The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A Mysterious Hacker who goes by the " Pinkie Pie " handle is rewarded with $50,000 USD for hacking into the Google Chrome browser for Nexus 4 and Samsung Galaxy S4 . At Information Security Conference PacSec 2013 in Tokyo, during the HP's Pwn2Own contest, a zero-day exploit  showcased by " Pinkie Pie ", that took advantage of two vulnerabilities: An integer overflow that affects Chrome. Chrome vulnerability that resulted in a full sandbox escape. For successful exploitation, you have to get your victim to visit a malicious website e.g. clicking a link in an email, or an SMS or on another web page. He demonstrated this zero-day attack with remote code execution vulnerability on the affected devices. It is not known whether other Android phones are also vulnerable to same flaw or not. Vulnerability has been disclosed to Google by the Contest organizers and the company is working to address the issue as soon as possible. Researchers from

At Information Security Conference PacSec 2013 in Tokyo, Apple's Safari browser for the iPhone 5 and the Samsung Galaxy S4 have been exploited by two teams of Japanese and Chinese white hat hackers. In HP's Pwn2Own 2013 contest , Japanese squad Team MBSD, of Mitsui Bussan Secure Directions won won $40,000 reward for zero day exploit for hacking Samsung Galaxy S4. The vulnerabilities allow the attacker to wholly compromise the device in several ways, such as using a drive-by download to install malware on the phone. In order for the exploit to be successful, the group lured a user to a malicious website, gained system-level privileges and installed applications that allowed the team to gather information, including SMS messages, contacts and browsing history. They  Another Hackers Team from Keen Cloud Tech in China showed how to exploit a vulnerability in iOS version 7.0.3 to steal Facebook login credentials and a photo from a device running iOS 6.1.4. They wo

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Popular Mac news and information site MacRumors user forums have been breached by hackers on Monday this week. More than 860,000 usernames, emails and hashed passwords were potentially compromised. Users are advised to users that they change their passwords on the forums, as well as any other sites or services where the same password has been used. MD5 with or without salt, to be an inadequate means of protecting stored passwords. Back in 2012, the original author of the MD5 password hash algorithm has publicly declared that MD5 is no longer considered safe to use on commercial websites. u The owner of the site, Arnold Kim, apologized for the intrusion and said that it occurred because the hacker gained access to a moderator account, which then allowed the intruder to escalate their own privileges with the goal of stealing user login credentials. " We are looking into it further to see if there was another exploit, but there hasn't been any evidence of it

Another Bitcoin Exchange hacked!  Bitcash. CZ based out of the Czech Republic has been hacked and Money from 4000 Bitcoin wallets have been Stolen, value of over 2 million Czech Koruna i.e. Approx $100,000. Bitcash.cz  is currently down with a maintenance message that on the evening of November 11, their server was compromised by unknown Hackers and  bitcoins from its clients were stolen. Hackers appear to have sent emails from Bitcash.cz email accounts pretending to be members of staff. The emails claim the company had to use a US recovery company to get back the bitcoins that have been stolen and recipients are then apparently asked to send 2 BTC to a wallet address in order for their bitcoins to be returned. " We are trying to resolve the situation, but we want to warn our users about fraudulent emails and scams [claiming to be from Bitcash] " site said on their Facebook page. Meanwhile, GBL, the Chinese Bitcoin exchange mysteriously disappeared, t

Today computer telecommunications have become one of the most prevalent techniques used by pedophiles to share illegal photographic images of minors and to lure children into illicit sexual relationships. The Internet has dramatically increased the access of the preferential sex offenders to the population they seek to victimize and provides them greater access to a community of people who validate their sexual preferences. The Fourth Amendment is the most implicated and litigated portion of the Constitution. Courts are increasingly confronting the problems associated with adapting Fourth Amendment principles to modern technology. If you think that your peer-to-peer file sharing can be kept under wraps, then please think again. A federal judge ' Christina Reiss ' in Vermont has ruled that there should be no expectation of privacy for data shared across peer-to-peer file-sharing services. In a Child pornography case, three defendants argued that information gained

Adobe released critical security patches for its ColdFusion web application server and  Adobe Flash Player for Mac, Windows and Linux. Adobe AIR and the AIR SDK and Compiler are also being updated. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system, dubbed as CVE-2013-5329, CVE-2013-5330. The following software versions are affected and should be updated as soon as possible: Adobe Flash Player 11.9.900.117 and earlier versions for Mac and Windows Adobe Flash Player 11.2.202.310 and earlier versions for Linux Adobe AIR 3.9.0.1030 and earlier versions for Windows and Macintosh Adobe has also released a security hotfix for ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and Linux, addresses two vulnerabilities: Cross-site scripting (XSS) vulnerability (CVE-2013-5326) Allow unauthorized remote read access (CVE-2013-5328) Both products have been patched mul

A Singaporean hacker calling himself the " The Messiah " was arrested in Kuala Lumpur last Monday for hacking into a Singaporean government website over two weeks ago - from a Kuala Lumpur apartment. James Raj (35) charged with hacking of  Ang Mo Kio town council  website and posting a symbol associated with international hacker group Anonymous. He was charged under the Computer Misuse and Cybersecurity Act. If found guilty, he could be jailed for up to three years and fined S$10 , 000. Police said Raj was also linked to a series of hacking incidents, including penetrating the website of a charity group related to the ruling People's Action Party. Police declined to give details but suggested that Raj was not responsible for defacing the prime minister's office and presidential palace websites on November 7 and 8. Five other local men are being held for allegedly hacking the websites of Singapore's president and prime minister websites i.e.  Muhammad