#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

how to hack | Breaking Cybersecurity News | The Hacker News

Beware! New Android Malware Hacks Thousands of Facebook Accounts

Beware! New Android Malware Hacks Thousands of Facebook Accounts

Aug 09, 2021
A new Android trojan has been found to compromise Facebook accounts of over 10,000 users in at least 144 countries since March 2021 via fraudulent apps distributed through Google Play Store and other third-party app marketplaces. Dubbed " FlyTrap ," the previously undocumented malware is believed to be part of a family of trojans that employ social engineering tricks to breach Facebook accounts as part of a session hijacking campaign orchestrated by malicious actors operating out of Vietnam, according to a  report  published by Zimperium's zLabs today and shared with The Hacker News. Although the offending nine applications have since been pulled from Google Play, they continue to be available in third-party app stores, "highlighting the risk of sideloaded applications to mobile endpoints and user data," Zimperium malware researcher Aazim Yaswant said. The list of apps is as follows - GG Voucher (com.luxcarad.cardid)  Vote European Football (com.gardengu
Instagram Launches 'Security Checkup' to Help Users Recover Hacked Accounts

Instagram Launches 'Security Checkup' to Help Users Recover Hacked Accounts

Jul 17, 2021
Instagram earlier this week introduced a new " Security Checkup " feature that aims to keep accounts safe and help users—whose accounts may have been compromised—to recover them. In order to gain access to accounts, users will be prompted to perform a series of steps, which include checking recent login activity, reviewing profile information, and updating contact details such as phone numbers or email. Additionally, the Facebook-owned company is also "strongly" recommending users to turn on two-factor authentication for extra security and preventing unauthorized logins. On that front, Instagram also said it would allow users in select countries to use their WhatsApp numbers to authenticate their accounts. Stressing that "Instagram will never send you a [direct message]," the social media platform cautioned users to be on the lookout for scams, wherein malicious accounts reach out via DMs to try and access sensitive information like account passwo
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
Chinese Hackers Compromise Telecom Servers to Spy on SMS Messages

Chinese Hackers Compromise Telecom Servers to Spy on SMS Messages

Oct 31, 2019
A group of Chinese hackers carrying out political espionage for Beijing has been found targeting telecommunications companies with a new piece of malware designed to spy on text messages sent or received by highly targeted individuals. Dubbed " MessageTap ," the backdoor malware is a 64-bit ELF data miner that has recently been discovered installed on a Linux-based Short Message Service Center (SMSC) server of an unnamed telecommunications company. According to a recent report published by FireEye's Mandiant firm, MessageTap has been created and used by APT41 , a prolific Chinese hacking group that carries out state-sponsored espionage operations and has also been found involved in financially motivated attacks. In mobile telephone networks, SMSC servers act as a middle-man service responsible for handling the SMS operations by routing messages between senders and recipients. Since SMSes are not designed to be encrypted, neither on transmitting nor on the telec
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
Former Yahoo Employee Admits Hacking into 6000 Accounts for Sexual Content

Former Yahoo Employee Admits Hacking into 6000 Accounts for Sexual Content

Oct 02, 2019
An ex-Yahoo! employee has pleaded guilty to misusing his access at the company to hack into the accounts of nearly 6,000 Yahoo users in search of private and personal records, primarily sexually explicit images and videos. According to an press note released by the U.S. Justice Department, Reyes Daniel Ruiz , a 34-year-old resident of California and former Yahoo software engineer, admitted accessing Yahoo internal systems to compromise accounts belonging to younger women, including his personal friends and work colleagues. Once he had access to the users' Yahoo accounts, Ruiz then used information obtained from users' email messages and their account's login access to hacking into their iCloud, Gmail, Facebook, DropBox, and other online accounts in search of more private material. Besides this, Ruiz also made copies of private images and videos that he found in the personal accounts of Yahoo users without their permission and stored them on a private computer a
Some D-Link and Comba WiFi Routers Leak Their Passwords in Plaintext

Some D-Link and Comba WiFi Routers Leak Their Passwords in Plaintext

Sep 10, 2019
What could be worse than your router leaking its administrative login credentials in plaintext? Cybersecurity researchers from Trustwave's SpiderLabs have discovered multiple security vulnerabilities in some router models from two popular manufacturers—D-Link and Comba Telecom—that involve insecure storage of credentials, potentially affecting every user and system on that network. Researcher Simon Kenin told The Hacker News that he discovered a total of five vulnerabilities—two in a D-Link DSL modem typically installed to connect a home network to an ISP, and three in multiple Comba Telecom WiFi devices. These flaws could potentially allow attackers to change your device settings, extract sensitive information, perform MitM attacks, redirect you to phishing or malicious sites and launch many more types of attacks. "Since your router is the gateway in and out of your entire network it can potentially affect every user and system on that network. An attacker-controlled
How To Check If Your Twitter Account Has Been Hacked

