#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Online game 'League of Legends' Compromised

Online game 'League of Legends' Compromised

Jun 10, 2012
Online game ' League of Legends ' Compromised A recent slew of security failures have left countless accounts hacked at sites like Linkedin and eHarmoney. Now League of Legends is the latest database to suffer from hackers this week. Riot has sent out a mail to registered League of Legends players in Europe, asking them to change their passwords due to a hackers accessing some player account information. Full details are below, but know that according to Riot," absolutely no payment or billing information of any kind was included in the breach. " but email addresses, encrypted account password, summoner name, date of birth, and for a small number of players – first and last name and encrypted security question and answer. Obviously, this information could be used in phishing scams. Riot Games does encrypt passwords through it warns " our security investigation determined that more than half of the passwords were simple enough to be at risk of easy cracking ". Marc Merr
Critical Sqli Vulnerability in channel [V] Website

Critical Sqli Vulnerability in channel [V] Website

Jun 10, 2012
Critical Sqli Vulnerability in channel [V] Website A 16 years old White Hat Hacker " Arjun Siyag " from India discover a Critical Sqli Vulnerability in channel [V] Website ( https://www.channelv.in ). Proof of the hack is as shown in above image. Hacker disclose only the admin username and password, which will not effect the admin panel directly,because for login Email ID is required.  SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organisations. It is perhaps one of the most common application layer attack techniques used today. Through SQL Injection, the hacker may input specifically crafted SQL commands with the intent of bypassing the login form barrier and seeing what lies behind it. This is only possible if the inputs are not properly sanitised (i.e., made invulnerable) and sent directly with the SQL query to the database. SQL Injection vulnerabilities provide the means for a hacker to communicate directly to the database.
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Serious Tumblr Cross Site Scripting Vulnerability can be used to Spread Worms

Serious Tumblr Cross Site Scripting Vulnerability can be used to Spread Worms

Jun 10, 2012
Serious Tumblr Cross Site Scripting Vulnerability can be used to Spread Worms Two Indian Security Researchers Aditya Gupta ( @adi1391 ) and Subho Halder ( @sunnyrockzzs ) have found a serious Cross Site Scripting vulnerability in one of the most famous social networking websites Tumblr. This could be used to steal the cookies of the authenticated user, as well as could be used to make a worm, like the one seen in MySpace (Samy Worm) and Orkut (Bom Sabado) earlier. " We have also tried to contact them via Twitter and mail earlier, but no response from their side. So we have decided to release it. Well, not exactly, where the vulnerability is, but just to let them know that it is vulnerable ." Tumblr is the one of the most popular social networking websites worldwide, and is ranked 37th by Alexa.
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Last.fm Confirms They Were Hacked, Change Your Passwords Now

Last.fm Confirms They Were Hacked, Change Your Passwords Now

Jun 08, 2012
Last.fm Confirms They Were Hacked , Change Your Passwords Now After this week's LinkedIn fiasco, it appears the latest tech giant to fall to bored hackers is Last.fm. Music-streaming website Last.fm is the latest organisation to urge its users to change their passwords immediately. The London-based site, owned by CBS, said in an advisory that it was currently investigating a possible leak of passwords but did not provide any further details. The dating site said it is "continuing to investigate" but "as a precaution" has reset affected members passwords.Affected members will receive an email with instructions on how to reset their passwords.eHarmoney, which brands itself as "#1 Trusted Online Dating Site for Singles" has around 20 million registered online users. The breach was confirmed by Last.fm on their official Twitter account overnight, and comes amidst a backdrop of similar breaches, including at LinkedIn where up to 8 million passwords may ha
Anonymous takes down MTNL website

Anonymous takes down MTNL website

Jun 08, 2012
Anonymous India takes down MTNL website The hacker-group Anonymous has struck again in India. This time the victim is the MTNL website. The group posted on their website, saying, " We are against Internet Cencorship. Instead of blocking few URLs the ISP blocked the whole domain of various file sharing websites. The HC Madras, DoT didn't isssue any list of websites to be blocked still ISP supported internet censorship. " MTNL's corporate website could not be accessed, following the attack since afternoon and officials said efforts were underway to restore it. MTNL Delhi, Deputy - GM (Internet), Deepak Sharma said it was not hacking but 'denial of service attack' under which the server is unable to provide services to the customers. Anonymous has called for non-violent protests across several cities in India on June 9 to protest against what it alleges as 'censorship' of the internet. It accused the department of telecom of instructing the Internet Service Providers (I
LinkedIn Confirms Millions of Account Passwords Hacked

