#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

iOS 8 Vulnerability Lets Hackers Crash Any iPhone and iPad Within Wi-Fi Range

iOS 8 Vulnerability Lets Hackers Crash Any iPhone and iPad Within Wi-Fi Range

Apr 22, 2015
Security researchers have uncovered a zero-day vulnerability in iOS 8 that could repeatedly crash users' Apple iPhones, iPads and iPods when the devices connect to a malicious wireless hotspot. It's like Denial of Service (DoS) attack on Apple's iOS devices that results in crashing either individual iOS apps or users' entire iPhones. NO iOS ZONE Adi Sharabani and Yair Amit of Mobile security firm Skycure presented their latest research, titled " No iOS Zone ", at the RSA security conference in San Francisco on Tuesday. The duo showed: It is possible for an attacker to create malicious Wi-Fi networks in order to crash nearby users' mobile devices with incredible accuracy. Also, even the "No iOS Zone" attack is capable to make iOS things within the range completely unusable by triggering constant numbers of reboots. It is nothing but a DoS attack… ...that makes the device inaccessible by its users, just like in the ca
Apple Failed to Patch Rootpipe Mac OS X Yosemite Vulnerability

Apple Failed to Patch Rootpipe Mac OS X Yosemite Vulnerability

Apr 21, 2015
Sad but True! Your Apple's Mac computer is vulnerable to a serious privilege escalation flaw, dubbed "RootPipe," even if you are running the latest version of Mac OS X. What's RootPipe? Back in October 2014, a Swedish White Hat hacker Emil Kvarnhammar claimed to have discovered a critical privilege escalation vulnerability, he dubbed the backdoor as " RootPipe ," in some versions of Mac OS X including the then newest version 10.10 Yosemite. The vulnerability ( CVE-2015-1130 ) could allow an attacker to take full control of your desktop Mac computer or MacBook laptop, even without any authentication. Keeping in mind the devastating effect of the RootPipe vulnerability, the researcher privately reported the flaw to Apple and did not disclose the details of the flaw publicly until the company released a patch to fix it. Apple did release an update but failed to patch RootPipe: Earlier this month, Apple released the latest version of Mac OS
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Critical Vulnerability Found in Magento eCommerce Platform

Critical Vulnerability Found in Magento eCommerce Platform

Apr 21, 2015
The most popular e-commerce platform owned by eBay, Magento is once again in the news. This time for a critical Remote Code Execution (RCE) vulnerability , affecting hundreds of thousands of online merchants worldwide. If exploited, the critical vulnerability could allow a hacker to compromise completely any online store powered by Magento and gain access to credit card details and other financial as well as personal information related to the customers. Which isn't great? This serious flaw in Magento platform  exploits a series of vulnerabilities that ultimately allow unauthenticated attackers to execute any PHP code of their choice on the web server. All the vulnerabilities that lead to remote code execution (RCE) flaw are present in the Magento core code, and affect the default installation of both Magento Community and Magento Enterprise Editions. Running arbitrary code on the web server gives attackers the ability to bypass all security mechanisms and gain
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Hacker Demonstrates iOS 8.4 Jailbreak

Hacker Demonstrates iOS 8.4 Jailbreak

Apr 20, 2015
Quite surprising but the just released Apple's iOS 8.4 beta has been jailbroken by a well-known hacker. Yes, the first beta of iOS 8.4 released by Apple to the developers last week has been jailbroken by Stefan Esser, commonly known as "i0n1c" in the jailbreak community. i0n1c has also shared a video proof-of-concept, titled " iOS 8.4 Beta 1 Jailbreak Preview 1, " showing… ...an iPhone 6 Plus model (that runs on iPhone 7.1) powered with iOS 8.4 Beta 1 has been jailbroken with Cydia icon showcased on the Home screen. In order to prove the jailbreak on iOS 8.4 beta 1, the hacker shows off the Apple Watch companion app, the newly redesigned Music app, and the new Emoji keyboard as well, while giving the video demonstration. The video demonstration by the hacker proved an actual jailbreak for iOS 8.4 beta 1, but don't expect a public iOS jailbreak tool iOS 8.4 or any other firmware from i0n1c. No doubt this seems to be a great news for all
How to Disable Mixed Content Security Warning in Google Chrome

How to Disable Mixed Content Security Warning in Google Chrome

Apr 20, 2015
If you are really upset with Chrome browsers warnings that your HTTPS enabled website contains unsecured third-party contents that sometimes force your users to close the tab, Google has solved this problem for you. With the release of the next version of Google's popular browser, Chrome 43 , it may be easier for developers and system administrators to ensure HTTPS websites are not compromised by insecure HTTP resources. Until now, the current browsers of Google flag a ' mixed-content warning ' in the form of a yellow triangle over the padlock if any HTTPS page loads any resource from an unencrypted HTTP URL. What's mixed content? And… ...Why should I worry about Mixed content if I am using HTTPS on my web pages? If, say, your website has HTTPS enabled but your website's pages are loading contents, such as images, retrieved through regular, clear text HTTP URLs, then it is believed that the connection is only partially encrypted. Partial
Google Moving Its Ad Services to Fully Encrypted Platform

Google Moving Its Ad Services to Fully Encrypted Platform

Apr 20, 2015
Encryption is one of the major steps to be taken by every big technology giant in order to protect its users over the Internet, and, among those, Google has set an admirable example by gradually moving all of its online services to use strong HTTPS encryption. So far, Google encrypted email by switching its Gmail service to HTTPS, Google encrypted data communicating between its servers, Google gives priority to encrypted websites in its search results, as well as Google search also uses HTTPS . Now: To help protect privacy and security of its users, the search engine giant is moving its advertising platforms to HTTPS , as well. Google has already moved its YouTube advertisements to HTTPS as of the end of last year, but Google has a widely spread ad network that serves ads to Hundreds of Millions of users across the Globe every day. However, the content of those ads are mainly controlled by the advertisers, and we cannot predict their intention. To better comba
Google To Speed Up The Internet With Its New QUIC Protocol

