#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

email hacking | Breaking Cybersecurity News | The Hacker News

Apple iOS 7 Updates Silently Remove Encryption for Email Attachments

Apple iOS 7 Updates Silently Remove Encryption for Email Attachments

May 01, 2014
There is no question that Mobile devices have become a staple in everyday living around the world. But have you ever asked yourself, How Secure are the Android, iPhone or any other Smart devices? It is really important for us to think about the Security and Privacy of our Data stored in Smartphones. In June 2010, Apple introduced ' Data protection ' feature in iOS 4.0 devices that offer hardware encryption for  all the data stored on the devices. " Data protection enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode. This provides an additional layer of protection for your email messages attachments , and third-party applications ." Apple claimed  in an old announcement. But unexpectedly, In last few updates Apple has silently removed the email attachment encryption from  data protection mechanisms. Noticed by Security Researcher -  Andreas Kurtz , claims that  since at least version 7.0.4 and including the current
Worst Data Breach in German History, 18 Million Email Passwords Compromised

Worst Data Breach in German History, 18 Million Email Passwords Compromised

Apr 05, 2014
Germany has confirmed its biggest Data theft in the country's history with usernames and passwords of some 18 million email accounts stolen and compromised by hackers. The Story broke by the German press, Der Spiegel on Thursday, when German Authorities revealed another mass hacking of private data belonged to German citizens and major Internet companies both in Germany and abroad. 16 MILLION AND NOW 18 MILLION Authorities in the northwestern city of Verden unearthed a treasure of personal information, a list of about 18 million stolen email addresses and passwords, and seized it just after only two months from the previous major data breach, when researchers came across 16 million compromised email accounts of German users while conducting research on a botnet, a network of computers infected with malware.  The accounts were compromised by hackers in the mid of January, and Der Spiegel suggests that the same group of hackers is responsible for both thefts and t
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
LinkedIn Hack Tool Exposes Users' Emails without Exploiting Any Vulnerability

LinkedIn Hack Tool Exposes Users' Emails without Exploiting Any Vulnerability

Apr 03, 2014
A Free Chrome, Firefox and Safari web browser plugin floating around the web, called ' Sell Hack ' allows users to view the hidden email address of any LinkedIn user, means anyone can grab email addresses that we use for professional purposes. When installed, the ' Sell Hack ' plugin will pop up a ' Hack In ' button on LinkedIn profiles and further automatically mines email addresses of LinkedIn users. NOT A SECURITY BREACH It's not a Security breach, LinkedIn has confirmed that no LinkedIn data has been compromised, but rather this free extension rely on an algorithm that checks publicly available data in order to guess users' email addresses. So without exploiting any loophole or vulnerability, Sell Hack is capable of predicting users' email addresses with OSINT (Open-Source Intelligence) techniques i.e. information collected from publicly available sources. It is also possible that, the Sell Hack extension is gathering data from
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
Microsoft Admits Spying on Hotmail Account to track Source of Windows 8 leak

Microsoft Admits Spying on Hotmail Account to track Source of Windows 8 leak

Mar 22, 2014
Earlier this week, Microsoft admitted that they have accessed a French Blogger's private Hotmail account to identify a former Microsoft employee who had leaked the company's trade secrets in 2012. Microsoft defined this private investigation as part of " Protecting our customers and the security and integrity of our products ", mentioned in the Microsoft's terms of service, which says that the action was within the boundaries of the Electronic Communications Privacy Act. U.S. Authorities arrest Alex Kibkalo , ex-Microsoft employee. The indictment states , Kibkalo " uploaded proprietary software and pre-release software updates for Windows 8 RT as well as the Microsoft Activation Server Software Development Kit (SDK) to his personal SkyDrive account in August 2012. " Kibkalo not only leaked the secret screenshots of Windows 8 , but also provided the information about ' activation of Windows ' that helped the crackers to create a keygen for
Twitter enables StartTLS for Secure Emails to prevent Snooping

