The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Yahoo! has open-sourced Gryffin – a Web Application Security Scanner – in an aim to improve the safety of the Web for everyone. Currently in its beta, Project Gryffin has made available on Github under the BSD-style license that Yahoo! has been using for a number of its open-sourced projects. Gryffin is basically a Go & JavaScript platform that helps system administrators scan URLs for malicious web content and common security vulnerabilities, including SQL Injection and Cross-Site Scripting (XSS) . Yahoo! describes Gryffin as a large-scale Web security scanning platform, which is more than just a scanner, as it is designed to address two specific problems: Coverage Scale Scale is obviously implied for large Web, while Coverage has two dimensions – Crawl and Fuzzing . Crawl's ability is to find as much of the Web application's footprint as possible, whereas Fuzzing involves testing each part of the application's components for an applied se...

A newly discovered critical flaw in the implementation of web cookies by major browsers could open secured (HTTPS) browsing to Man-in-the-middle attacks . The US Computer Emergency Response Team (CERT) has revealed that all the main browser vendors have improperly implemented the RFC 6265 Standard, also referred to as " Browser Cookies ," allowing… …remote attackers to bypass secure HTTPS protocol and reveal confidential private session data. Cookies are small pieces of data sent from web sites to web browsers, which contains various information used to identify users, or store any information related to that particular website. HTTPS Cookie Injection Vulnerability Whenever a website ( you have visited ) wants to set a cookie in your browser, it passes a header named " Set-Cookie " with the parameter name, its value and some options, including cookie expiration time and domain name ( for which it is valid ). It is also important to note that HTTP ...

Do You Know:  China has planned to eliminate all foreign Technologies and Services by 2020, just like Google and Facebook . And it seems China in some years would be an entirely independent IT economy; building homegrown Mobile and computer devices, Operating Systems, Applications, Browsers and almost everything existing in the IT ecosystem. Well, China was not at all happy when Microsoft finally announced the end of official support for Windows XP. At the time, Windows holded 91% of total market share, compared to just for Mac OS X and just 1% for Linux. However, China wasn't interested to pay either for extended support for Windows XP or for switching to Windows 8. So, they decided to develop their own Operating System. Yes, China has developed a Desktop Operating System named " NeoKylin " ( and ' Kylin ' in Chinese ), tagged as a substitute to Windows XP by Quartz , who got an opportunity to have a hands-on experience of its "community version" OS. NeoKylin...

Python supply chain attacks are surging in 2025. Join our webinar to learn how to secure your code, dependencies, and runtime with modern tools and strategies.

Lenovo has once again been caught installing spyware on its laptops and workstations without the user's permission or knowledge. One of the most popular computer manufacturers is being criticized for selling some refurbished laptop models pre-installed with invasive marketing software that sends users data directly to the company. This is not first time Lenovo has allegedly installed spyware onto consumers PCs. Earlier this year, Lenovo was caught red-handed for selling laptops pre-installed with Superfish malware that opened up doors for hackers. In August, Lenovo again got caught installing unwanted and non-removable crapware into part of the BIOS reserved for custom drivers. Lenovo Laptops comes Pre-installed with 'Spyware' Now, the Chinese computer manufacturer is making news once again for embedding tracking software into its laptops and workstations from Lenovo ThinkPad, ThinkCentre, and ThinkStation series. Michael Horowitz from Comput...

Mozilla launches Voice and Video Connect with the release of Official Firefox 41.0 Release . After significant improvements done in the Firefox Nightly experimental build of version Firefox 41.0, the stable release has a lot to offer. How would it be experiencing a seamless communication – video and voice calls and text messaging being directly built in your browser? Here's How: Mozilla has launched the stable release of Firefox 41.0 , equipped with project " Firefox Hello " offering free VOIP and instant messaging services through WebRTC ( Real Time Communication ) channel. Firefox Hello had already arrived last year via Firefox 41.0 Beta release with an aim of improving user's experience by providing them with free voice and video calling features, irrespective of additional software or hardware support. By adopting Firefox Hello : Both the parties don't need to have same browsers, software or hardware. No sign-up other than...