The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Sentencing for former LulzSec leader Hector Xavier Monsegur , better known as " Sabu " , has again been delayed. Monsegur pleaded guilty to a dozen criminal counts two years prior and stands to face more a maximum sentence of more than 124 years. Another Lulzsec Hacker Jeremy Hammond has claimed that the FBI used Sabu to coordinate attacks against foreign governments, by  Anonymous hackers and Others. The delays indicate that the FBI is not extracting information from Monsegur and this could mean that the hacker may be helping FBI with other covert operations as Jeremy Hammond claims. Jeremy Hammond, released a statement on Thursday accusing the US government of asking Monsegur to encourage fellow hacktivists to infiltrate foreign government entities. " What many do not know is that Sabu was also used by his handlers to facilitate the hacking of the targets of the government's choosing including numerous websites belonging to foreign governments" ,...

During the weekend China's Internet was taken down by a powerful distributed denial of service (DDoS) attack on the .cn domain slowed and blocked Internet access inaccessibility for hours. Security expert clarified that China could have been perpetrated by sophisticated hackers or by a single individual. The China Internet Network Information Center [ CINIC ] reported that the attack began at 02:00 local time on Sunday with a peek at 04:00 that made it the largest DDoS attack the country's networks have ever faced. The CCINIC is responsible for registering sites in the .cn domain. Before malicious coders can launch a DDoS attack, they must infect the computers of unsuspecting users, often by tricking people into installing malware on their computers. The China Internet Network Information Center confirmed the attack with an official statement informing internet users that it is gradually restoring web services and that will operate to improve the sec...

Google has local domains for almost every country in the world. Just now some hackers from Palestine hacked into Google's Palestine domain ( https://google.ps/ ) and defaced it The message appearing on the defaced page says, " uncle google we say hi from Palestine to remember you that the country in google map not called Israel. Its called Palestine # Question : what would happen if we changed the country title of Isreal to Palestine in google maps !!! It would be a revolution .. So Listen to rihanna and be cool :P " The most likely scenario is that Google itself hasn't been breached. Instead, it appears as the hacker forwarded/ redirected the DNS to a new page. The virtual names of the hackers behind the hack are ," Cold z3ro - Haml3t - Sas - Dr@g " from Palestine. Currently, the website is defaced while writing this update. Reported by The Hacker News reader 'Hanamichi Kurotsuchi'.

Security researcher Dan Melamed has found a serious Pinterest Exploit that exposed user's information of over 70 Million accounts. The security researcher Dan Melamed has found a Critical Pinterest Exploit that compromised the privacy of over 70 Million Users, the flaw allows hackers to view the email address of any user on Pinterest. Pinterest is a very popular social media, over 70 million users including high profile figures and brands that ordinary use it, such a flaw could have a serious impact on their privacy. Dan has found the way to access to the information belonging to the owner of the Access token, as the researcher has shown it is possible to display them visiting the following URL. https://api.pinterest.com/v3/users/me/?access_token= MTQzMTYwMjozNTcxOTE5NTE2MDQyNjcxNzc6MnwxMzc3MDY4ODMyOjAtLTE2 ZWJjNDg4NzYxYTFmZWIwZmU0ODcxYzc3ZWUyN2E2YTdhOWNlN2I= Substituting the " /me/ " part of the link with the username of another Pinterest user it...

The cyber Security Analyst  ' Ebrahim Hegazy ' (@Zigoo0) Consultant at Q-CERT has found an " Unvalidated Redirection Vulnerability " in the website of the giant security solutions vendor "Kaspersky". Ebrahim, who found a SQL Injection in " Avira " website last month, this time he found a Unvalidated Redirection Vulnerability that could be exploited for various purposes such as: Cloned websites ( Phishing pages) It could also be used by Black Hats for Malware spreading In the specific case what is very striking is that the link usable for the attacks is originated by a security firm like Kaspersky with serious consequences. Would you trust a link from your security vendor? Absolutely Yes! But imagine your security vendor is asking you to download a malware! To explain how dangerous the situation is when your security vendor is vulnerable, Ebrahim Hegazy sent me a video explaining the malware spreading scenario to simulate...

The Palestinian hacker ' Khalil Shreateh ', who broke into the Mark Zuckerberg's Facebook Timeline  to expose a security lapse will be awarded nearly $12,000 but not from Facebook, it will come from an online crowdsourced campaign. The hacker initially used Facebook's whitehat disclosure program, a service that rewards bug hunters for reporting vulnerabilities, to inform the company about the issue. Facebook refused to pay him for finding the bug since he used it to post on Mark Zuckerberg's wall, because Facebook had ignored his earlier warnings. The exploit allows users to post to other Facebook user's timeline while they are not in friend list. Marc Maiffret, CTO of BeyondTrust, has kicked off a crowd-sourced funding to come up with a reward for Khalil Shreateh, and the results have already been impressive. ' Khalil Shreateh found a vulnerability in Facebook.com and, due to miscommunication , was not awarded a bounty for his work,'...