password hacking | Breaking Cybersecurity News | The Hacker News

Hackers claiming affiliation with the hacktivist group "Anonymous" have allegedly leaked more than 13,000 username and password combinations for some of the worlds most popular websites, including Amazon, Xbox Live and Playstation Network . The stolen personal information was released in a massive text document posted to the Internet file-sharing website Ghostbin  (now deleted) , on Friday. The document contains a huge number of usernames and passwords, along with credit card numbers and expiration dates. The news came just a day after the hacker group Lizard Squad compromised Sony's Playstation and Microsoft's Xbox Live gaming networks on Christmas day, which is estimated to have affected Xbox's 48 million subscribers and PlayStation's 110 million users, making it a total of more than 150 million users worldwide. However, data breach of 13,000 users is not the biggest data breach we've ever seen. When millions of passwords are used for sites ar

The Internet Corporation for Assigned Names and Numbers (ICANN) has been hacked by unknown attackers that allowed them to gain administrative access to some of the organization's systems, the organization confirmed. The attackers used " spear phishing " campaign to target sensitive systems operated by ICANN and sent spoofed emails disguised as internal ICANN communications to its staff members. The link in the emails took the staff to bogus login page, where they provided their usernames and passwords with the keys to their work email accounts. The data breach began in late November 2014 and was discovered a week later, ICANN, which oversees the Internet's address system, said in a release published Tuesday. ICANN is the organization that manages the global top-level domain system. " We believe a 'spear phishing' attack was initiated in late November 2014 ," Tuesday's press release stated. " It involved email messages that we

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

We are living in an era of smart devices that we sync with our smartphones and make our lives very simple and easy, but these smart devices that inter-operates with our phones could leave our important and personal data wide open to hackers and cybercriminals. Security researchers have demonstrated that the data sent between a Smartwatch and an Android smartphone is not too secure and could be a subject to brute force hacks by attackers to intercept and decode users' data, including everything from text messages to Google Hangout chats and Facebook conversations. Well this happens because the bluetooth communication between most Smartwatches and Android devices rely on a six-digit PIN code in order to transfer information between them in a secure manner. Six-digit Pin means approx one million possible keys, which can be easily brute-forced by attackers into exposing entire conversations in plain text. Researchers from the Romania-based security firm Bitdefender ca

Thanks to recent events involving certain celebrities' stolen pictures, "brute-force attack" is now one of the hot buzz words making its rounds. As an IT professional - do you know what a brute force attack is, how to spot one when it happens, and how to prevent it? A brute-force attack is, simply, an attack on a username, password, etc. that systematically checks all possible combinations until the correct one is found. Scripts are usually used in these attacks to automate the process of arriving at the correct username/password combination. This is why time is of the essence when it comes to detecting and stopping a brute force attack – the more time the attacker has, the more passwords can be tried. Brute force attacks are one of the few hacks detectable by their volume, rather than their type. In your web (or proprietary app) logs, you'll usually see a crazy amount of failed login attempts, usually originating from the same IP address. You might even see the same accoun

Internet users have faced a number of major privacy breaches in last two months. Major in the list are The Fappening , The Snappening and now the latest privacy breach in Dropbox security has gained everybody's attention across the world. Dropbox , the popular online locker service, appears to have been hacked by an unnamed hacker group. It is still unclear how the account details of so many users were accessed and, indeed, if they are actually legitimate or not. However, the group claims to have accessed details from nearly 7 million individual accounts and are threatening to release users' photos, videos and other files. HACKERS CLAIMED TO RELEASE 7 MILLION USERS' PERSONAL DATA A thread surfaced on Reddit today that include links to files containing hundreds of usernames and passwords for Dropbox accounts in plain text. Also a series of posts with hundreds of alleged usernames and passwords for Dropbox accounts have been made to Pastebin, an anonymous information-sha

Four month ago, a massive data breach on the eBay website affected 145 million registered users worldwide after its database was compromised. Meanwhile, another critical vulnerability on the eBay website was reported, allowing an attacker to hijack millions of user accounts in bulk. An Egyptian security researcher ' Yasser H. Ali ' informed The Hacker News about this vulnerability 4 months ago, which could be used by the cyber criminals in the targeted attacks. At that time, Mr.Yasser secretly demonstrated the vulnerability step-by-step to ' The Hacker News ' team and we confirmed - IT WORKS . Since it was not addressed by the eBay security team, we kept the technical details of this vulnerability hidden from our readers. But, as we promised to share the technical details of this interesting flaw, once after eBay team patch it. So, Here we go! The vulnerability Yasser found could allow you to Reset Password of any eBay user account and that too without any user interaction or d

Mozilla on Friday notified users of its Mozilla Developer Network (MDN) that the company has accidentally exposed the e-mail addresses and cryptographically protected passwords of thousands of Mozilla developers. The email addresses of over 76,000 members of its Developer Network, along with 4000 "salted" passwords were disclosed through a database glitch that may have been exploited by hackers, Mozilla officials warned Friday. The database glitch caused due to a data " sanitization " process failure, that was lasted for a month beginning on June 23, which inadvertently published the records of members of the MDN and left on a publicly accessible server for around a month until one of the outfit's web developers discovered their presence on a server accessible to the general public around a couple of weeks back, according to a blog post . " As soon as we learned of it, the database dump file was removed from the server immediately, and the process that ge