How To Check If Your Twitter Account Has Been Hacked

Sep 13, 2018
Did you ever wonder if your Twitter account has been hacked and who had managed to gain access and when it happened? Twitter now lets you know this. After Google and Facebook, Twitter now lets you see all the devices—laptop, phone, tablet, and otherwise—logged into your Twitter account. Twitter has recently rolled out a new security feature for its users, dubbed Apps and Sessions, allowing you to know which apps and devices are accessing your Twitter account, along with the location of those devices. In order to find out current and all past logged in devices and locations where your Twitter account was accessed for the last couple months, follow these steps: Check Twitter Login Sessions On Smartphone: Open the Twitter app, and head on to your profile Tap on 'Settings and privacy' section Inside the section, select 'Account' Once inside the option, tap on 'Apps and sessions' Check Twitter Login Sessions On Desktop Or Laptop: The p
Cortana Software Could Help Anyone Unlock Your Windows 10 Computer

Cortana Software Could Help Anyone Unlock Your Windows 10 Computer

Jun 13, 2018
Cortana, an artificial intelligence-based smart assistant that Microsoft has built into every version of Windows 10, could help attackers unlock your system password. With its latest patch Tuesday release , Microsoft has pushed an important update to address an easily exploitable vulnerability in Cortana that could allow hackers to break into a locked Windows 10 system and execute malicious commands with the user's privileges. In worst case scenario, hackers could also compromise the system completely if the user has elevated privileges on the targeted system. The elevation of privilege vulnerability, tracked as CVE-2018-8140 and reported by McAfee security researchers, resides due to Cortana's failure to adequately check command inputs, which eventually leads to code execution with elevated permissions. "An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status," Microsoft explain
QRLJacking — Hacking Technique to Hijack QR Code Based Quick Login System

QRLJacking — Hacking Technique to Hijack QR Code Based Quick Login System

Jul 28, 2016
Do you know that you can access your WeChat, Line and WhatsApp chats on your desktop as well using an entirely different, but fastest authentication system? It's SQRL , or Secure Quick Response Login, a QR-code-based authentication system that allows users to quickly sign into a website without having to memorize or type in any username or password. QR codes are two-dimensional barcodes that contain a significant amount of information such as a shared key or session cookie. A website that implements QR-code-based authentication system would display a QR code on a computer screen and anyone who wants to log-in would scan that code with a mobile phone app. Once scanned, the site would log the user in without typing in any username or password. Since passwords can be stolen using a keylogger, a man-in-the-middle (MitM) attack, or even brute force attack, QR codes have been considered secure as it randomly generates a secret code, which is never revealed to anybody else.
Warning! 32 Million Twitter Passwords May Have Been Hacked and Leaked

Warning! 32 Million Twitter Passwords May Have Been Hacked and Leaked

Jun 09, 2016
The world came to know about massive data breaches in some of the most popular social media websites including LinkedIn , MySpace , Tumblr , Fling, and VK.com when an unknown Russian hacker published the data dumps for sale on the underground black marketplace. However, these are only data breaches that have been publicly disclosed by the hacker. I wonder how much more stolen data sets this Russian, or other hackers are holding that have yet to be released. The answer is still unknown, but the same hacker is now claiming another major data breach, this time, in Twitter. Login credentials of more than 32 Million Twitter users are now being sold on the dark web marketplace for 10 Bitcoins (over $5,800). LeakedSource, a search engine site that indexes leaked login credentials from data breaches, noted in a blog post that it received a copy of the Twitter database from Tessa88, the same alias used by the hacker who provided it hacked data from Russian social network VK.com
VK.com HACKED! 100 Million Clear Text Passwords Leaked Online
Facebook CEO Zuckerberg's Twitter, Pinterest accounts Hacked! And the Password was...

Facebook CEO Zuckerberg's Twitter, Pinterest accounts Hacked! And the Password was...

Jun 06, 2016
The man who runs the biggest social network and continuously implements new security measures to boost its billion users security, himself failed to follow basics of Internet security for his own online accounts. Yes, I'm talking about Facebook CEO Mark Zuckerberg , who had his Twitter and Pinterest accounts compromised on Sunday. The hacker group from Saudi Arabia, dubbed OurMine , claimed responsibility for the hack and guess how the group did it? Thanks to the LinkedIn data breach ! The hackers tweeted that they found Zuck's account credentials in the recent LinkedIn data breach, from which they took his SHA1-hashed password string and then broke it and tried on several social media accounts. Also Read: Hacker Removed Zuckerberg's Facebook Cover Photo The group, which has more than 40,000 Twitter followers, then successfully broke into Zuck's Twitter ( @finkd ) and Pinterest profile and defaced its banners with its logo as well as tweeted out some offens
Has Your TeamViewer Account Been Hacked? Here's What to Do Immediately

