#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

How to hack email | Breaking Cybersecurity News | The Hacker News

New Critical Exim Flaw Exposes Email Servers to Remote Attacks — Patch Released

New Critical Exim Flaw Exposes Email Servers to Remote Attacks — Patch Released
Sep 30, 2019
A critical security vulnerability has been discovered and fixed in the popular open-source Exim email server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers. Exim maintainers today released an urgent security update— Exim version 4.92.3 —after publishing an early warning two days ago, giving system administrators an early head-up on its upcoming security patches that affect all versions of the email server software from 4.92 up to and including then-latest version 4.92.2. Exim is a widely used, open source mail transfer agent (MTA) developed for Unix-like operating systems like Linux, Mac OSX or Solaris, which runs almost 60 percent of the Internet's email servers today for routing, delivering and receiving email messages. This is the second time in this month when the Exim maintainers have released an urgent security update. Earlier this month, the team patched a critical remote code execution flaw (

Hackers Compromise Microsoft Support Agent to Access Outlook Email Accounts

Hackers Compromise Microsoft Support Agent to Access Outlook Email Accounts
Apr 13, 2019
If you have an account with Microsoft Outlook email service, there is a possibility that your account information has been compromised by an unknown hacker or group of hackers, Microsoft confirmed The Hacker News. Earlier this year, hackers managed to breach Microsoft's customer support portal and access information related to some email accounts registered with the company's Outlook service. Yesterday, a user on Reddit publicly posted a screenshot of an email which he received from Microsoft warning that unknown attackers were able to access some information of his OutLook account between 1 January 2019 and 28 March 2019. Another user on Reddit also confirmed that he/she too received the same email from Microsoft. According to the incident notification email, as shown below, attackers were able to compromise credentials for one of Microsoft's customer support agents and used it to unauthorisedly access some information related to the affected accounts, but not

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu

Facebook Caught Asking Some Users Passwords for Their Email Accounts

Facebook Caught Asking Some Users Passwords for Their Email Accounts
Apr 03, 2019
Facebook has been caught practicing the worst ever user-verification mechanism that could put the security of its users at risk. Generally, social media or any other online service asks users to confirm a secret code or a unique URL sent to the email address they provided for the account registration. However, Facebook has been found asking some newly-registered users to provide the social network with the passwords to their email accounts, which according to security experts is a terrible idea that could threaten privacy and security of its users. First noticed by Twitter account e-Sushi using the handle @originalesushi, Facebook has been prompting users to hand over their passwords for third-party email services, so that the company can "automatically" verify their email addresses. However, the prompt only appears for email accounts from certain email providers which Facebook considers to be suspicious. "Tested it myself registering 3 times with 3 differe

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

Yahoo Hacker linked to Russian Intelligence Gets 5 Years in U.S. Prison

Yahoo Hacker linked to Russian Intelligence Gets 5 Years in U.S. Prison
May 30, 2018
A 23-year-old Canadian man, who pleaded guilty last year for his role in helping Russian government spies hack into email accounts of Yahoo users and other services, has been sentenced to five years in prison. Karim Baratov (a.k.a Karim Taloverov, a.k.a Karim Akehmet Tokbergenov), a Kazakhstan-born Canadian citizen, was also ordered on Tuesday by United States Judge Vince Chhabria to pay a fine of $250,000. Baratov had previously admitted his role in the 2014 Yahoo data breach that compromised about 500 million Yahoo user accounts. His role was to "hack webmail accounts of individuals of interest to the FSB," Russia's spy agency. In November, Baratov pleaded guilty to a total of nine counts, including one count of conspiring to violate the Computer Fraud and Abuse Act, and eight counts of aggravated identity theft. According to the US Justice Department, Baratov and his co-defendant hacker Alexsey Belan worked for two agents—Dmitry Dokuchaev and Igor Sushch

British Schoolboy Who Hacked CIA Director Gets 2-Year Prison Term

British Schoolboy Who Hacked CIA Director Gets 2-Year Prison Term
Apr 21, 2018
The British teenager who managed to hack into the online accounts of several high-profile US government employees sentenced to two years in prison on Friday. Kane Gamble , now 18, hacked into email accounts of former CIA director  John Brennan , former Director of National Intelligence James Clapper , former FBI Deputy Director Mark Giuliano , and other senior FBI officials—all from his parent's home in Leicestershire. Gamble, who went by the online alias Cracka, was just 15 at the time of carrying out those attacks and was the alleged founder of a hacking group calling themselves Crackas With Attitude (CWA). The notorious pro-Palestinian hacking group carried out a series of embarrassing attacks against U.S. intelligence officials and leaked personal details of 20,000 FBI agents , 9,000 officers from Department of Homeland Security, and some number of DoJ staffers in 2015. The teenager was arrested in February 2016 at his home in Coalville and pleaded guilty to 8 charg

