#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

email hacking software | Breaking Cybersecurity News | The Hacker News

Category — email hacking software
Critical OpenSMTPD Bug Opens Linux and OpenBSD Mail Servers to Hackers

Critical OpenSMTPD Bug Opens Linux and OpenBSD Mail Servers to Hackers

Jan 30, 2020
Cybersecurity researchers have discovered a new critical vulnerability ( CVE-2020-7247 ) in the OpenSMTPD email server that could allow remote attackers to take complete control over BSD and many Linux based servers. OpenSMTPD is an open-source implementation of the server-side SMTP protocol that was initially developed as part of the OpenBSD project but now comes pre-installed on many UNIX-based systems. According to Qualys Research Labs, who discovered this vulnerability, the issue resides in the OpenSMTPD's sender address validation function, called smtp_mailaddr(), which can be exploited to execute arbitrary shell commands with elevated root privileges on a vulnerable server just by sending specially crafted SMTP messages to it. The flaw affects OpenBSD version 6.6 and works against the default configuration for both, the locally enabled interface as well as remotely if the daemon has been enabled to listen on all interfaces and accepts external mail. "Exploit...
PoC Released for Outlook Flaw that Microsoft Patched 6 Month After Discovery

PoC Released for Outlook Flaw that Microsoft Patched 6 Month After Discovery

Jun 22, 2019
As we reported two days ago, Microsoft this week released an updated version of its Outlook app for Android that patches a severe remote code execution vulnerability ( CVE-2019-1105 ) that impacted over 100 million users. However, at that time, very few details of the flaw were available in the advisory, which just revealed that the earlier versions of the email app contained a cross-site scripting (XSS) flaw that could allow attackers to run scripts in the context of the current user just by sending a specially crafted email to the victims. Now, Bryan Appleby from F5 Networks, one of the security researchers who reported this issue independently to Microsoft, released more details and proof-of-concept for the Outlook vulnerability that he reported to the tech giant almost six months ago. In a blog post published Friday, Appleby revealed that while exchanging some JavaScript code with his friends over an email, he accidentally discovered a cross-site scripting (XSS) issue th...
Want to Grow Vulnerability Management into Exposure Management? Start Here!

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Dec 05, 2024Attack Surface / Exposure Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...
21-Year-Old Woman Charged With Hacking Selena Gomez's Email Account

21-Year-Old Woman Charged With Hacking Selena Gomez's Email Account

Jul 17, 2018
A 21-year-old New Jersey woman has been charged with hacking into the email accounts of pop star and actress Selena Gomez, stealing her personal photos, and then leaked them to the Internet. Susan Atrach of Ridgefield Park was charged Thursday with 11 felony counts—five counts of identity theft, five counts of accessing and using computer data to commit fraud or illegally obtain money, property or data, and one count of accessing computer data without permission. According to the prosecutors, Atrach allegedly hacked into email accounts belonging to Gomez and one of her associates several times between June 2015 and February 2016, the Los Angeles County District Attorney's office said in a press release . She then obtained images and other media stored there and shared them with her friends and posted them online. Gomez, who has more than 138 million followers on Instagram, was the victim of a hacking attack in August 2017, when photographs of her ex-boyfriend Justin Bieb...
cyber security

Breaking Barriers: Strategies to Unite AppSec and R&D for Success

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
Simple Exploit Allows Attackers to Modify Email Content — Even After It's Sent!

Simple Exploit Allows Attackers to Modify Email Content — Even After It's Sent!

Aug 23, 2017
Security researchers are warning of a new, easy-to-exploit email trick that could allow an attacker to turn a seemingly benign email into a malicious one after it has already been delivered to your email inbox. Dubbed Ropemaker (stands for Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky), the trick was uncovered by Francisco Ribeiro, the researcher at email and cloud security firm Mimecast. A successful exploitation of the Ropemaker attack could allow an attacker to remotely modify the content of an email sent by the attacker itself, for example swapping a URL with the malicious one. This can be done even after the email has already been delivered to the recipient and made it through all the necessary spam and security filters, without requiring direct access to the recipient's computer or email application, exposing hundreds of millions of desktop email client users to malicious attacks. Ropemaker abuses Cascading Style Sheets (CSS) and Hyp...
UK Parliament Hit by Cyberattack, Up to 90 MPs' E-mail Accounts Hacked

