The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Hacker News (THN), the widely-read cybersecurity news source for hackers and technologists, is celebrating its 7th Anniversary today. This is a huge milestone for THN and our team, but this day really belongs to you—our readers. Without you, we would not be here, and we appreciate you for reading, commenting, and sharing our content every day. 7-years ago today we started this website with an aim to provide a dedicated platform to deliver latest cybersecurity news and threat updates for everyone, including students, enthusiasts, technologists, security researchers and hackers as well. Times flies when you are having fun! "Over 6,700 Posts, 33,500 Comments And 293 Million Pageviews" We have always admitted that we do not cover everything, never did, never could, we just cover things that are important to our readers and impact a broader audience. So this is the actual difference between The Hacker News and a full-fledged media outlet. Since November 1, 20...

Last month the popular torrent website The Pirate Bay caused some uproar by adding a Javascript-based cryptocurrency miner to its site with no opt-out option, utilizing visitors' CPU power to mine Monero coins in an attempt to gain an extra source of revenue. Now D-Link has been caught doing the same, although there's high chance that its website has been hacked. D-Link's official website for Middle East (www.dlinkmea.com) has been found secretly adding a JavaScript-based cryptocurrency miner, according to a blog post published by security firm Seekurity on Tuesday. Seekurity team was made aware of the issue after Facebook user Ahmed Samir reported that visiting on D-Link Middle East website caused his web browser utilizing a "super high CPU" power usage. As shown in the screenshot below, a separate domain was loaded using a hidden iFrame for each page view, which included the cryptocurrency mining script. Five days after Seekurity team reported th...

Ever since the launch of Windows 10, Microsoft has been heavily pushing its Edge browser, claiming it to be the best web browser over its competitors like Mozilla Firefox, Opera and Google Chrome in terms of speed and battery performance. However, Microsoft must admit that most users make use of Edge or Internet Explorer only to download Chrome, which is by far the world's most popular internet browser. Something hilarious happened recently during a live demonstration when a Microsoft engineer caught on a video switching from Edge to Chrome after the default Windows 10 browser stopped responding in the middle of the presentation. That is really embarrassing. The incident happened in the middle of a Microsoft Ignite conference, where the Microsoft presenter Michael Leworthy was demonstrating how to one can migrate their applications and data to Microsoft Azure cloud service. See what happens in the video below: However, Leworthy was forced to pause his Azure presenta...

Do you know? Thousands of websites use HTML5 Canvas —a method supported by all major browsers that allow websites to dynamically draw graphics on web pages—to track and potentially identify users across the websites by secretly fingerprinting their web browsers. Over three years ago, the concern surrounding browser fingerprinting was highlighted by computer security experts from Princeton University and KU Leuven University in Belgium. In 2014, the researchers demonstrated how browser's native Canvas element can be used to draw unique images to assign each user's device a number (a fingerprint) that uniquely identifies them. These fingerprints are then used to detect when that specific user visits affiliated websites and create a profile of the user's web browsing habits, which is then shared among advertising partners for targeted advertisements. Since then many third-party plugins and add-ons (ex. Canvas Defender ) emerged online to help users identify and block ...

A highly critical vulnerability has been discovered in Oracle's enterprise identity management system that can be easily exploited by remote, unauthenticated attackers to take full control over the affected systems. The critical vulnerability tracked as CVE-2017-10151, has been assigned the highest CVSS score of 10 and is easy to exploit without any user interaction, Oracle said in its advisory  published Monday without revealing many details about the issue. The vulnerability affects Oracle Identity Manager (OIM) component of Oracle Fusion Middleware—an enterprise identity management system that automatically manages users' access privileges within enterprises. The security loophole is due to a "default account" that an unauthenticated attacker over the same network can access via HTTP to compromise Oracle Identity Manager. Oracle has not released complete details of the vulnerability in an effort to prevent exploitation in the wild, but here the "def...

While scrolling on Facebook how you decide which link/article should be clicked or opened? Facebook timeline and Messenger display title, description, thumbnail image and URL of every shared-link, and this information are enough to decide if the content is of your interest or not. Since Facebook is full of spam, clickbait and fake news articles these days, most users do not click every second link served to them. But yes, the possibility of opening an article is much higher when the content of your interest comes from a legitimate and authoritative website, like YouTube or Instagram. However, what if a link shared from a legitimate website lands you into trouble? Even before links shared on Facebook could not be edited, but to stop the spread of misinformation and false news, the social media giant also removed the ability for Pages to edit title, description, thumbnail image of a link in July 2017. However, it turns out that—spammers can spoof URLs of the shared-links t...

Are you a proud iPhone owner? If yes, this could freak you up. Trust me! Your iPhone has a serious privacy concern that allows iOS app developers to take your photographs and record your live video using both front and back camera—all without any notification or your consent. This alarming privacy concern in Apple's mobile operating system was highlighted by an Austrian developer and Google engineer, Felix Krause, who detailed the issue in his blog post published Wednesday. The issue, Krause noted, is in the way Apple's software handles camera access. Apparently, there is a legitimate reason for many apps, such as Facebook, WhatsApp, and Snapchat, to request access to your camera, in an effort to take a photo within the app. So, this permissions system is not a bug or a flaw instead it is a feature, and it works exactly in the way Apple has designed it, but Krause said any malicious app could take advantage of this feature to silently record users activities. iPhon...