The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Administration from Debian and Python project official websites confirmed that their WIKI servers were compromised by some unknown hackers recently. Hackers was able to hack because of several vulnerabilities in " moin " package. According to  Brian Curtin at Python Project , Hacker user some unknown remote code exploit on Python Wiki server (https://wiki.python.org/) and was able to get shell access. The shell was restricted to "moin" user permissions, where but no other services were affected. Attacker deleted all files owned by the "moin" user, including all instance data for both the Python and Jython wikis. Python Software Foundation encourages all wiki users to change their password on other sites if the same one is in use elsewhere. For now, Python Wiki is down and team is investigating more about breach. Where as in Debian Wiki (https://wiki.debian.org/) security breach, user use some known vulnerabilities Directory traversal...

Dear Hackers, Warm up your keyboards! Because Facebook open Registration for third Hacker Cup 2013, an annual worldwide programming competition where hackers compete against each other for fame, fortune, glory and a shot at the title of world champion, with $5,000 top prize. The qualification round begins on January 25th. So Participate and enhance your programming competency. The dates have been set for Facebook Hacker Cup 2013 Jan 7 — Jan 27 — Registration Jan 25 — Jan 27 — Online Qualification Round Feb 2 — Online Elimination Round 1 Feb 9 — Online Elimination Round 2 Feb 16 — Online Elimination Round 3 March 22 -23 — Onsite Finals at Facebook Registrations Page -  https://www.facebook.com/hackercup/register This is your chance to compete against the world's best programmers for awesome prizes and the title of World Champion.

A hacker claims to have found a method in the code integrity mechanism in Windows RT, that allow one to bypass security mechanism preventing unauthorized software running on ARM-powered Windows RT tablets. Lets see, How to Run traditional desktop apps on Windows RT in a Hackers  Way! A hacker called ' C. L. Rokr ' explain about the Windows RT exploit on his blog , which requires manipulating a part of Windows RT's system memory that governs whether unsigned apps can run. Windows RT is a special version of Microsoft Windows designed for lightweight PCs and tablets that are based on the ARM architecture, including Microsoft's Surface tablet.  Clrokr said Windows RT inherited a flaw from Windows 8 that makes the workaround possible. " Ironically, a vulnerability in the Windows kernel that has existed for some time and got ported to ARM just like the rest of Windows made this possible, ". Specifically, one needs to inject a blob of ARM code int...

AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can't easily see. These "invisible" non-human identities (NHIs) now outnumber human accounts in most cloud environments, and they have become one of the ripest targets for attackers. Astrix's Field CTO Jonathan Sander put it bluntly in a recent Hacker News webinar : "One dangerous habit we've had for a long time is trusting application logic to act as the guardrails. That doesn't work when your AI agent is powered by LLMs that don't stop and think when they're about to do something wrong. They just do it." Why AI Agents Redefine Identity Risk Autonomy changes everything: An AI agent can chain multiple API calls and modify data without a human in the loop. If the underlying credential is exposed or overprivileged, each addit...

Hacker found a way to hack and change your password like, just he used to change his own password. Confused ? Recently Facebook fix a very critical vulnerability on the tip of ' Sow Ching Shiong ' , an independent vulnerability researcher. Flaw allows anyone to reset the password of any Facebook user without knowing his last password. At Facebook, there is an option for compromised accounts at " https://www.facebook.com/hacked " , where Facebook ask one to change his password for further protection. This compromised account recovery page, will redirect you to another page at " https://www.facebook.com/checkpoint/checkpointme?f=[userid]&r=web_hacked " . Researcher notice that the URL of the page having a parameter called "f" which represents your user ID and replacing the user ID with victim's user ID allow him to get into next page where attacker can reset the password of victim without knowing his last password. The  Vulnera...

Another basic security loop-hole in NASA website lead to a Hack. This time hacker going by name " p0ison-r00t " deface a sub domain of NASA ( https://spaceyourface.nasa.gov/ ). The hacked sub domain running a web application using flash, that allow visitors to create some funny videos of Space using Faces. Hacker able to upload his text on the website, as shown in screenshot taken by ' The Hacker News '. We contact hacker to know more about the hack, on asking How ? Hacker said," I found a form on website, accepting file upload but without validating the extension, that allow me to upload a php shell on server ". Hacker also said that because of low privileges he was not able to modify any file, but was able to upload some text on the website, Check here . Mirror of hack also available on Zone-h .

Polish Researchers have discovered a clever way to send secret messages during a phone call on Skype. We know that, by default skype calls use 256-bit advanced encryption, but researchers find that is not enough. So they find out this new way to communicate messages more secretly by using silence. Mazurczyk, Maciej Karaś and Krzysztof Szczypiorski analysed Skype data traffic during calls and discovered that there is a way in Skype silence, where rather than sending no data between spoken words, Skype sends 70-bit-long data packets instead of the 130-bit ones that carry speech. So by taking advantage of this they hijacks these silence packets and then inject encrypted message data into some of them. The Skype receiver on other end will always simply ignores the secret-message data, but it can be decoded back to receive that secret message. Team decide to present this at Steganography conference  by creating a POC tool called SkypeHide that will be able to hi...