The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: how to hack

How To Check If Your Twitter Account Has Been Hacked

How To Check If Your Twitter Account Has Been Hacked

September 13, 2018Swati Khandelwal
Did you ever wonder if your Twitter account has been hacked and who had managed to gain access and when it happened? Twitter now lets you know this. After Google and Facebook, Twitter now lets you see all the devices—laptop, phone, tablet, and otherwise—logged into your Twitter account. Twitter has recently rolled out a new security feature for its users, dubbed Apps and Sessions, allowing you to know which apps and devices are accessing your Twitter account, along with the location of those devices. In order to find out current and all past logged in devices and locations where your Twitter account was accessed for the last couple months, follow these steps: Check Twitter Login Sessions On Smartphone: Open the Twitter app, and head on to your profile Tap on 'Settings and privacy' section Inside the section, select 'Account' Once inside the option, tap on 'Apps and sessions' Check Twitter Login Sessions On Desktop Or Laptop: The p
Cortana Software Could Help Anyone Unlock Your Windows 10 Computer

Cortana Software Could Help Anyone Unlock Your Windows 10 Computer

June 13, 2018Swati Khandelwal
Cortana, an artificial intelligence-based smart assistant that Microsoft has built into every version of Windows 10, could help attackers unlock your system password. With its latest patch Tuesday release , Microsoft has pushed an important update to address an easily exploitable vulnerability in Cortana that could allow hackers to break into a locked Windows 10 system and execute malicious commands with the user's privileges. In worst case scenario, hackers could also compromise the system completely if the user has elevated privileges on the targeted system. The elevation of privilege vulnerability, tracked as CVE-2018-8140 and reported by McAfee security researchers, resides due to Cortana's failure to adequately check command inputs, which eventually leads to code execution with elevated permissions. "An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status," Microsoft explain
QRLJacking — Hacking Technique to Hijack QR Code Based Quick Login System

QRLJacking — Hacking Technique to Hijack QR Code Based Quick Login System

July 28, 2016Swati Khandelwal
Do you know that you can access your WeChat, Line and WhatsApp chats on your desktop as well using an entirely different, but fastest authentication system? It's SQRL , or Secure Quick Response Login, a QR-code-based authentication system that allows users to quickly sign into a website without having to memorize or type in any username or password. QR codes are two-dimensional barcodes that contain a significant amount of information such as a shared key or session cookie. A website that implements QR-code-based authentication system would display a QR code on a computer screen and anyone who wants to log-in would scan that code with a mobile phone app. Once scanned, the site would log the user in without typing in any username or password. Since passwords can be stolen using a keylogger, a man-in-the-middle (MitM) attack, or even brute force attack, QR codes have been considered secure as it randomly generates a secret code, which is never revealed to anybody else.
Warning! 32 Million Twitter Passwords May Have Been Hacked and Leaked

Warning! 32 Million Twitter Passwords May Have Been Hacked and Leaked

June 09, 2016Swati Khandelwal
The world came to know about massive data breaches in some of the most popular social media websites including LinkedIn , MySpace , Tumblr , Fling, and VK.com when an unknown Russian hacker published the data dumps for sale on the underground black marketplace. However, these are only data breaches that have been publicly disclosed by the hacker. I wonder how much more stolen data sets this Russian, or other hackers are holding that have yet to be released. The answer is still unknown, but the same hacker is now claiming another major data breach, this time, in Twitter. Login credentials of more than 32 Million Twitter users are now being sold on the dark web marketplace for 10 Bitcoins (over $5,800). LeakedSource, a search engine site that indexes leaked login credentials from data breaches, noted in a blog post that it received a copy of the Twitter database from Tessa88, the same alias used by the hacker who provided it hacked data from Russian social network VK.com
VK.com HACKED! 100 Million Clear Text Passwords Leaked Online

VK.com HACKED! 100 Million Clear Text Passwords Leaked Online

June 06, 2016Swati Khandelwal
Another day, another Data Breach! Now, Russia's biggest social networking site VK.com is the latest in the line of historical data breaches targeting social networking websites. The same hacker who previously sold data dumps from MySpace , Tumblr , LinkedIn , and Fling.com, is now selling more than 100 Million VK.com records for just 1 Bitcoin ( approx. US$580 ). The database contains information like full names ( first names and last names ), email addresses, plain-text passwords, location information, phone numbers and, in some cases, secondary email addresses. Yes, plain-text passwords. According to Peace, the passwords were already in plain text when the VK.com was hacked. So, if the site still stores passwords in cleartext today, this could be a real security risk for its users. The data breach has initially been reported by LeakedSource search engine, which received portions of the database from one of the people who bought it. The company has already analyzed t
Facebook CEO Zuckerberg's Twitter, Pinterest accounts Hacked! And the Password was...

Facebook CEO Zuckerberg's Twitter, Pinterest accounts Hacked! And the Password was...

