The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A particular class of attacks commonly referred to as “code insertion” and often “ Cross-Site Scripting ” has become increasingly popular. Yesterday we reported about Cross site scripting bug Paypal and Apple . Hacker from Inj3ct0r Team reported a XSS Cross site scripting Vulnerability on MSN.com website. Vulnerability exist of a subdomain of MSN at http://news.de.msn.com/. Details posted in an advisory . Cross site scripting occurs when a web application gathers malicious data from a user. Hackers said that, " The goal is to close the capabilities gap between the cyber-criminals and white hats, by enabling defenders to perform more comprehensive testing of their defenses ." According to report, this XSS is working perfectly with Internet Explorer and Opera web browser, Proof of Concept URL's are posted in advisory and Image as shown.

It looks like Skype has another big hole in their security. According to reports, a security hole makes Skype accounts vulnerable to hijacking. The security hole allows unauthorized users with knowledge of your Skype-connected email address to change the password on your Skype account, thus gaining control of it. The hijack is triggered by signing up for a new Skype account using the email address of another registered user. No access to the victim's inbox is required one just simply needs to know the address. Creating an account this way generates a warning that the email address is already associated with another user, but crucially the voice-chat website does not prevent the opening of the new account. Then hacker just have to ask for a password reset token , which Skype app will send automatically to your email, this allows a third party to redeem it and claim ownership of your original username and thus account. The issue was reportedly documented on Russ...

This morning I received the news of new attacks against Adobe, an Egyptian Hacker named ViruS_HimA hacked into Adobe servers and leaked private data. The hacker claims to have violated Adobe servers gaining full access and dumping the entire database with more of 150,000 emails and hashed passwords of Adobe employees and customers/partner of the firm such as US Military, USAF, Google, Nasa DHL and many other companies. The leaked file contains a list of for each account the following information: Firstname Lastname Title Phone Email Company Username Password hash The hacker declare that his intent was far from to destroy the business of the company, that's why he posted data leaked related only to Adobe, and belonging the domains "*.mil" and ".gov". Which is the motivation of the attack? The attack hasn't a politic motivation, ViruS_HimA desire to demonstrate that despite Adobe is one of the most important company in IT l...

Bug Bounty program, where white hat hackers and researchers hunt for serious security vulnerabilities and disclosing them only to the vendor for a patch , In return vendors rewards them with money. Various famous websites like Facebook , Google , Paypal , Mozilla, Barracuda Networks and more other giving away bug bounties in thousands of Dollars to hackers for finding vulnerabilities. Most common vulnerabilities reported maximum time on various sites is Cross site scripting and each month hackers submit lots of such vulnerabilities to companies. In case  your report is duplicate, i.e. Someone else before you submit the same vulnerability - company will reject you from the bug bounty program. But there is no proof or an open Panel where hacker can verify that is someone already reported for same bug before or not. If company reply you - " The bug was already discovered by another researcher" , can you do anything  even af...

A 16 years old Spanish Whitehat hacker going by name " The Pr0ph3t " found XSS Vulnerability on Apple website. The Vulnerability reported in Apple subdomain -  https://locate.apple.com , where users can choose a service center location. About Cross site scripting : Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. The malicious script can access any cookies, session tokens, or other sensitive information retained by your browser. This vulnerability may be used by attackers to bypass access controls such as the same origin policy. After capturing HTTP headers, hacker found that there is a parameter called "location" which is actually not filtered for malicious inputs. Hacker. For proof of concept , he inject a JavaScript code - as shown in image.  Vulnerability existence verified by The Hacker News team and its st...

Kosova Warriors Group deface a subdomain (http://events.nawaat.org/) of Nawaat Portal.. Its an independent collective blog hosted by Tunisians. It gives a voice to all those who, through their civic engagement, take the cover and spread. Our editorial decisions are guided by among other concerns that affect the lives of our countrymen and our fellow man. It seems that hacker is able to hack into the server and have control over two subdomains. After talking with hacker, we came to know that there is one more panel open for hackers at http://facebook.nawaat.org/ , where by default anyone is logging as admin user id. Zone-h Records of defacement are : http://www.zone-h.org/mirror/id/18587592 http://www.zone-h.org/mirror/id/18587594

3 Days ago " English Defence League " was hacked and Defaced by " ZCompany Hacking Crew ". Today same hacking crew expose a list of 25 people who give Donations to EDL. Leaked information include Donator's Names, addresses and Email addresses, posted in a note . Hackers said," If you donate to EDL and your name is not in the list, you should not breathe a sigh of relief ZHC will find you and expose you one day. " I talk with hackers to know the reason of exposing the donator list, and reply was - " We will expose every person who support racist organisations like EDL " Last Friday defaced page read, " Fuck Zionist Jews! – Boycot israel! – Fuck the American Government! - Fuck fascist Organizations like EDL " On the time writing this article, website of " English Defence League " (http://www.englishdefenceleague.org/) is giving " 403 Forbidden " and Hackers told 'The Hacker News' that...