-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Yahoo Voice hacked, 400,000 yahoo passwords leaked

Yahoo Voice hacked, 400,000 yahoo passwords leaked

Jul 12, 2012
A list of over 450,000 email addresses and plain-text passwords, in a document marked " Owned and Exposed " apparently from users of a Yahoo! service, is in circulation on the internet. The affected accounts appeared to belong to a voice-over-Internet-protocol, or VOIP, service called Yahoo Voices, which runs on Yahoo’s instant messenger. The Voices service is powered by Jajah, a VOIP platform that was bought by Telefonica Europe BV in 2010. The dump, posted on a public website by a hacking collective known as D33Ds Company , said it penetrated the Yahoo subdomain using what's known as a union-based SQL injection. By injecting powerful database commands into them, attackers can trick back-end servers into dumping huge amounts of sensitive information. Since all the accounts are in plain-text, anyone with an account present in the leak which also has the same password on other sites (e-mail, Facebook, Twitter, etc), should assume that someone has accessed their accoun...
Indian Officials Get Training from Hackers who cracked CERN's IT system

Indian Officials Get Training from Hackers who cracked CERN's IT system

Jul 11, 2012
Two Argentina-based cyber security experts -   Chris Russo  and Fernando Viacanel , who claimed to have cracked the security code of IT systems involved in the discovery of 'God Particle', today conducted training sessions for Indian government officials. Both the hackers are partners of IT security firm E2 Labs and their company in arrangement with industry chamber Assocham has plans to conduct series of technology exchange programmes on cyber security. Russo said that three times he has been able to find vulnerability in IT system of European Organisation for Nuclear Research (CERN) that has been involved in discovery of 'God Particle' or Higgs Boson. Programme was attended by officials from Cabinet secretariat, National Technical Research Organisation, Airforce, C-DAC, Income Tax Department, Assam's AMTRON along with representatives from private sector entities, Aircel and Cisco. "Talents required to be cyber security experts are mostly available in peo...
Millions of Passwords leaked from Social Site Formspring

Millions of Passwords leaked from Social Site Formspring

Jul 11, 2012
Formspring, a social Q&A website popular with teenagers,this week disabled its users' passwords after discovering a security breach. Formspring founder and CEO Ade Olonoh apologized to users for the inconvenience, and advised them to change their passwords when they log back into Formspring. A blog entry posted by Formspring's CEO and founder Ade Olonoh explains that the passwords of all 28 million users have been disabled and the company was notified that 420,000 password hashes that seem to belong to its users have been posted to a security forum, and immediately began an internal investigation. Usernames and other identifying information were not posted with the passwords, but Formspring found that someone had broken into one of its development servers and stolen data from a production database. Encrypted passwords aren't immediately useable, although they can sometimes be decoded by a savvy attacker. Formspring launched in 2009 as a crowd-powered question-and-a...
cyber security

The Systems That Power America Are Under Threat. Is Your ICS/OT Program Ready?

websiteSANS InstituteCritical infrastructure / Webinar
Discover where federal ICS programs are most exposed and what closing the skills gap requires in practice.
cyber security

Inside Device Code Phishing: Live Demos, Real Kits, and What's Next

websitePush SecurityPhishing Attack / Webinar
Device code attacks are up 37x this year, with 18+ kits in the wild. Now available on-demand.
Plesk Zero Day Exploit in the Wild, Thousands of sites got Hacked

Plesk Zero Day Exploit in the Wild, Thousands of sites got Hacked

Jul 10, 2012
Sucuri Malware Labs notify that some zero-day exploits are available to Hackers which are being used to Hack into Parallels’ Plesk Panel (Port Number 8443). These attacks was keep on raising from last few months as you can see in the Graph: At least 4000 new websites were infected each day, Sucuri malware researcher Daniel Cid. On other News Portals , there was a news recently that Some 50,000 websites have been compromised as part of a sustained iframe injection attack campaign. Security analyst found that, The majority of the sites being targeted are running Plesk Panel version 10.4.4 or older versions. Brian Krebs on his blog report that Hackers in the criminal underground are selling an exploit that extracts the master password needed to control Parallels’ Plesk Panel. This zero-day exploit for Plesk is being sold on the black market for around $8,000 per purchase. Many of the queries probed for web hosting software Plesk, a finding backed by the Sans Interne...
Anonymous Hackers Help WikiLeaks to get Syria Files

Anonymous Hackers Help WikiLeaks to get Syria Files

Jul 10, 2012
Just after WikiLeaks began releasing the data from the Syria Files, Anonymous hacktivists claimed responsibility for accessing the information and passing it on to the whistleblower organization. Anonymous supplies WikiLeaks with over two million e-mails from Syrian political figures, ministries and companies. According to Report, Anonymous Syria, Antisec and Peoples Liberation Front breached domains and servers in Syria since February, downloaded data over weeks and handed them to WikiLeaks. In February, the hacker team had "worked day and night" to create a massive breach of multiple domains and dozens of servers inside Syria, the statement claimed. In its intro to the e-mail cache, WikiLeaks indicated that they came from 678,000 individual e-mail addresses and 680 domains, including ones belonging to Syria’s Ministries of Presidential Affairs, Foreign Affairs, Finance, Information, Transport and Culture. At least 400,000 of the e-mails are in Arabic and 68,000 are in ...
4XP Critical SQL Injection Vulnerability Exposed

4XP Critical SQL Injection Vulnerability Exposed

Jul 10, 2012
zSecure team has recently discovered a critical SQL Injection Vulnerability in the web portal of 4XP, a leading online forex broker having more than 1 lakh customer base. Financial transactions are carried on the broker's paltform on daily basis including but not limited to Credit Card Transactions. The critical vulnerability allows to get complete access to brokers database which can be misused to access their customers confidential information including their login id's, passwords, home address, email-id's, mobile no's, credit card details etc. This critical vulnerbility could prove devastating to the company if they doesn't fix it asap. Below are the details about the company & discovered vulnerability.   About the Company 4XP is an online forex broker that specializes in providing an all-inclusive trading package backed by a caring and devoted support team. 4XP was founded by a group of retail-ended entrepreneurs and capital market dealers sharing a vis...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources