The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Bug Bounty program, where white hat hackers and researchers hunt for serious security vulnerabilities and disclosing them only to the vendor for a patch , In return vendors rewards them with money. Various famous websites like Facebook , Google , Paypal , Mozilla, Barracuda Networks and more other giving away bug bounties in thousands of Dollars to hackers for finding vulnerabilities. Most common vulnerabilities reported maximum time on various sites is Cross site scripting and each month hackers submit lots of such vulnerabilities to companies. In case  your report is duplicate, i.e. Someone else before you submit the same vulnerability - company will reject you from the bug bounty program. But there is no proof or an open Panel where hacker can verify that is someone already reported for same bug before or not. If company reply you - " The bug was already discovered by another researcher" , can you do anything  even after knowing that you are very first per

A 16 years old Spanish Whitehat hacker going by name " The Pr0ph3t " found XSS Vulnerability on Apple website. The Vulnerability reported in Apple subdomain -  https://locate.apple.com , where users can choose a service center location. About Cross site scripting : Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. The malicious script can access any cookies, session tokens, or other sensitive information retained by your browser. This vulnerability may be used by attackers to bypass access controls such as the same origin policy. After capturing HTTP headers, hacker found that there is a parameter called "location" which is actually not filtered for malicious inputs. Hacker. For proof of concept , he inject a JavaScript code - as shown in image.  Vulnerability existence verified by The Hacker News team and its still vulnerable.

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Kosova Warriors Group deface a subdomain (https://events.nawaat.org/) of Nawaat Portal.. Its an independent collective blog hosted by Tunisians. It gives a voice to all those who, through their civic engagement, take the cover and spread. Our editorial decisions are guided by among other concerns that affect the lives of our countrymen and our fellow man. It seems that hacker is able to hack into the server and have control over two subdomains. After talking with hacker, we came to know that there is one more panel open for hackers at https://facebook.nawaat.org/ , where by default anyone is logging as admin user id. Zone-h Records of defacement are : https://www.zone-h.org/mirror/id/18587592 https://www.zone-h.org/mirror/id/18587594

3 Days ago " English Defence League " was hacked and Defaced by " ZCompany Hacking Crew ". Today same hacking crew expose a list of 25 people who give Donations to EDL. Leaked information include Donator's Names, addresses and Email addresses, posted in a note . Hackers said," If you donate to EDL and your name is not in the list, you should not breathe a sigh of relief ZHC will find you and expose you one day. " I talk with hackers to know the reason of exposing the donator list, and reply was - " We will expose every person who support racist organisations like EDL " Last Friday defaced page read, " Fuck Zionist Jews! – Boycot israel! – Fuck the American Government! - Fuck fascist Organizations like EDL " On the time writing this article, website of " English Defence League " (https://www.englishdefenceleague.org/) is giving " 403 Forbidden " and Hackers told 'The Hacker News' that

From Yesterday CloudFlare Security team receiving various reports of a Phishing Scam, which is targeting customers by saying that " you have exceeded bandwidth ". In a blog post , CloudFlare said, " Some CloudFlare customers are currently being targeted with a phishing email that was not sent by CloudFlare. Please do not click on the links in the email. " Scammer asking users to visit a phishing link (removed from sample for readers security). In case you open the URL, we request you to do not enter your username and password in the URL. Please choose a strong password for CloudFlare to save your Domains.

Researchers over at Intego have recently discovered a new variant of  OSX/Imuler the data-stealing Mac malware, detected as OSX/Imuler.E which is believed to be targeting Tibetan rights activists. " This backdoor Trojan family was first discovered in September 2011 as a Mac PDF Trojan horse and has been targeting activist organizations with emails containing what appear to be pictures. Each variant has tried different tactics, either trying to scare or entice their target into opening the file. " explained . The cyber criminals behind the campaign are relying on the fact that by default, Mac OS X doesn't display full file extensions, and therefore are attempting to trick end and corporate users into thinking that they're about the view a JPG image file. The Imuler Trojan has two main methods of stealing information, It searches the system for user data OR It can also take screenshots. Then, This data is then uploaded to the controller's server. Last week, Thousand

