The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

XSS Vulnerability discovered on Paypal Vansh and Vaibhuv two Indian Hacker found a XSS vulnerability in world famous site Paypal. Paypal is affected by an XSS vulnerability where it fails to validate input. One can add arbitrary javascript with no need for any filter evasion. This is a serious security issue, with potential implications that are only starting to be understood. However, it is critical to realize that this problem does not expose any way to break into the server itself. What it allows is for malicious attackers to potentially take control of the interaction between a user and a website. It is likely that the most serious thing that an attacker can potentially do in this situation is change how a page appears to a particular user. Also Read :  Kevin Mitnick's website open to Cross-Site Scripting ( XSS ) vulnerability

Kevin Mitnick 's website open to Cross-Site Scripting ( XSS ) vulnerability Cross-Site Scripting ( XSS ) vulnerability discovered in official website of Kevin Mitnick (one of the most talented hackers, and the one one most prosecuted by the state. Mitnick's hacker handle was "Condor". He became the first hacker to appear on an FBI "Most Wanted" poster, for breaking into the Digital Equipment Company computer network, Mitnick has become something of a celebrity in hacker circles due to his Hacking talent) by  Fabián Cuchietti . This is a serious security issue, with potential implications that are only starting to be understood. However, it is critical to realize that this problem does not expose any way to break into the server itself. What it allows is for malicious attackers to potentially take control of the interaction between a user and a website. It is likely that the most serious thing that an attacker can potentially do in this situation is chang...

Chinese spied on NATO officials using Facebook Friends An online scam has been exposed in which senior British military and government officials were tricked into becoming Facebook friends with someone masquerading as U.S. Admiral James Stavridis, NATO's Supreme Allied Commander and lead officer on the Libyan mission, thereby exposing their own personal information to unknown hackers. Late last year, senior British military officers, Defense Ministry officials, and other government officials were tricked into becoming Facebook friends with someone masquerading as United States Navy admiral James Stavridis. Nato will not officially say who was behind the cyber-fraud or who accepted friend requests but it is understood that evidence points to Chinese state-sponsored hackers. NATO has advised senior officers and officials, including Admiral Stirvis to open their own social networking pages to prevent a repeat of such incident. the Supreme Headquarters Allied Powers Europe (Shape...

Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37 Ucha Gobejishvili (longrifle0x)  from The Vulnerability Laboratory Research Team  discover Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37. GOM Player (Gretech Online Movie Player) is a 32/64-bit media player for Microsoft Windows, distributed by the Gretech Corporation of South Korea. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In this case, The vulnerability can be exploited by local or remote attackers and Vulnerable module is GomU+0x125cb7. ...

Call for Article - THN Magazine "Cyber Warfare" April Issue As we move through March Madness and the recent arrests of our cyber soldiers, it is time for all good Anons and our faithful readers to take keyboards to Word and send in your articles on the topic of CYBER WARFARE. What do you know of this unconventional method of taking down governments and corporations and what does this mean for the world at large?   Send your articles to  admin@thehackernews.com

Symantec's Norton anti-virus 2006 source code Leaked by Anonymous Security firm Symantec confirmed Friday that the hacker group Anonymous has just posted some of its product source code, but strongly downplays any risk, because it's old code from a 2006 version of Norton security software. Anonymous claimed to have the information for a while but they finally published it on The website Pirate Bay . The information is a source code for the Symantec Norton Antivirus 2006 edition,which includes files that serve as a source code for software products like the corporate edition, the consumer version, and files for NetWare, Windows and Unix. The download file is 1.07GB. The file has a note that asks for the liberation of the LulzSec members that were arrested. Symantec the anti-virus and Security Company previously stated that the breach will " not affect any current Norton product ". Then added: " The current version of Norton Utilities has been completely rebuilt and shares ...