Twitter enables StartTLS for Secure Emails to prevent Snooping

Mar 14, 2014
TWITTER is taking users' privacy and security very seriously and in an effort to prevent Government snooping, the company has secured your Twitter emails with with TLS (Transport Layer Security). Twitter emails were previously using a plain text communication protocol, that now has been upgraded to an encrypted (TLS or SSL) connection using STARTTLS . In a blog post, Twitter announced : " Since mid-January, we have been protecting your emails from Twitter using TLS in the form of StartTLS. StartTLS encrypts emails as they transit between sender and receiver and is designed to prevent snooping. It also ensures that emails you receive from Twitter haven't been read by other parties on the way to your inbox if your email provider supports TLS. " " These email security protocols are part of our commitment to continuous improvement in privacy protections and complement improvements like our securing of web traffic with forward secrecy and always-on HTT
360 Million Stolen Credential FOR SALE on Underground Black Market

360 Million Stolen Credential FOR SALE on Underground Black Market

Feb 27, 2014
Your Financial Credentials are on SALE on the Underground Black Market without your Knowledge… sounds like a nightmare, but it's TRUE. Cyber security firm, Hold Security, said it has traced over 360 million stolen account credentials that are available for Sale on Hacker's black market websites over past three weeks. The credentials include usernames, email addresses, and passwords that are in unencrypted in most cases, according to the report released on Tuesday. It is not known till now from where these credentials exactly were stolen, but the security researchers estimated that these credentials are a result of multiple breaches. Since the banking credentials are one of the most ' valuable bounties ' for the cyber criminals, and the ways to steal these credentials can be directly from the companies and from the services in which users entrust data as well. According to Hold Security, in addition to the sale of 360 million credentials, the cyber criminals are  s
LinkedIn shutting down its security-plagued INTRO app in Early March

LinkedIn shutting down its security-plagued INTRO app in Early March

Feb 10, 2014
Last October, the social network ' LinkedIn ' launched a controversial Smartphone app called ' Intro ' that intercepts and route all of your emails through LinkedIn servers to inject LinkedIn profiles of the sender directly into the mails. The app was released for Android , as well as iOS devices. Why Controversial? The app puts the security and privacy of your data entirely in the company's hands, and at that time everyone criticized and reacted negatively, but LinkedIn defended Intro, claiming that all information was fully encrypted and deleted from LinkedIn's servers immediately. Just two days back, I got an e-mail from LinkedIn with the subject line " We're retiring LinkedIn Intro. " i.e. LinkedIn is giving up so quickly just four months of the launch! In a blog post today, LinkedIn SVP of products Deep Mishar explained, " We are shutting down LinkedIn Intro as of March 7, 2014. The intro was launched last year to bring the power of LinkedIn to your emai
800,000 Customers' detail stolen in Data Breach at French Telecom 'Orange'

800,000 Customers' detail stolen in Data Breach at French Telecom 'Orange'

Feb 03, 2014
One of the world's largest mobile operator ' Orange ' has been hit by data breach. The French multinational telecommunication company announced recently, it was targeted by unknown hackers on 16th January 2014, who allegedly gained access to the accounts of up to 800,000 customers of Orange website. According to a report published on the PC INpact website, the company warned their customers in an email that their Client Area website orange.fr was hacked and personal data of 3% customers have been stolen, but the passwords are not affected. The hacker has successfully stolen customers' names, mailing address, email, landline and mobile phone numbers. The company warned, with the information lost in this attack, hackers can perform phishing attacks, allowing them to steal personal data, including bank account details and passwords by sending emails that look as if they have come from official sources. Orange has confirmed the data breach, and afte
Foursquare vulnerability that exposes 45 million users' email addresses

Foursquare vulnerability that exposes 45 million users' email addresses

Jan 28, 2014
A location based Social Networking platform with 45 million users,' Foursquare ' was vulnerable to the primary email address disclosed.  Foursquare is a Smartphone application that gives you details of nearby cafes, bars, shops, parks using GPS location and also tells about your friends nearby. According to a Penetration tester and hacker ' Jamal Eddin e ',  an attacker can extract email addresses of all 45 million users just by using a few lines of scripting tool. Basically the flaw exists in the Invitation system of the Foursquare app. While testing the app, he found that invitation received on the recipient's end actually disclosing the sender's email address, as shown above. Invitation URL:  https://foursquare.com/mehdi?action=acceptFriendship&expires=1378920415&src=wtbfe& uid = 64761059 &sig=mmlx96RwGrQ2fJAg4OWZhAWnDvc%3D Where 'uid' parameter represents the sender's profile ID.  Hacker noticed th
Mozilla Thunderbird vulnerability allows hackers to Insert malicious code into Emails

