CVE-2013-6955 Synology DSM remote code execution

Products Affected By CVE-2013-6955 Diskstation Manager 4.0 4.2 4.3 4.3-3810 Vendor: Synology Status: Patched webman/imageSelector.cgi in Synology DiskStation Manager DSM 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary...

HACK - A New Open Source Programming Language developed by Facebook

Facebook just released a new programming language called 'HACK', designed to build complex websites and other software quickly and without many flaws. The company has already migrated almost all of its PHP-based social networking site to HACK over the last year, but it has nothing to do with...

OkCupid: Security issue in OkCupid

I come across security issue in OkCupid. OkCupid is using Components with Known Vulnerabilities. Link: http://www.okcupid.com/ Criticality level: Medium Each http response shows server information Version, which is not useful to user and browser. But same can be useful to attacker. Description :...

Silent Circle's Blackphone - Privacy and Security Focused Smartphone for $629

Earlier this year encrypted communications firm Silent Circle and Spanish Smartphone maker Geeksphone announced a privacy-focused encrypted Smartphone called 'Blackphone' and today the company has revealed it as 'Mobile World Congress' in Barcelona. The Blackphone titled as, “world’s first...

ILIAS 4.4.1 - Multiple Vulnerabilities

============================================================== Title ...| Multiple vulnerabilities in ILIAS Version .| ilias-4.4.1.zip Date ....| 21.02.2014 Found ...| HauntIT Blog Home ....| www.ilias.de ============================================================== First from admin user logged...

ILIAS 4.4.1 Cross Site Scripting / Shell Upload Vulnerabilities

ILIAS version 4.4.1 suffers from cross site scripting and remote shell upload vulnerabilities. ============================================================== Title ...| Multiple vulnerabilities in ILIAS Version .| ilias-4.4.1.zip Date ....| 21.02.2014 Found ...| HauntIT Blog Home ....| www.ilias....

Facebook domain hacked by Syrian Electronic Army

On the 10th Anniversary of Social networking website Facebook, the hacker group 'Syrian Electronic Army' claimed that they managed to hack into the administrator account of the Facebook's Domain Registrar - MarkMonitor. The hacking group changed the Facebook Domain's contact information to a Syri...

NSA allegedly hacked Belgian Cryptography Expert with spoofed LinkedIn Profile

Cryptographer Professor Jean-Jacques Quisquater has become the part of a targeted attack by the US National Security Agency NSA and its British counterpart GCHQ, first reported on Saturday morning by De Standaard. A few months back in September 2013 it was revealed that, Belgacom, the largest...

Snapchat's CAPTCHA Hacked in 30 Minutes, 100 Line of Code

It was only going to be a matter of time before someone figured out a way past Snapchat’s new CAPTCHA verification method. Just one day after the photo sharing application announced its latest security measure, one researcher claimed Wednesday that he was able to hack it with as few as 100 lines ...

CNN's Twitter, Facebook and website hacked by Syrian Electronic Army

A well-known pro-Syrian hacker group known as Syrian Electronic Army SEA, aligned with President Bashar al-Assad, who successfully attacked The New York Times, Huffington Post, and Twitter, BBC, National Public Radio, Al-Jazeera, Microsoft, Xbox, Skype and responsible for cyber-attacks against...

BlackPOS Malware used in TARGET Data Breach developed by 17-Year Old Russian Hacker

The Holiday data breach at TARGET appeared to be part of a broad and highly sophisticated international hacking campaign against multiple retailers, involving the heist of possibly 110 million Credit-Debit cards, and personal information. Target confirmed last weekend that a malicious software wa...

Syrian Electronic Army's own website got hacked by Turkish hacker

Oops.. Hackers got Hacked! The Syrian Electronic Army, who has hacked hundreds of High Profile targets in 2013-14, today they got hacked by a Turkish hacker. Turkguvenligi, a Turkish hacker told The Hacker News that he hacked and defaced the official website of the hacking group SEA sea.sy and...

Blackhole Exploit Kit Successor Years Away

It should shock no one that a viable successor to the Blackhole exploit kit has yet to emerge in the criminal underground. It’s been less than three months since the arrest of its alleged creator Paunch sent cybercriminals reliant on the toolkit scrambling for a replacement. And like any profitab...

4.6 Million Usernames, Phone Numbers Leaked in Snapchat Hack

It didn’t take long for hackers to exploit a previously disclosed vulnerability in the popular photo sharing application Snapchat. As yet unidentified hackers spent yesterday’s New Year’s holiday dumping 4.6 million of the service’s usernames and partial phone numbers and posting them online for...

TIME Magazine Twitter account hacked by Syrian Electronic Army

Just now, The hacktivist group Syrian Electronic Army SEA briefly took over the Twitter account of the TIME Magazine. The Hacker group tweeted from the TIME's official account, "Syrian Electronic Army Was Here via @OfficialSEA16..Next time write a better word about the Syrian president SEA" with...

vBulletin Zero Day Used to Hack MacRumors, vBulletin

A hacker group calling itself Inj3ct0r is taking responsibility for the compromise of more than 860,000 passwords at MacRumors.com as well as a separate attack on vBulletin.com, makers of the vBulletin software powering a number of high-profile forums including MacRumors and Ubuntu Forums. The...

Snowden reveals, GCHQ planted malware via LinkedIn and Slashdot traffic to hack Belgacom Engineers

None...

Buffer hacked; Twitter, Facebook flooded with Spam Weight-loss links

If you're a user of the Buffer app, the social-media management service that let you cross-posting to various social networks, be aware that the service got hacked yesterday, with spam messages going out over Facebook. "Buffer was hacked around 1 hour ago, and many of you may have experienced spa...

Hacker stole $100,000 from Users of California based ISP using SQL Injection

In 2013 we have seen a dramatic increase in the number of hack attacks attempted against banks, credit unions and utility companies using various techniques including DDoS attack, SQL injection, DNS Hijacking and Zero-Day Flaws. SQL Injection is one of the most common security vulnerabilities on...

Phony Fax Leads to Metasploit, Rapid7 DNS Hijacking

A pro-Palestine hacker collective went old-school in its takedown of the Metasploit and Rapid7 websites today. Metasploit creator and HD Moore confirmed via Twitter that Metasploit.com was hacked via a spoofed DNS change request sent via fax to its registrar, Register.com. “Hacking like it’s 1964...