The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Security expert Ebrahim Hegazy , Cyber Security Analyst Consultant at Q-CERT, has found a serious vulnerability in Twitter that allows an attacker to upload files of any extension including PHP. When an application does not validate or improperly validates file types before uploading files to the system, called Unrestricted File upload vulnerability . Such flaws allow an attacker to upload and execute arbitrary code on the target system which could result in execution of arbitrary HTML and script code or system compromise. According to Ebrahim, when a developer creates a new application for Twitter  i.e. dev.twitter.com - they have an option to upload an image for that application. While uploading the image, the Twitter server will check for the uploaded files to accept certain image extensions only, like PNG, JPG and other extensions won't get uploaded. But in a Video Proof of Concept he demonstrated  that, a vulnerability allowed him to bypass this security va...

Son of a Baptist Minister, 28-year-old British man named Lauri Love has been charged with hacking into the computer systems of the US army, NASA and other federal agencies. He was arrested Friday at his home in Stradishall, England by the National Crime Agency and according to the indictment alleges Love and his unnamed co-conspirators hacked into thousands of computer systems between October 2012 and October 2013. The indictment does not accuse Love of selling information or doing anything else with it for financial gain. His father Alexander Love, 60, a Baptist minister, works as a chaplain at HMP Highpoint North. His mother Sirkka-Liisa Love, 59, also works at the jail as a teacher. He is charged with one count of accessing a U.S. Department or agency computer without authorization and one count of conspiracy. The government said the purpose was to disrupt the operations and infrastructure of the federal government.  They stole data on more than 5,000 individuals, a...

Security researchers Adi Sharabani and Yair Amit  have disclosed details about a widespread vulnerability in iOS apps , that could allow hackers to force the apps to send and receive data from the hackers' own servers rather than the legitimate ones they were coded to connect to. Speaking about the issue at RSA Conference Europe 2013 in Amsterdam, researchers have provided details  on this  vulnerability , which stems from a commonly used approach to URL caching. Demonstration shows that insecure public networks can also provide stealth access to our iOS apps to potential attackers using HTTP request hijacking methods. The researchers put together a short video demonstrating, in which they use what is called a 301 directive to redirect the traffic flow from an app to an app maker's server to the attacker's server. There are two limitations also, that the attacker needs to be physically near the victim for the initial poisoning to perform this at...

Python supply chain attacks are surging in 2025. Join our webinar to learn how to secure your code, dependencies, and runtime with modern tools and strategies.

There are more than 100 Million users who are using Facebook mobile app. Facebook has fixed multiple critical vulnerabilities in its Android based applications that allows hackers to steal access tokens and hijack accounts. Egyptian security researcher Mohamed Ramadan, Security researcher with Attack Secure, has who disclosed  a couple of vulnerabilities in the Facebook Main app and Facebook messenger app and Facebook page's manager application for Android. User's access token is the key to accessing a Facebook account and according to him, an attacker only needs to send a message that contains an attachment of any type, i.e. Videos, documents, and pictures. Once the victim will click on that file to download, immediately victim's access_token will be stored in the Android's log messages called -  logcat ,  that enables other apps to grab user's access token and hijack the account. Video Demonstration: ...

When you're online, you expose your vulnerability to malicious virus that have been growing in virulence and ferocity over the last few years.  Among home PC users, you may think that you protected from malicious software by Installing an effective, trusted antivirus solution, but most if the Antivirus solutions still it merely finds and removes any known threats. But what if someday you turn on your system and you will find a pop up window with a warning that says " Your system is Locked and Important drives are encrypted and there is no way out unless you will not Pay fine ". This is what Ransomware malware does to your system. Ransomware is the most serious emerging threat in the virtual world of computing devices. Ransomware is a kind of malware which is designed to Block access to the computing system or can lock your system until an amount of money is paid through Internet banking. Ransomware is usually installed when you open a malicious atta...

The pro-Assad group Syrian Electronic Army claims it has hacked the President Barack Obama's website , Twitter-Facebook accounts and access email accounts linked to Organizing For Action, the non-profit offshoot of Obama For America, Obama's 2012 campaign operation. Last night,  Syrian Electronic Army (SEA)  hacked into Obama's donation website donate.barackobama.com , which was temporarily redirected to the website of the hacking group ( sea . sy / indexs / ) with a short message: " Hacked by SEA ". The hackers were able to take over only a secondary donations page. It was an older page - still on the site, but was no longer being used. They have also posted fake tweets and updates from Obama's Facebook Page and Twitter accounts, " All  the  links that Barack Obama account tweeted it and post it on Facebook was redirected to a video showing the truth about Syria " Hacker told Mashable in an interview. The attackers also compromised the URL ...

With all the popular social networking websites there on the web, managing them from several different internet browser tabs or windows can get frustrated very quickly. Besides our own Facebook Page, Twitter account, and Google+ profile, I also manage several others and, YES, I feel the " time management " pain! To make social media management and monitoring easier for users, some very innovative desktop applications and mobile apps were developed to help organize multiple platforms and information sharing across selected networks. Using online tools like TweetDeck, Seesmic, Hootsuite , Feedly, Twuffer and Buffer App for scheduling and posting directly from a web page has become an absolute necessity especially where Twitter is concerned. Additionally these apps gives you the ability to post on one or all of your connected accounts together i.e Multiple Facebook, Twitter or Google+ profiles. These applications don't require your passwords for social me...

Israel is considered one of the most advanced country in cyber security, but at the same time is a privileged target for hostile governments intent in sabotage and cyber espionage on his technology. Yesterday, Cybersecurity experts revealed that a major artery in Israel's national road network located in the northern the city of Haifa suffered a cyber attack, that caused massive traffic congestion in the City. Isreal military officials are aware of cyber threats that could hit the infrastructure of the country and they afraid the possible effect of a cyber attack on a large scale. Israeli government websites suffer thousands of cyberattacks each day according Ofir Ben Avi, head of the government's website division. The Israel Electric Corp. confirmed that its servers register about 6,000 unique computer attacks every second. In June, Prime Minister Benjamin Netanyahu stated that Iran militia, Hezbollah and Hamas have targeted in numerous occasions Israel...