The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

After Heartbleed bug , a security flaw in widely used open-source software OpenSSL that puts countless websites at risk, another vulnerability has been found in popular authentication software OpenID and authorization software OAuth. Wang Jing , a Chinese mathematics Ph.D student at the Nanyang Technological University in Singapore, found that the OAuth and OpenID open source login tools are vulnerable to the " Covert Redirect " exploit. The login tools ' OAuth ' and 'OpenID' protocols are the commonly used open standard for authorization. OAuth designed as a way for users to sign in or sign up for other services using an existing identity of a site such as Google, Facebook, Microsoft or Twitter, whereas OpenID is a decentralized authentication system for the Internet that allows users to log in at websites across the internet with same digital identity. The Covert Redirect vulnerability could affect those who use 'OAuth' and 'OpenID' protocols to 'login' to the websites

Microsoft had publicized widely its plans to stop supporting oldest and widely used Operating system, Windows XP after 8th April this year, which means Microsoft would no longer issue security patches for XP. A few days back, we reported about a new critical Zero-day vulnerability in all versions of Microsoft's browser Internet Explorer, starting with IE version 6 and including IE version 11. According to the advisory (CVE-2014-1776), All versions of Internet Explorer are vulnerable to Remote Code Execution flaw, which resides ' in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated ,' Microsoft confirmed . An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. FIRST PATCH FOR WINDOWS XP, EVEN AFTER EXPIRATION DATE Internet Explorer vulnerability poses a special concern for people still using Windows XP , but can Microsoft really ignore inno

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

An alleged member of the famous amorphous Hacktivist group Anonymous is now facing a total of 44 charges after the filing of the latest superseding Indictment of cyber assaults charges against him with the collective to hack Computer systems of a County Government, a school district and a Newspaper organization in Texas, federal investigators announced on Tuesday. 27-year-old Fidel Salinas of Donna, Texas, charged with several counts of cyber stalking, attempted computer hacking and with intent to harass and intimidate a female victim, making it altogether 44 counts of cyber assaults that could lead him up to 440 years in Jail. Salinas intentionally tried to hack into the computer system of Hidalgo County practically two years earlier, for which he was charged with one count of violating the Computer Fraud and Abuse Act after a grand jury in the United States District Court for the Southern District of Texas found him guilty, last October. It looked like, Salinas wou

There is no question that Mobile devices have become a staple in everyday living around the world. But have you ever asked yourself, How Secure are the Android, iPhone or any other Smart devices? It is really important for us to think about the Security and Privacy of our Data stored in Smartphones. In June 2010, Apple introduced ' Data protection ' feature in iOS 4.0 devices that offer hardware encryption for  all the data stored on the devices. " Data protection enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode. This provides an additional layer of protection for your email messages attachments , and third-party applications ." Apple claimed  in an old announcement. But unexpectedly, In last few updates Apple has silently removed the email attachment encryption from  data protection mechanisms. Noticed by Security Researcher -  Andreas Kurtz , claims that  since at least version 7.0.4 and including the current

We're comfortable in sharing information with our Facebook friends, but it is quite sneaky for Facebook users to offer their Identities and credentials when logging in to third-party apps , they don't trust. To deal with this issue, the social network giant has plans to improve the way users login to the third party apps with more privacy controls on the web as well as mobile devices. ANONYMOUS LOGIN At Facebook's F8 developer conference in San Francisco on Wednesday, Keynote speaker - Chief Executive Mark Zuckerberg announced the new Facebook's login tool, " Anonymous Login " that would let users sign into apps and websites anonymously without sharing their personal information-Biggest news for Facebook users. " Today, we want to do more to put control and power back into people's hands, " Zuckerberg said at the conference. " Up until now, your friends have been able to share your data via using apps. Now we're changing this, so every