The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Facebook Vulnerability - Beware of A New XSS on Facebook ! Url :   https://m.facebook.com/connect/prompt_feed.php?display=wap&user_message_prompt=%3Cscript%3Ealert%281 %29%3C/script%3E New Cross-site scripting vulnerability has been detected on Facebook and widely exploited in the mobile API version, this vulnerability allows a malicious user to include JavaScript content into a website and redirect victim's browser to the prepared URL. I have already saw this flaw in the last few days, many of my friend list are posting some strange things on the wall and by Just visiting the infected website is enough to post a message that the attacker has chosen. Therefore it should be of no surprise that some of those messages are spreading very fast through Facebook. Some are posting links to infected websites, creating XSS worms that spread from user to user. There is no user interaction required, so the messages are spreading through Facebook at a fast pace. Facebook's security te

Multiple Vulnerability in McAfee Website , XSS and Other Attacks ! Researchers at the YGN Ethical Hacker Group have revealed multiple security vulnerabilities found in the McAfee.com website that leaves the company's portal susceptible to attacks and data leakage. The group found that the McAfee website contains flaws that also pose a threat to users, such as a cross-site scripting (XSS) vulnerability in the site where customers can download software. XSS vulnerabilities allow attackers to bypass controls and inject script, meaning a hacker could potentially lead users to download malicious files when they believe they are accessing approved McAfee software. The YGN Ethical Hacker Group also found eighteen instances of source code disclosure which gives attackers an advantage in preparing attacks, as they can search for flaws in how the application handles data in the user interface, as well as allow the attacker to set up a practice version of the application for experimenta

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Following on the heels of a sophisticated cyber assault against the European Union's Commission and External Action Service, reports have surfaced that the EU Parliament's information systems are also being targeted in an attack. Officials indicate that the attacks have successfully penetrated the Parliament's networks in what appears to be an effort at "snooping around" for information. "Information technology services are working day and night to investigate and have put in place some security measures,"  a spokesperson for the Parliament said. The security measures mentioned include the disabling of any access to email services. "This is not a couple of teenage boys hacking into the [EU] institutions,"  another official stated. It is not yet known if the Parliament attacks are connected with the assault on the Commission, though it appears to be a coordinated effort. Last week the Commission experienced a "serious" cyber attack as officials were preparing for

8 Websites Hacked By Albanian Hackers Team (Teo DownTurn & Unknown Hacker) Hacked Sites : 1) https://www.yjwz.com/index.html 2) https://ossonetwork.com/index.html 3) https://www.schoolshopper.com.au/aht.html 4) https://snoillim.com/Aht.html 5) https://www.getfitdonotquit.com/Aht.html 6) https://organicjewelries.com/Aht.html  7) https://unitedventuresinc.com/aht.html 8) https://tps-advertise.com/aht.html

Google, proving the efficacy of Chrome's built-in Flash Player and its early, insider access to Adobe's developer builds, has fixed the zero-day vulnerability that emerged last week. The hole will be plugged on other platforms and browsers by a new version of Flash 10.1 and 10.2 that should've been released by now. If you've restarted Google Chrome in the last few days, you should now have the updated Flash Player. Otherwise, go ahead and restart your browser now and it will automatically update. 

#OperationPayback Next Traget : Warnerbrosrecords.com ! The Next Target of Anonymous Hackers is Warnerbrosrecords.com, They Release a note with reason of it, as given below ... Reason : Limewire has been sued for 75 TRILLION Dollars by 13 record companies. Every single US household would have to spend all of its income buying nothing but music for over 13 years in order to arrive at what the music industry has deemed a reasonable settlement. To put that number into perspective the U.S. GDP is around $14 trillion -- less than one fifth of what the music industry is requesting. Heck, the GDP of the entire world is between 59 and 62 trillion. That's right, the music industry wants LimeWire to pay more money than exists in the entire world. Limewire, the plaintiffs allege, owes them between US$400 billion and US$75 trillion. The latter, written out, comes to 75,000,000,000,000. Even the lower figure of $400 billion still amounts to seven percent of total household inco

20 Hosting website hacked by The 077 ( Hamdi HaCker ) Tunisian Hacker Hacked Sites and Mirrors :   https://pastebin.com/tKjp0EpU

