#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

gmail hacking | Breaking Cybersecurity News | The Hacker News

Banking Trojan Gains Ability to Steal Facebook, Twitter and Gmail Accounts

Banking Trojan Gains Ability to Steal Facebook, Twitter and Gmail Accounts

Nov 17, 2017
Security researchers have discovered a new, sophisticated form of malware based on the notorious Zeus banking Trojan that steals more than just bank account details. Dubbed Terdot, the banking Trojan has been around since mid-2016 and was initially designed to operate as a proxy to conduct man-in-the-middle (MitM) attacks, steal browsing information such as stored credit card information and login credentials and injecting HTML code into visited web pages. However, researchers at security firm Bitdefender have discovered that the banking Trojan has now been revamped with new espionage capabilities such as leveraging open-source tools for spoofing SSL certificates in order to gain access to social media and email accounts and even post on behalf of the infected user. Terdot banking trojan does this by using a highly customized man-in-the-middle (MITM) proxy that allows the malware to intercept any traffic on an infected computer. Besides this, the new variant of Terdot
Warning! Don't Click that Google Docs Link You Just Received in Your Email

Warning! Don't Click that Google Docs Link You Just Received in Your Email

May 03, 2017
Did someone just share a random Google Doc with you? First of all — Do not click on that Google Doc link you might have just received in your email and delete it immediately — even if it's from someone you know. I, my colleagues at The Hacker News, and even people all around the Internet, especially journalists, are receiving a very convincing OAuth phishing email, which says that the person [sender] " has shared a document on Google Docs with you. " Once you clicked the link, you will be redirected to a page which says, " Google Docs would like to read, send and delete emails, as well access to your contacts, " asking your permission to "allow" access. If you allow the access, the hackers would immediately get permission to manage your Gmail account with access to all your emails and contacts, without requiring your Gmail password. Beware! New GoogleDocs Phishing Email Scam Spreading Across the World — Here's Everything You Need to K
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
How to Hack Facebook Account Just by Knowing Phone Number

How to Hack Facebook Account Just by Knowing Phone Number

Jun 15, 2016
Hacking Facebook account is one of the major queries on the Internet today. It's hard to find — how to hack Facebook account or facebook messenger, but researchers found a way that can allow someone to hack Facebook account passwords with only the target's phone number and some resources. Yes, your Facebook profile can be hacked, no matter how strong your password is or how much extra security measures you have taken. No joke! Hackers with resources to exploit SS7 network can hack your Facebook login and all they need is your phone number. The weaknesses in the part of global telecom network SS7 that not only let hackers and spy agencies listen to personal phone calls and intercept SMSes on a potentially massive scale but also let them hijack social media accounts to which you have provided your phone number. SS7 or Signalling System Number 7 is a cell phone signaling protocol that is being used by more than 800 telecommunication operators worldwide to exchange i
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Hacker is Selling 272 Million Email Passwords for Just $1

Hacker is Selling 272 Million Email Passwords for Just $1

May 05, 2016
A massive database of 272 million emails and passwords for popular email services, including Gmail, Microsoft, and Yahoo, are being offered for sale on the Dark Web for less than $1, media reports. An anonymous Russian hacker, who goes by the moniker " the Collector ," was first spotted by cybersecurity firm Hold Security advertising 1.17 Billion user records for email accounts on a dark web forum. The stolen credentials apparently came from some of the world's biggest email providers, including Gmail, Yahoo, Microsoft and Russia's Mail.ru. When security analysts at Hold Security reached out to the hacker and began negotiating for the dataset to verify the authenticity of those records, the hacker only asked for 50 Rubles (less than a buck) in return of the complete dump. However, it seems that there is actually nothing to worry about. Hold Security CEO Alex Holden said that a large number of those 1.17 Billion accounts credentials turned out to be duplicate an
THN Weekly Roundup — Top 14 Must-Read Cyber Security Stories

THN Weekly Roundup — Top 14 Must-Read Cyber Security Stories

Sep 07, 2015
We found a high concern for cybersecurity tactics and an increased awareness of the challenges that it brings. This week, we shared lots of stories with our readers, and to help them in identifying the biggest malware threats to their online safety. We are here with the outline of our last week stories, just in case you missed any of them ( ICYMI ). We recommend you read the entire thing ( just click ' Read More ' because there's some valuable advice in there as well ). Here's the list: ➢ How Hackers Can Hack Your Gmail Accounts? Getting smarter in their phishing tactics, hackers have found out ways to fool Gmail's tight security system by bypassing its two-step verification. Hackers are now using text messages and phone-based phishing attacks to circumvent Gmail's security and take over your Gmail accounts. — Read more . ➢ Not Just Windows 10, Windows 7 and 8 Also Spy on You Laughing at controversial data mining and privacy invasion featur
Here's How Iranian Hackers Can Hack Your Gmail Accounts