Google To Speed Up The Internet With Its New QUIC Protocol

Apr 19, 2015
Google is trying every effort to make the World Wide Web faster for Internet users. The company has announced plans to propose its homemade networking protocol, called Quick UDP Internet Connections (QUIC) , to the Internet Engineering Task Force (IETF) in order to make it the next-generation Internet standard. Probably the term QUIC is new for you, but if you use Google's Chrome browser then there are chances that you have used this network protocol already. What is QUIC? QUIC is a low-latency transport protocol for the modern Internet over UDP, an Internet protocol that is often used for streaming media, gaming and VoIP services. The search engine giant first unveiled the experimental protocol QUIC and added it to Chrome Canary update in June 2013. The protocol already included a variety of new features, but the key feature is that QUIC runs a stream multiplexing protocol on top of UDP instead of TCP. The Idea behind QUIC: QUIC was developed to s
PayPal Wants To Integrate Password with Human Body

PayPal Wants To Integrate Password with Human Body

Apr 18, 2015
You would have been holding a number of online accounts for different services, but how many of you hold a different and unique password for every single account? Probably a very few of you. The majority of people have one or two passwords that are quite simple and easy to remember and comfortably manage on their own. However, you need not worry as the Future of identification would not rely on Passwords , according to PayPal's global head of developer evangelism Jonathan Leblanc . Neither it will depend on the old Biometric identification technologies, such as Fingerprint scanners and IRIS scanners , Rather depends on something More Secure and Easier to Use … ...Embeddable, Injectable and Ingestible Devices Yes, the next generation of identification for mobile payments and other sensitive online interactions will depend on embeddable, injectable, and ingestible devices, completely replacing passwords with the identification of your body. KILL ALL PASSWORDS
New Dark Web Marketplace Offers Zero-Day Exploits to Hackers

New Dark Web Marketplace Offers Zero-Day Exploits to Hackers

Apr 18, 2015
Hackers have sold secrets of zero-day exploits in the underground Dark Web marketplace such as the Silk Road and its various successors for years, and now a new deep web marketplace has appeared that offers anonymity protection to its sellers. A new Dark Web market , called " TheRealDeal ," has opened up for hackers, which focuses on selling Zero-Day exploits — infiltration codes that took advantage of software vulnerabilities for which the manufacturers have released no official software patch. Yes, THE REAL DEE……..EAL TheRealDeal Market, actually emerged over the last month, makes use of Tor anonymity software and the digital currency Bitcoin in an attempt to hide the identities of its buyers, sellers, and of course its own administrators. TOR , a.k.a The Onion Router , is one of the most well-known Darknets, where it is harder to trace the identity of a user, as it doesn't share your identifying information such as your IP address and physical loc
Lost Your Phone? Google Search 'Find My Phone' To Locate It

Lost Your Phone? Google Search 'Find My Phone' To Locate It

Apr 17, 2015
How many of you have an issue to forget your mobile phones? I guess, most of us. Sometimes in our homes, sometimes in our offices, sometimes in our cars and sometimes we even don't remember the exact place where we left our phones.  Now, Finding your phone is as simple as searching something on Google ... Instead of searching your phone everywhere, just ask Google where your phone is, and the search engine giant will answer you the exact place where you left your smartphone.  Sound's interesting! Google unveiled a new feature on Wednesday that lets you search for your Android smartphone or tablet using the search engine on your desktop computer. How does it work? Log-in to the same Google account on your desktop computer's browser that you use on your Android smartphone, but before that make sure you must have the latest version of the Google app installed on your smartphone. Now type " Find my phone " into Google's search engine, a
Wikileaks Publishes 30,000 Searchable Documents from the Sony Hack

Wikileaks Publishes 30,000 Searchable Documents from the Sony Hack

Apr 17, 2015
Remember the largest hack on Sony Pictures Entertainment late last year? Well, nobody can forget it. But let me remind you once again: Sony Picture Entertainment hack was one of the most devastating hacks in the history that leaked several hundred gigabytes of sensitive data, including high-quality versions of five unreleased movies , celebrity phone numbers and their travel aliases, private information of its employees, upcoming film scripts, film budgets and many more. Now, these large troves of hacked Sony data have been republished by Wikileaks. THE SONY ARCHIVES WikiLeaks on Thursday released " The Sony Archives ," a fully searchable online database containing more than 30,000 documents and 173,132 emails that, it claims, were stolen from last year's Sony Pictures hack , proving a devastating and embarrassing security failure for the studio. It is like, Whistleblower Julian Assange has hit the nerve: The massive hack has already cost the e
Hacking YouTube To Get Spoofed Comments on Videos

Hacking YouTube To Get Spoofed Comments on Videos

Apr 17, 2015
A security researcher has discovered a critical vulnerability in Google-owned YouTube that could allow anyone to make the comment posted by any celebrity or public figure on some YouTube video appear on his or her own YouTube video, impersonating that celeb. Just a few weeks ago we reported about a simple logical vulnerability in YouTube that could have been exploited by anyone to delete any video from YouTube in just one shot . Now: Again a small trick in the popular video sharing website could allow anyone to play with the comments posted by users on YouTube videos. Ahmed Aboul-Ela and  Ibrahim M. El-Sayed , two Egyptian security researcher, found a simple trick that allowed him to copy any comments from any video on the popular video sharing website to his video, even without any user-interaction. Not only this, but also: This vulnerability allows you to spoof, duplicate or copy the comments on discussion boards from any YouTube channel and make it appe
Cybersecurity Resources