#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

PayPal Bug Bounty Program - playing fair ?

PayPal Bug Bounty Program - playing fair ?

Nov 13, 2012
Bug Bounty program, where white hat hackers and researchers hunt for serious security vulnerabilities and disclosing them only to the vendor for a patch , In return vendors rewards them with money. Various famous websites like Facebook , Google , Paypal , Mozilla, Barracuda Networks and more other giving away bug bounties in thousands of Dollars to hackers for finding vulnerabilities. Most common vulnerabilities reported maximum time on various sites is Cross site scripting and each month hackers submit lots of such vulnerabilities to companies. In case  your report is duplicate, i.e. Someone else before you submit the same vulnerability - company will reject you from the bug bounty program. But there is no proof or an open Panel where hacker can verify that is someone already reported for same bug before or not. If company reply you - " The bug was already discovered by another researcher" , can you do anything  even after knowing that you are very first per
XSS Vulnerability in Apple website

XSS Vulnerability in Apple website

Nov 13, 2012
A 16 years old Spanish Whitehat hacker going by name " The Pr0ph3t " found XSS Vulnerability on Apple website. The Vulnerability reported in Apple subdomain -  https://locate.apple.com , where users can choose a service center location. About Cross site scripting : Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. The malicious script can access any cookies, session tokens, or other sensitive information retained by your browser. This vulnerability may be used by attackers to bypass access controls such as the same origin policy. After capturing HTTP headers, hacker found that there is a parameter called "location" which is actually not filtered for malicious inputs. Hacker. For proof of concept , he inject a JavaScript code - as shown in image.  Vulnerability existence verified by The Hacker News team and its still vulnerable.
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Tunisians Voice - Nawaat Portal hacked

Tunisians Voice - Nawaat Portal hacked

Nov 13, 2012
Kosova Warriors Group deface a subdomain (https://events.nawaat.org/) of Nawaat Portal.. Its an independent collective blog hosted by Tunisians. It gives a voice to all those who, through their civic engagement, take the cover and spread. Our editorial decisions are guided by among other concerns that affect the lives of our countrymen and our fellow man. It seems that hacker is able to hack into the server and have control over two subdomains. After talking with hacker, we came to know that there is one more panel open for hackers at https://facebook.nawaat.org/ , where by default anyone is logging as admin user id. Zone-h Records of defacement are : https://www.zone-h.org/mirror/id/18587592 https://www.zone-h.org/mirror/id/18587594
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
English Defence League Donors Information Leaked by Hackers

English Defence League Donors Information Leaked by Hackers

Nov 13, 2012
3 Days ago " English Defence League " was hacked and Defaced by " ZCompany Hacking Crew ". Today same hacking crew expose a list of 25 people who give Donations to EDL. Leaked information include Donator's Names, addresses and Email addresses, posted in a note . Hackers said," If you donate to EDL and your name is not in the list, you should not breathe a sigh of relief ZHC will find you and expose you one day. " I talk with hackers to know the reason of exposing the donator list, and reply was - " We will expose every person who support racist organisations like EDL " Last Friday defaced page read, " Fuck Zionist Jews! – Boycot israel! – Fuck the American Government! - Fuck fascist Organizations like EDL " On the time writing this article, website of " English Defence League " (https://www.englishdefenceleague.org/) is giving " 403 Forbidden " and Hackers told 'The Hacker News' that
Alert : Phishing scam targeting CloudFlare Customers

Alert : Phishing scam targeting CloudFlare Customers

Nov 12, 2012
From Yesterday CloudFlare Security team receiving various reports of a Phishing Scam, which is targeting customers by saying that " you have exceeded bandwidth ". In a blog post , CloudFlare said, " Some CloudFlare customers are currently being targeted with a phishing email that was not sent by CloudFlare. Please do not click on the links in the email. " Scammer asking users to visit a phishing link (removed from sample for readers security). In case you open the URL, we request you to do not enter your username and password in the URL. Please choose a strong password for CloudFlare to save your Domains.
Cybersecurity Resources