The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A critical cross-site scripting ( XSS ) vulnerability in the Google Apps administrator console allowed cyber criminals to force a Google Apps admins to execute just about any request on the https://admin.google.com/ domain. The Google Apps admin console allows administrators to manage their organization's account. Administrators can use the console to add new users, configure permissions, manage security settings and enable Google services for your domain. The feature is primarily used by many businesses, especially those using Gmail as the e-mail service for their domain. The XSS flaw allowed attackers to force the admin to do the following actions: Creating new users with "super admin" rights Disabling two-factor authentication ( 2FA ) and other security measures from existing accounts or from multiple domains Modifying domain settings so that all incoming e-mails are redirected to addresses controlled by the attacker Hijack an account/email by resett

Barrett Brown , a journalist formerly served as an unofficial spokesman for the hacktivist collective Anonymous , was sentenced Thursday to over five years in prison, after pleading guilty to federal charges of  " transmitting a threat in interstate commerce ,"   " for interfering with the execution of a search warrant ," and to being " accessory after the fact in the unauthorized access to a protected computer ." After already having served over 2 years ( 31 months ) in detention, Texas court in Dallas has sentenced Barrett Brown to 63 months in federal prison and also ordered him to pay a little more than $890,000 in restitution and fines related to the 2011 hack of Stratfor Global Intelligence . Over a year ago, another federal judge sentenced Anonymous member Jeremy Hammond to 10 years in prison for making millions of emails from the servers of security firm Stratfor public. It's Hammond who said that Brown simply linked to the hacked

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Are you worried about your privacy? Its Obvious because of a Hacker or the government could be snooping in your emails, voice or video calls. The Famous Internet entrepreneur Kim Dotcom , who introduced legendary Megaupload and Mega file sharing services to the World, has now released its latest encrypted communication software for video calling, messaging and chat. Kim Doctom's file-sharing site Mega has launched the public beta of its end-to-end encrypted video and audio chat service called " MegaChat ", which the company says gives better protection than alternatives such as Skype and Google Hangouts. MegaChat is currently free to use and right now just provides browser-based audio and video calls, but Mr. Dotcom said on Twitter "Text chat and video conferencing will follow soon," HOW TO USE MEGACHAT Create a Mega account. Simply log in via the web browser and click on the Conversations icon provided on the left-hand side  Contacts will need their own M

The most popular smartphone messaging service WhatsApp is now able to communicate with friends from their PC. No Rumours at all !! Enjoy WhatsApp from your desktop from now on. Last month, it was leaked that Whatsapp was working on a web client and finally from today they are introducing it to the public. The feature is called " WhatsApp Web ," which gives its users the ability to read and send messages directly from their web browsers. HOW TO USE WHATSAPP ON PC/DESKTOP Interested WhatsApp users simply need to open Chrome and navigate to https://web.whatsapp.com A QR code will appear on the web page, which must be scanned using WhatsApp mobile application to activate the service. By scanning the  QR code  that appears, users will automatically have paired their mobile WhatsApp with the WhatsApp web client, as shown.  WhatsApp Web requires that you install and run the latest Whatsapp version of the Android app on your phone. The feature currently works on

Get Ready to update your Java program as Oracle has released its massive patch package for multiple security vulnerabilities in its software. The United States software maker Oracle releases its security updates every three months on Tuesday, which it referred to as " Critical Patch Updates " (CPU). Yesterday, Oracle released its first quarterly CPU-date of this year, issuing a total of 169 security fixes for hundreds of its products including Java, Fusion Middleware, Enterprise Manager and MySQL. The security update for Oracle's popular browser plug-in Java addresses vulnerabilities in the software, 14 of which could be remotely exploitable without authentication, that means an attacker wouldn't need a username and password to exploit them over a network. Four Java flaws were marked most severe and received a score of 10.0 on the Common Vulnerability Scoring System (CVSS) , the most critical ranking. Nine other Java flaws given a CVSS Base Score of 6.0

2015 will be a year more smarter than 2014 with smarter mobile devices, smarter home appliances, and yes Smarter Automobiles. Nowadays, there are a number of automobiles companies offering vehicles that run on a mostly drive-by-wire system, meaning that a majority of the controls are electronically controlled, from instrument cluster to steering, brakes, and accelerator as well. No doubt these systems makes your driving experience better, but at the same time they also increase the risk of getting hacked. According to a recent research, an electronic dongle used to plugged into the on-board diagnostic port of more than two million cars and trucks contains few security weaknesses that makes them vulnerable to wireless attacks, resulting in taking control of the entire vehicle. Since 2008, US-based Progressive Insurance has used the SnapShot device in more than two million vehicles . The little device monitors and tracks users' driving behavior by collecting vehicle location a