Here's How Iranian Hackers Can Hack Your Gmail Accounts

Aug 31, 2015
Hackers are getting smarter in fooling us all , and now they are using sophisticated hacking schemes to get into your Gmail. Yes, Iranian hackers have now discovered a new way to fool Gmail's tight security system by bypassing its two-step verification – a security process that requires a security code (generally sent via SMS) along with the password in order to log into Gmail account. Researchers at Citizen Lab released a report on Thursday which shows how the hackers are using text messages and phone-based phishing attacks to circumvent Gmail's security and take over the Gmail accounts of their targets, specifically political dissidents. The report detailed and elaborated three types of phishing attacks aimed at Iranian activists. Researchers also found one such attack targeting Jillian York , the Director for International Freedom of Expression at the Electronic Frontier Foundation . Here's How the Attack Works Via Text Messages: In some case
5 Million Gmail Usernames and Passwords Leaked online, Check Yours Now

5 Million Gmail Usernames and Passwords Leaked online, Check Yours Now

Sep 11, 2014
Gmail credentials leaked online? Oh my God! Again I have to change my password…!! Yes, you heard right. Millions of Gmail account credentials (email address and password) have been stolen and made publicly available through an online forum, causing a large number of users worldwide to change their Gmail password again. The website that published the email addresses with matching passwords is Russian. The credentials seem to be old and likely sourced from multiple data breaches. It is believed that the leaked passwords are not necessarily those used to access Gmail accounts, but seem to have been gathered from other websites where users used their Gmail addresses to register. 5 MILLION GMAIL CREDENTIALS LEAKED ONLINE The news broke when a user posted a link to the log-in credentials on Reddit frequented by hackers, professional and aspiring. But the archive file containing nearly 5 million Gmail addresses and plain text passwords was posted on Russian Bitcoin secur
Hacking Gmail App with 92 Percent Success Rate

Hacking Gmail App with 92 Percent Success Rate

Aug 23, 2014
A group of security researchers has successfully discovered a method to hack into six out of seven popular Smartphone apps, including Gmail across all the three platforms - Android , Windows, and iOS operating systems - with shockingly high success rate of up to 92 percent. Computer scientists the University of California Riverside Bourns College of Engineering and the University of Michigan have identified a new weakness they believe to exist in Android, Windows, and iOS platforms that could allow possibly be used by hackers to obtain users' personal information using malicious apps. The team of researchers - Zhiyun Qian , of the University of California, Riverside, and Z. Morley Mao and Qi Alfred Chen from the University of Michigan - will present its paper, " Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks " ( PDF ), at the USENIX Security Symposium in San Diego on August 23. The paper detailed a new type of
Google offers Chrome Extension for End-To-End Gmail Encryption

Google offers Chrome Extension for End-To-End Gmail Encryption

Jun 04, 2014
Everything we do online, whether chatting on phone, talking via video or audio, sending messages on phones or emails are being watched by Governments and Intelligence agencies. However, many Internet giants offer encrypted environment in an effort to protect our online data from prying eyes, but still those companies can read our data stored into their servers. But, there is a great news for Gmail users. On Tuesday, Google has announced two major privacy enhancements in its Gmail and this new push for its email service will even protect our data and communication from Google itself. With the ongoing concerns about privacy and the pervasiveness of email communications, Google already provides encryption for its Gmail called Transit encryption (HTTPS). In which only the transmission of emails sending or receiving is protected by the transit encryption but not the content of the email. Few Months back, Google itself admitted that their automated systems read our email c
Leaked Screenshots Suggest New Gmail Interface Coming Soon

Leaked Screenshots Suggest New Gmail Interface Coming Soon

May 12, 2014
Google is reportedly testing out some new UI changes for its popular email service, Gmail on the desktop browser that would redesign your inbox in totally different Interface. So, the traditional Gmail we all know may soon get a new makeover and we hope users will definitely love it. Google has invited a selected team of users to test a completely new user friendly interface for the webmail client which appears as a part of the trial, according to the leaked screenshots obtained by Geek 's website. According to the report, we can only presume that the new feature will enable a user to have a fancy access to Google's Gmail with a brand-new fly-in menu system that flies in and out of the browser window replaces Google's otherwise static sidebar on the left bolted into Gmail last year that organizes your inbox, chats, and labels. In the beginning of the April, the Geek also provided the screenshots revealing a series of new feature for the mobile Gmail clien
Google Working On End-to-End Encryption for Gmail Service

Google Working On End-to-End Encryption for Gmail Service

Apr 22, 2014
Constant password breaches and Snowden revelations about Government Surveillance have raised many questions that why don't cloud and email Services encrypt the data stored on their server?  Revelations forced the popular Internet Giants such as Google and Yahoo to contemplate on the privacy and security issues and in response companies started enhancing their encryption standard by enabling HTTPS by default and removed the option to turn it off. A few days back, Google admitted that their automated systems read your content, including incoming and outgoing emails to provide you personally relevant advertisements. That means Internet giants generally do encrypt your data, but they have the key so they can decrypt it any time they want. Encryption is mandatory in Modern Internet and web services should consider Encrypting and decrypting your data locally, so that no one can snoop on. Such cryptographic mechanism is called End-to-End Encryption , that means content of yo
Google Admits that It Reads your Emails