Mozilla Thunderbird vulnerability allows hackers to Insert malicious code into Emails

Jan 28, 2014
Do you use Thunderbird , a free; open-source; cross-platform application for managing email and news feeds? According to a Pakistani Security Researcher from Vulnerability-Lab, a flaw gives an attacker the ability to run code on a user's machine. Mozilla Thunderbird 17.0.6 email application is vulnerable to critical validation and filter bypass vulnerability, enables an attacker to bypass the filter that prevents HTML tags from being used in messages. According to a Security Advisory released by Vulnerability-Lab , the flaw resides in Mozilla's Gecko engine. During the testing, the researchers found many java script errors which gave the researcher much hope in believing that the application might actually be vulnerable. By default, HTML tags like <script> and <iframe> are blocked in Thunderbird and get filtered immediately upon insertion. However, while drafting a new email message, attackers can easily bypass the current input filters by encoding
CBI arrests Indian mastermind behind Hire-a-Hacker service on FBI tip-off

CBI arrests Indian mastermind behind Hire-a-Hacker service on FBI tip-off

Jan 25, 2014
For the first time in history, Indian Law Enforcement Agency 'Central Bureau of Investigation' (CBI) has arrested a Cyber criminal after getting a tip-off from the US Federal Bureau of Investigation (FBI). 33-Year-old Amit Vikram Tiwari , son of an Indian Army colonel and an engineering dropout, who allegedly ran two websites offering services for hacking into email accounts was arrested on Friday from Pune city. According to the details submitted by FBI, he had compromised more than 1,000 Accounts around the world and offering illegal services for cracking email account login for $250 - $500 via two websites www.hirehacker.net and www.anonymiti.com hosted on U.S. Based servers. Amit received most of the payments from his Clients via Western Union Money Transfer or PayPal. During the investigation, police found several fictitious names of clients and bank account numbers in his computer. Initial investigation clarifies that he has clients in China, Romania, an
Infamous hacker "Guccifer" arrested in Romania; charged with multiple cyber crimes

Infamous hacker "Guccifer" arrested in Romania; charged with multiple cyber crimes

Jan 23, 2014
" Guccifer " arrested in Romania, the infamous hacker who was responsible for breaching the social media and email accounts of numerous high profile US and Romanian Politicians. Romanian authorities collaborated with US services to catch him and the officers of the Directorate for Investigating Organized Crime and Terrorism (DIOCT) raided His House last Wednesday. His well known leaks included the emails of former secretary of state ' Colin Powell ', suggested that he was having an affair, which was later denied by Colin. He was also responsible for breaking into the Bush family e-mails . The Hacker also infiltrated the email from George Maior , chief of the Romanian Intelligence Service (SRI). Guccifer is a 40-year-old Marcel Lazar Lehel , a resident of Arad , who was convicted of several other computer crimes in 2012, according to Romanian media report . But those charges stemmed from Lazăr Lehel's attacks on dozens of Romanian officials between O
What Is PGP Encryption And How To Encrypt Your Emails

What Is PGP Encryption And How To Encrypt Your Emails

Jan 08, 2014
Now that we have enough details about how the NSA's Surveillance program, running for a long time against almost each country of this planet.  Hundreds of top-secret NSA documents provided by whistleblower Edward Snowden already exposed that Spying projects like PRISM and MUSCULAR are tapping directly into Google and Yahoo internal networks to access our Emails. NSA's tactics are even capable to defeat the SSL encryption, so unsecured email can easily be monitored and even altered as it travels through the Internet. One major point on which all of us are worrying is about the privacy of communication among each other and If you're looking for a little personal privacy in your communications you will need to encrypt your messages. To avoid privacy breaches; rather I should say to make it more difficult for the NSA or British GCHQ surveillance program to read our communication, we should use PGP encryption (Pretty Good Privacy). Why we should Encrypt ou
Acoustic Cryptanalysis: Extracting RSA Key From GnuPG by capturing Computer Sound

Acoustic Cryptanalysis: Extracting RSA Key From GnuPG by capturing Computer Sound

