The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A critical security vulnerability has been discovered in the global e-commerce business PayPal that could allow attackers to steal your login credentials , and even your credit card details in unencrypted format. Egypt-based researcher Ebrahim Hegazy discovered a Stored Cross Site Scripting (XSS) vulnerability in the Paypal's Secure Payments domain. As it sounds, the domain is used to conduct secure online payments when purchasing from any online shopping website. It enables buyers to pay with their payment cards or PayPal accounts, eliminating the need to store sensitive payment information. However, it is possible for an attacker to set up a rogue online store or hijacked a legitimate shopping website, to trick users into handing over their personal and financial details. How the Stored XSS Attack Works? Hegazy explains a step by step process in his blog post , which gives a detailed explanation of the attack. Here's what the researcher calls the worst attack scenario:

Remember Team Poison ?  The hackers group that was active in 2012, and was known for gaining access to the former Prime Minister Tony Blair's address book and then publishing information from it. The British hacker who actually obtained the Prime Minister's address book and was jailed for six months in 2012, named Junaid Hussain , has been killed in a United States drone strike in Syria, a source familiar with the matter said on Wednesday. Hussain was a British hacker who rose to prominence within Islamic State group in Syria as a top cyber expert to mastermind the ISIS online war. The U.S. military conducted the operation; no involvement of the British government in the killing of Hussain, a British citizen from Birmingham. Junaid Hussain Killed in Raqqa Hussain was killed in Raqqa, located in northern Syria, which has been treated as a safe place by ISIS. The United States has yet to officially announce Hussain's death, which is not veri

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Microsoft's 'Cortana', Google's 'Google Now', Apple's 'Siri', Now meet Facebook's 'M.' Facebook's announcement to introduce their Personal Digital Assistant "M" comes with powers within the Facebook Messenger. It is a similar virtual assistant like Google Now, Apple's Siri and Microsoft's smart digital assistant Cortana. It seems that all the intelligence that resides within the personal digital assistants already in the market are nothing in front of M's capabilities, according to the Facebook post by David Marcus , Vice President of Messaging Products at Facebook. Three days ago, Microsoft had boosted the powers of Android users by making Cortana accessible on Android devices. Now listening to Facebook's launch of 'M', rival companies would have definitely face-palmed! What Can I Help You With? The virtual assistant software "M" is truly going to support you by doing the

Jailbreakers Beware! Some shady tweaks that you installed on their jailbroken devices are looking to steal your iCloud login credentials, a report said. The iCloud account details, including email addresses and passwords, of nearly 220,000 jailbreak users have been breached , an online Chinese vulnerability-reporting platform WooYun reported . WooYun is an information security platform where researchers report vulnerabilities and vendors give their feedbacks. Backdoor Privacy Attack The security breach, according to the website, was a result of ' backdoor privacy attack ' caused by the installation of a malicious jailbreak tweak. It appears that Hackers are using a variety of " built-in backdoors " that could be numerous of malicious jailbreak tweaks in an effort to acquire victim's iCloud account information. Once installed, these malicious tweaks transferred the iCloud login details of the jailbreak users to an unknown remote se

Cheaters Exposed! Would it be  the Impact Team or a woman ex-employee who worked for Avid Life Media (as per John McAfee claims ), the hackers that breached the cheater's dating website Ashley Madison has made the world aware of a lot of unfaithful people. The data crunching firm Dadaviz has analysed the leaked information of the Ashley Madison website and  revealed that thousands of the cheating website customers are from the large tech companies. Among those large tech companies, IBM and HP have the highest number of employees using the online infidelity website. Also, the list included Cisco, Apple, Intel and Microsoft employees. Top 10 Big Tech Companies that Love to Cheat Here is the list of Top 10 Big Tech Companies where Ashley Madison is the most popular: IBM HP Cisco Apple Intel Microsoft Samsung SAP Oracle Qualcomm Dadaviz found that one-third (34 percent) of all the Ashley Madison accounts were fake. Of course, there would be