Security researchers from Russian Internet giant Yandex have discovered a new piece of malware that is being used to target Linux and FreeBSD web servers in order to make them a part of the wide botnet, even without the need of any root privileges. Researchers dubbed the malware as Mayhem, a nasty malware modular that includes a number of payloads to cause malicious things and targets to infect only those machines which are not updated with security patches or less likely to run security software. So far, researchers have found over 1,400 Linux and FreeBSD servers around the world that have compromised by the malware , with potentially thousands more to come. Most of the compromised machines are located in the USA, Russia, Germany and Canada. Three security experts, Andrej Kovalev, Konstantin Ostrashkevich and Evgeny Sidorov , who work at Russia-based Internet portal Yandex, discovered the malware targeting *nix servers . They were able to trace transmissions from th

Just few days ago, we reported about two critical vulnerability in mobile version of the most popular password manager application from a popular Password management company RoboForm , which manages your passwords for different websites. Now, researchers have published a detailed explanation on the security vulnerabilities discovered in five different and popular password managers , including RoboForm, that could allow cybercriminals to grab your credentials. The serious security holes were found and reported by the University of California Berkeley researchers named: Zhiwei Li, Warren He, Devdatta Akhawe and Dawn Song . The critical vulnerabilities were discovered in the popular password managers that includes RoboForm, LastPass, My1Login, PasswordBox and NeedMyPassword . " Our attacks are severe: in four out of the five password managers we studied, an attacker can learn a user's credentials for arbitrary websites, " Researchers wrote in the paper (PDF) tit

Unless you are a human supercomputer, remembering password is not so easy, and that too if you have a different password for each site. But luckily to make the whole process very easy, there is a growing market out there for password managers and lockers with extra layers of security. But, if you are using the mobile version of most popular password manager from Password management company RoboForm to manage your passwords then you might be at a risk, claimed a UK based Security researcher. I am personally using RoboForm from last few months, which is a great password manager application developed by Siber Systems Inc. for various platforms that stores your sensitive data all in one place, protected at RoboForm account and encrypted by a secret master password. RoboForm user be able to then quickly access those passwords and notes anytime, anywhere. But a IT security consultant and tech enthusiast Paul Moore discovered one critical vulnerability in its app and one Pri

A Flaw has been discovered in the motherboards manufactured by the server manufacturer Supermicro, has left more than 30,000 servers vulnerable to hackers that could allow them to remotely compromise the management interface of unpatched servers. The vulnerability actually resides in the Baseboard Management Controller (BMC) in the WPCM450 line of chips incorporated into the motherboards. Security Researcher at CARInet Security Incident Response Team, discovered that Baseboard Management Controller (BMC) of Supermicro motherboards contain a binary file that stores remote login passwords in clear text and the file is available for download simply by connecting to the specific port, 49152. Baseboard Management Controller (BMC) is the central part of the microcontroller that resides on server motherboard or in the chassis of a blade server or telecom platform. The BMC links to a main processor and other onboard elements via a simple serial bus. Baseboard management contr

Two year back in 2012, one of the most popular online social networking sites Linkedin spent between $500,000 and $1 million on forensic work after millions of its users' account passwords were compromised in a major security data breach. But, it seems that the company hasn't learned any lesson from it. WHAT IS MAN-IN-THE-MIDDLE (MitM) ATTACK Before moving on to the story, let us discuss some emerging and common threats against the social networking sites nowadays. If we talk about less publicized but more danger, then Man-in-the-Middle (MitM) attack is the most common one. By attempting MitM attack, a potential attacker could intercept users' internet communication, steal sensitive information and even hijack sessions. Though MitM attacks are popular and have existed for years, a major categories of today's largest websites and social networking sites still haven't taken the necessary steps to safeguard their users' personal and sensitive data from the vulnerabil

The famous URL shortening service is facing a data breach . The very popular URL shortening service Bitly, has issued an urgent security warning saying that its users' account credentials may have been compromised, according to a blog post published yesterday. " We have reason to believe that Bitly account credentials have been compromised; specifically, users' email addresses, encrypted passwords, API keys and OAuth tokens ," Bitly CEO Mark Josephson wrote in a blog post . At this point, however, there is no indication that hackers have broken into any user accounts, he said. Bitly was founded in 2008, allows users to shorten links and making it to share on other sites easier for users. It is privately held and based in New York City. Bitly shortens more than one billion links per month and powers over 10,000 custom short URLs and offers an enterprise analytics platform that helps web publishers and brands grow their social media traffic. Bitly users' acc

At the beginning of this year, we reported about the secret backdoor 'TCP 32764' discovered in several routers including, Linksys, Netgear, Cisco and Diamond that allowed an attacker to send commands to the vulnerable routers at TCP port 32764 from a command-line shell without being authenticated as the administrator. The Reverse-engineer from France Eloi Vanderbeken , who discovered this backdoor has found that although the flaw has been patched in the latest firmware release, but SerComm has added the same backdoor again in another way. To verify the released patch, recently he downloaded the patched firmware version 1.1.0.55 of Netgear DGN1000 and unpacked it using binwalk tool. He found that the file 'scfgmgr' which contains the backdoor is still present there with a new option " -l ", that limits it only for a local socket interprocess communication (Unix domain socket), or only for the processes running on the same device. On further investigation via reverse en

Heartbleed – I think now it's not a new name for you, as every informational website, Media and Security researchers are talking about probably the biggest Internet vulnerability in recent history. It is a critical bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allows attackers to read portions of the affected server's memory, potentially revealing users data, that the server did not intend to reveal. After the story broke online, websites around the world flooded with the heartbleed articles, explaining how it works, how to protect, and exactly what it is. Yet many didn't get it right. So based on the queries of Internet users, we answered some frequently asked questions about the bug. 1.) IS HEARTBLEED A VIRUS? Absolutely NO, It's not a virus. As described in our previous article , The Heartbleed bug is a vulnerability resided in TLS heartbeat mechanism built into certain versions of the popular open source encryption standard Open