The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

ModSecurity is an open source web application firewall. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. ModSecurity developers team recently fixed a vulnerability ( CVE-2013-2765 ) which could be exploited by attackers to crash the firewall . The vulnerability is caused due to an error when processing the " forceRequestBodyVariable " action and can be exploited to cause a NULL pointer dereference via specially crafted HTTP requests.  Flaw was reported by Younes Jaaidi, according to him an attacker can exploit this issue using a web browser. He also released an Exploit for this flaw, which is publicly available at  Github  for download. Through the program to upgrade to version 2.7.4 fixes this problem, this version also fixes some minor bug and lib injection used to identify SQL injection attacks, while the development team also announced its portable version of N...

If you're making a lot of money and you want to keep records of your transactions, then using PayPal 's Reporting system you can effectively measure and manage your business. Nir Goldshlager , founder of Breaksec and Security Researcher reported  critical flaws in Paypal Reporting system that allowed him to steal private data of any PayPal account. Exploiting the  vulnerabilities  he discovered, allowed him to access the financial information of any PayPal user including victim's shipping address Email addresses, Phone Number, Item name, Item Amount, Full name, Transaction ID, Invoice ID,  Transaction, Subject, Account ID, Paypal Reference ID etc. He found that PayPal is using the Actuate Iportal Application (a third party app) to display customer reports, so Nir downloaded the trial version of this app for testing purpose from its official website. After going deeply through the source code of trial version, Nir located a file named get...

A computer hacker linked to the group known as Anonymous and LulzSec  pleaded guilty on Tuesday to breaking into Stratfor , a global intelligence company.  Hammond, 28, was arrested last March and charged with hacking into the computers of Stratfor. Jeremy Hammond and other members of AntiSec , stole confidential information, defaced websites and temporarily put some victims out of business. Authorities say their crimes affected more than 1 million people. Hammond was charged under the controversial 1984 Computer Fraud and Abuse Act, the same law used to charge the late Aaron Swartz and other cyber-activists. The plea agreement could carry a sentence of as much as 10 years in prison, as well as millions of dollars in restitution payments, though Hammond's official sentence won't be handed down until September. Beyond Stratfor, Hammond took responsibility for eight other hacks, all of which involved either law enforcement, intelligence firms or defense c...

According to report published by for the Defense Department and government and defense industry officials, Chinese hackers have gained access to the designs of many of the nation's most sensitive advanced weapons systems. The compromised U.S. designs included those for combat aircraft and ships, as well as missile defenses vital for Europe, Asia and the Gulf, including the advanced Patriot missile system, the Navy's Aegis ballistic missile defense systems, the F/A-18 fighter jet, the V-22 Osprey, the Black Hawk helicopter and the F-35 Joint Strike Fighter. The report comes a month before President Obama meets with visiting Chinese President Xi Jinping in California. The report did not specify the extent or time of the cyber-thefts, but the espionage would give China knowledge that could be exploited in a conflict, such as the ability to knock out communications and corrupting data. For the first time, the Pentagon specifically named the Chinese government a...

In the constant battle between illegal file sharers (Pirates) and the entertainment industry (Hollywood) supplying the protected digital materials, the pirates have been staying one step ahead, although the industry may soon have a powerful new weapon in their arsenal. A new report released by the Commission on the Theft of American Intellectual Property suggests the use of malware to fight piracy. In a report, the Commission on the Theft of American Intellectual Property proposed many ways piracy can be combated, including infecting alleged violators' computers with malware that can wreck havoc, including and up to destroying the user's computer. It would also give the entertainment industry the advantage of tracking those who commit IP theft on-line no matter their location. Though it sounds reasonable on the surface, it is really a bad idea due to the challenge of correctly identifying a cyber attacker, as well as the unavoidable risk of collateral damage. If you want to read ...

When coders and online security researchers find errors in websites or software, the companies behind the programs will often pay out a bounty to the person who discovered the issue. The programs are intended to create an incentive for researchers to privately report issues and allow vendors to release fixes before hackers take advantage of flaws. A 17-year-old German student says he found a security flaw in PayPal's website but was denied a reward because he's too young. On PayPal's website, the company lists the terms for rewarding people who find bugs, but mentions nothing about the age of the discoverer.  The details of the vulnerability, i.e cross-site scripting flaw (XSS), is posted on Full Disclosure section. In Past we have seen that many times PayPal tried to cheat with new security researchers by replying various reasons on reporting bugs i.e "already reported by someone else", "domain / sub-domain is not under bounty program", ...