The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Media companies including the New York Times, Twitter and the Huffington Post has been unavailable since Tuesday after the external malicious attack by a group of hackers supporting Syrian President Bashar Assad. For the second time this month, the New York Times' website has gone down. " The New York Times website was unavailable to readers on Tuesday afternoon following an attack on the company's domain name registrar, Melbourne IT ," the Times wrote. In its most recent alleged attack, SEA was apparently able to use what's called a spear phishing attack to gain access to the Australia-based domain registrar for The New York Times website and read: " Hacked by SEA, Your server security is very weak ." It appears the domain name system (DNS) for NYTimes.com was rerouted, but can be found using its numerical Internet Protocol addresses, which is 170.149.168.130. The New York Times website has been restored just now, at least temporarily a ...

Sentencing for former LulzSec leader Hector Xavier Monsegur , better known as " Sabu " , has again been delayed. Monsegur pleaded guilty to a dozen criminal counts two years prior and stands to face more a maximum sentence of more than 124 years. Another Lulzsec Hacker Jeremy Hammond has claimed that the FBI used Sabu to coordinate attacks against foreign governments, by  Anonymous hackers and Others. The delays indicate that the FBI is not extracting information from Monsegur and this could mean that the hacker may be helping FBI with other covert operations as Jeremy Hammond claims. Jeremy Hammond, released a statement on Thursday accusing the US government of asking Monsegur to encourage fellow hacktivists to infiltrate foreign government entities. “ What many do not know is that Sabu was also used by his handlers to facilitate the hacking of the targets of the government’s choosing including numerous websites belonging to foreign governments” ,...

During the weekend China's Internet was taken down by a powerful distributed denial of service (DDoS) attack on the .cn domain slowed and blocked Internet access inaccessibility for hours. Security expert clarified that China could have been perpetrated by sophisticated hackers or by a single individual. The China Internet Network Information Center [ CINIC ] reported that the attack began at 02:00 local time on Sunday with a peek at 04:00 that made it the largest DDoS attack the country’s networks have ever faced. The CCINIC is responsible for registering sites in the .cn domain. Before malicious coders can launch a DDoS attack, they must infect the computers of unsuspecting users, often by tricking people into installing malware on their computers. The China Internet Network Information Center confirmed the attack with an official statement informing internet users that it is gradually restoring web services and that will operate to improve the sec...

Google has local domains for almost every country in the world. Just now some hackers from Palestine hacked into Google's Palestine domain ( http://google.ps/ ) and defaced it The message appearing on the defaced page says, " uncle google we say hi from Palestine to remember you that the country in google map not called Israel. Its called Palestine # Question : what would happen if we changed the country title of Isreal to Palestine in google maps !!! It would be a revolution .. So Listen to rihanna and be cool :P " The most likely scenario is that Google itself hasn’t been breached. Instead, it appears as the hacker forwarded/ redirected the DNS to a new page. The virtual names of the hackers behind the hack are ," Cold z3ro - Haml3t - Sas - Dr@g " from Palestine. Currently, the website is defaced while writing this update. Reported by The Hacker News reader 'Hanamichi Kurotsuchi'.

Security researcher Dan Melamed has found a serious Pinterest Exploit that exposed user's information of over 70 Million accounts. The security researcher Dan Melamed has found a Critical Pinterest Exploit that compromised the privacy of over 70 Million Users, the flaw allows hackers to view the email address of any user on Pinterest. Pinterest is a very popular social media, over 70 million users including high profile figures and brands that ordinary use it, such a flaw could have a serious impact on their privacy. Dan has found the way to access to the information belonging to the owner of the Access token, as the researcher has shown it is possible to display them visiting the following URL. https://api.pinterest.com/v3/users/me/?access_token= MTQzMTYwMjozNTcxOTE5NTE2MDQyNjcxNzc6MnwxMzc3MDY4ODMyOjAtLTE2 ZWJjNDg4NzYxYTFmZWIwZmU0ODcxYzc3ZWUyN2E2YTdhOWNlN2I= Substituting the " /me/ " part of the link with the username of another Pinterest user it...

The cyber Security Analyst  ' Ebrahim Hegazy ' (@Zigoo0) Consultant at Q-CERT has found an " Unvalidated Redirection Vulnerability " in the website of the giant security solutions vendor "Kaspersky". Ebrahim, who found a SQL Injection in " Avira " website last month, this time he found a Unvalidated Redirection Vulnerability that could be exploited for various purposes such as: Cloned websites ( Phishing pages) It could also be used by Black Hats for Malware spreading In the specific case what is very striking is that the link usable for the attacks is originated by a security firm like Kaspersky with serious consequences. Would you trust a link from your security vendor? Absolutely Yes! But imagine your security vendor is asking you to download a malware! To explain how dangerous the situation is when your security vendor is vulnerable, Ebrahim Hegazy sent me a video explaining the malware spreading scenario to simulate...