing from any online shopping website. It enables buyers to pay with their payment cards or PayPal accounts, eliminating the need to store sensitive payment information. However, it is possible for an attacker to set up a rogue online store or hijacked a legitimate shopping website, to trick users into handing over their personal and financial details. How the Stored XSS Attack Works? Hegazy explains a step by step process in his blog post , which gives a detailed explanation of the attack. Here's what the researcher calls the worst attack scenario:...