The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The UK High Court has ordered  BSkyB , BT , Virgin Media and three other UK broadband providers to block access to three music and movie file-sharing websites  Kickass Torrents , H33T and Fenopy. Judge Richard Arnold said   that t hese websites  infringed 10 music companies copyrights on an industrial scale. He  granted an order to 10 record labels including EMI, Sony and Universal against six UK internet service providers requiring them to take measures to block or at least impede access by their customers to these three file-sharing websites. " The orders are necessary and appropriate to protect the intellectual property rights of the claimants and other copyright owners. "  Judge said.  The ISPs have been given 15 working days to block access to the sites.  Each ISP will decide how to warn customers and subsequently attempt to curb alleged illegal file sharing activity. Verizon decided to send a series of warni...

The Australian Broadcasting Corporation (ABC) is investigating data breach after Lateline interviewed Dutch anti-Islam politician Geert Wilders. A hacker going by the handle " Phr0zenMyst " has claimed to have hacked a web site associated with the ABC television program Making Australia Happy, leaking the details of its users online. The files contain the personal email addresses, locations and genders of almost 50,000 of registered users of ABC websites, including encrypted versions of their login passwords. The data was posted in 10 separate pastebin's which can be accessed online.  There were some indications on social media sites that the attack was in retaliation for some of the ABC's recent editorial decisions. The hacker, believed to be associated with the online activist group Anonymous, wrote on Twitter, " ABC hacked for giving a platform to Geert Wilders to spread hatred #OpWilders - database leaked! " " This breach originated ...

Today social media are spreading a shocking news, authors of Stuxnet virus that hit Iranian nuclear program in 2010 according a new research proposed by Symantec security company started in 2005 and contrary to successive instance of the malware he was designed to manipulate the nuclear facility's gas valves. The attacker strategy was to destroy the nuclear plant causing an explosion due the sabotage of gas valves, hackers purpose was physical destruction of the targets, due this reason the press and security community labeled Stuxnet as first cyber weapon of the history.  Francis deSouza, Symantec's president of products and services, during an interview with Bloomberg revealed that the version detected was a sort of beta version of the final weapon and that in the period between 2005 and 2009 the authors were testing its capabilities. " It looks like now the weapon tried a few things before it hit on what would actually work ,"' " It is clear that this has been a ...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

Duo Security found a loophole in Google's authentication system that allowed them to Google's two factor authentication and gain full control over a user's Gmail account by abusing the unique passwords used to connect individual applications to Google accounts. Duo Security itself a two-factor authentication provider and the flaw is located in the auto-login mechanism implemented in Chrome in the latest versions of Android, that allowed them to use an ASP to gain access to a Google account's recovery and 2-step verification settings.  Auto-login allowed users who linked their mobile devices or Chromebooks to their Google accounts to automatically access all Google-related pages over the Web without ever seeing another login page. " Generally, once you turn on 2-step verification, Google asks you to create a separate Application-Specific Password for each application you use (hence "Application-Specific") that doesn't support logins using 2-step verif...

After a series of security issues, it appears that Apple still has not been able to resolve all the issue in iOS . Last week, Apple rolled out its iOS 6.1.2 update to owners of the iPhone, iPad and iPod touch in an effort to fixing the 3G connectivity and an Exchange calendar bugs. Hackers found an iOS 6 bug two weeks ago that allowed thieves into your phone, but only the Phone app and the features contained within could be accessed. Just after that, recently another screen lock bypass vulnerability  reported  in iOS 6.1 by Vulnerability Lab . This vulnerability allows users to bypass the lock screen pass code and access the phones photos and contacts. Researchers say the vulnerable device can be plugged into a computer via USB and access data like voice mails, pictures, contacts, etc.  This particular vulnerability was shared in detail over in a YouTube video for the masses, you can see the video tutorial as shown below: Steps to Follow: ...

A Polish security firm ' Security Explorations' reported two new Java zero-day vulnerabilities , as " issue 54 " and "issue 55 ," with proof of concept code to Oracle. Oracle's security team is currently investigating the issue, but the status flaws not yet confirmed by Oracle. Less than a week after Oracle released its latest Java critical patch update, Researcher and Security Explorations's CEO Adam Gowdiak  have found two previously unknown security issues affecting Java 7. Security experts generally advise users to disable the Java browser plugin, which was exploited in recent targeted attacks on developers at Facebook , Apple and Microsoft. Java has faced an increasing number of zero-day vulnerabilities, bugs that are exploited by criminals before those flaws are patched, or even known by the vendor. Gowdiak confirmed that these newest vulnerabilities can be combined to circumvent Java's anti-exploit sandbox technology and used to attack...