The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

This afternoon I just got a ping from one of my Friend that Oracle website compromised. Its hard to believe that ORACLE can be compromised ? So lets explore that what going on: Oracle.com , Website Oracle Corporation ,  ( an American multinational computer technology corporation that specializes in developing and marketing computer hardware systems and enterprise software products – particularly database management systems ) homepage showing just " HELLO WORLD " text on page. I tried to open it via mobile, it redirect me to mobile version at  Oracle.mobi , Yes its working fine as normal. Then we start moving on Twitter to find out whats going on, Lots of people tweeting about this and everyone seems to be confused that IS IT A HACK ? or the site is Under Maintenance ? Okay, Next I move to ORACLE twitter accounts @Oracle @OracleDatabase to find out either they have tweeted about this Strange update or ...

Do your ever use YouTube Instant Search engine (a really fast way to search YouTube) ? That was developed by a 21 years old developer name - Feross Aboukhadijeh in 2012. Chad Hurley, CEO and co-founder of YouTube, was so impressed that he immediately offered him a job at YouTube. He a web developer, designer, computer security researcher. Recently he has developed an attack concept that exploits the fullscreen application programming interface in HTML5 in order to carry out advance phishing attacks. The HTML5 "Fullscreen API" allow web developers to display web contents in full-screen mode, that is, filling-up the display screen completely. Fullscreen API is perhaps known for its spoofing potential, leading to major browser vendors canvassing for the implementation of an overlay to notify users when full-screen is activated. Feross demonstrated how the Fullscreen API can aid phishing attack portals appear rather innocuous to the end users, by utilizing t...

Windows 8 is the first operating system from Microsoft to support alternative non-biometric authentication mechanisms such as Picture Password and PIN. A vulnerability discovered by a password security vendor - " Passcape " in Microsoft’s Windows 8 operating system that it saves a log on password in plain text and allows any user with admin rights to see the password details. In September, though, some drawbacks of the new authentication method were reported by Passcape Software. The picture password had seemed invulnerable, because whoever tries to guess it must know how and what parts of the image to choose, and in addition, the gesture sequence. However, security experts from Passcape discovered that such a unique password is based on a regular account. A user should first create a regular password-based account and then optionally switch to the picture password or PIN authentication. Notably, the original plain-text password to the account is still stored in ...

ICS-CERT - Industrial Control Systems Cyber Emergency Response Team has released the Advisory titled ICS-ALERT-12-284-01 - Sinapsi eSolar Light Multiple Vulnerabilities . They Report about report multiple vulnerabilities with proof-of-concept (PoC) exploit code that affecting the Sinapsi eSolar Light Photovoltaic System Monitor which is a supervisory control and data acquisition (SCADA) monitoring product. The US Department of Homeland Security is warning about vulnerabilities in a common SCADA (supervisory control and data acquisition) package that is used to remotely monitor and manage solar energy-generating power plants. The eSolar Light Photovoltaic System Monitor is a SCADA product that allows solar power stations to simultaneously monitor different components of photovoltaic arrays, such as photovoltaic inverters, energy meters, gauges The disclosure was made by Roberto Paleari and Ivan Speziale, who described the vulnerable system as being the Schneider ...

Last week, Mozilla announced it will prompt Firefox users on Windows with old versions of Adobe Reader, Adobe Flash, and Microsoft Silverlight, but refused to detail how the system will work. Finally today  Firefox 17 is now in beta and with it is a very cool feature, click-to-play plugins. When a user lands on a site that requires the use of a plugin, say Adobe Flash, if the version running in the user's browser is on the list of known vulnerable applications, Mozilla will disable it and show the user a message saying that she needs to update the plugin. " By combining the safety of the blocklist with the flexibility of click-to-play, we now have an even more effective method of dealing with vulnerable or out-of-date plugins. " Mozilla wrote on blog. Mozilla is still working on implementing the controls, which would allow you to block all plugins by default and then pick where you want them to run. As already mentioned, this feature will be enabled by ...

AndroidPolice reports that Google is actively working on a built-in malware scanner for the Play Store. A new version of the Play Store app has been released and it is starting to roll out to Android owners. Google Play Store 3.9.16 includes the ability to remove apps from the All Apps list.  There is a module called " App Check " that will allow Google to inspect every app you've already downloaded, and a doorman-style app blocker that will warn you if an app is suspicious. Devices without Google Play installed (and there are plenty, especially in Asia and China) still won’t be protected. Google's Bouncer was a server-side Play Store malware cop, but this sounds like a new, client-side initiative, possibly the result of their recent acquisition of VirusTotal . In the past we've seen fake versions of Instagram, Angry Birds and many more popular Android apps distributed via non-official channels with the intention of infecting Android phones and tab...