The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Get Ready to update your Java program as Oracle has released its massive patch package for multiple security vulnerabilities in its software. The United States software maker Oracle releases its security updates every three months on Tuesday, which it referred to as " Critical Patch Updates " (CPU). Yesterday, Oracle released its first quarterly CPU-date of this year, issuing a total of 169 security fixes for hundreds of its products including Java, Fusion Middleware, Enterprise Manager and MySQL. The security update for Oracle's popular browser plug-in Java addresses vulnerabilities in the software, 14 of which could be remotely exploitable without authentication, that means an attacker wouldn't need a username and password to exploit them over a network. Four Java flaws were marked most severe and received a score of 10.0 on the Common Vulnerability Scoring System (CVSS) , the most critical ranking. Nine other Java flaws given a CVSS Base Score of 6.0

2015 will be a year more smarter than 2014 with smarter mobile devices, smarter home appliances, and yes Smarter Automobiles. Nowadays, there are a number of automobiles companies offering vehicles that run on a mostly drive-by-wire system, meaning that a majority of the controls are electronically controlled, from instrument cluster to steering, brakes, and accelerator as well. No doubt these systems makes your driving experience better, but at the same time they also increase the risk of getting hacked. According to a recent research, an electronic dongle used to plugged into the on-board diagnostic port of more than two million cars and trucks contains few security weaknesses that makes them vulnerable to wireless attacks, resulting in taking control of the entire vehicle. Since 2008, US-based Progressive Insurance has used the SnapShot device in more than two million vehicles . The little device monitors and tracks users' driving behavior by collecting vehicle location a

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

An Internet domain registrar and web hosting company GoDaddy has patched a Cross-Site Request Forgery ( CSRF or XSRF) vulnerability that allowed hackers and malicious actors to hijack websites registered with the domain registration company. The vulnerability was reported to GoDaddy on Saturday by Dylan Saccomanni, a web application security researcher and penetration testing consultant in New York. Without any time delay, the company patched the bug in less than 24 hours after the blog was published. While managing an old domain registered on GoDaddy, Saccomanni stumbled across the bug and noticed that there was absolutely no protection against CSRF vulnerability at all on many GoDaddy DNS management actions. Cross-Site Request Forgery (CSRF) is a method of attacking a website in which an attacker need to convince the victim to click on a specially crafted HTML exploit page that will make a request to the vulnerable website on their behalf. This common but rathe

Are you one of those victims whose WhatsApp app has recently been banned?? Then you must have installed a 3rd-party version of WhatsApp client, like WhatsAppMD or Whatsapp PLUS in your mobile phone for sure. Reportedly after 12 AM IST on 21st January 2015 , WhatsApp, the widely popular messaging application, has started temporarily banning users for 24 Hours who are currently using any third-party WhatsApp clients and are being directed to download the official app on the Play Store instead. Just in last few hours, large number of users have started complaining on Social media websites that they are being banned from the messaging service for 24 hours. Though the ban is temporary and the users facing the issue now could access their app after the period of 24 hours. In an attempt to clear up why this is happening, Whatsapp team explained via its FAQ website , that it is against 'Terms of Service' to use WhatsApp Plus or any other 3rd-party unofficial app. Why am

A sad reality for gamers all around the world who enjoy playing the very popular game Minecraft on their PCs. If you are one of them, you'll want to pay attention here. A plain text file containing over 1,800 Minecraft account usernames and passwords has just been leaked online, German media reports . The details available in the leak has been posted to Pastebin, which would allow anyone to log into a legitimate user's account in order to play online and download the full version of the game to their own computers. However, the more serious implication of the leaked credentials would be for those affected users who had used the same username and password combination for other online services, like shopping site, banking site, email service or for any social networking site. Minecraft is an incredibly popular online game bought by Microsoft just few months back for $2.5 billion. The game has more than 100 million registered accounts for its PC version alone, and