-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Facebook profiles can be  hijacked by Chrome extensions malware

Facebook profiles can be hijacked by Chrome extensions malware

Mar 26, 2012
Facebook profiles can be hijacked by Chrome extensions malware Cybercriminals are uploading malicious Chrome browser extensions to the official Chrome Web Store and use them to hijack Facebook accounts, according to security researchers from Kaspersky Lab. The rogue extensions are advertised on Facebook by scammers and claim to allow changing the color of profile pages, tracking profile visitors or even removing social media viruses. The attacks manifest as suggestions to download Facebook apps. Those apps are, alas, not real. Instead they are malware and, in one case, a malware-laden Chrome extension hosted in Google's very own Chrome Web Store. To do that, they must follow a series of steps, which include installing a fake Adobe Flash Player Chrome extension. The launchpad for the fake Flash Player is a Facebook app called “ Aprenda ”. If Aprenda is installed it redirects users to Chrome Web Store, encouraging them to install the fake Flash extension. “ This last o...
eToro Vulnerable to Database Dump

eToro Vulnerable to Database Dump

Mar 26, 2012
eToro Vulnerable to Database Dump Security Experts at Zsecure.net discover a serious Vulnerability in eToro, which is a financial trading company based in Cyprus and one of the top ranked Forex Trading Service Provider Worldwide. It provides personal online financial services in forex, commodities and stock indices through its own electronic trading platform. eToro is primarily a platform and a software provider; it is not itself a financial broker. Rather, it connects its customers with third party brokerage services provided by various brokers. About the Vulnerability zSecure team has detected detected an active vulnerability in eToro's web-portal which allows the complete access to their database and even the complete database can be dumped/downloaded. Since the company is handling the portfolio thousands of trader's keeping their database vulnerable to outside attack is a shame on the part of the company which is said to carrying millions of value of transactions every...
Oxford University launches Cyber Security Centre

Oxford University launches Cyber Security Centre

Mar 26, 2012
Oxford University launches Cyber Security Centre Cyber crime is not going away. As the world becomes ever more interconnected and dependent on networks, laptops and personal handheld devices, the opportunities are just too great. The personal information stored on such devices credit card information, drivers’ licenses and Social Security numbers is at high risk and is often targeted by criminals because of the price it can bring on the black market. The Oxford Cyber Security Center is the new home to cutting-edge research designed to tackle the growing threats posed by cyber terrorism and cyber crime, and to safeguard the trustworthiness of electronically-stored information. In addition to being a springboard for new research, is an umbrella for current research activity worth in excess of £5m, supported close involvement of over 12 permanent academic staff, and in excess of 25 research staff, 18 doctoral students. Each year brings its own set of risks and chal...
cyber security

The Systems That Power America Are Under Threat. Is Your ICS/OT Program Ready?

websiteSANS InstituteCritical infrastructure / Webinar
Discover where federal ICS programs are most exposed and what closing the skills gap requires in practice.
cyber security

Inside Device Code Phishing: Live Demos, Real Kits, and What's Next

websitePush SecurityPhishing Attack / Webinar
Device code attacks are up 37x this year, with 18+ kits in the wild. Now available on-demand.
Return of Lulzsec, Dump 170937 accounts from Military Dating Site

Return of Lulzsec, Dump 170937 accounts from Military Dating Site

Mar 26, 2012
Return of Lulzsec , Dump 170937 accounts from Military Dating Site Another Hacking group after Lulzsec , comes with name LulzsecReborn has posted names, usernames, passwords, and emails of 170,937 accounts on MilitarySingles.com on Pastebin as part of the group’s Operation Digiturk. LulzSec was a major ticket item last year as the group hacked a number of high profile Web sites all in the name of the “lulz.” After their so called “50 Day Cruise,” the group broke up and went their separate ways.Hacker claim that, There are emails such as @us.army.mil ; @carney.navy.mil ; @greatlakes.cnet.navy.mil ; @microsoft.com ; etc.. in dump. In response to a query by the Office of Inadequate Security, ESingles, the parent company of MilitarySingles.com, said that there is “ no actual evidence that MilitarySingles.com was hacked and it is possible that the Tweet from Operation Digiturk is simply a false claim. ”. LulzSecReborn hack the site and added his deface page here , (as shown in abo...
Anonymous Attacker Package by Maxpain

Anonymous Attacker Package by Maxpain

Mar 22, 2012
Anonymous Attacker Package by Maxpain " Maxpain " Hacker and Security Developer, Releases two tools in an Package called " Anonymous Attacker Package ". First one is - Anonymous external attack , allows you to execute udp flood web attack, into websites, this tool was made as external of LOIC, the following package contains : #Anonymous External Attack - A console application made in C# that allows you to flood the websites with anonymous style , and sending 4096 packets each second. The program delays some seconds for each packet that it makes, so it flood effectively without lagging your own connections. Cool for DDoS attacks. (213kb file) #Anonymous DNS Extractor - Extracts the dns and ip servers of the following website, Developer included this program, cause in the target ip of AEA - anonymous external attack you need to use an IP. (128kb file) Both of programs are really light and console applications, by giving you the ultimate experience web attack. ...
Free Configuration Check Tool by eEye Digital Security

Free Configuration Check Tool by eEye Digital Security

Mar 22, 2012
Free Configuration Check Tool by eEye Digital Security eEye Digital Security, the industry’s leading innovator of threat management solutions, just released new research, “ Working Toward Configuration Best Practices ” . Findings verify that proper configuration and mitigations remain the most effective way to secure IT infrastructure. The research team at eEye also found that the leading mitigations it recommended in 2011 disabling WebDAV and Microsoft Office document converters - prevented even more vulnerabilities in 2011 than in 2010. In the case of turning off the Office document converters, the percentage increased from eight to 10 percent. Combined, the two tactics mitigate 20 percent of vulnerabilities. To put these relatively simple recommendations into action, IT administrators can download a new, free tool from the eEye researchers. It tests for some of the most highly recommended configuration updates and: • Offers a simple pass/fail and informational status ...
Expert Insights Articles Videos
Cybersecurity Resources