The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: account Hijack

Worst Day for eBAY, Multiple Flaws leave Millions of Users vulnerable to Hackers

Worst Day for eBAY, Multiple Flaws leave Millions of Users vulnerable to Hackers

May 23, 2014Mohit Kumar
It's not been more than 36 hours since eBay revealed it was hacked and we just come to know about three more critical vulnerabilities in eBay website that could allow an attacker to compromise users' account once again, even if you have already reset your account password after the last announcement. Yesterday eBay admitted to the massive data breach that affected 145 million registered users worldwide after its database was compromised. eBay urged its 145 million users to change their passwords after the cyber attack, but are passwords enough? eBay Data breach happened mainly because of their vulnerable infrastructure, not weak passwords. I think eBay's morning just going to be bad to worse as today, three Security researchers came forward with three more different types of critical flaws in eBay website that leave its 145 million users vulnerable to hackers. HACKER UPLOADED SHELL ON eBAY SERVER (UNPATCHED) A critical security flaw in the eBay website for i
Snapchat user accounts vulnerable to Brute-Force Attack

Snapchat user accounts vulnerable to Brute-Force Attack

February 11, 2014Wang Wei
Snapchat , a Smartphone application that lets users share snapshots with friends is catching fire among teenagers. It was first hacked in December when 4.6 million Snapchat users were exposed in a database breach. Later, the denial-of-service attack and CAPTCHA Security bypass were discovered by other researchers within last two-three weeks. Snapchat has no Vulnerability Reward Program, but still many penetration testers are working hard and free of cost to make the application more secure by disclosing flaws. Interestingly, this is not the end of vulnerabilities, Mohamed Ramadan , a security researcher with Attack-Secure from Egypt, has spotted a new vulnerability on Snapchat that allow an attacker to brute-force login credentials of the users. Brute-force is a process of trying multiple passwords against a username until you get a correct password. " This vulnerability allows anyone who knows your SnapChat email to brute force your account’s password without any
Google Chrome added pop-up warning to prevent users from Browser hijacking

Google Chrome added pop-up warning to prevent users from Browser hijacking

February 04, 2014Anonymous
GOOGLE, one of the most trusted brands continuously trying to keep its products more robust and secure for keeping its users safe. Google honors vulnerability hunters under its Bug bounty program and not only that, the company also offer a huge amount of reward to hackers in ' Pwnium ' hacking competition for finding critical vulnerability. Google Chrome , Browser from Google product family, has been added with a new feature that it will warn the user whenever browser’s setting get altered by any malware . Browser hijacking is the modification of browser's settings, and the term " hijacking " is used when the changes performed without the user's permission. A browser hijacker may replace the existing home page, error page, or search page with its own. These are generally used to force hits to a particular website, increasing its advertising revenue i.e. Click jacking and Adware . A hijacker uses malicious software to change your internet s
iOS apps vulnerable to HTTP Request Hijacking attacks over WiFi

iOS apps vulnerable to HTTP Request Hijacking attacks over WiFi

October 30, 2013Anonymous
Security researchers Adi Sharabani and Yair Amit  have disclosed details about a widespread vulnerability in iOS apps , that could allow hackers to force the apps to send and receive data from the hackers' own servers rather than the legitimate ones they were coded to connect to. Speaking about the issue at RSA Conference Europe 2013 in Amsterdam, researchers have provided details  on this  vulnerability , which stems from a commonly used approach to URL caching. Demonstration shows that insecure public networks can also provide stealth access to our iOS apps to potential attackers using HTTP request hijacking methods. The researchers put together a short video demonstrating, in which they use what is called a 301 directive to redirect the traffic flow from an app to an app maker’s server to the attacker’s server. There are two limitations also, that the attacker needs to be physically near the victim for the initial poisoning to perform this attack and t
iPhone Fingerprint scanner hack allows attacker to hijack Apple ID using Flight Mode

iPhone Fingerprint scanner hack allows attacker to hijack Apple ID using Flight Mode

