#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Brute force | Breaking Cybersecurity News | The Hacker News

New GoTrim Botnet Attempting to Break into WordPress Sites' Admin Accounts

New GoTrim Botnet Attempting to Break into WordPress Sites' Admin Accounts

Dec 14, 2022 Website Security / Linux
A new Go-based botnet has been spotted scanning and brute-forcing self-hosted websites using the WordPress content management system (CMS) to seize control of targeted systems. "This new brute forcer is part of a new campaign we have named GoTrim because it was written in Go and uses ':::trim:::' to split data communicated to and from the C2 server," Fortinet FortiGuard Labs researchers Eduardo Altares, Joie Salvio, and Roy Tay  said . The active campaign, observed since September 2022, utilizes a bot network to perform distributed brute-force attacks in an attempt to login to the targeted web server. A successful break-in is followed by the operator installing a downloader PHP script in the newly compromised host that, in turn, is designed to deploy the "bot client" from a hard-coded URL, effectively adding the machine to the growing network. In its present form, GoTrim does not have self-propagation capabilities of its own, nor can it distribute oth
New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught

New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught

Sep 30, 2021
Cybersecurity researchers have disclosed an unpatched security vulnerability in the protocol used by Microsoft Azure Active Directory that potential adversaries could abuse to stage undetected brute-force attacks. "This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory ( Azure AD ) without generating sign-in events in the targeted organization's tenant," researchers from Secureworks Counter Threat Unit (CTU)  said  in a report published on Wednesday. Azure Active Directory is Microsoft's enterprise cloud-based identity and access management (IAM) solution designed for single sign-on (SSO) and multi-factor authentication. It's also a core component of Microsoft 365 (formerly Office 365), with capabilities to provide authentication to other applications via OAuth. The weakness resides in the  Seamless Single Sign-On  feature that allows employees to automatically sign in when using their corporate devices that
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
TrickBot Now Exploits Infected PCs to Launch RDP Brute Force Attacks

TrickBot Now Exploits Infected PCs to Launch RDP Brute Force Attacks

Mar 18, 2020
A new module for TrickBot banking Trojan has recently been discovered in the wild that lets attackers leverage compromised systems to launch brute-force attacks against selected Windows systems running a Remote Desktop Protocol (RDP) connection exposed to the Internet. The module, dubbed " rdpScanDll ," was discovered on January 30 and is said to be still in development, said cybersecurity firm Bitdefender in a report shared with The Hacker news. According to the researchers, the rdpScanDll brute-forcing module has so far attempted to target 6,013 RDP servers belonging to enterprises in telecom, education, and financial sectors in the U.S. and Hong Kong. The malware authors behind TrickBot specialize in releasing new modules and versions of the Trojan in an attempt to expand and refine its capabilities. "The flexibility allowed by this modular architecture has turned TrickBot into a very complex and sophisticated malware capable of a wide range of malicious a
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
Bug Hunter Found Ways to Hack Any Instagram Accounts

Bug Hunter Found Ways to Hack Any Instagram Accounts

May 21, 2016
How to hack an Instagram account? The answer to this question is difficult to find, but a bug bounty hunter just did it without too many difficulties. Belgian bug bounty hunter Arne Swinnen discovered two vulnerabilities in image-sharing social network Instagram that allowed him to brute-force Instagram account passwords and take over user accounts with minimal efforts. Both brute-force attack issues were exploitable due to Instagram's weak password policies and its practice of using incremental user IDs. "This could have allowed an attacker to compromise many accounts without any user interaction, including high-profile ones," Swinnen wrote in a blog post describing details of both vulnerabilities. Brute-Force Attack Using Mobile Login API Swinnen discovered that an attacker could have performed brute force attack against any Instagram account via its Android authentication API URL, due to improper security implementations. According to his blog post , fo
Smartwatch Hacked... Data Exchange with Smartphone Not So Secure

Smartwatch Hacked... Data Exchange with Smartphone Not So Secure

Dec 11, 2014
We are living in an era of smart devices that we sync with our smartphones and make our lives very simple and easy, but these smart devices that inter-operates with our phones could leave our important and personal data wide open to hackers and cybercriminals. Security researchers have demonstrated that the data sent between a Smartwatch and an Android smartphone is not too secure and could be a subject to brute force hacks by attackers to intercept and decode users' data, including everything from text messages to Google Hangout chats and Facebook conversations. Well this happens because the bluetooth communication between most Smartwatches and Android devices rely on a six-digit PIN code in order to transfer information between them in a secure manner. Six-digit Pin means approx one million possible keys, which can be easily brute-forced by attackers into exposing entire conversations in plain text. Researchers from the Romania-based security firm Bitdefender ca
Mayhem — A New Malware Targets Linux and FreeBSD Web Servers

