-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cyber Criminals phishing with smart subdomains to earn millions

Cyber Criminals phishing with smart subdomains to earn millions

Dec 06, 2012
Like many other security issues that now affect computer users, there is a growing threat known as phishing". Phishing attacks are perpetrated by criminals who send deceptive emails in order to lure someone into visiting a fraudulent web site or downloading malicious software, expressly for stealing sensitive information such as credit card numbers, account information, passwords, etc. Cyber criminals continue to evolve and refine their attack tactics to evade detection and use techniques that work. Spear phishing emails are on the rise because they work. We have notice many times that Spear Phishing Attacks are really Successful in order to compromise Enterprise Networks and Stealing Data. From last one month I was getting mails from an unknown spoofed email id regrading a paypal warning with subject " Your account has been limited until we hear from you ! " Guess what, even I am not using that email for my Paypal account, from here I just judge that it's...
Apache Tomcat Multiple Critical Vulnerabilities

Apache Tomcat Multiple Critical Vulnerabilities

Dec 05, 2012
Some critical vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service) attack. These vulnerabilities affect Apache Tomcat 6.x and Apache Tomcat 7.x . Apache Tomcat vulnerabilities CVE-2012-4534 Apache Tomcat denial of service CVE-2012-3546 Apache Tomcat Bypass of security constraints CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter According to CVE-2012-4431 , The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request. CVE-2012-4534, DOS includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system. Whereas, CVE-2012-3546 - where malicious users or people can bypass certain security mechanisms of the application. The act...
 New Mac Malware 'Dockster' Found on Dalai Lama site

New Mac Malware 'Dockster' Found on Dalai Lama site

Dec 05, 2012
A new trojan horse app called Dockster is targeting Mac users by exploiting a known Java vulnerability CVE-2012-0507. The trojan is apparently being delivered through a website (gyalwarinpoche.com) dedicated to the Dalai Lama and once installed can collect user keystrokes and other personal information. Mac in Danger ?  Earlier this spring, a Russian security firm discovered a trojan piece of malware which took advantage of a Java vulnerability on many computers, Macs and PCs alike. This trojan, known as “Flashback,” was used to enlist some 600,000 infected computers into a botnet. Malware also provides an interface that allows attackers to download and execute additional malware. Dockster has been found to use the same exploit code as the previous SabPab virus to gain access through a backdoor. Dockster is also said to launch an agent called mac.dockset.deman, which restarts each time a user logs in to their Mac. Dockster is only the latest Mac-bas...
cyber security

Take the AI Sprawl CISO Survey. Get fast track to BlackHat swag

websiteRecoAI Security / SaaS Security
Answer questions on AI sprawl. First access to the peer benchmark report.
cyber security

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders

websiteZscalerAI Security / Network Security
VPN Risk Report reveals attackers using AI to move at machine speed, leaving legacy VPNs exposed.
Why you should try to join some of the underground hacker forums that are out there

Why you should try to join some of the underground hacker forums that are out there

Dec 05, 2012
Even if you are considered to be a white hat hacker, you are always still walking a fine line between being a bad guy and a good guy in many people eyes. There are a lot of people out there who believe that there should be no hacking at all being done and everyone who does it should be considered a criminal. Of course that is a very small myopic view of how being a white hat hacker really works but there is always going to be an element of that kind of thought out there. There are just a lot of people out there who believe that if you ban hacking outright that it will never be done. And that is simply just not true and is a pure fantasy. But if you really want to be a good and effective white hat hacker, then there are some elements about the other side that you should really get to know. If you want to be able to beat your enemies then you should be able to figure out how they operate. It is not enough for you to be able to take a look at their attacks and try to study their patterns...
New U.S. drone hacked by IRAN ? Reality or propaganda?

New U.S. drone hacked by IRAN ? Reality or propaganda?

Dec 05, 2012
It's known, drones are privileged vehicles for reconnaissance and attacks, technology has achieved level of excellence and their use is largely diffused, that's why defense companies are providing new solution to make them increasingly effective. But the incredible amount of technological components could be itself a point of weakness, last year in fact an U.S. stealthy RQ-170 Sentinel drone was captured by Iranian military near the city of Kashmar. The vehicle was used in reconnaissance mission, it took off from near Afghanistan, exactly from Kandahar airfield. In this hours government of Teheran has announced to have captured a new drone, Iran’s Islamic Revolution Guards Corps (IRGC) Navy Commander Rear Admiral Ali Fadavi reported that on Dec. 5th Iranian defense has captured a Scan Eagle drone that violated the fly zone over the Persian Gulf, around Kharg Island, in southern Iran. The zone is a strategic area, the place provides a sea port for the export o...
iPhone Instagram users vulnerable to hackers

iPhone Instagram users vulnerable to hackers

Dec 03, 2012
Instagram - Facebook’s popular photo sharing app for iOS, is currently has a vulnerability that could make your account susceptible to hackers. A security researcher Carlos Reventlov  published on Friday another attack on Facebook's Instagram photo-sharing service that could allow a hacker to seize control of a victim's account. " The Instagram app communicates with the Instagram API via HTTP and HTTPs connections. Highly sensitive activities, such as login and editing profile data, are sent through a secure channel. However, some other request are sent through plain HTTP without a signature, those request could be exploited by an attacker connected to the same LAN of the victim’s iPhone. " Vulnerability Details --   The vulnerability is in the 3.1.2 version of Instagram's application, which is  susceptible to “eavesdropping and man in the middle attacks that could lead an evil user to delete photos and download private media without the victim’s con...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources