cookies stealing | Breaking Cybersecurity News | The Hacker News

Microsoft has patched a worm-like vulnerability in its Teams workplace video chat and collaboration platform that could have allowed attackers to take over an organization's entire roster of Teams accounts just by sending participants a malicious link to an innocent-looking image. The flaw, impacting both desktop and web versions of the app, was discovered by cybersecurity researchers at CyberArk. After the findings were responsibly disclosed on March 23, Microsoft patched the vulnerability in an update released on April 20. "Even if an attacker doesn't gather much information from a Teams' account, they could still use the account to traverse throughout an organization (just like a worm)," CyberArk's Omer Tsarfati said. "Eventually, the attacker could access all the data from your organization's Teams accounts — gathering confidential information, meetings and calendar information, competitive data, secrets, passwords, private information,

A new simple but dangerous strain of Android malware has been found in the wild that steals users' authentication cookies from the web browsing and other apps, including Chrome and Facebook, installed on the compromised devices. Dubbed " Cookiethief " by Kaspersky researchers, the Trojan works by acquiring superuser root rights on the target device, and subsequently, transfer stolen cookies to a remote command-and-control (C2) server operated by attackers. "This abuse technique is possible not because of a vulnerability in the Facebook app or browser itself," Kaspersky researchers said. "Malware could steal cookie files of any website from other apps in the same way and achieve similar results." Cookiethief: Hijacking Accounts Without Requiring Passwords Cookies are small pieces of information that's often used by websites to differentiate one user from another, offer continuity around the web, track browsing sessions across different

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

In this digital era, the success of almost every marketing, advertising, and analytics company drives through tracking users across the Internet to identify them and learn their interests to provide targeted ads. Most of these solutions rely on 3rd-party cookies, a cookie set on a domain other than the one you are browsing, which allows companies including Google and Facebook to fingerprint you in order to track your every move across multiple sites. However, if you're using Kaspersky Antivirus, a vulnerability in the security software had exposed a unique identifier associated with you to every website you visited in the past 4 years, which might have allowed those sites and other third-party services to track you across the web even if you have blocked or erased third-party cookies timely. The vulnerability, identified as CVE-2019-8286 and discovered by independent security researcher Ronald Eikenberg, resides in the way a URL scanning module integrated into the antivir

Yahoo has just revealed that around 32 million user accounts were accessed by hackers in the last two years using a sophisticated cookie forging attack without any password. These compromised accounts are in addition to the Yahoo accounts affected by the two massive data breaches that the company disclosed in last few months. The former tech giant said that in a regulatory filing Wednesday that the cookie caper is likely linked to the "same state-sponsored actor" thought to be behind a separate, 2014 data breach that resulted in the theft of 500 Million user accounts . "Based on the investigation, we believe an unauthorized third party accessed the company's proprietary code to learn how to forge certain cookies," Yahoo said in its annual report filed with the US Securities and Exchange Commission (SEC). "The outside forensic experts have identified approximately 32 million user accounts for which they believe forged cookies were used or taken

Has Yahoo rebuilt your trust again? If yes, then you need to think once again, as the company is warning its users of another hack. Last year, Yahoo admitted two of the largest data breaches on record. One of which that took place in 2013 disclosed personal details associated with more than 1 Billion Yahoo user accounts . Well, it's happened yet again. Yahoo sent out another round of notifications to its users on Wednesday, warning that their accounts may have been compromised as recently as last year after an ongoing investigation turned up evidence that hackers used forged cookies to log accounts without passwords. The company quietly revealed the data breach in security update in December 2016, but the news was largely overlooked, as the statement from Yahoo provided information on a separate data breach that occurred in August 2013 involving more than 1 billion accounts. The warning message sent Wednesday to some Yahoo users read: "Based on the ongoing i

Apple has patched a critical vulnerability in its iOS operating system that allowed criminal hackers to impersonate end users' identities by granting read/write access to website's unencrypted authentication cookies. The vulnerability was fixed with the release of iOS 9.2.1 on Tuesday, almost three years after it was first discovered and reported to Apple. The vulnerability, dubbed " Captive Portal " bug, was initially discovered by Adi Sharabani and Yair Amit from online security company Skycure and privately reported to Apple in June 2013. Here's How the Vulnerability Worked The vulnerability caused due to the way iOS handles Cookie Stores at Captive Portals , generally a login page that requires users to authenticate themselves before connecting to the free or paid public Wi-Fi hotspots when they are first joining. So, when a user with a vulnerable iPhone or iPad connects to a captive-enabled network ( sample page shown in the screensho

A newly discovered critical flaw in the implementation of web cookies by major browsers could open secured (HTTPS) browsing to Man-in-the-middle attacks . The US Computer Emergency Response Team (CERT) has revealed that all the main browser vendors have improperly implemented the RFC 6265 Standard, also referred to as " Browser Cookies ," allowing… …remote attackers to bypass secure HTTPS protocol and reveal confidential private session data. Cookies are small pieces of data sent from web sites to web browsers, which contains various information used to identify users, or store any information related to that particular website. HTTPS Cookie Injection Vulnerability Whenever a website ( you have visited ) wants to set a cookie in your browser, it passes a header named " Set-Cookie " with the parameter name, its value and some options, including cookie expiration time and domain name ( for which it is valid ). It is also important to note that HTTP

Seagate , a popular vendor of hardware solutions, has a critical zero-day vulnerability in its Network Attached Storage (NAS) device software that possibly left thousands of its users vulnerable to hackers. Seagate's Business Storage 2-Bay NAS product , found in home and business networks, is vulnerable to a zero-day Remote Code Execution vulnerability, currently affecting more than 2,500 publicly exposed devices on the Internet. Seagate is one of the world's largest vendor of hardware solutions, with products available worldwide. After Western Digital, Seagate ranked second and holds 41% of the market worldwide in supplying storage hardware products. A security researcher, named OJ Reeves , discovered the zero-day remote code execution vulnerability on 7th October last year and, reported to the company totally in the white hat style. But even after 130 days of responsible disclosure, the zero-day bug remains unpatched till now. In order to exploit the vulnerability, an atta

Researcher has discovered a new Timing attack that could unmask Google users under some special conditions. Andrew Cantino, the vice president of engineering at Mavenlink, detailed his attack in a blogpost st week. According to him, the attack could be used by an attacker to target a particular person or organization. A cyber criminal could share a Google document with an email address, un-checking the option by which Google sends the recipient a notification. TIMING ATTACK USED TO DE-MASK TOR USER'S IDENTITY Now, using timing attack exploit technique, a cyber criminal could figure out when someone logged into any one of the shared addresses visits the their site, Cantino said. An attacker could even use this attack in spear phishing campaigns or even could unmask the identity of Tor users if they're logged in to Google while using the Tor browser . Timing attack can allow to unmask targeted Google users as they browse the web. Cantino said the attack is straightforwa

In the era of Government surveillance, ensuring the security and safety of our private communications regardless of platform – email, VOIP, message, even cookies stored – should be the top priority of the Internet industry. Some industry came together to offer Encryption as the protection against government surveillance, but some left security holes that may expose your personal data. A critical issue on Instagram's Android Application has been disclosed by a security researcher that could allow an attacker to hijack users' account and successfully access private photos, delete victim's photos, edit comments and also post new images. Instagram , acquired by Facebook in April 2012 for approximately US$1 billion, is an online mobile photo-sharing, video-sharing and social networking service that enables its users to take pictures and videos, apply digital filters, and share them on a variety of social networking services, such as Facebook, Twitter, Tumblr and Flickr.

Yahoo offers a web browser toolbar which includes apps for leading sites like Facebook, Yahoo! Mail, Weather and News. Yahoo Toolbar also known as Y! Toolbar is available for Internet Explorer, Firefox and Google Chrome web browsers. Yahoo Toolbar is one of the most popular and widely installed web browser add-on/extension. Many popular softwares like Java Update and thousands of free software including some Antivirus products promote Yahoo toolbar and bundled it into their installer files. A vulnerability has been reported in Yahoo Toolbar by Security Researcher Behrouz SAdeghipour , which causes cross site scripting flaw on popular websites like Flickr, Yahoo, Google, Pinterest, Youtube, Amazon, Twitter and many more. Yahoo Toolbar vulnerability triggers all previous non-exploitable XSS payloads on popular websites as shown below in multiple screenshots provided by Behrouz to The Hacker News .  The vulnerability resides in the way Toolbar intercept and

Do you own a blog on WordPress.com website? If Yes, then you should take some extra cautious while signing into your Wordpress account from the next time when connected to public Wi-Fi, because it can be hacked without your knowledge, even if you have enabled two-factor authentication. Yan Zhu , a researcher at the Electronic Frontier Foundation (EFF) noticed that the blogs hosted on WordPress are sending user authentication cookies in plain text, rather than encrypting it. So, it can be easily hijacked by even a Script-Kiddie looking to steal information. HIJACKING  AUTHENTICATION COOKIES When Wordpress users log into their account, WordPress.com servers set a web cookie with name " wordpress_logged_in " into the users' browser, Yan Zhu explained in a blog post. He noticed that this authentication cookie being sent over clear HTTP, in a very insecure manner. One can grab HTTP cookies from the same Wi-Fi Network by using some specialized tools, such as F

Previous articles on The Hacker News have highlighted that How Internet of Things (IoT) opens your home to cyber threats. Recently the security researchers from vulnerability research firm  ReVuln  published a video demonstration shows that Philips Smart TV is prone to cyber attacks by hackers. According to the researchers, some versions of Philips Smart TV with latest firmware update are wide open to hackers and also vulnerable to cookie theft. The fault is in a feature called Miracast , that allows TVs to act as a WiFi access point with a hard-coded password 'Miracast,' and allows devices nearby within the range to connect the device for receiving the screen output. " The main problem is that Miracast uses a fixed password, doesn't show a PIN number to insert and, moreover, doesn't ask permission to allow the incoming connection, " Luigi Auriemma, CEO and security researcher at ReVuln, told SCMagazine . The vulnerability allows an attacker within the device'

When you visit a website, it stores some information on your system through a web browser for later use i.e. Login information, so you do not have to re-login to your website every time you visit the same website on the same browser. Cookies are usually stored as plain text or in the database by the browser and if a computer is accessed by multiple people, one person might scan another's cookie folder and look for things like passwords or long-life session IDs. If an attacker has the physical access to your system, can steal all your cookies easily to hijack accounts. There are many tools available on the Internet that can make it quicker and easier for an attacker to export all your cookies from the browser. The Google Chrome web browser also saves cookies to a SQLite database file in the user's data folder. One can import that file to SQL Editor software to read all cookies in plain text format. Google's open source project Chromium browser now have a new feature that en

Ruby on Rails contains a flaw in its design that may allow attackers to more easily access applications. Websites that rely on Ruby on Rails's default cookie storage mechanism   CookieStore  are at risk. The vulnerability was actually reported two months ago, but still thousands of website are running a vulnerable version of Ruby on Rails that allows a malicious attacker to gain unauthorized access again and again without password, if someone manages to steal users' cookies via via cross site scripting or session sidejacking or with physical access.  More than 10,000 websites are vulnerable to Ruby on Rails's cookie storage mechanism flaw, but this vulnerability requires your user's session cookies to be compromised in the first place. Security researcher G.S. McNamara provided the details of the vulnerability in a blog post , he analyzed nearly 90,000 sites running specialized scripts and discovered 1,897 sites based on old versions of Ruby on Rails ( version 2.0 to ve

A cookie is a piece of data that is issued by a server in an HTTP response and stored for future use by the HTTP client. Quite simply, a cookie is a small text file that is stored by a browser on the user's machine. Cookies are plain text; they contain no executable code. The client then re-supplies the cookie value in subsequent requests to the same server. This mechanism allows the server to store user preferences and identity individual users. One of the biggest issues in cookie mechanism is how to handle them. In short, the server had no way of knowing if two requests came from the same browser, called Cookie Handling vulnerability. ' Piero Tedeschi ' reported a similar issue in ' Telecom Italia ' ( https://www.telecomitalia.it/ ), the largest Italian telecommunications company, also active in the media and manufacturing industries. This vulnerability allow a malicious user to hijack multiples accounts, just by exporting and importing the cookies from

Thamatam Deepak (Mr.47™) reported a Cross site scripting (XSS) Vulnerability and cookie handling in HTC website, that allow an attacker to HTC website hijack accounts. Mr. Deepak is a 16 years old whitehat hacker, listed in Apple Hall of Fame with 'The Hacker News' researcher Mohit Kumar this month. Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. The malicious script can access any cookies, session tokens, or other sensitive information retained by your browser. This vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross site scripting is very common web application vulnerability, Yesterday our security researcher, Christy Philip Mathew reported about multiple xss in official latest versions of cPanel and WHM . As reported by Whitehat hacker Deepak, there are multiple xss in HTC website, that allow an attacker