The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A critical security vulnerability has been discovered in the global e-commerce business PayPal that could allow attackers to steal your login credentials , and even your credit card details in unencrypted format. Egypt-based researcher Ebrahim Hegazy discovered a Stored Cross Site Scripting (XSS) vulnerability in the Paypal's Secure Payments domain. As it sounds, the domain is used to conduct secure online payments when purchasing from any online shopping website. It enables buyers to pay with their payment cards or PayPal accounts, eliminating the need to store sensitive payment information. However, it is possible for an attacker to set up a rogue online store or hijacked a legitimate shopping website, to trick users into handing over their personal and financial details. How the Stored XSS Attack Works? Hegazy explains a step by step process in his blog post , which gives a detailed explanation of the attack. Here's what the researcher calls the worst attack scenario:

Remember Team Poison ?  The hackers group that was active in 2012, and was known for gaining access to the former Prime Minister Tony Blair's address book and then publishing information from it. The British hacker who actually obtained the Prime Minister's address book and was jailed for six months in 2012, named Junaid Hussain , has been killed in a United States drone strike in Syria, a source familiar with the matter said on Wednesday. Hussain was a British hacker who rose to prominence within Islamic State group in Syria as a top cyber expert to mastermind the ISIS online war. The U.S. military conducted the operation; no involvement of the British government in the killing of Hussain, a British citizen from Birmingham. Junaid Hussain Killed in Raqqa Hussain was killed in Raqqa, located in northern Syria, which has been treated as a safe place by ISIS. The United States has yet to officially announce Hussain's death, which is not veri

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Microsoft's 'Cortana', Google's 'Google Now', Apple's 'Siri', Now meet Facebook's 'M.' Facebook's announcement to introduce their Personal Digital Assistant "M" comes with powers within the Facebook Messenger. It is a similar virtual assistant like Google Now, Apple's Siri and Microsoft's smart digital assistant Cortana. It seems that all the intelligence that resides within the personal digital assistants already in the market are nothing in front of M's capabilities, according to the Facebook post by David Marcus , Vice President of Messaging Products at Facebook. Three days ago, Microsoft had boosted the powers of Android users by making Cortana accessible on Android devices. Now listening to Facebook's launch of 'M', rival companies would have definitely face-palmed! What Can I Help You With? The virtual assistant software "M" is truly going to support you by doing the

Jailbreakers Beware! Some shady tweaks that you installed on their jailbroken devices are looking to steal your iCloud login credentials, a report said. The iCloud account details, including email addresses and passwords, of nearly 220,000 jailbreak users have been breached , an online Chinese vulnerability-reporting platform WooYun reported . WooYun is an information security platform where researchers report vulnerabilities and vendors give their feedbacks. Backdoor Privacy Attack The security breach, according to the website, was a result of ' backdoor privacy attack ' caused by the installation of a malicious jailbreak tweak. It appears that Hackers are using a variety of " built-in backdoors " that could be numerous of malicious jailbreak tweaks in an effort to acquire victim's iCloud account information. Once installed, these malicious tweaks transferred the iCloud login details of the jailbreak users to an unknown remote se

Cheaters Exposed! Would it be  the Impact Team or a woman ex-employee who worked for Avid Life Media (as per John McAfee claims ), the hackers that breached the cheater's dating website Ashley Madison has made the world aware of a lot of unfaithful people. The data crunching firm Dadaviz has analysed the leaked information of the Ashley Madison website and  revealed that thousands of the cheating website customers are from the large tech companies. Among those large tech companies, IBM and HP have the highest number of employees using the online infidelity website. Also, the list included Cisco, Apple, Intel and Microsoft employees. Top 10 Big Tech Companies that Love to Cheat Here is the list of Top 10 Big Tech Companies where Ashley Madison is the most popular: IBM HP Cisco Apple Intel Microsoft Samsung SAP Oracle Qualcomm Dadaviz found that one-third (34 percent) of all the Ashley Madison accounts were fake. Of course, there would be

Earlier this year, Microsoft had announced to bring its Office 2016 soon to the world. Also, Office 2016 software version for Mac was released in July 2015. Now speculations gearing up are hinting towards a final release date of Office 2016 for Windows as 22nd September 2015. Though, for Window users it may not be quite a change, because in the new Office suite as compared to its predecessor Office 2013 no such major improvements are visible. Office 2016 for Windows is supposedly debuting in less than a month away and will be available for home and professional users initially. Improvements in Office 2016 Office 2016 is going to be more colorful, with bright and dark colored theme options. Also, this time Microsoft has made it pretty clear that people are required to have Office 365 subscriptions because this time Microsoft is going to send new updates of Office along with the updates of Office 365. Mostly, modifications are done in the Outlook applicat

