The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

If you are a retro games lover and want to play it on your iPhone, a security loop in iOS 8 makes it possible for you to play classic SNES games on your iPhone, without the need to jailbreak your Apple devices. Since Apple doesn’t allow emulators on the App Store for copyright reasons, making it difficult to install third-party emulators and other unapproved applications. But, the latest upcoming beta version iOS 8.1 patched the famous " Date Trick " that had allowed iOS emulator makers to bypass App Store restrictions and run unofficial emulators on iPhones and iPads. The loophole called the " Date Trick ," found by Dario Sepulveda of the GBA4iOS team , is currently being used in the wild by the makers of emulators like GBA4iOS and SNES emulator since last year, allowing iOS users to downloaded and installed unapproved apps through the built-in Safari browser. Technically, by changing the device's date and time back at least two months on...

Yahoo! Contributors Network ( contributor.yahoo.com ), the network of authors that generated the contents such as photographs, videos, articles and their knowledge to more than 600 million monthly visitors, was vulnerable to a Time based Blind SQL Injection vulnerability. Behrouz Sadeghipour, a security researcher reported the Blind SQLi vulnerability in Yahoo! ’s website that could be exploited by hackers to steal users’ and authors’ database, containing their personal information. Behrouz reported this flaw to Yahoo! Security team few months back. The team responded positively and within a month they patched the vulnerability successfully. Unfortunately after that Yahoo! announced to shut down ‘ Yahoo Contributors Network ’ due to its decreasing popularity and removed all the contents from the web, except some of the “work for hire” content may remain on the web. The critical vulnerability was able to expose the database which carried sensitive and personal inform...

On Tuesday, Indian and Pakistani army forces continued to exchange fire along the Line of Control (LoC) in Jammu and Kashmir, which was started when Pakistan’s military fired machine guns and mortars at about 60 Indian army posts during last week. Tensions between the two countries have intensified since Bilawal Bhutto Zardari, the only son of former Pakistani President Asif Ali Zardari and former Prime Minister Benazir Bhutto, made a statement that his Pakistan People's Party (PPP) would take back entire Kashmir from India. However, the Indian political party described his statement as " childish " and " irresponsible ." Different reactions came from different people out there from India for the chairman of Pakistan People’s Party and Central Executive Committee Bilawal Bhutto, but Hackers have their own way of expressing their part. Here Bilawal Bhutto said that he would not leave an inch of Kashmir with India, and there an Indian Hacker defac...

Money is always a perfect motivation for cyber criminals who tries different tricks to solely target users with card skimmers that steal debit card numbers, but now the criminals are using specialized malware that targets ATM (Automated Teller Machine) systems to withdraw cash even without the need of a card. The new backdoor program, dubbed as “ Tyupkin ,” requires physical access to the ATM system running 32-bit Windows platforms and booting it off of a CD in order to install the malware. According to the researchers, the threat has continued to evolve in recent months, infecting ATMs in Asia, Europe, and Latin America. There are no details relating to the criminal gang behind the attacks, but they have already stolen "millions of dollars" from ATMs worldwide using the sophisticated malware, security firms Kaspersky and Interpol, who are working together in an attempt to foil the criminal gang, said in a joint statement released on Tuesday. " Over t...

The leaks of celebrity photos continue, revealing their first male victim in the fourth wave. As a result of the Fappening 4, Nick Hogan, the son of Hulk Hogan, became the first celebrity male to fall victim to the leaked private photos. The first three 'celebs photos leaks' usually include images of female celebrities, such as Jennifer Lawrence, Ariana Grande, Scarlett Johansson, Kim Kardashian, Kate Upton, Selena Gomez, Cara Delevingne, and others. The latest celebrity leaks include photos of Nick Hogan's private life. In this leak, Winona Ryder, 90210 star AnnaLynne McCord, Victoria's Secret model Erin Heatherton, singer Ingrid Michaelson, and a bunch of other stars have their selfies shared widely on social networks. According to several news outlets, this latest wave of celebrity undressed photographs is part of the "Fappening" controversy that started on Thursday. However, Reddit and 4Chan simply forced the forum to be closed and denied access in res...

A critical zero-day vulnerability discovered in Mozilla’s popular Bugzilla bug-tracking software used by hundreds of prominent software organizations, both private and open-source, could expose sensitive information and vulnerabilities of the software projects to the hackers. The critical flaw allows an attacker to bypass email verification part when registering a new Bugzilla account, which clearly means that an attacker can register accounts using any email addresses of their choice without the need to access the actual inbox for validation purposes. VALIDATION BYPASS AND PRIVILEGE ESCALATION BUG Security firm Check Point Software Technologies disclosed the flaw ( CVE-2014-1572 ) on Monday and said that it’s the first time when a privilege-escalation vulnerability has been found in the Bugzilla project since 2002. The Mozilla foundation has also confirmed that this particular bug exists in all versions of Bugzilla going back to version 2.23.3 from 2006. An analysis...

A newly discovered zombie network that exclusively targets Apple computers running Mac OS X across the globe has compromised roughly 17,000 machines so far, giving hackers backdoor access to infected computers, researchers at Russian antivirus firm Dr.Web warned. According to a survey of traffic conducted in September by researchers at Dr. Web, over 17,000 Macs globally are part of the Mac.BackDoor.iWorm botnet , which creates a backdoor on machines running OS X. Researchers say almost a quarter of iWorm botnet are located in the US. The most interesting thing to notice about this botnet is that it uses a special method of spreading via a search service of Reddit posts to a Minecraft server list subreddit to collect the IP addresses for its command and control (CnC) network. The user who had posted that subreddit data has now been shut down though the malware creators are likely to form another server list. " It is worth mentioning that in order to acquire a control server add...