The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The waves of celebrities photos have not yet stopped completely, and a new privacy threat has emerged exposing tens of thousands of private photographs and videos of innocent users are circulating over the Internet. The personal image that are believed to be sent through Snapchat — the ephemeral messaging service that allows users to send pictures that should disappear after a few seconds — has been floating on the image based 4chan's notorious /b/ board since last night. The incident was result of a security breach in an unofficial third-party app for Snapchat. Earlier this week, an anonymous 4chan user claimed to have obtained images on Snapchat and then the user warned of releasing thousands of videos and images sent using Snapchat soon in an event dubbed ' The Snappening '. Previously, It was believed that the official SnapChat mobile app or its servers had been hacked by the hackers, and the third-party Snapchat client app has been collecting every photo and ...

Payment services provider PayPal is vulnerable to an authentication restriction bypass vulnerability , which could allow an attacker to bypass a filter or restriction of the online-service to get unauthorized access to a blocked users ' PayPal account. The security vulnerability actually resides in the mobile API authentication procedure of the PayPal online-service , which doesn't check for the blocked and restricted PayPal accounts. HOW THE VULNERABILITY WORKS In case if a PayPal user enters a wrong username or password combination several times in an effort to access the account, then for the security reasons, PayPal will restrict the user from opening or accessing his/her account on a computer until the answers to a number of security questions is provided. However, if the same user, at the same time switches to a mobile device and tries accessing the temporarily closed PayPal account with the right credentials via an official PayPal mobile app client through t...

If you are a retro games lover and want to play it on your iPhone, a security loop in iOS 8 makes it possible for you to play classic SNES games on your iPhone, without the need to jailbreak your Apple devices. Since Apple doesn't allow emulators on the App Store for copyright reasons, making it difficult to install third-party emulators and other unapproved applications. But, the latest upcoming beta version iOS 8.1 patched the famous " Date Trick " that had allowed iOS emulator makers to bypass App Store restrictions and run unofficial emulators on iPhones and iPads. The loophole called the " Date Trick ," found by Dario Sepulveda of the GBA4iOS team , is currently being used in the wild by the makers of emulators like GBA4iOS and SNES emulator since last year, allowing iOS users to downloaded and installed unapproved apps through the built-in Safari browser. Technically, by changing the device's date and time back at least two months on...

Yahoo! Contributors Network ( contributor.yahoo.com ), the network of authors that generated the contents such as photographs, videos, articles and their knowledge to more than 600 million monthly visitors, was vulnerable to a Time based Blind SQL Injection vulnerability. Behrouz Sadeghipour, a security researcher reported the Blind SQLi vulnerability in Yahoo! 's website that could be exploited by hackers to steal users' and authors' database, containing their personal information. Behrouz reported this flaw to Yahoo! Security team few months back. The team responded positively and within a month they patched the vulnerability successfully. Unfortunately after that Yahoo! announced to shut down ' Yahoo Contributors Network ' due to its decreasing popularity and removed all the contents from the web, except some of the "work for hire" content may remain on the web. The critical vulnerability was able to expose the database which carried sensitive and personal inform...

On Tuesday, Indian and Pakistani army forces continued to exchange fire along the Line of Control (LoC) in Jammu and Kashmir, which was started when Pakistan's military fired machine guns and mortars at about 60 Indian army posts during last week. Tensions between the two countries have intensified since Bilawal Bhutto Zardari, the only son of former Pakistani President Asif Ali Zardari and former Prime Minister Benazir Bhutto, made a statement that his Pakistan People's Party (PPP) would take back entire Kashmir from India. However, the Indian political party described his statement as " childish " and " irresponsible ." Different reactions came from different people out there from India for the chairman of Pakistan People's Party and Central Executive Committee Bilawal Bhutto, but Hackers have their own way of expressing their part. Here Bilawal Bhutto said that he would not leave an inch of Kashmir with India, and there an Indian Hacker defac...

Money is always a perfect motivation for cyber criminals who tries different tricks to solely target users with card skimmers that steal debit card numbers, but now the criminals are using specialized malware that targets ATM (Automated Teller Machine) systems to withdraw cash even without the need of a card. The new backdoor program, dubbed as " Tyupkin ," requires physical access to the ATM system running 32-bit Windows platforms and booting it off of a CD in order to install the malware. According to the researchers, the threat has continued to evolve in recent months, infecting ATMs in Asia, Europe, and Latin America. There are no details relating to the criminal gang behind the attacks, but they have already stolen "millions of dollars" from ATMs worldwide using the sophisticated malware, security firms Kaspersky and Interpol, who are working together in an attempt to foil the criminal gang, said in a joint statement released on Tuesday. " Over t...