#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Avira Vulnerability Puts Users' Online Backup Data At Risk

Avira Vulnerability Puts Users' Online Backup Data At Risk

Sep 20, 2014
A popular Anti-virus software Avira that provides free security software to its customers with Secure Backup service is vulnerable to a critical web application vulnerability that could allow an attacker to take over users' account, putting millions of its users' account at risk. Avira is very popular for their free security software that comes with its own real-time protection module against malware and a secure backup service. Avira was considered to be the sixth largest antivirus vendor in 2012 with over 100 million customers worldwide. A 16 year-old security researcher ' Mazen Gamal ' from Egypt told The Hacker News that Avira Website is vulnerable to CSRF (Cross-site request forgery) vulnerability that allows him to hijack users' accounts and access to their online secure cloud backup files. CSRF VULNERABILITY TO  ACCOUNT TAKEOVER Cross-Site Request Forgery (CSRF or XSRF) is a method of attacking a Web site in which an intruder masquerades as a legitim...
How to Detect SQL Injection Attacks

How to Detect SQL Injection Attacks

Sep 19, 2014
SQL Injection (SQLi) attacks have been around for over a decade. You might wonder why they are still so prevalent. The main reason is that they still work on quite a few web application targets. In fact, according to Veracode's 2014 State of Security Software Report , SQL injection vulnerabilities still plague 32% of all web applications. One of the big reasons is the attractiveness of the target – the database typically contains the interesting and valuable data for the web application. A SQLi attack involves inserting a malformed SQL query into an application via client-side input. The attack perverts the intentions of web programmers who write queries and provide input methods that can be exploited. There is a reason they're on the OWASP Top 10 . Termed " injection flaws ", they can strike not only SQL, but operating systems and LDAP can fall prey to SQLi. They involve sending untrusted data to the interpreter as a part of the query. The attack tricks the interpreter into ...
'The Home Depot' Data Breach Put 56 Million Payment Cards at Risk

'The Home Depot' Data Breach Put 56 Million Payment Cards at Risk

Sep 19, 2014
Home Depot , the nation's largest home improvement retailer, announced on Thursday that a total of 56 million unique payment cards were likely compromised in a data breach at its stores, suggesting that the data breach on Home improvement chain was larger than the Target data breach that occurred last year during Christmas holidays. The data theft occurred between April and September at Home Depot stores in both the United States and Canada, but the confirmation comes less than a week after the retailer first disclosed the possibility of a breach. " We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges, " Home Depot CEO Frank Blake said in a statement. " From the time this investigation began, our guiding principle has been to put our customers first, and we will continue to do so. " It is believe that the cybercriminals successfully compromised the...
cyber security

Master SaaS AI Risk: Your Complete Governance Playbook

websiteReco AIArtificial Intelligence / SaaS Security
95% use AI, but is it secure? Master SaaS AI governance with standards-aligned frameworks.
Watch This Webinar to Uncover Hidden Flaws in Login, AI, and Digital Trust — and Fix Them

Designing Identity for Trust at Scale—With Privacy, AI, and Seamless Logins in Mind

Jul 24, 2025
Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...
Chinese Hackers Hacked Into U.S. Defense Contractors 20 Times In Just One Year

Chinese Hackers Hacked Into U.S. Defense Contractors 20 Times In Just One Year

Sep 18, 2014
Chinese hackers associated with the Chinese government have successfully infiltrated the computer systems of U.S. defense contractors working with the government agency responsible for the transportation of military troops and goods across the globe, a Senate investigators have found. The Senate Armed Services Committee has been investigating the issue for the past year and found that the U.S. Military's Transportation Command (TRANSCOM) has been infiltrated at least 20 times in a single year, out of which only two were detected. This is probably the most serious allegation yet against China. The successful intrusions attributed to an "advanced persistent threat," a term used to designate sophisticated threats commonly associated with governments. All of those intrusions were attributed to China, the report stated. The investigation was conducted in the 12 months period from June 2012 to June 2013 based on information provided by the Federal Bureau of Investigat...
Adobe Releases Critical Security Updates for Acrobat and Reader

Adobe Releases Critical Security Updates for Acrobat and Reader

Sep 18, 2014
After a week delay, Adobe has finally pushed out critical security updates for its frequently-attacked Reader and Acrobat PDF software packages to patch serious vulnerabilities that could lead to computers being compromised. The new versions of Adobe Reader and Acrobat released Tuesday for both Windows and Macintosh computers address eight vulnerabilities, five of which could allow for remote code execution . The remaining three vulnerabilities involve a sandbox bypass vulnerability that can be exploited to escalate an attacker's privileges on Windows, a denial-of-service (DoS) vulnerability related to memory corruption, and a cross-site scripting (XSS) flaw that only affects the programs on the Mac platform. According to Adobe's advisory , applying the patches will involve a system restart. The affected versions are: Adobe Reader XI (11.0.08) and earlier 11.x versions for Windows Adobe Reader XI (11.0.07) and earlier 11.x versions for Macintosh Adobe Reade...
Apple Rolls Out iOS 8 with Bucket of Security Fixes

Apple Rolls Out iOS 8 with Bucket of Security Fixes

Sep 18, 2014
Apple has finally released iOS 8 , the latest version of its operating system, for free to iPhone, iPad and iPod touch users. The company has assured that the latest iOS 8 update is a significant step away up from iOS 7. You can grab the new update through an over-the-air update accessible by going to Settings > General > Software Update . If you don't want to download the update wirelessly due to a limited or restricted data plan, you can also download the update by connecting your phone to the latest version of iTunes . iOS 8 was first revealed publicly at the Apple's Worldwide Developer Conference (WWDC) in June, showing off an improved Notification Centre. Apart from the security patches, iOS 8 has a number of new features and functions tied to your location. Additionally, it has new privacy settings, which allow users to limit how long data is stored for, such as message expiry features and new private browsing settings. VULNERABILITIES PATCHED A ...
Expert Insights Articles Videos
Cybersecurity Resources
//]]>