Brute force | Breaking Cybersecurity News | The Hacker News

If you want to hack a Netgear and Linkys Wireless Routers , there is a quick backdoor entry available, that allow an attacker to reset the admin panel password to defaults. Eloi Vanderbeken , a hacker and reverse-engineer from France has discovered an administration password Reset vulnerability in many Netgear and Linkys Routers. In a blog post , Eloi said that During Christmas Holidays he forgot the admin interface password of his Linksys WAG200G router and in an effort to gain access back of its administration panel, he first scanned the Router and found a suspicious open TCP port i.e. 32764. To do further research on this port service, he downloaded a copy Linksys firmware and reverse-engineered it. He found was a secret backdoor interface that allowed him to send commands to the router from a command-line shell without being authenticated as the administrator. Then he blindly tested commands, but doing so flips the router's configuration back ...

Nation-state driven cyber attacks are routinely conducted on a global scale to defend national sovereignty and project national power. We are living in the cyber era, human conflict is involving also the fifth domain of warfare , the cyberspace . As never before disputes take place with blows of bits, militias of every government are developing cyber capabilities dedicating great effort for the establishment of cyber units . Network security company, FireEye, has released a report titled " World War C: Understanding Nation-State Motives Behind Today's Advanced Cyber Attacks " which describes the effort spent by governments in cyber warfare context, the document analyzes in detail the different approaches adopted by various countries in conducting nation-state driven cyber attacks . Security experts highlight the intensification of state-sponsored attacks for both cyber espionage and sabotage purpose, campaigns such as Moonlight Maze and Titan Rain or the destruc...

Most microsegmentation projects fail before they even get off the ground—too complex, too slow, too disruptive. But Andelyn Biosciences proved it doesn't have to be that way.  Microsegmentation: The Missing Piece in Zero Trust Security   Security teams today are under constant pressure to defend against increasingly sophisticated cyber threats. Perimeter-based defenses alone can no longer provide sufficient protection as attackers shift their focus to lateral movement within enterprise networks. With over 70% of successful breaches involving attackers moving laterally, organizations are rethinking how they secure internal traffic.  Microsegmentation has emerged as a key strategy in achieving Zero Trust security by restricting access to critical assets based on identity rather than network location. However, traditional microsegmentation approaches—often involving VLAN reconfigurations, agent deployments, or complex firewall rules—tend to be slow, operationally disrupt...

Yesterday we received a vulnerability report in web applications from some unknown Indian Hacker, who explained that how Hackers are hijacking Mobile recharge and Free SMS service related websites.  He detailed the loophole in password reset process, that could allow attackers to brute force many high profile websites that are actually not protected by the image CAPTCHA verification system, during the password reset process. The hacker used a Firefox Browser equipped with the Fireforce add-on , a very simple a Firefox extension designed to perform brute-force attacks on GET and POST forms. The technique proposed by him targets the unsecure password reset process used by many websites, where the web application used to send a code to the user's mobile or email for authenticity verification. Around 40% websites adopts password reset code composed of numbers and of some fixed length, typically having a length less than 5 digits. This information could advan...

The Password serves to protect your financial transactions, your social networking sites, and a host of other nominally secure websites online. People often say, " don't use dictionary words as passwords. They are horribly unsecure ", but what if hackers also managed to crack any 16 character password ? Criminals or trespassers who want to crack into your digital figurative backyard will always find a way. A team of hackers has managed to crack more than 14,800 supposedly random passwords from a list of 16,449 converted into hashes using the MD5 cryptographic hash function. The problem is the relatively weak method of encrypting passwords called hashing.  Hashing takes each user's plain text password and runs it through a one-way mathematical function. This creates a unique string of numbers and letters called the hash. The article reports that, using a commodity computer with a single AMD Radeon 7970 graphics card, it took him 20 hours to crack 14...