" Change is the only constant thing ," as it is known could be now modified as " Change is the only constant thing* ," where the * means Terms and conditions apply ! A change ( Mobile Device Management solutions-MDM , Bring Your Own Device-BYOD ) was brought to the organizations, (which later became necessities) for smooth workflow and management of an organization; where resides mobile and other computing devices in masses. The devices, as well as the MDM solutions, are at risk , as reported. Security researchers at Appthority Mobile Threat Team, have found a vulnerability in the sandbox app within the Apple's iOS versions prior to 8.4.1, which makes the configuration settings of managed applications to be openly accessed by anyone. QuickSand – Loophole in Sandbox The vulnerability is assigned CVE-2015-5749 and is named as ' QuickSand ' because of the loophole being present in the Sandbox. Mobile Device Management (MDM) refe

Github – the popular code sharing website used by programmers to collaborate on software development – again became a victim of a distributed-denial-of-service (DDoS) attack on Tuesday morning. The attack came just a few months after the popular code repository website GitHub suffered a massive DDoS attack, which was linked to China. Also Read: China Using A Powerful 'Great Cannon' Weapon to Censor The Internet The company was made aware of the issue early on Tuesday. After investigating the problem, the team discovered that the service was under a new DDoS attack. The code repository disclosed the new attack on its status page as well as its official Twitter account. "The connectivity problems have been identified as a DDoS attack. We're working to mitigate now," GitHub status log read early on Tuesday. The March DDoS attack against GitHub lasted close to a week . At the time, the attackers used malicious JavaScript to hijack Internet

"Ashley Madison was not hacked!" This is what declared by John McAfee , former founder of antivirus software company McAfee. So far everyone must be aware of Ashley Madison massive data breach. Last week, the hackers, who called themselves Impact Team, posted 10GB of personal data for tens of Millions of its customers, including their names and email addresses. Frequently followed by another leak, where hackers released another 20GB of company's internal data , including personal emails from the CEO of Ashley Madison parent company Avid Life, Noel Biderman, along with the source code for its website and mobile apps. John McAfee: Ashley Madison is an Inside Job by a Woman However, in a post published in the International Business Times, McAfee made a controversial statement saying, " Ashley Madison was not hacked ," and claiming that the alleged data breach was " an inside job ." McAfee says Ashley Madison data was plunde

Just to enhance the services being rendered. The popular peer-to-peer file sharing software application is aiming to achieve new heights by making their software be a paid scheme . uTorrent is one of the clients of BitTorrent Inc. (the parent company) which implements a BitTorrent protocol. Where each client is capable of creating, publishing, and transmitting any computer file over a network, using the protocol. μTorrent is a free piece of software and to support it, the company uses bundled software to offset the cost that would "otherwise be paid directly by the user." "This is a familiar revenue model that is commonly used by software companies," the μTorrent team wrote. "It allows us to fund the costs associated with software development, as well as other projects and innovations." However, the team says it's never satisfied with this revenue model approach , as it requires compromises and reduces a premium user experience,

The use of Unmanned Aerial Vehicles (UAVs), popularly known as Drones, is rapidly transforming the way crimes are conducted, and this story helps prove this right. Maryland State Police arrested two men  –  Thaddeus Shortz and Keith Brian Russell  –   suspected of allegedly trying to smuggle drugs and porn into a state prison using a drone , according to law enforcement authorities. The men, with the intention to fly a Yuneec Typhoon drone into local jails, were arrested near the Western Correctional Institution and the North Branch Correctional Institution in Cumberland, Maryland late Saturday. The authorities seized: A Yuneec Typhoon drone , which retails for around $1,300 Synthetic marijuana (also known as " Spice ") Pornographic DVDs Tobacco Prescription drugs A mobile phone A loaded pistol However, the pistol likely was not going to be carried by the drone as it was apparently too heavy that it probably would have weighed down the aircr

A sigh of relief indeed! Google is finally listening to us; it is ditching its haunting bloatware from the upcoming Android smartphones and tablets. As per the current situation, our Android devices are attacked with Google's suite of apps like Google Play Games, Google Newsstand, Google Play Books. The new Samsung Galaxy Note 5 is expected not to be pre-occupied with Google+. Though Android is an open source platform where a user can only give their inputs, the final call is taken by Google; writes and updates Android itself. We can get our own copy from the Android Open Source Project (AOSP) repository. For this, Google has listed thorough instructions to help you build it into a fully functioning version of Android. No Space for Unwanted Apps The phone manufacturers are also given access to the Android source code for free exactly in the same way as users. They can modify and change any parts they like. However, when it comes to installing G

It's been a rough week for cheating website Ashley Madison, whose slogan is " Life is short, have an affair ." Last week, the Impact Team, who claimed to hack Ashley Madison, posted 10GB of personal data for tens of Millions of its customers, including their names and email addresses. The hackers made things even worse by releasing another 20GB of company's internal data , including personal emails from the CEO of Ashley Madison parent company Avid Life, Noel Biderman , along with the source code for Ashley Madison's website and mobile apps. However, regardless of how you respond to the Ashley Madison hack , the bottom line is that what the hackers, who called themselves The Impact Team, did was highly illegal. Not just illegal, but now the Ashley Madison hack has become a reason for suicides, blackmail and multiple cases of extortion. "Two unconfirmed reports of suicides due to #AshleyMadisonHack, says Acting Staff Superintendent Bry

