Search results for hack the code | Breaking Cybersecurity News | The Hacker News

The source code of the popular social media app Snapchat was recently surfaced online after a hacker leaked and posted it on the Microsoft-owned code repository GitHub. A GitHub account under the name Khaled Alshehri with the handle i5xx , who claimed to be from Pakistan, created a GitHub repository called Source-Snapchat with a description " Source Code for SnapChat ," publishing the code of what purported to be Snapchat's iOS app. The underlying code could potentially expose the company's extremely confidential information, like the entire design of the hugely-successful messaging app, how the app works and what future features are planned for the app. Snapchat's parent company, Snap Inc., responded to the leak by filing a copyright act request under the Digital Millennium Copyright Act (DMCA), helping it takedown the online repository hosting the Snapchat code. SnapChat Hack: Github Took Down Repository After DMCA Notice Though it is not clear...

Good news for Open Source Lovers! Facebook has open-sourced Hack Codegen – its library for automatically generating Hack code, allowing outside developers to automate some of their routine work while developing large programs. HACK is the Facebook's own programming language designed to build complex web sites and other software quickly and without many flaws. HACK programming language is developed for HipHop Virtual Machine (HHVM) – an open-source virtual machine designed to execute programs written in Hack and PHP. The top 20 open source frameworks on Github run on HHVM. Also Read: Top 10 Popular Programming Languages used on GitHub HACK CodeGen is Now Open Source While making the announcement of open-sourcing Hack Codegen , which automatically generates hack code, Facebook's software engineer Alejandro Marcu said in a blog post : "Being able to generate code through automated code generation allows [developers] to increase the level of abst...

You might have heard about the recent ongoing drama of NSA hack that has sparked a larger debate on the Internet concerning abilities of US intelligence agencies as well as their own security. Saturday morning the news broke that a mysterious group of hackers calling themselves "The Shadow Brokers" claimed it hacked an NSA-linked group and released some NSA hacking tools with a promise to sell more private "cyber weapons" to the highest bidder. The group dumped a bunch of private hacking tools from " Equation Group " – an elite cyber attack unit linked to the NSA – on GitHub and Tumblr. The Shadow Brokers hacking group has published the leaked data in two parts; one includes many hacking tools designed to inject malware into various servers and another encrypted file containing the "best files" that they made available for sale for 1 Million Bitcoins. However, GitHub deleted the files from its page, not due to any government pressur...

Next time when someone sends you a photo of a cute cat or a hot chick than be careful before you click on the image to view — it might hack your machine. Yes, the normal looking images could hack your computers — thanks to a technique discovered by security researcher Saumil Shah from India. Dubbed " Stegosploit ," the technique lets hackers hide malicious code inside the pixels of an image, hiding a malware exploit in plain sight to infect target victims. Just look at the image and you are HACKED! Shah demonstrated the technique during a talk titled , " Stegosploit: Hacking With Pictures, " he gave on Thursday at the Amsterdam hacking conference Hack In The Box. According to Shah, "a good exploit is one that is delivered in style." Keeping this in mind, Shah discovered a way to hide malicious code directly into an image, rather than hiding it in email attachments, PDFs or other types of files that are typically used to deliver...

"Of course, here's an example of simple code in the Python programming language that can be associated with the keywords "MyHotKeyHandler," "Keylogger," and "macOS," this is a message from ChatGPT followed by a piece of malicious code and a brief remark not to use it for illegal purposes. Initially published by  Moonlock Lab , the screenshots of ChatGPT writing code for a keylogger malware is yet another example of trivial ways to hack large language models and exploit them against their policy of use. In the case of Moonlock Lab, their malware research engineer told ChatGPT about a dream where an attacker was writing code. In the dream, he could only see the three words: "MyHotKeyHandler," "Keylogger," and "macOS." The engineer asked ChatGPT to completely recreate the malicious code and help him stop the attack. After a brief conversation, the AI finally provided the answer. "At times, the code generated isn...

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. C...

Millions of Android devices are at serious risk of a newly disclosed critical vulnerability that allows attackers to secretly overwrite legitimate applications installed on your smartphone with their malicious versions. Dubbed Janus , the vulnerability allows attackers to modify the code of Android apps without affecting their signature verification certificates, eventually allowing them to distribute malicious update for the legitimate apps, which looks and works same as the original apps. The vulnerability ( CVE-2017-13156 ) was discovered and reported to Google by security researchers from mobile security firm GuardSquare this summer and has been patched by Google, among four dozen vulnerabilities, as part of its December Android Security Bulletin . However, the worrisome part is that majority of Android users would not receive these patches for next few month, until their device manufacturers (OEMs) release custom updates for them, apparently leaving a large number of sma...

We all have been receiving spam phone calls and messages on almost daily basis from scammers who want to pilfer your money and personal information, but a new type of social engineering hack that makes use of just your mobile number to trick you is a little scarier. Security firm Symantec is warning people about a new password recovery scam that tricks users into handing over their webmail account access to the attackers. In order to get into your email account, an attacker does not need any coding or technical skills. All an attacker needs your email address in question and your cell phone number. Since the process to reset the password is almost similar to all mail services, this new password recovery scam affects all popular webmail services including Gmail, Yahoo, and Outlook among others. Symantec has provided a video explanation of how this new hack attack works. The trick is as simple as it sounds: if you want to reset someone's email account password, all y...

