The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Apple has patched the security flaw in its Find My iPhone online service that may have allowed hackers to get access to a number of celebrities' private pictures leaked online. OVER 100 CELEBRITIES AFFECTED So far, I hope everybody have heard about probably the biggest digital exposure of personal nude photographs belonging to as many as 100 high-profile celebrities, including Jenny McCarthy, Kristin Dunst, Mary E Winstead, and the Oscar winning actress Jennifer Lawrence and Kate Upton. Initial reports suggested that the privacy breach of the celebrities' iCloud accounts was made possible by a vulnerability in Find My iPhone feature that allowed hackers to allegedly take nude photographs of celebrities from their Apple iCloud backups. Anonymous 4chan users who claims to have grabbed images, posted some of the images to the " b " forum on notorious bulletin-board 4chan, where the owners demanded Bitcoin in exchange for a peek of the images. The anonymous 4c

With a need to give more controls in users' hands, LinkedIn has introduced a few new security features that the company says will help users of the social network for professionals keep their accounts and data more secure. SESSION ALERTS Just like Google, Facebook, Yahoo and other online services, LinkedIn has added a new option within the settings tab that allows users to see where and on what devices they are logged into their account. From there, users can sign out of various sessions with one click. This will include details about the users' current sessions, the browser name, operating system, carrier and IP address, which is used to give an approximate location of the device through which the session is occurring. Just like the Facebook feature, LinkedIn lets people to approve the devices to be used, and if somebody accesses a user's LinkedIn account from an unapproved device it will alert user. PASSWORD ALERTS LinkedIn has also introduced its password c

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Good news for Firefox lovers! The Mozilla Foundation has introduced a bunch of new features in Firefox to improve browser security with the launch of Firefox 32, now available for Windows, Mac, Linux, and Android platforms. The new version of Firefox makes the browser even more competitive among others. Firefox version 32 has some notable security improvements, including a new HTTP cache for improved performance, public key pinning - a defense that would help protect its users from man-in-the-middle and other attacks, and easy language switching on Android. PUBLIC KEY PINNING ENABLED BY-DEFAULT In the latest Firefox version 32, Mozilla has enabled Public Key Pinning support by default that will protect its users from man-in-the-middle-attacks and rogue certificate authorities. Public key pinning is a security measure that ensures people that they are connecting to the websites they intend to. Pinning allows users to keep track of certificates in order to specify wh

LA-based domain name registrar and hosting company Namecheap warned its customers on Monday that cybercriminals have begun accessing their accounts by using the list of credentials gathered from third-party websites. The Hosting company confirmed the security breach and informed that the hackers have compromised some of its customers' accounts, probably using the " biggest-ever " password theft via Russian Hackers that disclosed list of 1.2 billion usernames and passwords compiled by Russian CyberVor Gang . RUSSIAN GROUP BEHIND THE ATTACK - CYBERVOR The CyberVor Gang allegedly stolen a vast cache of compromised login credentials for " 1.2 billion " accounts, belonging to over half a billion e-mail addresses, warned Hold Security , a Milwaukee-based security company that tracks stolen data on underground cybercriminal forums. The gang appears to have broken into at least 420,000 websites vulnerable to SQL injection attacks, among other techniques,

Now this gonna be the height of Privacy Breach! Images of several high-profile persona including actors, models, singers and presenters have been made available online in a blatant hacking leak linked to the Apple iCloud service. The recent privacy breach appears to be one of the biggest celebrity privacy breaches in history and represents a serious offense and violation of privacy. A hacker allegedly breached Apple's iCloud service and copied the personal photos of at least 100 high-profile stars. WHO IS BEHIND IT The anonymous hacker, using the name Tristan , sparked the scandal on Sunday after dumping a large cache of female celebrities' alleged naked photographs onto the 4chan online forum, an online message board used for sharing pictures. The list of those celebrities allegedly affected, whose photographs are supposedly in this cache, is very long that includes Jenny McCarthy, Rihanna, Kristin Dunst, Kate Upton, the American actress Mary E Winstead , and the