The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Drupal , one of the widely used open source content management system is recommending its users to update their software to the latest versions 6.35 and 7.35 after the company discovered two moderately critical vulnerabilities that may allow an attacker to hack Drupal websites. According to a security advisory published yesterday, a flaw found in the Drupal core could allow a potential hacker under certain circumstances to bypass security restrictions by forging the password reset URLs. ACCESS BYPASS / PASSWORD RESET URLs VULNERABILITY Successful exploitation of this Access Bypass vulnerability could leverage the hacker to gain unauthorized access to user accounts without knowing their password. This vulnerability is considered as moderately critical in which an attacker can remotely trick a registered user of Drupal based website, such as an administrator, into launching a maliciously crafted URL in an attempt to take control of the target server. AFFECTED DRUPA

China finally admits it has special cyber warfare units — and a lot of them. From years China has been suspected by U.S. and many other countries for carrying out several high-profile cyber attacks, but every time the country strongly denied the claims. However, for the first time the country has admitted that it does have cyber warfare divisions – several of them, in fact. In the latest updated edition of a PLA publication called The Science of Military Strategy , China finally broke its silence and openly talked about its digital spying and network attack capabilities and clearly stated that it has specialized units devoted to wage war on computer networks. An expert on Chinese military strategy at the Center for Intelligence Research and Analysis, Joe McReynolds told TDB that this is the first time when China has explicit acknowledged that it has secretive cyber-warfare units, on both the military as well as civilian-government sides. CHINESE CYBER WARFARE UNI

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Despite anti-skimmer ATM Lobby access control system available in the market, we have seen a number of incidents in recent years where criminals used card skimmers at ATM doors. Few years back, cyber criminals started using card skimmers on the door of the ATM vestibule , where customers have to slide their credit or debit cards to gain access to the ATM. The typical ATM Skimming devices are used by fraudsters capture both magnetic stripe data contained on the back of a debit or credit card as well as the PIN number that is entered by the customer when using the ATM. In recent case discussed by Brian, cyber criminal installed the card skimming device on the ATM Lobby Card Access Control and a pinhole hidden camera pointed at the ATM's keyboard. Basically, it's an ATM skimmer that requires no modification to the ATM. The card skimmer hidden on the ATM door records the debit and credit card information , and the pinhole camera records the PIN number the

If you have enabled automatic Facebook Photo Sync feature on your iPhone, iPad or Android devices, then Beware ! Hackers can steal your personal photographs without your knowledge. In 2012, the social network giant introduced Facebook Photo Sync feature for iPhone, iPad and Android devices which, if opt-in, allows Facebook to automatically sync all your photos saved on your mobile device with your Facebook account. The photos that you have synced from your phone are automatically uploaded in the background to a private Facebook album, which is not visible to any of your Facebook friends or other Facebook users. However, you may can choose then to share photos from the album on your Facebook timeline or send them as a message to a friend. A bug bounty hunter, Laxman Muthiyah , discovered a critical flaw in the Facebook Photo Sync feature and Facebook API that could allow any third-party app to access your personal photos from the hidden Facebook Photo Sync album. It

Evolution -- The largest Deep Web drugs marketplace, disappeared suddenly overnight from the Internet. But unlike Silk Road, there is no indication that the law enforcement took down the Evolution marketplace. The Darknet's most popular markets for drugs and bespoke carjacking services is mysteriously offline Wednesday with rumours circulating over the Internet that its own administrators may have just scammed its huge user base and stole $12 Millions in Bitcoin. The Evolution black marketplace opened in January 2014, and gained popularity after the shutdown of Silk ​Road and arrest of its unassuming founder, Ross U​lbricht , with a promise of less fraud. Like Silk Road , Evolution also dealt in drugs, as well as illegal weapons, counterfeit goods, stolen credit cards and guides to committing fraud. Evolution was only accessible through anonymity Tor network. At the time of its apparent vanish, Evolution was home to nearly 20,000 drug sales, far more than Silk Road

Google has changed the way it managed apps on the Google Play Store . After years of depending on the automated app check process, the company just made some changes to its Play Store policies  that will successfully weed out malicious and undesirable apps from Google Play store. Google has introduced an update for developers and users that's sure to make some parents happy and some developers sad. The new features are — Better App Review Process Age-Based Rating System BETTER APP REVIEW PROCESS The search engine giant announced on Tuesday that it has started employing humans to review apps before they go live on the Google Play Store , a move intended to " better protect the community " and " improve the app catalog ." The new approach would definitely affect app developers, as they'll have to wait for their apps to be approved by Google after they submit them to the Play Store. But, it would keep users safe from harmful malware or offensive content.