Deloitte Hacked — Cyber Attack Exposes Clients' Emails

Deloitte Hacked — Cyber Attack Exposes Clients' Emails
Sep 25, 2017
Another day, another data breach. This time one of the world's "big four" accountancy firms has fallen victim to a sophisticated cyber attack. Global tax and auditing firm Deloitte has confirmed the company had suffered a cyber attack that resulted in the theft of confidential information, including the private emails and documents of some of its clients. Deloitte is one of the largest private accounting firms in the U.S. which offers tax, auditing, operations consulting, cybersecurity advisory, and merger and acquisition assistance services to large banks, government agencies and large Fortune 500 multinationals, among others. The global accountancy firm said Monday that its system had been accessed via an email platform from October last year through this past March and that "very few" of its clients had been affected, the Guardian reports . The firm discovered the cyber attack in March, but it believes the unknown attackers may have had access to i

UK Parliament Hit by Cyberattack, Up to 90 MPs' E-mail Accounts Hacked

UK Parliament Hit by Cyberattack, Up to 90 MPs' E-mail Accounts Hacked
Jun 26, 2017
A cyber attack has hit the email system of UK Houses of Parliament on Friday morning that breached at least 90 emails accounts protected by weak passwords belonging to MPs, lawmakers, and other parliamentary staff. Meanwhile, as a precaution, the Security service has temporarily shut down the remote access (outside the Westminster) to its network to protect email accounts. Liberal Democrat Chris Rennard has advised on Twitter that urgent messages should be sent by text message. "We have discovered unauthorized attempts to access accounts of parliamentary networks users and are investigating this ongoing incident, working closely with the National Cyber Security Centre," the spokesperson said . "Parliament has robust measures in place to protect all of our accounts and systems, and we are taking the necessary steps to protect and secure our network." The authorities found less than 1% of parliament's 9,000 email addresses had been compromised using the

Warning! Don't Click that Google Docs Link You Just Received in Your Email

Warning! Don't Click that Google Docs Link You Just Received in Your Email
May 03, 2017
Did someone just share a random Google Doc with you? First of all — Do not click on that Google Doc link you might have just received in your email and delete it immediately — even if it's from someone you know. I, my colleagues at The Hacker News, and even people all around the Internet, especially journalists, are receiving a very convincing OAuth phishing email, which says that the person [sender] " has shared a document on Google Docs with you. " Once you clicked the link, you will be redirected to a page which says, " Google Docs would like to read, send and delete emails, as well access to your contacts, " asking your permission to "allow" access. If you allow the access, the hackers would immediately get permission to manage your Gmail account with access to all your emails and contacts, without requiring your Gmail password. Beware! New GoogleDocs Phishing Email Scam Spreading Across the World — Here's Everything You Need to K

Yahoo! Hack! How It Took Just One-Click to Execute Biggest Data Breach in History

Yahoo! Hack! How It Took Just One-Click to Execute Biggest Data Breach in History
Mar 16, 2017
In the digital world, it just takes one click to get the keys to the kingdom. Do you know spear-phishing was the only secret weapon behind the biggest data breach in the history? It's true, as one of the Yahoo employees fell victim to a simple phishing attack and clicked one wrong link that let the hackers gain a foothold in the company's internal networks. You may be familiar with phishing attacks — an attempt to steal user credentials or financial data — while, Spear-phishing is a targeted form of phishing in which attackers trick employees or vendors into providing remote-access credentials or opening a malicious attachment containing an exploit or payload. Here's how the Yahoo's massive data breach was traced back to human error and who were the alleged masterminds behind this hack. On Wednesday, the US government charged two Russian spies (Dmitry Dokuchaev and Igor Sushchin) and two criminal hackers (Alexsey Belan and Karim Baratov) in connection with the 20

Hacker Selling Over 1 Million Decrypted Gmail and Yahoo Passwords On Dark Web

Hacker Selling Over 1 Million Decrypted Gmail and Yahoo Passwords On Dark Web
Mar 06, 2017
Hardly a day goes without headlines about any significant data breach. In past year, billions of accounts from popular sites and services, including LinkedIn , Tumblr , MySpace , Last.FM , Yahoo! , VK.com were exposed on the Internet. Now, according to the recent news, login credentials and other personal data linked to more than one Million Yahoo and Gmail accounts are reportedly being offered for sale on the dark web marketplace. The online accounts listed for sale on the Dark Web allegedly contain usernames, emails, and plaintext passwords. The accounts are not from a single data breach; instead, several major cyber-attacks believed to have been behind it. The hacker going by the online handle 'SunTzu583' has listed a number of cracked email packages on a series of dark websites, HackRead reported. Here's the Full List of Accounts and their Prices: 100,000 Yahoo accounts acquired from 2012 Last.FM data breach , for 0.0084 Bitcoins ($10.76). Another 1

