The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Twitter continues to implement new security features. But really, who thinks social media will ever be unhackable? The official twitter account of Saudi Aramco , the world's biggest oil producer hacked by hacker with name ' Mister Rero '. The background on Saudi Aramco's official Twitter page and the name has been changed by hacker. So far, no tweets posted by hacker. Last year in August about 30,000 workstations inside internal computer networks of Saudi Aramco was infected by a virus. Last month Burger King's and Jeep's official Twitter accounts was compromised.

While the rest of the world engaged in cyber security conferences and Anonymous operations, an Indian patriotic hacker used the time to attack Unofficial Pakistan Intelligence agency ISI. Hacker going by name " Godzilla " today claimed to hack into one of the server belongs to ISI website ( https://isi.org.pk ) and claimed steal possible information from website database. According to the information shared by hacker with ' The Hacker News ', he claims to have access to Remote Desktop Protocol (RDP) of the server located at 173.193.110.72. He disclose that System installed with Windows 2008 server standard edition and having three derives i.e C,D,E with operating system in C and Hostname ' AHCORP ' He also claimed to hack into MSSQL server containing 3 databases, with 9 users and located at https://mssql.isi.org.pk, as shown in screenshot taken by him. Some partial tables of the database ' msdb ' as listed below: bakupfile bakup...

Chinese search engine Baidu has just launched a security product called Baidu Antivirus 2013 . Described as a ultra light weight, easy to use, extremely fast anti-virus program that promises to protect your system from malware, viruses, spyware, adware and other malicious programs. Most interesting thing is that Baidu Antivirus comes only in English. Back in January, Baidu launched Baidu PC Faster, a software suite designed to fix speed and performance issues. The program combines the Baidu Antivirus Engine and Baidu Cloud Security Engine with the Avira Antivirus engine to provide you with complete protection against all online threats. " Baidu Antivirus offers an easy to use interface with several advanced configuration options as well as quarantine of infected files. It also has an extremely small memory footprint, so you can actually do other things while it is running on your computer. Other features include automatic updates, Host Intrusion Prevention System (HIPS), sc...

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk.  A gap in access control in Microsoft Entra's subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them.  All the guest user needs are the permissions to create subscriptions in their home tenant, and an invitation as a guest user into an external tenant. Once inside, the guest user can create subscriptions in their home tenant, transfer them into the external tenant, and retain full ownership rights. This stealthy privilege escalation tactic allows a guest user to gain a privileged foothold in an environment where they should only have limited access. Many organizations treat guest accounts as low-risk based on their temporary, limited access, but this behavior, which works as designed, opens the door to known attack paths and lateral movement within the resource t...

iOS was in the news lately for a series of security mishaps, but this time android back in scene. A security flaw discovered by Terence Eden on the Galaxy Note II with Android 4.1.2 that allows hackers to briefly bypass the phone's lock screen without needing a password. By hitting " emergency call " then " emergency contacts " then holding the home button, the main home screen becomes visible for around a second just enough time to load an app, before reverting back to the lock screen. Not all apps will open in this manner, a demo video shows that Google Play does not respond. Reportedly, Eden contacted Samsung roughly five days ago but has yet to hear back. He said that he has not tested any other Samsung devices to see if they are also affected. The flaw appears to be similar to a screen lock vulnerability in newer Apple devices, including the iPhone 5. Steps to follow: Lock the device with a "secure" pattern, PIN...

Old habits seem to die hard for a hacker, a cyber criminal who masterminded a £15 million fraud was allowed to join a prison IT class and hacked into the jail's computer system. Nicholas Webber , serving five years in prison for running an internet crime forum Ghost Market , Which allowed those interested in creating computer viruses, partaking of stolen IDs and enjoying private credit card data to congregate. Webber had been arrested for using fraudulent credit card details to pay for a penthouse suite at the Hilton Hotel in Park Lane, Central London. The incident occurred back in 2011, but it only came to light recently " At the time of this incident in 2011 the educational computer system at HMP Isis was a closed network. No access to personal information or wider access to the internet or other prison systems would have been possible, " A spokesman fοr prison tοƖԁ the Daily Mail reported . His IT teacher, Michael Fox ,who was employed by Kensing...

A series of websites defacement has been conducted between Philippines and Malaysia over the dispute in the land of Sabah. Hackers claiming to be part of Anonymous group from Malaysian and Filipino and attacking websites of each other. It was believed that the first online attacks were made by Malaysians and defaced the government-owned site of the municipality Moal Boal, Cebu, hours after a skirmish erupted between police and Sulu gunmen on Friday. Meanwhile the online shop of Philippine mobile services provider Globe Telecom was defaced by hackers claiming to be from the " MALAYSIA Cyb3r 4rmy ". A series of websites defacement has been conducted between Philippines and Malaysia over the dispute in the land of Sabah #security — The Hacker News™ (@TheHackersNews) March 2, 2013 On other side  Philippine Cyber Army hackers claiming to have attacked 175 Malaysia-based sites," Greetings Malaysia! Greetings Government! Stop attacking over our cyberspace...