Dec 20, 2013
' RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis ', is an interesting paper recently published by Three Israeli Security Researchers at Tel Aviv University . They claimed that, they have successfully broken one of the most secure encryption algorithms, 4096-bit RSA , just by capturing Computer's CPU Sound while it runs decryption routines. Daniel Genkin, Adi Shamir (who co-invented RSA), and Eran Tromer , uses a side channel attack and through a process called " acoustic cryptanalysis ", they successfully extracted 4096-bit RSA key From GnuPG. " We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away, " The paper specifies some possible implementations of this attack. Some email-client softwares i.e. Enigmail can automatically decrypt incoming e-mail (for notification purposes) using GnuPG. An attacker can e-mail suitably-
Warning: 10 Million UK Users targeted with Cryptolocker Ransomware spam email campaign

Warning: 10 Million UK Users targeted with Cryptolocker Ransomware spam email campaign

Nov 17, 2013
The UK's National Crime Agency has given out an urgent national alert that a mass spamming event targeting 10 million UK based email users with a piece of malware called CryptoLocker that encrypts your files and then demands a ransom money to restore access. The agency has said that the people who are majorly receiving targeted spam emails that appear to be from banks and other financial institutions. Each email comes with attachments that look like files such as a voicemail, fax, an invoice or details of a suspicious transaction, but is in fact Cryptolocker Ransomware malware that encrypts the user's computer. The public should be aware not to click on any such attachment. On Infected system, The Cryptolocker Malware screen will then display a countdown timer that demands the payment of 2 Bitcoins in ransom, worth around £536, for the decryption key. The NCCU is trying to trace that who is sending the emails. " We are working in cooperation wit
'LinkedIn Intro' iOS app can read your emails in iPhone

'LinkedIn Intro' iOS app can read your emails in iPhone

Oct 25, 2013
Your LinkedIn profile is your digital resume. Yesterday, LinkedIn launched a new app for for iOS devices called Intro ' LinkedIn Intro '. With this feature an email on your iPhone will display a picture of the sender, with useful profile info from LinkedIn. Basically, to use the service, a LinkedIn user must route all of their emails (any provider i.e. Hotmail, Gmail, Yahoo, etc.) through LinkedIn's 'Intro' servers, which will inject fancy business centric HTML profile right in your emails, as shown. But this also means that LinkedIn is now able to read the complete content of your emails and also can store the passwords to users' external email accounts. The feature is enough to destroy the security and privacy of your mails. Another point to be noted that, Apple does not provide any APIs or frameworks for developers that would allow this kind of modification of its interface. Instead, LinkedIn is acting as a ' man in the middle ' by inter
Fear of NSA PRISM : Indian Government may ban US email services for official communication

Fear of NSA PRISM : Indian Government may ban US email services for official communication

Aug 30, 2013
The Indian Government is planning to ban the use of US based email services like Gmail for official communications to increase the security of confidential government information. The recent disconcerting reports that that India was being spied upon by American intelligence agencies has opened an all new chapter in the cyber security space. As leaked by former US National Security Agency contractor Edward Snowden, that NSA involved in widespread spying and surveillance activities across the globe. The Government plans to send a formal notification to about 500,000 employees across the country, asking them to stick to the official email service provided by India's National Informatics Centre, Time of India Reported. The fact that several government officers in top positions use their Gmail IDs for official communications i.e. Several senior government officials in India, including ministers of state for communications & IT Milind Deora and Kruparani Killi, have t
Telecom Italia Cookie Handling vulnerability allows hackers to hijack email accounts

Telecom Italia Cookie Handling vulnerability allows hackers to hijack email accounts

Jul 20, 2013
A cookie is a piece of data that is issued by a server in an HTTP response and stored for future use by the HTTP client. Quite simply, a cookie is a small text file that is stored by a browser on the user's machine. Cookies are plain text; they contain no executable code. The client then re-supplies the cookie value in subsequent requests to the same server. This mechanism allows the server to store user preferences and identity individual users. One of the biggest issues in cookie mechanism is how to handle them. In short, the server had no way of knowing if two requests came from the same browser, called Cookie Handling vulnerability. ' Piero Tedeschi ' reported a similar issue in ' Telecom Italia ' ( https://www.telecomitalia.it/ ), the largest Italian telecommunications company, also active in the media and manufacturing industries. This vulnerability allow a malicious user to hijack multiples accounts, just by exporting and importing the cookies from
Cybersecurity Resources