The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Last April 7th the Anonymous collective hit the Israeli networks with a huge as historic offensive, for the first time an independent group of hackers declared war to a Governments to protest against its policy. Many web sites of the country were hit by DDoS attacks, the data on the event reported by Israel government are totally different from the information published by Anonymous that produced a report for #OpIsrael in which total damage are estimated of $3-plus billion. According security experts at TrendMicro the collective adopted various botnet coordinating large scale attacks, analyzing traffic directed to one of the targeted website, the researchers discovered that meanwhile usually more of 90% of the traffic is originated in Israel, during the attack almost the entire traffic was originated outside the country and internal connections have fallen to 9% as shown in the following chart: What is surprising is that TrendMicro discovered that many IP addre

Nir Goldshlager , Founder/CEO at Break Security known for finding serious flaws in Facebook once again on The Hacker News for  sharing his new finding i.e Stored Cross-site Scripting (XSS) in Facebook Chat, Check In and Facebook Messenger. Stored Cross-site Scripting ( XSS ) is the most dangerous type of Cross Site Scripting. Web applications where the injected code is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc 1.) Stored XSS In Facebook Chat: This vulnerability can be used to conduct a number of browser-based attacks including, Hijacking another user's browser, Capturing sensitive information viewed by application users, Malicious code is executed by the user's browser etc. When a user starts a new message within Facebook that has a link inside, a preview GUI shows up for that post. The GUI is used for presenting the link post using a parameter i.e  attachment[params][title],attac

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

The Pirate Bay co-founder  Gottfrid Svartholm Warg (Anakata)  charged with hacking the IBM mainframe of Logica, a Swedish IT firm that provided tax services to the Swedish government, and the IBM mainframe of the Swedish Nordea bank. Svartholm has been charged with several hacking related offenses including serious fraud , attempted aggravated fraud, and aiding attempted aggravated fraud. Three other defendants received similar charges. He was arrested in Cambodia in September 2012 and deported to Sweden where he was arrested for his alleged involvement in the Logica hack. 28-year-old computer specialist Svartholm and other founders of The Pirate Bay were found guilty by the Swedish government in 2009 for facilitating the illegal downloading of copyrighted materials. He has served a one-year prison sentence in Sweden since September 2012, and will likely remain in prison while facing these new charges. Swedish prosecutor Henrik Olin said in a statement, " A la

In recent few months White hat Hacker ,' Nir Goldshlager ' reported many critical bugs in Facebook OAuth  mechanism, that allowed an attacker to hijack any Facebook account without user's interaction.  Another hacker, ' Amine Cherrai ' reported a new Facebook OAuth flaw, whose exploitation is actually very similar to Nir Goldshlager 's findings but with a new un-patched way. Before reading further, I would like to suggest you to read following post to understand the basic exploitation mechanism: Facebook OAuth flaw allows gaining full control over any Facebook account Facebook hacking accounts using another OAuth vulnerability URL Redirection flaw in Facebook apps push OAuth vulnerability again in action Now, if you are aware about the vulnerability used against Facebook OAuth in  redirect_uri parameter in  the URL, there is another way that  Amine Cherrai found, to bypass the patch applied by Facebook  security team. He found another

If you've ever been tempted to download a 'hack' for your favorite game to accelerate your progress, or to download a pirated copy of the latest title through a torrent or file-sharing site, watch out ! Anti-virus company AVG has today warns that over 90% of hacked or cracked games downloaded via torrent or file-sharing sites are infected with malware or malicious code. It claimed that a lot of these hacks didn't just contain malware, but were simply malware programs in disguise. " Even if we assume that just 0.1% of the gamer playing the top five titles go looking for a hack - a highly conservative estimate - that means 330,000 people are potentially at risk of falling victim to game hack malware, " said AVG. The prevalence of cracked games, key generators, patches, cheats and more indicates that this is a highly organised, crime based, initiative. " This could lead to the loss of any legitimate, paid-for gaming assets, as well as sensitive persona

Chinese hackers defaced the website of the government owned Philippines News Agency (PNA) on Sunday.  Defaced page of the website was with the Chinese flag and the text: " China Hacker EvilShadow Team, We are evil shadow. We are the team. We have our own dignity China Hacker Lxxker. " The hackers shared news of the attack on Facebook. The site was back to normal after an hour. This last hacking incident comes days after the arrest of 12 Chinese fishermen suspected of poaching after their boat ran aground in a protected marine park. This was not the first time that the site was hacked. Last year , cyber attacks on several government websites were blamed on Chinese hackers during a standoff in Scarborough Shoal, a group of rocky outcrops in the South China Sea that is close to main Philippine island of Luzon.

On Monday morning, Google has been the victim of a cyber-attack. Defacement attack was launched by Bangladeshi hacker TiGER-M@TE , their Kenyan domain google.co.ke  was defaced, instead the page splayed a black background€™ stamped in red across it. When a user visited the page the hacked screen spiraled in as some foreign music played in the background.  Google is the third most used site in Kenya. TiGER-M@TE has been quite active with defacements lately, and has targeted some high-profile sites in the past.

Cross site scripting vulnerabilities are mistakenly considered unimportant, but they could allow attackers to inject client-side script in web pages visited by victims. A cross-site scripting (xss) vulnerability may be exploited by hackers to bypass access controls going beyond the exceptions. An Egyptian information security advisor Ebrahim Hegazy (Zigoo) has found an XSS vulnerability in the Avira license daemon. license.avira.com But instead of exploiting it in a normal way " alert('MyName') " stuff and then reporting, He decided to demonstrate it to Avira security team in a different mode with the purposes to show how could an XSS vulnerability allows the hackers to steal user accounts with a clear text data! To demonstrate this attack he has created 4 files: avira.html - the fake login page log.php - the logger which will log the credentials as clear text into txt file avira.txt - credentials will be found here done.html - wi

An alarming dispatch from the Hack In The Box security conference in Amsterdam arrived on Wednesday: a hacker says he's found a way to take over airplane controls . That's probably not true. At least according to the Federal Aviation Administration (FAA), the European Aviation Safety Administration (EASA) and Honeywell, the maker's of the cockpit software, it's not. The FAA, for one, says, " The described technique cannot engage or control the aircraft's autopilot system using the FMS or prevent a pilot from overriding the autopilot. " The agency assures America that this hack " does not pose a flight safety concern because it does not work on certified flight hardware. " So why did Hugo Teso, the German hacker in question, tell everybody at the conference as well as countless journalists who've latched on to the story that he could take over the software? Well, Teso says he's successfully taken over a plane's controls in a flight