The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Many a time we deal with those strange words and phrases that ask us to type them back in plaintext while signing up for an account. Yes, those increasingly annoying CAPTCHAs !!, which are both time-consuming and sometimes very difficult to read. If you really are tired of these distorted series of characters then there is a good news for you. For the convenience of people, Google has re-introduced a new CAPTCHA system with full makeover called reCAPTCHA , in order to make it easy for users who squint their eyes and make errors while typing. This new CAPTCHA-like system will allow people into websites with only a single click. CAPTCHA actually stands for " Completely Automated Public Turing test to tell Computers and Humans Apart " which is used by online services and websites only to verify that you're not a robot and restricts various automated programs to sign-up Email accounts, cracking passwords , spam sending, privacy violation etc. However, now we'l...

The eBay owned popular digital payment and money transfer service, PayPal has been found to be vulnerable to a critical web application vulnerability that could allow an attacker to take control over users' PayPal account with just a click , affecting more than 156 millions PayPal users. An Egyptian security researcher, Yasser H. Ali has discovered  three critical vulnerabilities in PayPal website including CSRF , Auth token bypass and Resetting the security question, which could be used by cybercriminals in the targeted attacks. Cross-Site Request Forgery ( CSRF or XSRF) is a method of attacking a website in which an attacker need to convince the victim to click on a specially crafted HTML exploit page that will make a request to the vulnerable website on their behalf. Mr.Yasser demonstrated the vulnerability step-by-step in the Proof-of-Concept (PoC) video using a single exploit that combines all the three vulnerabilities. According to the demo, using ...

What a horrible start the holiday season in U.S. Over Thanksgiving weekend, Sony Pictures Entertainment suffered a massive data breach as "Guardians of Peace" hacked-into Sony Pictures' computer system that brought the studio's network to a screeching halt. Following the hack, hackers leaked five unreleased Sony movies to Torrent file-sharing website during Black Friday. It's still not clear whether both the incident back to back with Sony Pictures belongs to same group of hackers or not, but here's what you need to know about the breach: 1. FBI MALWARE WARNING AFTER SONY PICTURES HACK The U.S. Federal Bureau of Investigation (FBI) warned businesses that cyber criminals have used malicious software to launch destructive cyber-attacks in the United States, following the last week's massive data breach at Sony Pictures Entertainment, in which four unreleased films were stolen and pirate-shared. In a five-page confidential 'flash...

A Vulnerability has been discovered in the wildly popular messaging app WhatsApp , which allows anyone to remotely crash WhatsApp just by sending a specially crafted message, two security researchers reported ' The Hacker News '. Two India based independent security researchers, Indrajeet Bhuyan and Saurav Kar, both 17-year old teenagers demonstrated the WhatsApp Message Handler vulnerability to one of our security analyst. In a video demonstration, they showed that how a 2000 words (2kb in size) message in special character set can crash Whatsapp messenger app. Previous it was discovered that sending a huge message ( greater than 7mb in size) on Whatsapp could crash victim device and app immediately, but using this new exploit attacker only need to send a very small size (approx 2kb) message to the victim. The worried impact of the vulnerability is that the user who received the specially crafted message will have to delete his/her whole conversation and start a fresh ...

Following the last week's massive hack attack on Sony Pictures' network by a group calling themselves "#GOP," or Guardians of Peace , high-quality versions of several of the studio's newest films have hit piracy websites. It seems like matters for Sony Pictures is getting worse with time. Sony Pictures Entertainment has reportedly begun investigating links to North Korea of the possible cyberattack occurred last week that made the studio's internal email systems offline, which was still offline at the time of writing. Now its five movie screeners – Annie , Fury , Still Alice , Mr. Turner and To Write Love on Her Arms – have made their way onto torrent file-sharing websites, though it has not been confirmed that the leak of all the films came from the same breach. "Still Alice" starring Julianne Moore, Alec Baldwin – US release date: Jan 16, 2015 "Mr Turner" starring Timothy Spall. – US release date: Dec 19, 2014 "Ann...

The popular ride-sharing service Uber has been hit by various controversies lately, but now the things gone even worse for the company when a security researcher made a worrying discovery this week and claims, " Uber's app is literally malware. " The ride-hailing company is in disputes of handling privacy of its customers data. A Phoenix-based security researcher Joe Giron found that a surprising amount of users' data is being collected by the company's mobile application for Android. Researcher, who runs a cyber security firm in Arizona , just reverse-engineered the code of Uber's Android application and come to the conclusion that it is a malware. He discovered that the app " calls home " and sends data back to the company. But this excessive amount of access to users' data is not the sort of app data a taxi company should have access to in the first place. It really seems strange and unnecessary to collect. " Christ man! Why the hell woul...