Mayhem — A New Malware Targets Linux and FreeBSD Web Servers

Jul 25, 2014
Security researchers from Russian Internet giant Yandex have discovered a new piece of malware that is being used to target Linux and FreeBSD web servers in order to make them a part of the wide botnet, even without the need of any root privileges. Researchers dubbed the malware as Mayhem, a nasty malware modular that includes a number of payloads to cause malicious things and targets to infect only those machines which are not updated with security patches or less likely to run security software. So far, researchers have found over 1,400 Linux and FreeBSD servers around the world that have compromised by the malware , with potentially thousands more to come. Most of the compromised machines are located in the USA, Russia, Germany and Canada. Three security experts, Andrej Kovalev, Konstantin Ostrashkevich and Evgeny Sidorov , who work at Russia-based Internet portal Yandex, discovered the malware targeting *nix servers . They were able to trace transmissions from th
BrutPOS Botnet Compromises insecure RDP Servers at Point-of-Sale Systems

BrutPOS Botnet Compromises insecure RDP Servers at Point-of-Sale Systems

Jul 10, 2014
Cyber criminals are infecting thousands of computers around the world with malware and are utilizing those compromised machines to break into Point-of-Sale (PoS) terminals using brute-force techniques, and the attackers have already compromised 60 PoS terminals by brute-force attacks against poorly-secured connections to guess remote administration credentials, says researchers from FireEye. The new botnet campaign, dubbed as BrutPOS , aims to steal payment card information from the POS systems and and other places where payment data is stored, by targeting Microsoft Remote Desktop Protocol (RDP) servers that were disgracefully using poorly secured and simple passwords. Due to the better track inventory and accuracy of records, the Point-of-sale (POS) machine is used worldwide and it can be easily set-up, depending on the nature of the business. But, Point-of-sale (POS) systems are critical components in any retail environment and the users are not aware of the emerging
98% of SSL enabled websites still using SHA-1 based weak Digital Certificates

98% of SSL enabled websites still using SHA-1 based weak Digital Certificates

Feb 06, 2014
The National Institute of Standards and Technology (NIST) had published a document on Jan 2011 that the SHA-1 algorithm will be risky and should be disallowed after year 2013, but it was recently noticed by Netcraft experts that NIST.gov website itself were using 2014 dated SSL certificate with SHA-1 hashes. " From January 1, 2011 through December 31, 2013, the use of SHA-1 is deprecated for digital signature generation. The user must accept risk when SHA-1 is used, particularly when approaching the December 31, 2013 upper limit. SHA-1 shall not be used for digital signature generation after December 31, 2013. " NIST in the document. Digital signatures facilitate the safe exchange of electronic documents by providing a way to test both the authenticity and the integrity of information exchanged digitally. Authenticity means when you sign data with a digital signature, someone else can verify the signature, and can confirm that the data originated from you and was not
More details about alleged 17-year-old Russian BlackPOS Malware Author released

More details about alleged 17-year-old Russian BlackPOS Malware Author released

Jan 20, 2014
Security experts at IntelCrawler provided a new interesting update on BlackPOS malware author , that he forgot to delete his Social networking profile even after the last exposure from the investigators. As we have reported a few days before that the Intelligence firm IntelCrawler  has identified a 17 year old teenager, known as " Ree [4] " in the underground market, as the author of the BlackPOS /Kaptoxa malware used in the attack against Target and Neiman Marcus retailers. The teenager is not directly responsible for the Target attack, but he sold the BlackPOS to other Cyber Gangs, including the admin's of underground credit cards market places, " . rescator ", " Track2 . name ", " Privateservices.biz " and many others were his clients. Who is Ree [ 4]? IntelCrawler exposed REE [ 4]'s original profile as Sergey Taraspov,  a 17 year old Russian programmer, based in St . Petersburg and Nizhniy Novgorod (Russian Federation). Before both brea
Cyber criminals targeting another cryptocurrency 'Primecoin' with malicious miners

Cyber criminals targeting another cryptocurrency 'Primecoin' with malicious miners

