#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Skype account hijack | Breaking Cybersecurity News | The Hacker News

5-year-old Skype Backdoor Discovered — Mac OS X Users Urged to Update

5-year-old Skype Backdoor Discovered — Mac OS X Users Urged to Update
Dec 14, 2016
Those innocent-looking apps in your smartphone can secretly spy on your communications or could allow hackers to do so. Hard to believe, but it's true. Recently, Trustwave's SpiderLabs analysts discovered a hidden backdoor in Skype for Apple's macOS and Mac OS X operating systems that could be used to spy on users' communications without their knowledge. The backdoor actually resides in the desktop Application Programming Interface (API) that allows third-party plugins and apps to communicate with Microsoft-owned Skype — the popular video chat and messaging service. Appeared to have been around since at least 2010, the backdoor could allow any malicious third-party app to bypass authentication procedure and provide nearly complete access to Skype on Mac OS X. How an Attacker can Take Complete Control of Your Skype The malicious app could bypass authentication process if they "identified themselves as the program responsible for interfacing with th

Security hole allows anyone to hijack your Skype account

Security hole allows anyone to hijack your Skype account
Nov 14, 2012
It looks like Skype has another big hole in their security. According to reports, a security hole makes Skype accounts vulnerable to hijacking. The security hole allows unauthorized users with knowledge of your Skype-connected email address to change the password on your Skype account, thus gaining control of it. The hijack is triggered by signing up for a new Skype account using the email address of another registered user. No access to the victim's inbox is required one just simply needs to know the address. Creating an account this way generates a warning that the email address is already associated with another user, but crucially the voice-chat website does not prevent the opening of the new account. Then hacker just have to ask for a password reset token , which Skype app will send automatically to your email, this allows a third party to redeem it and claim ownership of your original username and thus account. The issue was reportedly documented on Russian forums

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl
Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Cybersecurity Resources