Has Your TeamViewer Account Been Hacked? Here's What to Do Immediately

Jun 04, 2016
Do you have remote login software TeamViewer installed on your desktop? If Yes, then it could be possible that your system can be accessed by attackers to steal your personal details, including your bank and PayPal accounts, as several reports on Reddit and Twitter suggests. According to recent reports, the popular TeamViewer software that is used to remotely control PCs appears to have been HACKED ! Over the past few days, a number of users headed on to the Internet forums to report that unknown attackers are taking control of their computers through their TeamViewer accounts and, in some cases, trying to steal money through services like eBay or PayPal. This same behavior has also been reported by the IBM security researcher Nick Bradley, who said: "In the middle of my gaming session, I lose control of my mouse, and the TeamViewer window pops up in the bottom right corner of my screen. As soon as I realize what is happening, I kill the application. Then it dawns
Hacker is Selling 272 Million Email Passwords for Just $1

Hacker is Selling 272 Million Email Passwords for Just $1

May 05, 2016
A massive database of 272 million emails and passwords for popular email services, including Gmail, Microsoft, and Yahoo, are being offered for sale on the Dark Web for less than $1, media reports. An anonymous Russian hacker, who goes by the moniker " the Collector ," was first spotted by cybersecurity firm Hold Security advertising 1.17 Billion user records for email accounts on a dark web forum. The stolen credentials apparently came from some of the world's biggest email providers, including Gmail, Yahoo, Microsoft and Russia's Mail.ru. When security analysts at Hold Security reached out to the hacker and began negotiating for the dataset to verify the authenticity of those records, the hacker only asked for 50 Rubles (less than a buck) in return of the complete dump. However, it seems that there is actually nothing to worry about. Hold Security CEO Alex Holden said that a large number of those 1.17 Billion accounts credentials turned out to be duplicate an
Microsoft Pays $24,000 Bounty to Hacker for Finding 'Account Hacking' Technique

Microsoft Pays $24,000 Bounty to Hacker for Finding 'Account Hacking' Technique

Oct 08, 2015
A security researcher has won $24,000 from Microsoft for finding a critical flaw in its Live.com authentication system that could allow hackers to gain access to a user's complete Outlook account or other Microsoft services. Microsoft's Live.com is the authentication system that everyone go through while attempting to authenticate to Outlook.com and a large number of other Microsoft services, including OneDrive, Windows Phone, Skype, and Xbox LIVE. Hacking Hotmail (Outlook.com) Account It's one account for all services. So, if say, Outlook wants to access other apps, it uses a standard set of authentication code called OAuth . OAuth is an open standard for authorization that keeps your passwords safe on third-party sites and instead of sharing your password, it shares a special key called 'Access token' to access the app. OAuth authorizations are accomplished through a prompt, as shown below and to allow an app to gain access to your account, you n
British Intelligence Agency Can Hack Any Smartphone With Just a Text Message

British Intelligence Agency Can Hack Any Smartphone With Just a Text Message

Oct 07, 2015
Former NSA contractor and global surveillance whistleblower Edward Snowden told the BBC investigative programme Panorama Monday night that the British intelligence agency GCHQ has powers to hack any smartphones without their owners' knowledge. You heard right. The British Spying Agency have special tools that let them take over your smartphones with just a text message, said Edward Snowden , and there is " very little " you can do to prevent them having " total control " over your devices. By Sending just a Text message, the tools let spies: Listen in to what's happening in the room View files and the web history See messages and photos Taking secret pictures of smartphone owners Pinpoint exactly where a user is (to a much more sophisticated level than a typical GPS system) In other words, the tools allow agencies to monitor your every move and every conversation, even when your smartphone is turned OFF. Here's How GCHQ Ca
New Attack Targeting Microsoft Outlook Web App (OWA) to Steal Email Passwords

New Attack Targeting Microsoft Outlook Web App (OWA) to Steal Email Passwords

Oct 06, 2015
Researchers have unearthed a dangerous backdoor in Microsoft's Outlook Web Application (OWA) that has allowed hackers to steal e-mail authentication credentials from major organizations. The Microsoft Outlook Web Application or OWA is an Internet-facing webmail server that is being deployed in private companies and organisations to provide internal emailing capabilities. Researchers from security vendor Cybereason discovered a suspicious DLL file loaded into the company's OWA server that siphoned decrypted HTTPS server requests. Although the file had the same name as another benign DLL file, the suspicious DLL file was unsigned and loaded from another directory. Hackers Placed Malicious DLL on OWA Server According to the security firm, the attacker replaced the OWAAUTH.dll file ( used by OWA as part of the authentication mechanism ) with one that contained a dangerous backdoor. Since it ran on the OWA server, the backdoored DLL file allowed hacker
Cybersecurity Resources