#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

hacking accounts | Breaking Cybersecurity News | The Hacker News

Exclusive: Any Chingari App (Indian TikTok Clone) Account Can Be Hacked Easily

Exclusive: Any Chingari App (Indian TikTok Clone) Account Can Be Hacked Easily
Jul 11, 2020
Following vulnerability disclosure in the Mitron app , another viral TikTok clone in India has now been found vulnerable to a critical but easy-to-exploit authentication bypass vulnerability, allowing anyone to hijack any user account and tamper with their information, content, and even upload unauthorized videos. The Indian video sharing app, called Chingari, is available for Android and iOS smartphones through official app stores, designed to let users record short-form videos, catch up on the news, and connect with other users via a direct message feature. Originally launched in November 2018, Chingari has witnessed a huge surge in popularity over the past few days in the wake of India's ban on Chinese-owned apps late last month, crossing 10 million downloads on the Google Play Store in under a month. The Indian government recently banned 59 apps and services , including ByteDance's TikTok, Alibaba Group's UC Browser and UC News, and Tencent's WeChat over priv

Hacker Selling 200 Million Yahoo Accounts On Dark Web

Hacker Selling 200 Million Yahoo Accounts On Dark Web
Aug 02, 2016
Hardly a day goes without headlines about any significant data breach. In the past few months, over 1 Billion account credentials from popular social network sites, including LinkedIn , Tumblr , MySpace and VK.com were exposed on the Internet. Now, the same hacker who was responsible for selling data dumps for LinkedIn, MySpace, Tumblr and VK.com is now selling what is said to be the login information of 200 Million Yahoo! users on the Dark Web . 200 Million Yahoo! Logins for 3 BTC The hacker, who goes by the pseudonym " Peace " or "peace_of_mind," has uploaded 200 Million Yahoo! credentials up for sale on an underground marketplace called The Real Deal for 3 Bitcoins (US$1,824). Yahoo! admitted the company was "aware" of the potential leak, but did not confirm the authenticity of the data. The leaked database includes usernames, MD5-hashed passwords and date of births from 200 Million Yahoo! Users. In some cases, there is also the backup e

Nearly 7 Million Dropbox Account Passwords Allegedly Hacked

Nearly 7 Million Dropbox Account Passwords Allegedly Hacked
Oct 14, 2014
Internet users have faced a number of major privacy breaches in last two months. Major in the list are The Fappening , The Snappening and now the latest privacy breach in Dropbox security has gained everybody's attention across the world. Dropbox , the popular online locker service, appears to have been hacked by an unnamed hacker group. It is still unclear how the account details of so many users were accessed and, indeed, if they are actually legitimate or not. However, the group claims to have accessed details from nearly 7 million individual accounts and are threatening to release users' photos, videos and other files. HACKERS CLAIMED TO RELEASE 7 MILLION USERS' PERSONAL DATA A thread surfaced on Reddit today that include links to files containing hundreds of usernames and passwords for Dropbox accounts in plain text. Also a series of posts with hundreds of alleged usernames and passwords for Dropbox accounts have been made to Pastebin, an anonymous information-sha

Protecting Your Organization From Insider Threats - All You Need to Know

cyber security
websiteWing SecuritySaaS Security
Get practical insights and strategies to manage inadequate offboarding and insider risks effectively.

What's the Right EDR for You?

What's the Right EDR for You?
May 10, 2024Endpoint Security / Threat Detection
A guide to finding the right endpoint detection and response (EDR) solution for your business' unique needs. Cybersecurity has become an ongoing battle between hackers and small- and mid-sized businesses. Though perimeter security measures like antivirus and firewalls have traditionally served as the frontlines of defense, the battleground has shifted to endpoints. This is why endpoint detection and response (EDR) solutions now serve as critical weapons in the fight, empowering you and your organization to detect known and unknown threats, respond to them quickly, and extend the cybersecurity fight across all phases of an attack.  With the growing need to defend your devices from today's cyber threats, however, choosing the right EDR solution can be a daunting task. There are so many options and features to choose from, and not all EDR solutions are made with everyday businesses and IT teams in mind. So how do you pick the best solution for your needs? Why EDR Is a Must Because of

Hacking DropBox account, Vulnerability allows hacker to bypass Two-Factor Authentication

Hacking DropBox account, Vulnerability allows hacker to bypass Two-Factor Authentication
Jul 05, 2013
Q-CERT team found a critical vulnerability that allows the attacker to bypass the two-factor authentication in the most popular file sharing service ' DropBox '. Two Factor Authentication is an extra layer of security that is known as " multi factor authentication " that requires not only a password and username but also a unique code that only user can get via SMS or Call. Zouheir Abdallah demonstrated , if an attacker already knows the username and password of the victim's Dropbox account, which is protected by two-factor authentication, it is still possible to hack that Dropbox account using following explained technique. DropBox does not verify the authenticity of the email addresses used to Sign up a new account, so to exploit this flaw hacker just need to create a new fake account similar to the target's account and append a dot (.) anywhere in the email address. In Next step, enable 2-factor authentication for the fake account, and save the emerg