Yes, she is here! Android users can now talk to Cortana – the first personal digital assistant – which is a patented product of Microsoft. She is available on all the devices running Windows 10 . Earlier in May, Microsoft said they will make Cortana available for Android and iOS users . Therefore, a beta version of Cortana has been rolled out by Microsoft for public. Yesterday, Microsoft made an announcement stating the availability of Cortana for the rival Android platform. This will enable the Android phone users to replace the Google Now shortcut by pressing and holding the home button in order to activate Cortana instead. Microsoft is Opening and Spreading its Wings Everywhere Cortana maintains the same user interface and functionalities as it has in Windows devices. Now the users will get choices between whom to choose, Cortana vs. Google Now . People might like the change, as Cortana is largely appreciated by Windows users. As it is the beta relea

Next time when you came across a lady wearing high heels, you need to Watch her steps, and yours too. What if a computer hacker with stunning good look and charm, especially a girl, walk around you? This is the only reason why a young woman hacker going under the name SexyCyborg could turn out so dangerous . SexyCyborg, a Chinese hardware hacker, is actually a very intelligent and extremely geeky woman, who has a keen interest in electronics, robotics, and most importantly 3D printing. She proved this by first creating the Hikaru Skirt   with the help of a 3D printer back in July, and now… …by devising a new way of Hiding Hi-Tech Hacking Technology in a Unique Pair of High-Heeled Shoes . 'Wu Ying Shoes' – A Set of Hacking Tools! She used a 3D-printed pair of high heels for the purpose of hiding a penetration-testing toolkit around. The 3D-printed heels, she dubbed " Wu Ying Shoes ," named after the Chinese folk hero Wong Fei Hung's

Should we feel happy about it? Let's find out! What Firefox has been thinking of is, it is planning to bring in Google chrome's web browser extensions to support the features of Mozilla Firefox. The parent company of Firefox i. e. Mozilla Foundation has decided to update their add-on and extension infrastructure, making Firefox more capable and user-friendly . Ranked number three, Firefox browser is seemingly thriving to attain the first position. Google Chrome and Internet Explorer are the ones ahead of it, leading to desktops and mobile devices altogether. The move will help Firefox in various ways like: Integration of new technologies like Electrolysis and Servo Protection from Adware and Spyware Shortening the time it takes to review add-ons Functionalities brought by Mozilla According to Mozilla, functionalities that are being brought with the help of modifications in Firefox Add-ons are: Introducing a Powerful add-on WebExtensions API A

Good news for Open Source Lovers! Facebook has open-sourced Hack Codegen – its library for automatically generating Hack code, allowing outside developers to automate some of their routine work while developing large programs. HACK is the Facebook's own programming language designed to build complex web sites and other software quickly and without many flaws. HACK programming language is developed for HipHop Virtual Machine (HHVM) – an open-source virtual machine designed to execute programs written in Hack and PHP. The top 20 open source frameworks on Github run on HHVM. Also Read: Top 10 Popular Programming Languages used on GitHub HACK CodeGen is Now Open Source While making the announcement of open-sourcing Hack Codegen , which automatically generates hack code, Facebook's software engineer Alejandro Marcu said in a blog post : "Being able to generate code through automated code generation allows [developers] to increase the level of abst

This time Everything is Affected! Yet another potentially dangerous vulnerability has reportedly been disclosed in the Google's mobile operating system platform – Android . Android has been hit by a number of security flaws this month, including:   Stagefright vulnerability that affects 950 Million Android devices worldwide A critical mediaserver vulnerability that threatened to crash more than 55 percent of Android devices Another critical flaw (CVE-2015-3842) discovered last week, affected almost all the versions of Android devices This time the issue resides in the multitasking capability of the Android phones, the ability to run more than one app at a time. The security flaw gives hacker ability to spy on Android smartphone owners, steal login credentials, install malware , and many more, according to the latest research conducted by the researchers at the Pennsylvania State University and FireEye . How the Attack Works? According to security

First announced over five years ago, ex-Google engineer Kent Overstreet is pleasured in announcing the general availability of a new open-source file-system for Linux, called the Bcache File System (or Bcachefs ). Bcachefs is a Linux kernel block layer cache that aims at offering a speedier and more advanced way of storing data on servers. Bcachefs promises to provide the same performance and reliability as the consecrated EXT4 and XFS file systems while having features of the ZFS and Btrfs file systems . Features that Bcachefs Supports Bcachefs supports all the features of a modern file-system, including: Checksumming to ensure data integrity Compression to save space Caching for quick response Copy-on-Write (COW) that offers the ability for a single file to be accessed by multiple parties at once What's coming next for Bcachefs It seems that some of the features in Bcachefs are limited or missing, which includes: Snapshots Erasure codi