The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A critical remote code execution vulnerability has been reported in the eBay owned global e-commerce business PayPal that could be exploited by an attacker to execute arbitrary code on the PayPal's Marketing online-service web-application server. The remote code execution flaw, discovered by an independent security researcher, Milan A Solanki , has been rated Critical by Vulnerability Lab with a CVSS count of 9.3 and affected the marketing online service web-application of PayPal. The vulnerability resides in the Java Debug Wire Protocol (JDWP) protocol of the PayPal's marketing online service web-server. Successful exploitation of the PayPal vulnerability could result in an unauthorized execution of system specific codes against the targeted system in order to completely compromise the company's web server, without any privilege or user interaction. JDWP is a protocol that used for communication between a debugger and the Java virtual machine that i

There is a very sleek line between hacking and security. The security used to protect the public could be misused by hackers against the public itself, and one shouldn't forget that with the advance in technology, the techniques used by cyber criminals also improves. Today, What hackers need to conduct a successful cyber attack? Maybe just a computing device injected under the skin of their bodies, who can bear the pain, would be enough to help complete a successful cyber attack – also known as Biohacking . This was exactly what presented by the former U.S. Navy petty officer and now engineer at APA Wireless Seth Wahle . With no malicious intention, Wahle implanted a small NFC chip in his left hand right between his thumb and his pointer finger in order to display the risks of Biohacking. Hacking Android devices using NFC implants: For those unaware, NFC (Near Field Communications) chips embedded in our smartphone devices are used for transferring files and in various mobile pa

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Most of the time, we have reported about WordPress vulnerabilities involving vulnerable plugins, but this time a Finnish security researcher has discovered a critical zero-day vulnerability in the core engine of the WordPress content management system. Yes, you heard it right. The WordPress CMS used by Millions of website is vulnerable to a zero-day flaw that could allow hackers to remote code execution on the Web server in order to take full control of it. The vulnerability, found by Jouko Pynnönen of Finland-based security firm Klikki Oy, is a Cross-Site Scripting (XSS) flaw buried deep into the WordPress' comments system. The vulnerability affects the WordPress versions 3.9.3, 4.1.1, 4.1.2, and the latest WordPress version 4.2. Pynnönen disclosed the details of the zero-day flaw, along with a video and a proof-of-concept code for an exploit of the bug, on his blog post on Sunday before the WordPress team could manage to release a patch. Why the researcher m

The official website of the Telecom Regulatory Authority of India (TRAI) has been allegedly hacked just hours after the site exposed more than 1 Million email addresses of users who spoke in support of Net Neutrality. A hackers collective, calls itself AnonOpsIndia , has claimed responsibility for the distributed denial of service (DDoS) attack against the TRAI official website and bringing the site down. Few hours ago, a Twitter account linked to AnonOpsIndia tweeted about the took down of the trai.gov.in website through DDoS attack. Over a month ago, TRAI released a consultation paper with 20 questions to be answered by citizens of India via an e-mail by April 24, in order to hear their opinion on Net Neutrality. TRAI was planning to allow telecom operators like Vodafone and Airtel to block websites and applications just to extort more money from businesses as well as consumers, which is nothing but an extreme violation of Net Neutrality . However, when eve

Yahoo! don't want you to every time type a PIN or swipe your phone or scan your thumbprint in order to unlock your smartphone. Instead, it only wants you to place your smartphone device on your ear in order to do that. A new concept from Yahoo's Research Labs is out that doesn't focus on old fingerprint biometric scanners that are major form of biometric security on today's smartphones, rather focuses on an idea of Bodyprint as the futuristic biometric security. A team of researchers from the Internet giant has developed a new biometric system called " Bodyprint ," which is a much affordable alternative to fingerprint scanners for mobile phones. What does Bodyprint scan? Bodyprint, built by researchers Christian Holz, Senaka Buthpitiya, and Marius Knaust, is designed to utilize different body parts as biometric sensors for different cases, depending on how the users are using their phones. As mentioned above, Bodyprint can recognize you from your ears

The details of the next version of Google Glass has been revealed - the search engine giant is planning to launch Google Glass 2.0 soon . Massimo Vian , the chief executive officer of Italian eyewear company Luxottica , said his company is working with Google engineers on not just one, but two new versions of the Google's Internet-connected eyewear device. Luxottica is better known for its two famous brands owns brands – Oakley and Ray-Ban . It is also the same company that worked with the search engine giant on frames for the original version of Google Glass. Here's the Big Deal: During his company's general meeting in Milan, Italy, Vian said, "What you saw was version 1. [We are] now working on version 2, which is in preparation." A Google spokesperson told the Wall Street Journal that "the team is heads down building the future of the product," which will soon be available in the market, but she declined to give a specific t