HP LaserJet Security flaw allows remote data access

HP LaserJet Security flaw allows remote data access
Mar 14, 2013
A critical vulnerability discovered in certain LaserJet Pro printers that could give remote attackers access to sensitive data. Homeland Security's Computer Emergency Response Team recently issued a vulnerability note warning that HP LaserJet Professional printers contain a telnet debug shell which could allow a remote attacker to gain unauthorized access to data. This flaw was discovered by a Germany security expert, Christoph von Wittich . He detected the vulnerability during a routine network scan of his company's corporate network. He said the vulnerability could also be used for a denial-of-service attack. " As long as the printer is not connected to the Internet, this vulnerability should not cause much trouble for the end user ,". Marked as CVE-2012-5215 ( VU#782451 , SSRT101078), vulnerability affected 12 printer models including HP LaserJet Pro P1102w, P1102w, P1606dn, M1212nf MFP, M1213nf MFP, M1214nfh MFP, M1216nfh Multifunction Printer, M1217n

Twitter added DMARC support to prevent email phishing

Twitter added DMARC support to prevent email phishing
Feb 22, 2013
Twitter announced via its blog today that it has begun using a new method called Domain-based Message Authentication, Reporting and Conformance (DMARC) to help prevent email phishing. DMARC is actually a standard for preventing email spoofing, in order to make it harder for attackers to send phishing emails that appear to come from twitter.com addresses. Sometimes it's not easy to figure out if an email is legitimate or not. It implementing the SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) email message validation and authentication systems. Twitter says it started using the DMARC earlier this month. While the DMARC specification does need support from e-mail services, outfits including AOL, Gmail, Hotmail or Outlook and Yahoo already make use of it. It has also been implemented by services like Facebook, PayPal, Amazon and now Twitter. If you don't use Gmail or one of the other email providers listed above, you may not be protected. It might be

Facebook OAuth flaw allows gaining full control over any Facebook account

Facebook OAuth flaw allows gaining full control over any Facebook account
Feb 21, 2013
Facebook OAuth is used to communicate between Applications & Facebook users, to grant additional permissions to your favorite apps. To make this possible, users have to ' allow or accept ' the application request so that app can access your account information with required permissions. As a normal Facebook user we always think that it is better than entering your Facebook credentials, we can  just allow specific permissions to an app in order to make it work with your account. Today whitehat Hacker ' Nir Goldshlager ' reported ' The Hacker News ' that he discovered a very critical vulnerability in Facebook's OAuth system, that allowed him to get full control over any Facebook account easily even without ' allow or accept ' options. For this purpose he hunt the flaw in a very mannered way i.e Step 1) Understanding the OAuth URL Step 2) Finding a way to use custom parameters in URL Step 3) Bypassing OAuth ' Allow '

Group behind largest Ransomware campaign arrested by Spanish police

Group behind largest Ransomware campaign arrested by Spanish police
Feb 14, 2013
Police in Spain have arrested a gang of 11 cyber criminals who used ransomware to demand money from thousands of victims in 30 countries using malware known as Reveton . Police arrested six Russians, two Ukrainians and two Georgians in the Costa del Sol. The gang leader, a 27-year-old Russian, was arrested in Dubai in the United Arab Emirates in December 2012 on an international arrest warrant. Spanish authorities are seeking his extradition. According to researchers from Trend Micro who worked with the Spanish to track down the group, estimate that this ransomware operation netted the group more than 1 million euros a year. The Trojan was distributed using drive by download techniques, in conjunction with the Black Hole exploit kit and initially the malware was focused on German individuals, but in later months began to target other countries, primarily the USA. Trend Micro, said there were 48 different variations of the virus in use and the malware has been known t

Team GhostShell Exposes 700k accounts from African universities and businesses

Team GhostShell Exposes 700k accounts from African universities and businesses
Jan 28, 2013
The Hacktivist group  Team GhostShell today exposes data including 700,000 accounts / records from African universities and businesses during a campaign named ProjectSunRise . Hacker mention, " GhostShell's new project focuses on Africa, mainly, for the time being, South Africa and to some extent other countries from the continent, such as Algeria, Nigeria, Kenya and Angola. " In this new campaign hackers have targeted a many companies and universities i.e Angola's National Diamond Corporation, Ornico Marketing, Moolmans Africa Mining Corporation, South African Express Petroleum, State University, Kenyan Business Directory, PostNet Internet Services and also PressOffice linked to BidOrBuy which is South Africa's largest online store. Hacker release Mysql databases dumps of all these sites via pastebin notes . Hackers said, " Companies like Anglo American have decimated our vast natural resources and have paid our local workers next to nothing. In a resul

Art of twitter account hacking, now or never !

Art of twitter account hacking, now or never !
Nov 09, 2012
Phishing is most commonly perpetrated through the mass distribution of e-mail messages directing users to a fraud web site or services. These professional criminals daily find new ways to commit old crimes, treating cyber crime like a business and forming global criminal communities. Another latest scam has been notified by GFI that, where cyber criminals are offering the art of hacking Twitter accounts with a web-based exploit. Phishers are sending scam emails and offering fake twitter account hacking service, which in actual will hack their own twitter accounts. Email from phishers have text, " Do you want to learn how to hack twitter? Are you looking for a way to hack your friends twitter account without them finding out? Interested in finding out ways to hack someone's profile? Maybe you want to take a quick peek at their direct message inbox, steal their username or find a glitch to use a hacking script, ". Hackers try to convince readers by showing a exploit code, and ex
Expert Insights
Cybersecurity Resources