The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Windows 7 64 bit Memory Corruption Vulnerability A person known by the alias of " w3bd3vil " on twitter released an HTML snippet that will cause the 64 bit version of Windows 7 to blue screen if viewed under Safari. The underlying vulnerability is however not a flaw in Safari but rather a flaw in the Windows kernel mode device driver, win32k.sys. " A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large "height" attribute viewed using the Apple Safari browser. Successful exploitation may allow execution of arbitrary code with kernel-mode privileges ," the Secunia advisory said. The possibility that the vulnerability can be exploited by using means other than Safari cannot be ruled out....

Bypass SOPA (Stop Online Piracy Act) DNS Blocking with DeSopa 1.1 A developer who calls himself T Rizk doesn't have much faith in Congress making the right decision on anti-piracy legislation, so he's built a work around for the impending censorship measures being considered  DeSOPA . The Firefox add-on is stunningly simple as the Stop Online Piracy Act (SOPA) would block specific domain names (e.g. www.thepiratebay.com ) of allegedly infringing sites. Firefox, which already boasts an outspoken stance against SOPA, and has already shown they are willing to stand by add-on developers who create circumvention extensions designed to go around measures currently employed by Homeland Security, has welcomed a new add-on, one that is designed to circumvent whatever SOPA website blacklists that are created, provided the bills become law. A new anti-SOPA add-on for Firefox, titled " DeSopa " is such a counter measure.When installed, users can click a single button to resolve a blo...

Apple Crash Reports Help Hackers to create a jailbreak exploit iPhone " jailbreaking " has been a hot topic since Apple released its smartphone more than two years ago. According to the Latest report posted by BBC  that Thousands of iPhone owners have joined forces with a team of hackers to help them find new ways to jailbreak Apple's phone software & Jailbreakers use Apple crash reports to unlock iPhones. You may be wondering and hearing alot on " What Is Jailbreaking an Iphone? How do you do that? " Jailbreaking is basically modifying the iPhone's firmware so that you can get access to the internals of its operating system and install a whole slew of third-party applications on your iPhone that are not otherwise available through official channels.Jailbreaking your iPhone in and of itself doesn't normally make much difference in your operation of it, but it does allow you to install other third-party applications that are not blessed by Apple. A collective of ...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

An Iranian engineer working on the captured US drone has said that Iran exploited a weakness in the craft's navigation system to hijack it. The aircraft was downed through a relatively unsophisticated cyber-attack that tricked its global positioning systems (GPS). The technique, known as " GPS spoofing " has been around for several years, and the Iranians began studying it in 2007, the engineer reportedly said. The U.S. Department of Energy notes that GPS is widely used, but insecure, although few users have taken note. GPS signals for the U.S. military are similarly insecure, and drones often rely on signals from multiple satellites. It's possible to spoof unencrypted civilian GPS systems. But military GPS receivers, such as the one likely installed on the missing drone, use the encrypted P(Y)-code to communicate with satellites. " With spoofing, an adversary provides fake GPS signals. This convinces the GPS receiver that it is located in the wrong place and/or ...

1.8 Million Accounts Hacked from Square Enix Japanese Game Company Square Enix stated yesterday that somebody " may have gained unauthorized access to a particular Square Enix server " and took its members service offline in both Japan and the U.S. Today, the company clarified that 1.8 million customer's accounts had been affected. The company said it noticed that unknown parties had accessed the server for its free " Square Enix Members " site on Tuesday afternoon, and decided to shut down the service the same day. Users register on the server with their email addresses and sometimes their names, addresses and phone numbers, but the server holds no credit card information, a spokesman said. The intruder breached an unknown number of servers that could hold data for the service's one million members in Japan and 800,000 members in North America, but left untouched the servers with its 300,000 European members. In May, Square Enix said it suffered hackin...

Key infrastructure systems of 3 US cities Under Attack By Hackers BBC News Reported that the Federal Bureau of Investigation (FBI) announced recently that key infrastructure systems of three US cities had been accessed by hackers. Such systems commonly known as Supervisory Control and Data Acquisition (SCADA) are increasingly being targeted by hackers. At a recent cybersecurity conference, Michael Welch, deputy assistant director of the FBI's cyber division, said " hackers had accessed crucial water and power services.The hackers could theoretically have dumped sewage into a lake or shut off the power to a shopping mall ." " We just had a circumstance where we had three cities, one of them a major city within the US, where you had several hackers that had made their way into SCADA systems within the city ," Welch told delegates at the Flemings Cyber Security conference." Essentially it was an ego trip for the hacker because he had control of that city's system and h...

Denial of Service Attack Vulnerability in  Windows Phone 7.5 Microsoft's range of Windows Phones suffer from a denial-of-service attack bug that allows attackers to reboot the device and disable the messaging functionality on a device. A malicious SMS sent to a Windows Phone 7.5 device will force it to reboot and lock down the messaging hub . WinRumors reader Khaled Salameh discovered the flaw and reported it to us on Monday. WinRumors said tests revealed that the flaw affected a variety of devices running different builds of the mobile operating system. A Facebook chat message and Windows Live Messenger message will also trigger the bug. Video Demonstration Both Apple and Google have suffered from SMS bugs with their iOS and Android devices. Security researcher Charlie Miller discovered a flaw in the iOS 3.0 software that allowed attackers complete control over an iPhone at the time. Android-based phones also suffered in the SMS attack, but attackers could only knock a phone ...