#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Worst Day for eBAY, Multiple Flaws leave Millions of Users vulnerable to Hackers

Worst Day for eBAY, Multiple Flaws leave Millions of Users vulnerable to Hackers

May 23, 2014
It's not been more than 36 hours since eBay revealed it was hacked and we just come to know about three more critical vulnerabilities in eBay website that could allow an attacker to compromise users' account once again, even if you have already reset your account password after the last announcement. Yesterday eBay admitted to the massive data breach that affected 145 million registered users worldwide after its database was compromised. eBay urged its 145 million users to change their passwords after the cyber attack, but are passwords enough? eBay Data breach happened mainly because of their vulnerable infrastructure, not weak passwords. I think eBay's morning just going to be bad to worse as today, three Security researchers came forward with three more different types of critical flaws in eBay website that leave its 145 million users vulnerable to hackers. HACKER UPLOADED SHELL ON eBAY SERVER (UNPATCHED) A critical security flaw in the eBay website for i
SNMP Reflection DDoS Attacks on the Rise

SNMP Reflection DDoS Attacks on the Rise

May 23, 2014
The DDoS techniques have massively increased with the attackers becoming more skillful at working around the network security. A massive 300Gbps DDoS attack launched against Spamhaus website almost broke the Internet a year ago and also earlier this year, hackers have succeeded in reaching new heights of the massive DDoS attack targeting content-delivery and anti-DDoS protection firm CloudFlare, reaching more than 400Gbps at its peak of traffic. Akamai's Prolexic Security Engineering and Response Team (PLXsert) issued a threat advisory on Thursday reporting a significant surge in DDoS attacks last month abusing the Simple Network Management Protocol (SNMP) interface in network devices. Simple Network Management Protocol (SNMP) is a UDP-based protocol which is commonly known and often used to manage network devices. SNMP is typically used in devices such as printers, routers and firewalls that can be found in the home and enterprise environments as well. Just as D
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Samsung Plans to add Eye Scanner to its Upcoming Smartphones

Samsung Plans to add Eye Scanner to its Upcoming Smartphones

May 22, 2014
After introducing the Fingerprint scanner to its new release, Samsung next plans to add IRIS scanning technology to its future smartphones to better improve the security of smartphones and for being more innovative too. According to a report released by The Wall Street Journal, Samsung senior Vice President Rhee In-jong told analysts and investors at a forum in Hong Kong that the company is planning to incorporate biometric sensors such as eye scanners into more of its products as a part of its enterprise security software. " We're looking at various types of biometric mechanisms and one of things that everybody is looking at is iris detection, " Rhee said. The move is no doubt in order to bring an added layer of security to its devices. A Smartphone with an eye-scanning feature would most likely to be used in the front-facing camera to scan the unique patterns of the user's iris and once the pattern get matched with the already stored user's iris image in the phon
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Microsoft Outlook App for Android Devices Stores Emails Unencrypted on File System

Microsoft Outlook App for Android Devices Stores Emails Unencrypted on File System

May 22, 2014
If you have an account with Microsoft's popular free email service Outlook.com, and using Outlook app for Android, then there is a bad news for you. Microsoft's Android app for Outlook.com,  provides users to access their Outlook emails on their Android devices, fails to provide security and encryption. LOOPHOLES DISCOVERED Researchers from ' Include Security ' firm claims to have found multiple vulnerabilities in Microsoft's Outlook app for Android, that leaves users' email data vulnerable to hackers and other malicious third party apps. By default, Email attachments are stored into easily accessible folders on the Android filesystem Email Database ( Body, Subject ) is stored locally in an unencrypted manner App's 'Pin Code' feature doesn't protect or encrypt email data. EMAIL ATTACHMENTS ARE ACCESSIBLE TO ANY OTHER APPS Today almost every applications available at Google Play Store generally ask for  READ_EXTERNAL_STORA
Apple iCloud and Activation Lock Hacked; Allows Hackers to Unlock Stolen Devices

Apple iCloud and Activation Lock Hacked; Allows Hackers to Unlock Stolen Devices

May 22, 2014
A Dutch-Moroccan team of hackers calling itself " Team DoulCi " have reportedly claimed to hack a protective feature on Apple 's iCloud system, that could leverage an attacker to remove security measures on lost or stolen iPhone devices. According to a report from Dutch news organization De Telegraaf , the hackers purchased locked iPhone devices for $50 to $150 each and then bypassed Apple's iCloud activation lock through a serious security vulnerability Apple has failed to patch with its most recent updates. The critical vulnerability in the Apple's iCloud allowed them to unlock stolen iPhones in an instant, which could then be sold for a large profit in the Blackmarket. This is the first time when any hacker group has managed to compromise the highly secured Apple's iCloud service. iCloud is a cloud storage and cloud computing service provided by the Apple Inc. to its users since October 2011 with more than 320 million users across the world. The service all
New Internet Explorer Zero-Day Vulnerability Publicly Disclosed; Identified in October 2013

New Internet Explorer Zero-Day Vulnerability Publicly Disclosed; Identified in October 2013

May 21, 2014
Oh Microsoft, How could you do this to your own Internet Explorer? Microsoft had kept hidden a critical Zero-Day vulnerability of Internet explorer 8 from all of us, since October 2013. A Critical zero-day Internet Explorer vulnerability ( CVE-2014-1770 ), which was discovered by Peter 'corelanc0d3r' Van Eeckhoutte in October 2013 just goes public today by the Zero Day Initiative (ZDI) website . Zero Day Initiative is a program for rewarding security researchers for responsibly disclosing vulnerabilities. ZDI reportedly disclosed the vulnerability to Microsoft when it was first identified by one of its researchers, on which Microsoft responded 4 month later on February 2014 and confirmed the flaw, but neither the Microsoft patch the vulnerability nor it disclosed any details about it. But due to ZDI's 180 days public notification policy, they are obligated to publicly disclosed the details of a Zero-Day vulnerability. ZDI warned Microsoft several days ago ab
Cybersecurity Resources