#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

password cracker software | Breaking Cybersecurity News | The Hacker News

Facebook Mistakenly Stored Millions of Users' Passwords in Plaintext

Facebook Mistakenly Stored Millions of Users' Passwords in Plaintext

Mar 21, 2019
Holy moly, Facebook is again at the center of a new privacy controversy after revealing today that its platform mistakenly kept a copy of passwords for "hundreds of millions" users in plaintext. What's more? Not just Facebook, Instagram users are also affected by the latest security incident. So, if you are one of the affected users, your Facebook or Instagram password was readable to some of the Facebook engineers who have internal access to the servers and the database. Though the social media company did not mention exactly what component or application on its website had the programmatic error that caused the issue, it did reveal that the company discovered the security blunder in January this year during a routine security check. In a blog post published today, Facebook's vice president of engineering Pedro Canahuati said an internal investigation of the incident found no evidence of any Facebook employee abusing those passwords. "To be clear, t
Password-Guessing Was Used to Hack Gentoo Linux Github Account

Password-Guessing Was Used to Hack Gentoo Linux Github Account

Jul 05, 2018
Maintainers of the Gentoo Linux distribution have now revealed the impact and "root cause" of the attack that saw unknown hackers taking control of its GitHub account last week and modifying the content of its repositories and pages. The hackers not only managed to change the content in compromised repositories but also locked out Gentoo developers from their GitHub organisation. As a result of the incident, the developers were unable to use GitHub for five days. What Went Wrong? Gentoo developers have revealed that the attackers were able to gain administrative privileges for its Github account, after guessing the account password. The organisation could have been saved if it was using a two-factor authentication, which requires an additional passcode besides the password in order to gain access to the account. "The attacker gained access to a password of an organization administrator. Evidence collected suggests a password scheme where disclosure on on
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
WordPress Security: Brute Force Amplification Attack Targeting Thousand of Blogs

WordPress Security: Brute Force Amplification Attack Targeting Thousand of Blogs

Oct 09, 2015
Most of the times, we have reported about WordPress vulnerabilities involving vulnerable plugins, but this time security researchers have discovered Brute Force Amplification attacks on the most popular CMS (content management system) platform. Researchers from security firm Sucuri have found a way to perform Brute Force amplification attacks against WordPress' built-in XML-RPC feature to crack down administrator credentials. XML-RPC is one of the simplest protocols for securely exchanging data between computers across the Internet. It uses the system.multicall method that allows an application to execute multiple commands within one HTTP request. A number of CMS including WordPress and Drupal support XML-RPC. But… The same method has been abused to amplify their Brute Force attacks many times over by attempting hundreds of passwords within just one HTTP request, without been detected. Amplified Brute-Force Attacks This means instead of trying tho
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Hacker Released 'iDict' Tool That Can Hack Your iCloud Account

Hacker Released 'iDict' Tool That Can Hack Your iCloud Account

Jan 03, 2015
Hackers have a great start of new year 2015, giving a public threat to Apple's online iCloud service. A hacker using the handle " Pr0x13 " has released a password-hacking tool to GitHub website that assures attackers to break into any iCloud account, potentially giving them free access to victims' iOS devices. The tool, dubbed iDict , actually makes use of an exploit in Apple's iCloud security infrastructure to bypass restrictions and two-factor authentication security that prevents brute force attacks and keeps most hackers away from gaining access to users' iCloud accounts. Yes, the brute force security flaw in Apple's iCloud file storage service that was responsible for celebrity nude photos leak , including Kim Kardashian , Vanessa Hudgens , Jennifer Lawrence , Rihanna , Kristin Dunst and Kate Upton , late last year. Pr0x13 claims iDict to be a "100 percent" effective and simple to use method of cracking individual iCloud account login credentials. So, t
Cybersecurity Resources