Yahoo Reveals 32 Million Accounts Were Hacked Using 'Cookie Forging Attack'

Yahoo Reveals 32 Million Accounts Were Hacked Using 'Cookie Forging Attack'
Mar 02, 2017
Yahoo has just revealed that around 32 million user accounts were accessed by hackers in the last two years using a sophisticated cookie forging attack without any password. These compromised accounts are in addition to the Yahoo accounts affected by the two massive data breaches that the company disclosed in last few months. The former tech giant said that in a regulatory filing Wednesday that the cookie caper is likely linked to the "same state-sponsored actor" thought to be behind a separate, 2014 data breach that resulted in the theft of 500 Million user accounts . "Based on the investigation, we believe an unauthorized third party accessed the company's proprietary code to learn how to forge certain cookies," Yahoo said in its annual report filed with the US Securities and Exchange Commission (SEC). "The outside forensic experts have identified approximately 32 million user accounts for which they believe forged cookies were used or taken

Yahoo Flaw Allowed Hackers to Read Anyone's Emails

Yahoo Flaw Allowed Hackers to Read Anyone's Emails
Dec 08, 2016
Yahoo has patched a critical security vulnerability in its Mail service that could have allowed an attacker to spy on any Yahoo user's inbox. Jouko Pynnönen, a Finnish Security researcher from security firm Klikki Oy, reported a DOM based persistent XSS (Cross-Site Scripting) in Yahoo mail, which if exploited, allows an attacker to send emails embedded with malicious code. In his blog post published today, the researcher demonstrated how a malicious attacker could have sent the victim's inbox to an external site, and created a virus that attached itself to all outgoing emails by secretly adding a malicious script to message signatures. Since the malicious code is in the message's body, the code will get executed as soon as the victim opens the boobytrapped email and its hidden payload script will covertly submit victim's inbox content to an external website controlled by the attacker. This issue is because Yahoo Mail failed to properly filter potentially malici

Donald Trump's Email Servers are Horribly Insecure — Researcher Reveals

Donald Trump's Email Servers are Horribly Insecure — Researcher Reveals
Oct 18, 2016
When Hillary Clinton's private email server was hacked earlier this year, she was criticized for her bad security practices that exposed top secret documents stored in emails on that private server. The FBI called her behavior 'extremely careless.' Republican presidential candidate Donald Trump and his supporters are continuously criticizing Clinton's use of a private email server. And here's what Trump lectured in a debate about cybersecurity: "The security aspect of cyber is very, very tough. And maybe it's hardly doable. But I will say, we are not doing the job we should be doing. But that's true throughout our whole governmental society. We have so many things that we have to do better, Lester, and certainly, cyber is one of them." Forget Clinton; Trump has so worryingly insecure internet setup that anyone with little knowledge of computers can expose almost everything about Trump and his campaign. Security researcher Kevin Beaumont,

Yahoo Email Spying Scandal — Here's Everything that has Happened So Far

Yahoo Email Spying Scandal — Here's Everything that has Happened So Far
Oct 08, 2016
Today Yahoo! is all over the Internet, but in a way the company would never have expected. It all started days ago when Reuters cited some anonymous sources and reported that Yahoo built a secret software to scan the emails of hundreds of millions of its users at the request of a U.S. intelligence service. At this point, we were not much clear about the intelligence agency: the National Security Agency or the FBI? The news outlet then reported that the company installed the software at the behest of Foreign Intelligence Surveillance Act (FISA) court order. Following the report, the New York Times reported that Yahoo used its system developed to scan for child p*rnography and spam to search for emails containing an undisclosed digital "signature" of a certain method of communication employed by a state-sponsored terrorist organization. Although Yahoo denied the reports, saying they are "misleading," a series of anonymous sources, therefore, unaccounta