LinkedIn Confirms Millions of Account Passwords Hacked

Jun 06, 2012
LinkedIn Confirms Millions of Account Passwords Hacked LinkedIn Wednesday confirmed that at least some passwords compromised in a major security breach correspond to LinkedIn accounts. Norweigan IT website Dagens IT first reported the breach, noting that "Two days ago a package on the 6.5 million encrypted passwords posted on a Russian hacker site. Vicente Silveira, Director at LinkedIn, confirmed the hack on the company's blog Wednesday afternoon and outlined steps that LinkedIn is taking to deal with the situation. He wrote that those with compromised passwords will notice that their LinkedIn account password is no longer valid. "It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases," Linkedn director Vicente Silveira said in the blog post. The file only contains password
Researchers bypass Google Bouncer Android Security

Researchers bypass Google Bouncer Android Security

Jun 05, 2012
Researchers bypass Google Bouncer Android Security Google's Android platform has become the most popular mobile operating system both among consumers and malware writers, and the company earlier this year introduced the Bouncer system to look for malicious apps in the Google Play market. Bouncer, which checks for malicious apps and known malware, is a good first step, but as new work from researchers Jon Oberheide and Charlie Miller shows, it can be bypassed quite easily and in ways that will be difficult for Google to address in the long term. Bouncer is an automated process that scans apps for known malware, spyware, and Trojans, and looks for suspicious behaviors and compares them against previously analyzed apps. If malicious code or behavior is detected, the app is flagged for manual confirmation that it is malware. " This screencast shows our submitted app handing us a connect-back shell on the Bouncer infrastructure so that we can explore and fingerprint its envir
Flame Malware Spread Via Rogue Microsoft Security Certificates

Flame Malware Spread Via Rogue Microsoft Security Certificates

Jun 04, 2012
Flame Malware Spread Via Rogue Microsoft Security Certificates Microsoft released an emergency Windows update on Sunday after revealing that one of its trusted digital signatures was being abused to certify the validity of the Flame malware that has infected computers in Iran and other Middle Eastern Countries. The patch revoked three intermediate Microsoft certificates used in active attacks to "spoof content, perform phishing attacks, or perform man-in-the-middle attacks".Microsoft also killed off certificates that were usable for code signing via Microsoft's Terminal Services licensing certification authority (CA) that ultimately "chained up" to the Microsoft Root Authority.The authority issued certificates for users to authorise Remote Desktop services in their enterprises. The Microsoft blog post explains that a vulnerability in an old cryptography algorithm is exploited by some elements of Flame to make them appear as if they originated from Microsoft. Most systems around t
SwaggSec gained access to China Telecom and Warner Bros

SwaggSec gained access to China Telecom and Warner Bros

Jun 04, 2012
SwaggSec gained access to China Telecom and Warner Bros A hacking group is claiming to have breached the networks of Warner Bros. and China Telecom, releasing documents and publishing login credentials. Swagg Security, or SwaggSec, the same hacker collective that breached Foxconn a few months ago to highlight the poor working conditions, has made its comeback. The hacking group posted on their Twitter account (under the name Swagg Security) that they had acquired access to the databases of both sites, as well as posted a statement on Pastebin . The group has allegedly stolen documents and login credentials, which were then posted to Pirate Bay . The torrent file posted by SwaggSec on The Pirate Bay doesn't contain only the administrator details from China Telecom, but also some other information taken from their databases. SwaggSec said the China Telecom data is 900 user names and passwords for administrators on the company's network. The information was obtained through an in
UGNazi hackers attack on CloudFlare via a flaw in Google

UGNazi hackers attack on CloudFlare via a flaw in Google

Jun 04, 2012
UGNazi hackers attack on CloudFlare via a flaw in Google After the FBI arrested Cosmo, the alleged leader of the UGNazi hacking group, the hackers attacked CloudFlare via a flaw in Google's two-factor authentication system. The CloudFlare hack allowed UGNazi to change the DNS for 4chan, so visitors to the site were redirected to a UGNazis Twitter account. Hackers were able to infiltrate the personal Gmail account of CloudFlare CEO Matthew Prince. "The attack was the result a compromise of Google's account security procedures that allowed the hacker to eventually access to my CloudFlare.com email addresses, which runs on Google Apps," CloudFare's CEO Matthew Prince shared . According to the statement on Pastebin , the hackers are not sorry for attacking 4chan.  4chan.org is the playground that allows pedophiles to share their "collections" and the disgusting bronies to hang out. The site is loosely monitored and child porn threads are allowed to &quo
Cybersecurity Resources