UK Parliament Hit by Cyberattack, Up to 90 MPs' E-mail Accounts Hacked

Jun 26, 2017
A cyber attack has hit the email system of UK Houses of Parliament on Friday morning that breached at least 90 emails accounts protected by weak passwords belonging to MPs, lawmakers, and other parliamentary staff. Meanwhile, as a precaution, the Security service has temporarily shut down the remote access (outside the Westminster) to its network to protect email accounts. Liberal Democrat Chris Rennard has advised on Twitter that urgent messages should be sent by text message. "We have discovered unauthorized attempts to access accounts of parliamentary networks users and are investigating this ongoing incident, working closely with the National Cyber Security Centre," the spokesperson said . "Parliament has robust measures in place to protect all of our accounts and systems, and we are taking the necessary steps to protect and secure our network." The authorities found less than 1% of parliament's 9,000 email addresses had been compromised using the ...
Donald Trump's Email Servers are Horribly Insecure — Researcher Reveals

Donald Trump's Email Servers are Horribly Insecure — Researcher Reveals

Oct 18, 2016
When Hillary Clinton's private email server was hacked earlier this year, she was criticized for her bad security practices that exposed top secret documents stored in emails on that private server. The FBI called her behavior 'extremely careless.' Republican presidential candidate Donald Trump and his supporters are continuously criticizing Clinton's use of a private email server. And here's what Trump lectured in a debate about cybersecurity: "The security aspect of cyber is very, very tough. And maybe it's hardly doable. But I will say, we are not doing the job we should be doing. But that's true throughout our whole governmental society. We have so many things that we have to do better, Lester, and certainly, cyber is one of them." Forget Clinton; Trump has so worryingly insecure internet setup that anyone with little knowledge of computers can expose almost everything about Trump and his campaign. Security researcher Kevin Beaumont,...
Verizon wants $1 Billion Discount on Yahoo Acquisition Deal after Recent Scandals

Verizon wants $1 Billion Discount on Yahoo Acquisition Deal after Recent Scandals

Oct 07, 2016
It seems like it is not all over for Yahoo yet. Another day, another bad news for Yahoo! Verizon, which has agreed to purchase  Yahoo for $4.8 Billion , is now asking for a $1 Billion discount, according to recent reports. The request comes after Verizon Communications learned about the recent disclosures about hacking  and spying in past few weeks. Just two weeks ago, Yahoo revealed that at least a half Billion Yahoo accounts were stolen in 2014 hack, marking it as the biggest data breach in history. And if this wasn't enough, the company faced allegations earlier this week that it built a secret tool to scan all of its users' emails last year at the behest of a United States intelligence agency. Due to these incidents, AOL CEO Tim Armstrong, who runs the Verizon subsidiary, is "pretty upset" about Yahoo's lack of disclosure, and is even seeking to pull out of the deal completely or cut the price, the New York Post claimed, citing multiple sources. ...
Uh oh, Yahoo! Data Breach May Have Hit Over 1 Billion Users

Uh oh, Yahoo! Data Breach May Have Hit Over 1 Billion Users

Oct 01, 2016
The massive data breach that Yahoo! confirmed to the world last week is claimed by the company to have been carried out by a "state-sponsored actor" in 2014, which exposed the accounts of at least 500 Million Yahoo users . But, now it seems that Yahoo has downplayed a mega data breach and trying to hide it's own security blunder. Recently the information security firm InfoArmor that analyzed the data breach refuted the Yahoo's claim, stating that the data breach was the work of seasoned cyber criminals who later sold the compromised Yahoo accounts to an Eastern European nation-state. Over 1 Billion Accounts May Have Been Hacked Now, there's one more twist in the unprecedented data heist. A recent advancement in the report indicates that the number of affected Yahoo accounts may be between 1 Billion and 3 Billion. An unnamed, former Yahoo executive who is familiar with the company's security says that the Yahoo's back-end system's arch...
Expert Insights / Articles Videos
Cybersecurity Resources