Password recovery | Breaking Cybersecurity News | The Hacker News

A set of novel attack methods has been demonstrated against Google Workspace and the Google Cloud Platform that could be potentially leveraged by threat actors to conduct ransomware, data exfiltration, and password recovery attacks. "Starting from a single compromised machine, threat actors could progress in several ways: they could move to other cloned machines with  GCPW  installed, gain access to the cloud platform with custom permissions, or decrypt locally stored passwords to continue their attack beyond the Google ecosystem," Martin Zugec, technical solutions director at Bitdefender,  said  in a new report. A prerequisite for these attacks is that the bad actor has already gained access to a local machine through other means, prompting Google to mark the bug as  not eligible for fixing  "since it's outside of our threat model and the behavior is in line with Chrome's practices of storing local data." However, the Romanian cybersecurity firm has wa

At a little overt halfway through 2023, credential theft is still a major thorn in the side of IT teams. The heart of the problem is the value of data to cybercriminals and the evolution of the techniques they use to get hold of it. The  2023 Verizon Data Breach Investigations Report (DBIR)  revealed that 83% of breaches involved external actors, with almost all attacks being financially motivated. Of these breaches by external actors, 49% involved the use of stolen credentials.  We'll explore why credential theft is still such an attractive (and successful) attack route, and look at how IT security teams can fight back in the second half of 2023 and beyond. Users are still often the weak link The hallmarks of many successful cyberattacks are the determination, inventiveness, and patience threat actors show. Though a user may spot some attacks through security and awareness training, it only takes one well-crafted attack to catch them. Sometimes all it takes is for a user to be

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

The Game of Thrones hacking saga continues, but this time it's the HBO's and GOT's official Twitter and Facebook accounts got compromised, rather than upcoming episodes. As if the leak of episodes by hackers and the accidental airing of an upcoming episode of Game of Thrones by HBO itself were not enough, a notorious group of hackers took over the official Twitter and Facebook accounts for HBO as well as Game of Thrones Wednesday night. The hacker group from Saudi Arabia, dubbed OurMine , claimed responsibility for the hack, posting a message on both HBO's official Twitter and Facebook accounts, which read: "Hi, OurMine are here, we are just testing your security, HBO team, please contact us to upgrade the security," followed by a contact link for the group. This message was followed by another one, wherein hackers asked people to make the hashtag #HBOhacked trending on Twitter, which it did. Ourmine is the same group of hackers from Saudi Arabia

We all have been receiving spam phone calls and messages on almost daily basis from scammers who want to pilfer your money and personal information, but a new type of social engineering hack that makes use of just your mobile number to trick you is a little scarier. Security firm Symantec is warning people about a new password recovery scam that tricks users into handing over their webmail account access to the attackers. In order to get into your email account, an attacker does not need any coding or technical skills. All an attacker needs your email address in question and your cell phone number. Since the process to reset the password is almost similar to all mail services, this new password recovery scam affects all popular webmail services including Gmail, Yahoo, and Outlook among others. Symantec has provided a video explanation of how this new hack attack works. The trick is as simple as it sounds: if you want to reset someone's email account password, all y

The popular social media site Twitter is rolling out a couple of new features to its login process to help users prevent their account in a more secure way and restore access to their account if they forget their accounts' password. For tighten up the security measures Twitter is launching two factor authentication in its new password reset experience, making its users to reset their password in easier way and at the same time difficult for cybercriminals to log in to users' accounts. " The new process lets you choose the email address or phone number associated with your account where you'd like us to send your reset information. That way, whether you've recently changed your phone number, or are traveling with limited access to your devices, or had an old email address connected to your Twitter account, you've got options ," Twitter said in a blogpost on Thursday. RESET TWITTER PASSWORD WITH SMS This new experience will let Twitter users to