Once again USB has come up as a major threat to a vast number of users who use USB drives – including USB sticks and keyboards. Security researchers have released a bunch of hacking tools that can be used to convert USB drive into silent malware installer. This vulnerability has come about to be known as " BadUSB ", whose source code has been published by the researchers on the open source code hosting website Github , demanding manufacturers either to beef up protections for USB flash drive firmware and fix the problem or leave hundreds of millions of users vulnerable to the attack. The code released by researchers Adam Caudill and Brandon Wilson has capability to spread itself by hiding in the firmware meant to control the ways in which USB devices connect to computers. The hack utilizes the security flaw in the USB that allows an attacker to insert malicious code into their firmware. But Wait! What this means is that this critical vulnerability is now ava...

Mozilla has filed a brief with a U.S. District Court asking the FBI to disclose the potential vulnerabilities in its Firefox browser that the agency exploited to unmask TOR users in a criminal investigation. Last year, the FBI used a zero-day flaw to hack TOR browser and de-anonymize users visiting child sex websites. Now, Mozilla is requesting the government to ask the FBI about the details of the hack so that it can ensure the security of its Firefox browser. TOR is an anonymity software that provides a safe haven to human rights activists, government, journalists but also is a place where drugs, child pornography, assassins for hire and other illegal activities has allegedly been traded. TOR Browser Bundle is basically an Internet browser based on Mozilla Firefox configured to protect the user's anonymity via Tor and Vidalia. In 2015, the FBI seized computer servers running the world's largest dark web child pornography site 'Playpen' from a web host in Lenoir, No...

Do you know that you can access your WeChat, Line and WhatsApp chats on your desktop as well using an entirely different, but fastest authentication system? It's SQRL , or Secure Quick Response Login, a QR-code-based authentication system that allows users to quickly sign into a website without having to memorize or type in any username or password. QR codes are two-dimensional barcodes that contain a significant amount of information such as a shared key or session cookie. A website that implements QR-code-based authentication system would display a QR code on a computer screen and anyone who wants to log-in would scan that code with a mobile phone app. Once scanned, the site would log the user in without typing in any username or password. Since passwords can be stolen using a keylogger, a man-in-the-middle (MitM) attack, or even brute force attack, QR codes have been considered secure as it randomly generates a secret code, which is never revealed to anybody else. ...

Millions of smartphones and smart gadgets, including Apple iOS and many Android handsets from various manufacturers, equipped with Broadcom Wifi chips are vulnerable to over-the-air hijacking without any user interaction. Just yesterday, Apple rushed out an emergency iOS 10.3.1 patch update to address a serious bug that could allow an attacker within same Wifi network to remotely execute malicious code on the Broadcom WiFi SoC (Software-on-Chip) used in iPhones, iPads, and iPods. The vulnerability was described as the stack buffer overflow issue and was discovered by Google's Project Zero staffer Gal Beniamini, who today detailed his research on a lengthy blog post , saying the flaw affects not only Apple but all those devices using Broadcom's Wi-Fi stack. Beniamini says this stack buffer overflow issue in the Broadcom firmware code could lead to remote code execution vulnerability, allowing an attacker in the smartphone's WiFi range to send and execute code on th...

The FBI didn't disclose the identity of the third-party company that helped them access the San Bernardino iPhone, but it has been widely believed that the Israeli mobile forensic firm Cellebrite was hired by the FBI to put an end to the Apple vs. FBI case. For those unfamiliar in the Apple vs. FBI case: Apple was engaged in a legal battle with the Department of Justice over a court order that was forcing the company to write software, which could disable passcode protection on terrorist's iPhone, helping them access data on it. However, Apple refused to comply with the court order, so the FBI hired an unknown third-party firm, most likely Cellebrite, who managed to successfully hack the locked iPhone 5C used by the terrorist in the San Bernardino shooting incident last year. The new method helped the Federal Bureau of Investigation (FBI) to hack iPhone 5C, but that wasn't the FBI's victory as the method didn't work on iPhone 5S and later iPhone...

Just stop believing everything you see on your screen, as it turns out that even your computer monitor can be hacked. You have seen hackers targeting your computer, smartphone, and tablet, but now, it has been proved that they can even compromise your monitor and turn them against by just changing the pixels displayed on the screen. Although changing pixels is really hard and complicated, a team of security researchers at this year's DEF CON says that it is not impossible. Ang Cui and Jatin Kataria of Red Balloon Security has demonstrated a way to hack directly into the computer that controls monitor to see the pixels displayed on the monitor as well as manipulate the pixels in order to display different images. How to Hack Computer Monitors? According to the researchers, an attacker first needs to gain physical access to the monitor's USB or HDMI port which would then help the attacker access the firmware of the display. The duo said they discovered the hack by rev...