Google Admits that It Reads your Emails

Apr 16, 2014
Google has updated its privacy terms and conditions on Monday to offer more transparency regarding its email-scanning practices. One of the world's biggest Web internet giant, Google, made it clear that the information its users submit and share with its systems is all analyzed. Last year, Google was accused of its illegal interception of all electronic communications sent to Gmail account holders and using the gathering data to sell and place advertisements in order to serve related ads to its users. Practically, the more information you let Google collect about you, the more accurate its adverts become. But Google has long insisted that its scanning practices are outlined in its terms of service. So, finally admitting the accusation, Google has made some changes in its terms of service res a new paragraph that explains the manner in which its software automatically scans and analyzes the content of Gmail messages when they are sent, received, and stored. " Our
Back off, NSA! Gmail now Encrypts every single Email

Back off, NSA! Gmail now Encrypts every single Email

Mar 21, 2014
2014 - The Year for Encryption! Good News for Security & Privacy seekers, Gmail is now more secure than ever before. Google has announced that it has enhanced encryption for its Gmail email service to protect users from government cyber-spying; by removing the option to turn off HTTPS . So from today, Gmail will always use an encrypted HTTPS connection by default when you check or send email. Furthermore, Google also assured that every single email message will now be encrypted as it moves internally between the company's data centers. " Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail's servers—no matter if you're using public WiFi or logging in from your computer, phone or tablet. " Nicolas Lidzborski, Gmail Security Engineering Lead said in a blog post . It was previously disclosed by Edward Snowden that the National Security Agency (NSA) is intercepting email messages as they
Hacking Gmail accounts with password reset system vulnerability

Hacking Gmail accounts with password reset system vulnerability

Nov 22, 2013
Oren Hafif , a security researcher has discovered a critical vulnerability in the Password reset process of Google account that allows an attacker to hijack any account. He managed to trick Google users into handing over their passwords via a simple spear-phishing attack by leveraging a number of flaws i.e. Cross-site request forgery (CSRF), and cross-site scripting (XSS), and a flow bypass. In a proof of concept video demonstration, the attacker sends his victim a fake " Confirm account ownership " email, claiming to come from Google. The link mention in the mail instructs the recipient to confirm the ownership of the account and urged user to change their password. The link from the email apparently points to a HTTPS  google.com URL, but it actually leads the victim to the attacker's website because of CSRF attack with a customized email address. The Google HTTPS page will will ask the victim to confirm the ownership by entering his last password and then will ask to res
Hacker stole $100,000 from Users of California based ISP using SQL Injection

Hacker stole $100,000 from Users of California based ISP using SQL Injection

Oct 22, 2013
In 2013 we have seen a dramatic increase in the number of hack attacks attempted against banks, credit unions and utility companies using various techniques including  DDoS attack , SQL injection, DNS Hijacking and Zero-Day Flaws. SQL Injection is one of the most common security vulnerabilities on the web and is successful only when the web application is not sufficiently secured. Recently a hacking Group named ' TeamBerserk ' claimed on Twitter that, they have stolen $100,000 by leveraging user names and passwords taken from a California ISP Sebastian (Sebastiancorp.com)to access victims' bank accounts. A video proof was uploaded on the Internet, shows that how hackers used a SQL injection attack against the California ISP Sebastian to access their customers' database includes  e-mail addresses, user names and clear text passwords and then using the same data to steal money from those customers. Let's see what SQL Injection is and how ser
Fear of NSA PRISM : Indian Government may ban US email services for official communication

Fear of NSA PRISM : Indian Government may ban US email services for official communication

Aug 30, 2013
The Indian Government is planning to ban the use of US based email services like Gmail for official communications to increase the security of confidential government information. The recent disconcerting reports that that India was being spied upon by American intelligence agencies has opened an all new chapter in the cyber security space. As leaked by former US National Security Agency contractor Edward Snowden, that NSA involved in widespread spying and surveillance activities across the globe. The Government plans to send a formal notification to about 500,000 employees across the country, asking them to stick to the official email service provided by India's National Informatics Centre, Time of India Reported. The fact that several government officers in top positions use their Gmail IDs for official communications i.e. Several senior government officials in India, including ministers of state for communications & IT Milind Deora and Kruparani Killi, have t
Google: Gmail Users Should Have No Expectation of Privacy

Google: Gmail Users Should Have No Expectation of Privacy

Aug 15, 2013
Edward Snowden has done enough to highlight how vulnerable electronic communications are to surveillance and Gmail users should not expect privacy from Google. Lavabit is no more. Silent Circle has shuttered its secure email service. A California watchdog group says  that Gmail users now have a reason to pause before hitting " send ". California-based Consumer Watchdog, which claims Google made a "stunning admission" in a recent legal brief when the tech giant wrote that people should expect the contents of their emails to be perused. " Google has finally admitted they don't respect privacy, " he said in a statement . " People should take them at their word; if you care about your email correspondents' privacy, don't use Gmail. " " Just as a sender of a letter to a business colleague cannot be surprised that the recipient's assistant opens the letter, people who use web-based email today cannot be surprised if their emails are processed by the recipient
Cybersecurity Resources