#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter

password bypass | Breaking Cybersecurity News | The Hacker News

Hackers Could Easily Take Remote Control of Your Segway Hoverboards

Hackers Could Easily Take Remote Control of Your Segway Hoverboards

Jul 19, 2017
If you are hoverboard rider, you should be concerned about yourself. Thomas Kilbride, a security researcher from security firm IOActive, have discovered several critical vulnerabilities in Segway Ninebot miniPRO that could be exploited by hackers to remotely take "full control" over the hoverboard within range and leave riders out-of-control. Segway Ninebot miniPRO is a high-speed, self-balancing, two-wheel, hands-free electric scooter, also known as SUV of hoverboards, which also allows it riders to control the hoverboard by a Ninebot smartphone app remotely. Ninebot smartphone app allows riders to adjust light colours, modify safety features, run vehicle diagnostics, set anti-theft alarms, and even remotely commanding the miniPRO scooter to move. But the security of powerful miniPRO was so sick that Thomas hardly took 20 seconds to hack it and hijack remote control of it. In a blog post published today, Thomas has disclosed a series of critical security vul
Samsung Galaxy S5 Fingerprint Scanner Easily Get Hacked

Samsung Galaxy S5 Fingerprint Scanner Easily Get Hacked

Apr 15, 2014
Samsung Galaxy S5 Fingerprint feature promises an extra layer of security for your smartphone, which also lets you make payments through PayPal. But does it really secure? Just three days after the launch of the Galaxy S5, Security researchers have successfully managed to hack Galaxy S5 Fingerprint sensor using a similar method that was used to spoof the Touch ID sensor on the iPhone 5S last year. FOOLING FINGERPRINT SENSOR SRLabs researchers recently uploaded a YouTube video, demonstrated how they were able to bypass the fingerprint authentication mechanism to gain unauthorized access just by using a lifted fingerprint with wood-glue based dummy finger. The S5 fingerprint scanner allows multiple incorrect attempts without requiring a password, so an attacker could potentially keep trying multiple spoofed fingerprints until the correct match. PAYPAL USERS AT RISK Samsung Galaxy S5 users can also transfer money to other PayPal users just by swiping their finger on the sensor, but
SaaS Compliance through the NIST Cybersecurity Framework

SaaS Compliance through the NIST Cybersecurity Framework

Feb 20, 2024Cybersecurity Framework / SaaS Security
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a configuration policy that will apply to an HR app that manages employees, a marketing app that manages content, and an R&D app that manages software versions, all while aligning with NIST compliance standards.  However, there are several settings that can be applied to nearly every app in the SaaS stack. In this article, we'll explore some universal configurations, explain why they are important, and guide you in setting them in a way that improves your SaaS apps' security posture.  Start with Admins Role-based access control (RBAC) is a key to NIST adherence and should be applied to every SaaS a
Disabling 'Find My iPhone' on iOS 7 without any Password

Disabling 'Find My iPhone' on iOS 7 without any Password

Apr 05, 2014
iOS devices have a feature called ' Find My iPhone ', allows device owner to locate their stolen devices using linked Apple ID with iCloud Account. Unfortunately, a security flaw in iOS make it possible to turn off Find My iPhone without a password and enabled thieves to bypass the protection which makes the iPhone  untraceable if lost or stolen. To Set-Up ' Find My iPhone ' feature, users need to link their Apple ID with it and this will not only helps in locating the device but also gives permission to its user to remove all the data, drive direction to the lost device, lock the device by a passcode and displays a custom message on the locked screen. KILL 'Find My iPhone' WITHOUT APPLE PASSWORD Normally, disabling Find My iPhone requires Apple ID password, but according to the vulnerability reported by  Miguel Alvarado,  a thief can bypass all of this security feature without knowing your Apple account's password . In a video demons
cyber security

Are You Vulnerable to Third-Party Breaches Through Interconnected SaaS Apps?

websiteWing SecuritySaaS Security / Risk Management
Protect against cascading risks by identifying and mitigating app2app and third-party SaaS vulnerabilities.
5-year-old Boy discovers Microsoft Xbox Password Bypass vulnerability

5-year-old Boy discovers Microsoft Xbox Password Bypass vulnerability

Apr 04, 2014
A 5-year-old San Diego boy managed to hack one of the most popular gaming systems in the world, Xbox and has now been acknowledged as a security researcher by Microsoft. Kristoffer Von Hassel uncovered a vulnerability in Xbox Live's password system, that would allow someone to log into a Xbox player's account without their password. Kristoffer's parents noticed he was logging into his father's Xbox Live account simply by tapping the space bar. YES, BACKDOOR ENTRY WITH JUST SPACE-BAR His father noticed that Kristoffer logged in as his Xbox Live account to play video games that he wasn't meant to be playing and asked how he had done it.  Kristoffer revealed that by typing in the wrong password and then by pressing the spacebar, he bypassed the password verification through a backdoor, and it was pretty simple! HIS FEELING, "was like yeah!" 5-year-old gamer actually hacked the authentication system of a multi-billion dollar company,
Vulnerability in Android 4.3 allows apps to Remove Device Locks, POC app released

Vulnerability in Android 4.3 allows apps to Remove Device Locks, POC app released

Dec 02, 2013
In September, Google added the remote Device locking Capability to its Android Device Manager , allowing users to lock their phone if it's stolen or lost. The mechanism allows user to override the existing device lock scheme and set password scheme for better security. But Recently, Curesec Research Team  from Germany has discovered an interesting vulnerability ( CVE-2013-6271 ) in   Android 4.3 that allows a rogue app to remove all existing device locks activated by a user. ' The bug exists on the "com.android.settings.ChooseLockGeneric class". This class is used to allow the user to modify the type of lock mechanism the device should have. ' CRT team says in a blog post Android OS has several device lock mechanisms like PIN, Password, Gesture and even faces recognition to lock and unlock a device. For modification in password settings, the device asks the user for confirmation of the previous lock. But if some malicious application is installed on the device, it coul
Exclusive : New Touch ID hack allows hacker to unlock an iPhone by multiple fingerprints

Exclusive : New Touch ID hack allows hacker to unlock an iPhone by multiple fingerprints

Sep 29, 2013
The Iranian group defeated the very basic phenomenon of an iPhone Fingerprinting scanner, which allows them to unlock an iPhone device with multiple Fingerprints. Apple's iPhone 5s , was launched just available in stores two weeks before with a new feature of biometrics-based security system called " Touch ID ", that involves analyzing a user's fingerprint and using that to unlock the phone. Apple launched the technology that it promises will better protect devices from criminals and snoopers seeking access. With this you can purchase things from the iTunes App Store. Basically, you can now use it in place of your password. " Fingerprint is one of the best passcodes in the world. It's always with you, and no two are exactly alike, " according to the Apple's website. Last week Germany Hackers showed that how they were able to deceive Apple's latest security feature into believing they're someone they're not, using a well-honed technique for
Cybersecurity Resources