account hacking | Breaking Cybersecurity News | The Hacker News

Social networking sites are unfortunately now major interest to malicious cyber criminals, spreading malware and building botnet army to steal money direct from your keyboards. Janne Ahlberg, a security professional from Finland found and analysed an interesting piece of malicious code, offered as browser plugin, and infecting system to steal passwords from user's browser and also modifies the original Pinterest Pins links to spam with malicious links automatically. A diet spam on Pinterest redirecting users to a malicious site with domain name  pinteresf.org , plausible-looking domain name, like original Pinterest with similar appearance. On page load, it triggers a pop up message to all incoming visitors, offering to download " Pinterest Tool " as shown in screenshots " To continue, install our Pinterest Tool and enjoy more features of our site. " Janne's investigation claims that, this fake site offering a fake malware loaded browser plugin, harvesting passwords from us

Can you ever imagine that a single text message is enough to hack any Facebook account without user interaction or without using any other malicious stuff like Trojans, phishing , keylogger etc. ? Today we are going to explain you that how a UK based Security Researcher, " fin1te " is able to hack any Facebook account within a minute by doing one SMS. Because 90% of us are Facebook user too, so we know that there is an option of linking your mobile number with your account, which allows you to receive Facebook account updates via SMS directly to your mobile and also you can login into your account using that linked number rather than your email address or username. According to hacker , the loophole was in phone number linking process, or in technical terms, at file  /ajax/settings/mobile/confirm_phone.php This particular webpage works in background when user submit his phone number and verification code, sent by Facebook to mobile. That submission form h

Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit edge-case vulnerabilities. Instead, they often use commonly available tools and exploit multiple vulnerability points. By simulating a real-world network attack, security teams can test their detection systems, ensure they have multiple choke points in place, and demonstrate the value of networking security to leadership. In this article, we demonstrate a real-life attack that could easily occur in many systems. The attack simulation was developed based on the MITRE ATT&CK framework, Atomic Red Team,  Cato Networks ' experience in the field, and public threat intel. In the end, we explain why a holistic secur

There are many unpatched loopholes or flaws in Facebook website, that allow hackers to inject external links or images to a wall, hijacking any facebook account or bypassing your social privacy . Today we are going to report about another unfixed facebook app vulnerability that allow a hacker to spoof the content of any Facebook app  easily. Nir Goldshlager from Break Security today exposed another major flaw that allows hacker to wall post spoofed messages from trusted applications like Saavn, Candy Crush, Spotify, Pinterest, or really any other application on Facebook. In 2012 Facebook's method of publishing called stream.publish and the  Stream Publish Dialog looks like the following:  https://www.facebook.com/dialog/stream.publish?app_id=xxxx&redirect_uri=https://www.facebook.com/&action_links=&attachment=%7B%27media%27:%20[%7B%27type%27:%20%27flash%27,%27swfsrc%27:%27https://files.nirgoldshlager.com/goldshlager2.swf%27,%27imgsrc%27:%27https://w

The Associated Press Twitter account has been hacked,and posted a bogus post about explosions at the White House and Barack Obama is injured. Within a few minutes, Twitter suspended the account, and Julie Pace, the chief White House correspondent for The A.P., announced at a White House briefing that the account had been hacked. " The president is fine ," spokesman Jay Carney said. " I was just with him. " AP said later: " The @AP twitter account has been hacked. The tweet about an attack at the White House is false. " The Syrian Electronic Army claimed responsibility, tweeting out: " Ops! @AP get owned by Syrian Electronic Army! #SEA #Syria #ByeByeObama. " Last year, it took over Twitter and Facebook accounts of the Al Arabiya news channel to spread fake news of a coup and explosion in Qatar, which sides with the Syrian rebels. Shortly after the account was suspended, Mike Baker, a reporter for the news organization, posted a messa