Multiple malware attacks against both Israeli and Palestinian systems, likely to be coming from the same source, have been seen over the last year. Researchers in Norway have uncovered evidence of a vast Middle Eastern espionage network that for the past year has deployed malicious software to spy on Israeli and Palestinian targets. Israel has banned its police force from connecting to the Internet and from using memory sticks or disks in an effort to curb a cyberattack. The ban, enacted last week, is meant to prevent a malware program called Benny Gantz-55 named after Benny Gantz, Israel's Chief of General Staff from infecting the police's computer network  Trend Micro has obtained samples of malware implicated in a recent incident, The attack began with a spammed message purporting to come from the head of the Israel Defense Forces, Benny Gatz. The From field has the email address, bennygantz59(at)gmail.com and bore the subject IDF strikes militants in Gaza Strip following

Social Media Management tool HootSuite today face technical issue and expose email address's of thousands of users. Due of error lots of people receive email reminders with warning that their free 60-day HootSuite Pro trial was about to end, but also included the names and email addresses of other people using the service. Image Source : TNW According to Hootsuite, the incident occurred to under 4000 emails and many of the users who are getting the email spam were not even signed up for HootSuite's Pro trial. In a blog post HootSuite said, " At this time, we are requesting that recipients destroy the messages in order to help us contain the issue. Privacy is a paramount concern for HootSuite and this is in no way a reflection of the respect we have for our users and their privacy ." " Given HootSuite's recent acquisition of Seesmic, we could speculate that the mass of emails could be down to a failed import of user accounts. We have, of course, re

John McAfee, who started the antivirus software giant named after him, has been accused of murder in Belize and wanted.  Gizmodo reports that McAfee has been living in Belize for a while now, spending most of his time there experimenting with drugs. McAfee's marketing slogan: " Safe is not a privilege. It is a right. " This news comes just a few days after Gizmodo ran a long story about McAfee's increasingly erratic and borderline criminal behavior. In it, he sounds paranoid as he talks about people wanting to take his money and kill him and he admits to having associated with gangsters in Belize. McAfee had taken to " posting on a drug-focused Russian message board...about his attempts to purify the psychoactive compounds colloquially known as 'bath salts, '" Gizmodo wrote. The scariest aspect of this story may be the fact that an entire lab was constructed for John McAfee's research purposes. Because of his efforts to extract chemicals

Carrying reputation of being India's choicest and oldest hacker's conference, Team ClubHack proudly brings the 6th edition of ClubHack Hacking and Security Conference with more exciting activities. ClubHack 2012 hacker's convention will be held from Nov. 30th to Dec 3rd, 2012 in Pune, India. ClubHack in true sense is a community event and is always the most cost effective yet biggest security event of India. ClubHack 2012 is highly technical conference with 2 days of Technical Briefings and 2 days of hand-on training workshops. ClubHack2012 is loaded with more number of talks, more workshops and a special event HackNight. Event includes specialized hands-on training workshops for Network Admins, DBAs, Developers, Researchers, Architects, Managers, Govt. Agencies, Auditors and Students. For the first time ClubHack introduces a new event for hackers & developers – HackNight, a night where actual hackers spend time not to "break" into someone but to "make" something i

Cyber criminals become hyper active during festivals. Diwali is no exception. Shantanu Ghosh, Vice-President and Managing Director (India Product Operations) of Internet security solutions company Symantec has observed that malware authors and spammers are using Diwali (The festival of lights that's celebrated across the world (primarily in the Indian sub-continent) as the latest event to lure unsuspecting users into downloading malware, buying products, and falling for scams. Shantanu said cyber criminals attempt to 'poison' web search engine results to take advantage of huge rush in search activity during popular events. " We have observed that cyber attackers are using various techniques to make the most of Diwali, " he warned. Cyber-attackers make use of social engineering tactics to lure users to purchase from or register on unknown websites. Users may be exposing personal information to Internet scammers. " Before giving into the temptation of clicking on a link in

CIA Director was uncovered when a woman described as close to him received harassing emails and complained to authorities. The FBI traced the emails and found that they had been sent by Paula Broadwell, who wrote a highly favorable book on the former Army general's life and work. While initially investigating the reports, the FBI feared the CIA director's personal email account may have been hacked, but the sexual nature of the email exchanges exposed the affair. A Yahoo email account belonging to former CIA Director David Petraeus may have been compromised by the group Anonymous. The personal email account was exposed during the the leak of commercial intelligence company STRATFOR by Anonymous Hackers, among other millions of email accounts of customers belongs to the company.  The emails sent by Broadwell indicated that she perceived the other woman as a threat to her relationship with Petraeus, law enforcement officials. Anonymous also obtained email logins to ST