The rogue hacktivist movement Anonymous is apparently breaking out the Low Orbit Ion Cannon again for a reprise of the Operation Payback campaign, this time setting their distributed denial of service (DDoS) attack sites on the Recording Industry Association of America (RIAA). The campaign to disrupt the RIAA website is reminiscent of Anonymous' earlier missions to protest actions taken by anti-piracy interests seeking to enforce copyright infringement sanctions. The RIAA is seeking trillions of dollars in damages from the P2P file-sharing network LimeWire for facilitating copyright infractions. Federal Judge Kimba Wood has already indicated she believes that the logic behind the RIAA calculations of the damages sought in the case is flawed, according to Computerworld. "If Plaintiffs were able to pursue a statutory damage theory based on the number of direct infringers per work, Defendants' damages could reach into the trillions," Judge Wood wrote. Nonethele

Chinese hackers suspected in compromise of Australian PM 's computer The parliamentary computers of Prime Minister Julia Gillard and at least two other senior ministers are suspected of being hacked. Ms Gillard's parliamentary computer, along with those of several cabinet ministers including Foreign Minister Kevin Rudd and Defence Minister Stephen Smith were believed to have been compromised, News Ltd newspapers report. Thousands of emails are believed to have been accessed in the cyber attacks. Advertisement: Story continues below Four Australian government sources confirmed with the newspapers they had been told Chinese intelligence agencies were part of a list of suspected hackers. US intelligence officials alerted their Australian counterparts and News Ltd believes ASIO has started an investigation. The cyber attacks are believed to be on the Australian Parliament House email network, the less secure of two networks used by MPs. Ministers use a departmental network for more

Jordan's opposition Islamic Action Front party said Sunday its website has been hacked, a day after it called for the ouster of the prime minister over a deadly crackdown on protesters. "The content of the website has been replaced with slogans and statements, clearly showing that an official party is behind the hacking," IAF chief Hamzah Mansur told AFP. He did not identify who hacked the website. "We condemn this action, but we in Jordan are used to such attacks against freedom of expression and the press." Calling themselves "JH-Team," the hackers have posted a picture of King Abdullah II, quoting a 2009 address of the monarch as saying that "those who talk about threatening Jordan, its identity, stability and national unity do not know the kingdom, its people and their history." "We will continue to hack the website and all sites for your lying, loser and mean party," said a statement on the Islamists' website. On F

New Zealand Government 's sites bringing down by Anonymous ! Online hacktivists Anonymous have been accused of bringing down the New Zealand Government's Department of Internal Affairs last week – or perhaps they haven't. The main website : https://www.dia.govt.nz/ has now been restored to service, with some other related sites also affected. The Department described the outages as "very unusual" but has yet to identify the problem behind the downtime. On Friday the Department of Internal Affairs Deputy Chief Executive Stephen Crombie hosed down speculation that it was a DDoS attack from Anonymous, as widely speculated. "There are always threats and risks to websites. We have no reason to believe that the problem is linked to any particular threat, or even that it involves any hostile action at all," he said. In February Anonymous posted a video denouncing the New Zealand government's decision to implement an internet filter and threatened to initiate a coordinated DDoS attack

Comodo Hacker - " Comodogate " Iranian hacker claims all internet is insecure Message By Comodo Hacker :  Hello I'm writing this to the world, so you'll know more about me.. At first I want to give some points, so you'll be sure I'm the hacker: I hacked Comodo from InstantSSL.it, their CEO's e-mail address mfpenco@mfpenco.com Their Comodo username/password was: user: gtadmin password: [trimmed] Their DB name was: globaltrust and instantsslcms GlobalTrust.it had a dll called TrustDLL.dll for handling Comodo requests, they had resellers and their url was: https://www.globaltrust.it/reseller_admin/ Enough said, huh? Yes, enough said, someone who should know already knows...Am I right Mr. Abdulhayoglu? Anyway, at first I should mention we have no relation to Iranian Cyber Army, we don't change DNSes, we  just hack and own. I see Comodo CEO and others wrote that it was a managed attack, it was a planned attack, a group of  cyber criminals did i