The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

DDoS attacks are a growing issue facing by governments and businesses. In a recent attack, thousands of legitimate WordPress websites have been hijacked by hackers, without the need for them to be compromised. Instead, the attackers took advantage of an existing WordPress vulnerability ( CVE-2013-0235 ) - " Pingback Denial of Service possibility ". According to security company Sucuri , in a recent amplification attack more than 162,000 legitimate Wordpress sites were abused to launch a large-scale distributed denial-of-service (DDoS) attack . The attack exploited an issue with the XML-RPC (XML remote procedure call) of the WordPress, use to provide services such as Pingbacks, trackbacks, which allows anyone to initiate a request from WordPress to an arbitrary site. The functionality should be used to generate cross references between blogs, but it can easily be used for a single machine to originate millions of requests from multiple locations....

Adobe has released security updates to address important vulnerabilities in Adobe Flash Player 12.0.0.70 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.341 and earlier versions for Linux. The new build intends to address following vulnerabilities in Adobe Flash Player: CVE-2014-0503 ,  reported by security researcher, ' Masato Kinugawa ', that lets   attackers bypass the same-origin policy. Attackers can exploit this issue to access resources from another origin in the context of another domain. This can facilitate cross-site request-forgery attacks. CVE-2014-0504 , reported by ' Jordan Milne ',   that could be used to read the contents of the clipboard(). The Clipboard can be used to store data, such as text and images, but flaw could allow hacker to stuff malware URLs onto your clipboard. Adobe Security Bulletin APSB14-08 tagged the updates with  Priority 2 , ' This update resolves vulnerabilitie...

Since mobile has become a basic need for every common as well as important figure now a days. So, every company is highly working to find more effective ways to protect sensitive data of their users and in the race, Vodafone lead the game. In collaboration with its security partner Giesecke & Devrient ( G&D ) which is an international leader in mobile security solutions, Vodafone is offering an end-to-end encryption for mobile communication based on the phone SIM card. Secure Data such as emails, documents, data carriers, and VPN connections will be signed and encrypted by the SIM in such a way that they are unreadable to unauthorized third parties assuring your security and privacy. SIM users have to encrypt the data by simply using a PIN and a digital signature, and the same is needed in order to decrypt the communication. " The solution uses the widespread S/MIME encryption program for email exchanges, and in the future, encryption via PGP will also be...

Facebook has several security measures to protect users' account, such as a user " access token " is granted to the Facebook application (like  Candy Crush Saga, Lexulous Word Game ), when the user authorizes it, it provides temporary and secure access to Facebook APIs. To make this possible, users have to ' allow or accep t' the application request so that an app can access your account information with the required permissions. The Access Token stores information about permissions that have been granted as well as information about when the token will expire and which app generated it. Approved Facebook apps can publish or delete content on your behalf using the access tokens, rather than your Facebook password. Access tokens are pretty sensitive, because anyone who knows the access token of a user can access the user's data and can perform any actions on behalf of the user, till the token is valid. In Past years, Many Security Researchers ...

Last week, The Foreign Intelligence Surveillance Court (FISA) ruled the National Security Agency (NSA) to do not keep Internet and phone metadata gathered through bulk surveillance programs longer than five years and destroy them. Judge Reggie Walton said, keeping records for more than 5 years " would further infringe on the privacy interests of United States persons whose telephone records were acquired in vast numbers and retained by the government ," Later, The Electronic Frontier Foundation, an Internet privacy and civil liberties group asked the Court to temporarily hold the destroy orders, saying the records may be used as an evidence in its lawsuits challenging the NSA surveillance . U.S. District Judge Jeffrey White, who is overseeing an invasion-of-privacy lawsuit against the National Security Agency (NSA), ruled to stop the destruction of millions of Telephone records collected by the National Security Agency's surveillance program and ruled to safeguard th...

The Whistleblower and Former National Security Agency (NSA) contractor Edward Snowden raised his voice and talked about citizen's privacy once again. Yes, Snowden, whose leaks last year triggered debate on the massive surveillance conducted by the Government worldwide. In an interview, speaking via Google Hangout at the South by Southwest Interactive conference, SXSW in Austin, Snowden said he has no regrets over his leaks about mass surveillance programs , despite now being unable to return to the US, where he faces a criminal indictment. He said, " Every society has benefited " from the disclosures. " Would I do this again? The answer is absolutely yes. Regardless of what happens to me, this is something we had a right to know. " Two BAD-Geeks:  Snowden criticized both Alexander and Michael Hayden, who were his predecessor as the NSA director, and the same two officials who mainly " harmed our Internet security and actually our national security ...