October 06, 2013Wang Wei
A German security firm SRL claims a vulnerability in Touch ID Fingerprint Scanner and iCloud allows a hacker to access a locked device and potentially gain control over an owner’s Apple ID. SRL points out that Airplane mode can be enabled on a stolen phone from the lockscreen , which turns off wireless connectivity and so defeats the remote wipe facility . This can be accessed without requiring a passcode, could be a major vulnerability when it comes to physically stolen devices. In a video demonstration, they point out that while Apple lets users locate and remotely wipe a device using the Find My iPhone app. Since Find My iPhone can only perform a wipe if a device is connected to the Internet, but because airplane mode will disable Internet Connectivity, that may give a thief enough time to get fingerprints off of the device and eventually log in. An attacker can create a fake fingerprint on a laminated sheet and later attached to one of their fingers, as already explained
Another day, Another verified Twitter Account Hacked

Another day, Another verified Twitter Account Hacked

May 14, 2013Mohit Kumar
Another day, Another verified twitter account with over 900,000 followers hacked by 'Colin'. Hacker hacked into a Sky News Twitter account earlier today, and left a semi-permanent mark on the internet's consciousness. The mysterious Colin soon began to trend on Twitter as #ColinWasHere hashtag. However, the tweet which simply said " Colin was here " - has now been deleted, with Sky blaming the tweet on a hack. The post was retweeted more than 7,500 times before it was removed half an hour later. The Syrian Electronic Army in the recent past has been accused of hacking social media feeds of a number of well known Twitter handles, such as AP , The Guardian and even for some bizarre reason, the satire news agency ‘ The Onion ’ UPDATE:  The Sky News press office has informed that Colin was, in fact, " a ‘disaster recovery’ test message which accidently went live " and that "no Colin was harmed in the making of this message".
'The Onion' Twitter Account Hacked via Phishing Attack

'The Onion' Twitter Account Hacked via Phishing Attack

May 12, 2013Mohit Kumar
The hacktivist group Syrian Electronic Army (SEA) briefly took over the Twitter account of the satirical news publication The Onion, posting a series of anti-Israeli joke stories and an anti-Obama meme image. In a post on The Onion tech team's GitHub blog , the fake news site explains that the Syrian Electronic Army didn't wrestle control of its Twitter account using some advanced hacker scheme. The hack attack penetrated the publication with at least three methods of phishing attacks, where a false e-mail redirected people to a fake Website which then asked for Google Apps credentials. Previously the Syrian Electronic Army (SEA) has shanghaied its way into the official Twitter feeds of AP and the Guardian, using the former to post a tweet falsely claiming that there had been an explosion at the white House. Exposing details about an attack is not the normal approach companies take after they are hacked. The New York Times revealed earlier this year how Chinese hackers breac
Facebook Camera App Vulnerable to Man in The Middle Attack

Facebook Camera App Vulnerable to Man in The Middle Attack

December 26, 2012Mohit Kumar
Egypt-based security researcher reported that Facebook Camera App for mobiles are Vulnerable to Man in The Middle Attack , that allow an attacker to tap the network and hijack Camera users accounts and information like email addresses and passwords can be stolen . Mohamed Ramadan trainer with Attack-Secure, who previously reported us about similar vulnerability in Etsy app for iPhone Mohamed explains " The problem is that the app accepts any SSL certification from any source, even evil SSL certifications, and this enables any attacker to perform man in the middle attacks against anyone who uses the Facebook Camera app for IPhone. This means that the application doesn’t warn the user if someone in the same (Wi-Fi network) is trying to hijack his or her Facebook account. " Facebook suggest users to upgrade the Camera application To Version 1.1.2. A statement released by the company says “ We applaud the security researcher who brought this bug to our attenti
Exclusive : Hacking Hotmail and Outlook accounts using Cookie reuse vulnerability

Exclusive : Hacking Hotmail and Outlook accounts using Cookie reuse vulnerability

December 14, 2012Mohit Kumar
This Friday I was working with my co-security researcher " Christy Philip Mathew " in +The Hacker News  Lab for testing the Cookie Handling Vulnerabilities in the most famous email services i.e Hotmail and Outlook. Well, both are merged now and part of the same parent company - Microsoft, the software giant.  Vulnerability allows an attacker to Hijack accounts in a very simple way, by just exporting & importing cookies of an user account from one system to attacker's system, and our results shows that even after logout by victim, the attacker is still able to reuse cookies at his end. There are different way of stealing cookies, that we will discuss below. In May 2012, another Indian security researcher Rishi Narang claimed similar vulnerability in Linkedin website. Vulnerability Details Many websites including Microsoft services uses cookies to store the session information in the user's web browser. Cookies are responsible for maintainin
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.