Yahoo Built a Secret Tool to Scan Your Email Content for US Spy Agency

Yahoo Built a Secret Tool to Scan Your Email Content for US Spy Agency
Oct 04, 2016
Users are still dealing with the Yahoo's massive data breach that exposed over 1 Billion Yahoo accounts and there's another shocking news about the company that, I bet, will blow your mind. Yahoo might have provided your personal data to United States intelligence agency when required. Yahoo reportedly built a custom software programmed to secretly scan all of its users' emails for specific information provided by US intelligence officials, according to a report by Reuters . The tool was built in 2015 after company complied with a secret court order to scan hundreds of millions of Yahoo Mail account at the behest of either the NSA or the FBI, according to the report that cites three separate sources who are familiar with the matter. According to some experts, this is the first time when an American Internet company has agreed to such an extensive demand by a spy agency's demand by searching all incoming emails, examining stored emails or scanning a small number

Uh oh, Yahoo! Data Breach May Have Hit Over 1 Billion Users

Uh oh, Yahoo! Data Breach May Have Hit Over 1 Billion Users
Oct 01, 2016
The massive data breach that Yahoo! confirmed to the world last week is claimed by the company to have been carried out by a "state-sponsored actor" in 2014, which exposed the accounts of at least 500 Million Yahoo users . But, now it seems that Yahoo has downplayed a mega data breach and trying to hide it's own security blunder. Recently the information security firm InfoArmor that analyzed the data breach refuted the Yahoo's claim, stating that the data breach was the work of seasoned cyber criminals who later sold the compromised Yahoo accounts to an Eastern European nation-state. Over 1 Billion Accounts May Have Been Hacked Now, there's one more twist in the unprecedented data heist. A recent advancement in the report indicates that the number of affected Yahoo accounts may be between 1 Billion and 3 Billion. An unnamed, former Yahoo executive who is familiar with the company's security says that the Yahoo's back-end system's arch

Yahoo Confirms 500 Million Accounts Were Hacked by 'State Sponsored' Hackers

Yahoo Confirms 500 Million Accounts Were Hacked by 'State Sponsored' Hackers
Sep 23, 2016
500 million accounts — that's half a Billion users! That's how many Yahoo accounts were compromised in a massive data breach dating back to 2014 by what was believed to be a "state sponsored" hacking group. Over a month ago, a hacker was found to be selling login information related to 200 million Yahoo accounts on the Dark Web , although Yahoo acknowledged that the breach was much worse than initially expected. "A recent investigation by Yahoo! Inc. has confirmed that a copy of certain user account information was stolen from the company's network in late 2014 by what it believes is a state-sponsored actor," reads the statement . Yahoo is investigating the breach with law enforcement agency and currently believes that users' names, email addresses, dates of birth, phone numbers, passwords, and in some cases, encrypted and unencrypted security questions-answers were stolen from millions of Yahoo users. However, the company does not believe

Hillary Clinton's Presidential Campaign also Hacked in Attack on Democratic Party

Hillary Clinton's Presidential Campaign also Hacked in Attack on Democratic Party
Jul 30, 2016
There's a lot more to come from the DNC Hack. The Associated Press confirmed yesterday that the computer systems used by Hillary Clinton's presidential campaign were hacked as part of the recent Democratic National Convention (DNC) hack. Last week's email dump containing almost 20,000 emails from top DNC officials was just the beginning, which led DNC Chairwoman Debbie Wasserman Schultz to resign as the group's leader, as WikiLeaks announced that it was part one of its new Hillary Leaks series. This suggests WikiLeaks Founder Julian Assange has had his hands on more data from the DNC hack that, according to him, could eventually result in the arrest of Hillary Clinton. Assange — Wikileaks' Next Leak will lead to Arrest of Hillary Clinton In an interview with Robert Preston of ITV last month, Assange made it clear that he hopes to harm Hillary Clinton's chances from becoming president of the United States, opposing her candidacy on both policies as well

Hillary Leaks Series: Wikileaks releases 20,000 DNC Emails

Hillary Leaks Series: Wikileaks releases 20,000 DNC Emails
Jul 22, 2016
Today, whistleblowing website Wikileaks has finally published more than 19,000 e-mails, which contains more than 8,000 attachments from the US Democratic National Committee (DNC) . The new trove of documents apparently pilfered from the DMC released after Wikileaks yesterday announced via its official Twitter account that a "series" about Hillary Clinton is coming soon. The published documents are part one of Wikileaks' new Hillary Leaks series, Wikileaks said in a press release. The emails released by Wikileaks were handed over to the whistleblower organization by the DNC hacker using handle " Guccifer 2.0 ," who hacked DNC's computer systems in a such a way that the hacker was able to read all email and chat traffic. The leaked 19,252 emails cover a period from January 2015 to May 2016 and allegedly come from the accounts of seven key figures in the DNC: Communications Director Luis Miranda — 10770 emails. National Finance Director Jordon Kapl
Cybersecurity Resources