June 06, 2016Mohit Kumar
The man who runs the biggest social network and continuously implements new security measures to boost its billion users security, himself failed to follow basics of Internet security for his own online accounts. Yes, I’m talking about Facebook CEO Mark Zuckerberg , who had his Twitter and Pinterest accounts compromised on Sunday. The hacker group from Saudi Arabia, dubbed OurMine , claimed responsibility for the hack and guess how the group did it? Thanks to the LinkedIn data breach ! The hackers tweeted that they found Zuck's account credentials in the recent LinkedIn data breach, from which they took his SHA1-hashed password string and then broke it and tried on several social media accounts. Also Read: Hacker Removed Zuckerberg's Facebook Cover Photo The group, which has more than 40,000 Twitter followers, then successfully broke into Zuck's Twitter ( @finkd ) and Pinterest profile and defaced its banners with its logo as well as tweeted out some offens
Has Your TeamViewer Account Been Hacked? Here's What to Do Immediately

Has Your TeamViewer Account Been Hacked? Here's What to Do Immediately

June 04, 2016Swati Khandelwal
Do you have remote login software TeamViewer installed on your desktop? If Yes, then it could be possible that your system can be accessed by attackers to steal your personal details, including your bank and PayPal accounts, as several reports on Reddit and Twitter suggests. According to recent reports, the popular TeamViewer software that is used to remotely control PCs appears to have been HACKED ! Over the past few days, a number of users headed on to the Internet forums to report that unknown attackers are taking control of their computers through their TeamViewer accounts and, in some cases, trying to steal money through services like eBay or PayPal. This same behavior has also been reported by the IBM security researcher Nick Bradley, who said: "In the middle of my gaming session, I lose control of my mouse, and the TeamViewer window pops up in the bottom right corner of my screen. As soon as I realize what is happening, I kill the application. Then it dawns
Hacker is Selling 272 Million Email Passwords for Just $1

Hacker is Selling 272 Million Email Passwords for Just $1

May 05, 2016Wang Wei
A massive database of 272 million emails and passwords for popular email services, including Gmail, Microsoft, and Yahoo, are being offered for sale on the Dark Web for less than $1, media reports. An anonymous Russian hacker, who goes by the moniker " the Collector ," was first spotted by cybersecurity firm Hold Security advertising 1.17 Billion user records for email accounts on a dark web forum. The stolen credentials apparently came from some of the world’s biggest email providers, including Gmail, Yahoo, Microsoft and Russia’s Mail.ru. When security analysts at Hold Security reached out to the hacker and began negotiating for the dataset to verify the authenticity of those records, the hacker only asked for 50 Rubles (less than a buck) in return of the complete dump. However, it seems that there is actually nothing to worry about. Hold Security CEO Alex Holden said that a large number of those 1.17 Billion accounts credentials turned out to be duplicate an
Microsoft Pays $24,000 Bounty to Hacker for Finding 'Account Hacking' Technique

Microsoft Pays $24,000 Bounty to Hacker for Finding 'Account Hacking' Technique

October 08, 2015Swati Khandelwal
A security researcher has won $24,000 from Microsoft for finding a critical flaw in its Live.com authentication system that could allow hackers to gain access to a user’s complete Outlook account or other Microsoft services. Microsoft's Live.com is the authentication system that everyone go through while attempting to authenticate to Outlook.com and a large number of other Microsoft services, including OneDrive, Windows Phone, Skype, and Xbox LIVE. Hacking Hotmail (Outlook.com) Account It’s one account for all services. So, if say, Outlook wants to access other apps, it uses a standard set of authentication code called OAuth . OAuth is an open standard for authorization that keeps your passwords safe on third-party sites and instead of sharing your password, it shares a special key called 'Access token' to access the app. OAuth authorizations are accomplished through a prompt, as shown below and to allow an app to gain access to your account, you n
British Intelligence Agency Can Hack Any Smartphone With Just a Text Message

British Intelligence Agency Can Hack Any Smartphone With Just a Text Message

October 07, 2015Swati Khandelwal
Former NSA contractor and global surveillance whistleblower Edward Snowden told the BBC investigative programme Panorama Monday night that the British intelligence agency GCHQ has powers to hack any smartphones without their owners' knowledge. You heard right. The British Spying Agency have special tools that let them take over your smartphones with just a text message, said Edward Snowden , and there is " very little " you can do to prevent them having " total control " over your devices. By Sending just a Text message, the tools let spies: Listen in to what's happening in the room View files and the web history See messages and photos Taking secret pictures of smartphone owners Pinpoint exactly where a user is (to a much more sophisticated level than a typical GPS system) In other words, the tools allow agencies to monitor your every move and every conversation, even when your smartphone is turned OFF. Here's How GCHQ Ca
New Attack Targeting Microsoft Outlook Web App (OWA) to Steal Email Passwords

New Attack Targeting Microsoft Outlook Web App (OWA) to Steal Email Passwords

October 06, 2015Swati Khandelwal
Researchers have unearthed a dangerous backdoor in Microsoft's Outlook Web Application (OWA) that has allowed hackers to steal e-mail authentication credentials from major organizations. The Microsoft Outlook Web Application or OWA is an Internet-facing webmail server that is being deployed in private companies and organisations to provide internal emailing capabilities. Researchers from security vendor Cybereason discovered a suspicious DLL file loaded into the company's OWA server that siphoned decrypted HTTPS server requests. Although the file had the same name as another benign DLL file, the suspicious DLL file was unsigned and loaded from another directory. Hackers Placed Malicious DLL on OWA Server According to the security firm, the attacker replaced the OWAAUTH.dll file ( used by OWA as part of the authentication mechanism ) with one that contained a dangerous backdoor. Since it ran on the OWA server, the backdoored DLL file allowed hacker
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.