Jan 16, 2014
Like Bitcoin, There are numerous other cryptocurrency similar in nature, including  MasterCoin , ProtoShares, Litecoin, Peercoin, BitBar and many more. One of them is  Primecoin  (sign: Ψ; code: XPM),  a peer-to-peer open source cryptocurrency that implements a scientific computing proof-of-work system. Unlike Bitcoin or other virtual currencies, only Primecoin provides a proof of work that has intrinsic value. It generates a special form of prime number chains, known as ' Cunningham chains & bi-twin chains ' and has a real world importance in mathematical research. Worldwide famous RSA Encryption basically uses two prime numbers for generating a RSA key pair. If you are able to factorize the public key and find these prime numbers, you will then be able to find the private key. Thus, the whole Security of RSA encryption is based on the length of prime numbers. So, Primecoin plays a great role for crypto researchers to get large... and a very large number of Primes. Like
Hackers behind TARGET data breach looking for Pro-cracker to decrypt Credit card PINs

Hackers behind TARGET data breach looking for Pro-cracker to decrypt Credit card PINs

Jan 10, 2014
I think you haven't forgotten the massive data breach occurred at TARGET , the third-largest U.S. Retailer during last Christmas Holidays. People shop during Black Friday sales in which over 40 million Credit & Debit cards were stolen, used to pay for purchases at its 1500 stores nationwide in the U.S. TARGET officially confirmed that the encrypted PINs (personal identification numbers) of payment cards were stolen in the breach, since the stolen pin data were in encrypted form so they were confident that the information was " Safe and Secure ", because PIN cannot be decrypted without the right key. The Breach was caused by a malware attack, that allowed the criminals to manipulate Point of Sale (PoS) systems without raising red flags and the card numbers compromised in the breach are now flooding underground forums for sale. Possibly a group of Eastern European cyber criminals who specializes in attacks on merchants and Point-of-Sale terminals either attached a physical device
Hacking Wireless DSL routers via Administrative password Reset Vulnerability

Hacking Wireless DSL routers via Administrative password Reset Vulnerability

Jan 04, 2014
If you want to hack a Netgear and Linkys Wireless Routers , there is a quick backdoor entry available, that allow an attacker to reset the admin panel password to defaults. Eloi Vanderbeken , a hacker and reverse-engineer from France has discovered an administration password Reset vulnerability in many Netgear and Linkys Routers. In a blog post , Eloi said that During Christmas Holidays he forgot the admin interface password of his Linksys WAG200G router and in an effort to gain access back of its administration panel, he first scanned the Router and found a suspicious open TCP port i.e. 32764. To do further research on this port service, he downloaded a copy Linksys firmware and reverse-engineered it. He found was a secret backdoor interface that allowed him to send commands to the router from a command-line shell without being authenticated as the administrator. Then he blindly tested commands, but doing so flips the router's configuration back to factory settings with defau
World War C report - Motives behind State Sponsored Cyber Attacks

World War C report - Motives behind State Sponsored Cyber Attacks

Oct 03, 2013
Nation-state driven cyber attacks are routinely conducted on a global scale to defend national sovereignty and project national power. We are living in the cyber era, human conflict is involving also the fifth domain of warfare , the cyberspace . As never before disputes take place with blows of bits, militias of every government are developing cyber capabilities dedicating great effort for the establishment of cyber units . Network security company, FireEye, has released a report titled " World War C: Understanding Nation-State Motives Behind Today's Advanced Cyber Attacks " which describes the effort spent by governments in cyber warfare context, the document analyzes in detail the different approaches adopted by various countries in conducting nation-state driven cyber attacks . Security experts highlight the intensification of state-sponsored attacks for both cyber espionage and sabotage purpose, campaigns such as Moonlight Maze and Titan Rain or the destruc
Short Password Reset code vulnerability allows hackers to brute-force many websites

Short Password Reset code vulnerability allows hackers to brute-force many websites

Aug 19, 2013
Yesterday we received a vulnerability report in web applications from some unknown Indian Hacker, who explained that how Hackers are hijacking Mobile recharge and Free SMS service related websites.  He detailed the loophole in password reset process, that could allow attackers to brute force many high profile websites that are actually not protected by the image CAPTCHA verification system, during the password reset process. The hacker used a Firefox Browser equipped with the Fireforce add-on , a very simple a Firefox extension designed to perform brute-force attacks on GET and POST forms. The technique proposed by him targets the unsecure password reset process used by many websites, where the web application used to send a code to the user's mobile or email for authenticity verification. Around 40% websites adopts password reset code composed of numbers and of some fixed length, typically having a length less than 5 digits. This information could advantage
Cybersecurity Resources