The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

When you sign up on Facebook, you have to enter an email address and that email address becomes your primary email address on Facebook. In a recent disclosure by a Security researcher, Stephen Sclafani - The Social Networking site Facebook was  vulnerable to disclosure of primary email address of any Facebook user to hackers and spammers . The flaw resides in the invitation mechanism of Facebook, using which one can invite his all contacts emails to Facebook for making new account. As shown in following screenshot, an invitation received on an email, where one need to click the Signup URL: After clicking that URL, invited user will be redirected to a signup page filled in with the email address and the name of a person who used the link to sign up for an account was displayed: There are two parameters in this URL, i.e "re" and "mid". According to Stephen changing some part of "mid" parameter can expose the email address of another user. http:/...

What if hackers could take an existing legitimate app or update with a valid digital signature, and modify it in order to use it as a malicious Trojan to access everything on your Android phone or tablet? Last week, researchers from Bluebox Security announced that the Android operating system has been vulnerable to hackers for the past four years, allowing them to modify or manipulate any legitimate application and enabling them to transform it into a Trojan programme. The bug hasn't, so far, been spotted being exploited in the wild, but technical details and a proof-of-concept exploit have been published for a recently announced publicly by Pau Oliva Fora, a mobile security engineer at security firm ViaForensics. Jeff Forristal of Bluebox security stated that the security hole as been around since at least Android 1.6, and it could affect all Android devices i.e. around 900 million devices could be affected by hackers. CyanogenMod , a popular open source d...

McAfee Lab researchers issued a report on the large scale cyber attacks against South Korea that appear to be linked to hackers also specialized in cyber espionage . The attackers behind these recent attacks against South Korean infrastructure are skilled professionals and they designed a specialized malware to steal military secrets from the South Korea and US military networks. The cyber espionage campaign dubbed as " Operation Troy ", due the numerous references into the source code analyzed to the city. McAfee said that in 2009, malware was implanted into a social media website used by military personnel in South Korea Ryan Sherstobitoff, a senior threat researcher at McAfee, started the investigation after the malware came into action in an attacks occurred on March 20th, known as the Dark Seoul Incident , in which tens of thousands of hard drives belongs to television networks and banks in South Korea were wiped completely. Versions of the code...

Japanese video game maker Nintendo recently revealed that one of its main fan sites Club Nintendo got hacked and Out of 15.5 million login attempts in brute-force process, almost 24,000 user accounts have been hijacked early last month. Nintendo said it first became aware of the illicit logins on Tuesday evening after a large number of access errors on the site. However the security team believe that the hackers obtained the logins and passwords from an outside resource. The fan site, Club Nintendo, allows 3DS and Wii owners, as well as other fans of Nintendo games and hardware to answer survey questions and register their products. Members can do all this in exchange for "coins" or points. These can later be traded for other goods or services on the site. The site is open to users from all over the world, about four million of which are located in Japan. These accounts contain secure data of users' real names, addresses, phone numbers and email information. " The...

In an interview with Germany's Der Spiegel Magazine, American whistleblower Edward Snowden has Confirmed that Stuxnet Malware was developed by NSA and Israel Together. Stuxnet made international headlines in 2010 for specifically target a uranium enrichment facility in Natanz, Iran. Stuxnet was designed to make the centrifuges spin out of control and cause physical damage to the plant in Natanz. Stuxnet temporarily disabled 1,000 centrifuges that the Iranians were using to enrich uranium. Asked whether the NSA collaborates with Israel, Snowden said: " Yes, all the time. The NSA has a large section for that, called the FAD - Foreign Affairs Directorate. "  " The NSA and Israel wrote Stuxnet together, " Snowden said when asked if the NSA had any involvement in the Stuxnet program. Last year an even more complex computer virus called Flame was discovered and while initially it was not linked to Stuxnet, further investigation by Kaspersky Labs identified a...

Microsoft has announced   Patch Tuesday for this July Month, with seven bulletins. Out of that, one is important kernel privilege escalation flaw and six critical Remote Code Execution vulnerabilities . Patch will address vulnerabilities in Microsoft Windows, .Net Framework, Silverlight and will apply to all versions of Internet Explorer from IE6 on Windows XP to IE10 on Windows 8 . Often targeted by attackers to perform drive-by malware download attacks, remote code execution flaws allow an attacker to crash an application and launch malware payloads often without any sort of notification or interaction form the user. The Windows 8 maker is also patching a kernel vulnerability disclosed at the beginning of June by Google researcher Tavis Ormandy . The issue is to do with Windows kernel's EPATHOBJ::pprFlattenRec function (CVE-2013-3660) and after Ormandy released the exploit code, Metasploit module was developed to exploit the bug. The company is planning to release the updat...

In an interview to be published in this week's of NSA whistleblower Edward Snowden said the US National Security Agency  works closely with Germany and other Western states. The interview was conducted by US cryptography expert Jacob Appelbaum and documentary filmmaker Laura Poitras using encrypted emails shortly before Snowden became known globally for his whistleblowing. Snowden said an NSA department known as the Foreign Affairs Directorate coordinated work with foreign secret services. NSA provides analysis tools for data passing through Germany from regions such as the Middle East. " The partnerships are organized so that authorities in other countries can 'insulate their political leaders from the backlash' if it becomes public 'how grievously they're violating global privacy ,' he said. Germans are particularly sensitive about eavesdropping because of the intrusive surveillance in the communist German Democratic Republic (GDR) a...

US intelligence whistleblower Edward Snowden managed to stay out of sight for two weeks since arriving from Hong Kong on June 23, amid rising hopes he may finally be able to leave Russia after being offered asylum by Venezuela. Many travelers, journalists and Agents are trying to spot him, who are waiting in the interconnected transit area between terminals D, E and F, a maze of corridors, lounges, fast food restaurants and duty free shops of Moscow's Sheremetyevo international airport. Russia already refuses USA request of Snowden extradition, by saying that he is in transit area where passengers stay between flights is neutral territory and he will be on Russian soil only if he goes through passport control. Snowden may have been kept in a secret area, perhaps underground, or moved around from day to day to avoid detection. Venezuela's leftist President Nicolas Maduro offered to grant " humanitarian asylum ". The invitations came as Snowden sent ...