Account security | Breaking Cybersecurity News | The Hacker News

For many organizations, Active Directory (AD) service accounts are quiet afterthoughts, persisting in the background long after their original purpose has been forgotten. To make matters worse, these orphaned service accounts (created for legacy applications, scheduled tasks, automation scripts, or test environments) are often left active with non-expiring or stale passwords. It's no surprise that AD service accounts often evade routine security oversight. Security teams, overwhelmed by daily demands and lingering technical debt, often overlook service accounts (unlinked to individual users and rarely scrutinized) allowing them to quietly fade into the background. However, this obscurity makes them prime targets for attackers seeking stealthy ways into the network. And left unchecked, forgotten service accounts can serve as silent gateways for attack paths and lateral movement across enterprise environments. In this article, we'll examine the risks that forgotten AD service accounts...

Google has announced a new feature in its Chrome browser that lets its built-in Password Manager automatically change a user's password when it detects the credentials to be compromised. "When Chrome detects a compromised password during sign in, Google Password Manager prompts the user with an option to fix it automatically," Google's Ashima Arora, Chirag Desai, and Eiji Kitamura said . "On supported websites, Chrome can generate a strong replacement and update the password for the user automatically." The feature builds upon Password Manager 's existing capabilities to generate strong passwords during sign-up and flag credentials that have been detected in a data breach. Google told The Hacker News the feature hasn't been formally launched for end users, and that it's mainly geared towards developers so they can optimize their websites for once the feature launches. With the automated password change, Google said the idea is to reduce fric...

A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster codenamed CryptoChameleon that's designed to primarily target mobile devices. "This kit enables attackers to build carbon copies of single sign-on (SSO) pages, then use a combination of email, SMS, and voice phishing to trick the target into sharing usernames, passwords, password reset URLs, and even photo IDs from hundreds of victims, mostly in the United States," Lookout  said  in a report. Targets of the phishing kit include employees of the Federal Communications Commission (FCC), Binance, Coinbase, and cryptocurrency users of various platforms like Binance, Coinbase, Gemini, Kraken, ShakePay, Caleb & Brown, and Trezor. More than 100 victims have been successfully phished to date. The phishing pages are designed such that the fake login screen is displayed only after the victim completes a CAPTCHA test using hCaptcha, thus pre...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

My usual bed routine is to check comments under my articles before I go to sleep. The same I was doing last night, but something weird happened to me. Someone posted a mysterious short link without any text below one of my articles on our  official 'The Hacker News' Facebook Page , and with the curiosity to check that link I visited that website. And what I saw… One by one my every single account I logged in into my web browser got automatically logged out just in few seconds in front of my eyes. This is exactly what Super Logout does. Log Out All Your Accounts in Just One Click Yes, Super Logout – a website that logs you out of over 30 major Internet services just in one click. You can visit 'Super Logout' here . ( Note : Once clicked, this will log you out instantly from all your online accounts and don't worry it is neither harmful, nor malicious ) This is a great tool for people who: Usually visit Internet Cafes for surfing In...

Google is taking its users' privacy very serious and making every possible effort for its users just to make them feel secure when they are online. Today, the tech giant has announced its enhanced two-step verification service that is based on a physical USB key, adding yet another layer of security to protect its users from hackers and other forms of online theft. SECURITY KEY- 2 STEP VERIFICATION USING USB DRIVES The "Security Key" feature will currently work on Chrome and will be free for Google users, but the company also notes that the Security Key is supporting the open Universal 2nd Factor (U2F) protocol from the FIDO Alliance, which will allow users to log in to Google Accounts by inserting a USB device into their systems. By letting users protect their accounts using two-factor authentication based on physical USB keys, it will be no longer any compulsion for you to type in the six-digit authentication code in Google's Gmail or your Google Acco...

Does a Strong Password Guarantee you the Security of your Online Account? If yes, then you should once check out our ' Data breaches ' section on the website. A Startup Company,  SlickLogin  has developed a technology that enables you to login into online accounts using Ultrasonic sound, instead of entering username and password on your. The company claims its technology offers " military-grade security " that replaces passwords in the two-step process simply by placing your Phone next to their laptop or tablet. When you sign-in via SlickLogin enabled website, the computer will play a sound which is encrypted into Ultrasonic Sound, inaudible to the human ear, but your Smartphone can hear it. The Smartphone Sends data back to the SlickLogin Servers for authentication and grants immediate access. Each sound is different, unique and cannot be reused to hack an account. Recently, Google has acquired this two month old Israeli Startup, " Today...