The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

In earlier posts, our Facebook hacker ' Nir Goldshlager ' exposed two serious Facebook oAuth Flaws. One, Hacking a Facebook account even without the user installing an application on their account and second, various ways to bypassing the regex protection in Facebook OAuth. This time, Nir illustrated a scenario attack  " what happens when a application is installed on the victim's account and how an attacker can manipulate it so easily " According to hacker, if the victim has an installed application like Skype or Dropbox, still hacker is able to take control over their accounts.  For this, an attacker required only a url redirection or cross site scripting  vulnerability on the Facebook owner app domain i.e in this scenario we are talking about skype facebook app. In many bug bounty programs URL redirection is not considered as an valid vulnerability for reward i.e Google Bug bounty Program. Nir also demonstrated that an attacker is even able to ga

J. Taikwok Yung is 33, lives with his mom in Brooklyn, and bought domain names that criticize billionaire Donald Trump and cybersquatting him.  Cybersquatting  is a legitimate crime that's defined by the Anticybersquatting Consumer Protection Act. " Cybersquatting (also known as domain squatting), according to the United States federal law known as the Anticybersquatting Consumer Protection Act, is registering, trafficking in, or using a domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else. The cybersquatter then offers to sell the domain to the person or company who owns a trademark contained within the name at an inflated price. " from wikipedia. Donald Trump is seeking $400,000 in damages from a Brooklyn man, who register four domains trumpindia.com, trumpbeijing.com, trumpmumbai.com and trumpabudhabi.com as domain names of well-known trademarks and then try to sell the names back to the trademark owners, Mr. Tru

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Spammy Facebook apps are nothing new, the web giant has been dealing with suspicious behavior apps since the website launched the Facebook Platform for developers in 2007. As an open source app development tool, anyone can create an app, including people who really just want to steal your information, and your money. With cyber crime  including identity theft, on the rise, more Facebook users should begin to pay closer attention to what they click on, especially if it is shared in a spammy way. Sophos reports that nearly 60,000 people have clicked on one scam in particular, which is one that promises to allow you to see who has viewed your profile. The app automatically posts a comment to the users timeline, and sometimes posts as a photo with the message ' OMG OMG OMG… I cant believe this actually works! Now you really can see who viewed your profile ! on (link here). ' The app does not actually allow users to see profile views but instead leads them, and anyone who clic

We are in digital era, everything is connected to the large networks and applications benefit of even more complex devices that deeply interact with owner, in this scenario security requirements assume a crucial importance and security of overall architecture also depend on security of single components. In these months mobile users have gone crazy for a simple video game named Ruzzle , developed by the Swedish gaming company MAG Interactive, available for iOS and Android devices. The game mechanism is inspired by the board games Boggle and Scrabble. Early 2013 the researcher at Hacktive Security started a study on most spread mobile applications such as popular Ruzzle focusing on the protocol implemented and possible repercussion on user's privacy. Ruzzle protocol use Json for response within a user's session, security analyst discovered that is it possible to tamper them due the absence of control on server side on data sent by the application. The leak of data va

Hacking group Anonymous claims to have broken into North Korean site Uriminzokkiri.com and got their hands on more than 15,000 user credentials. A message posted online makes the claim and includes details for six accounts, apparently showing user names, e-mail addresses, birth dates, and hashed passwords. " Enjoy these few records as a proof of our access to your systems (random innocent citizens, collateral damage, because they were stupid enough to choose idiot passwords), we got all over 15k membership records of www.uriminzokkiri.com and many more. First we gonna wipe your data, then we gonna wipe your badass dictatorship "government" ." Of the six users, three have Korean names and the other three appear to be Chinese. " North Korean government is increasingly becoming a threat to peace and freedom. We demand: - N.K. government to stop making nukes and nuke-threats,  uncensored internet access for all the citizens  and Kim Jong-un to resign " Fo