#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

password cracking | Breaking Cybersecurity News | The Hacker News

World’s largest Bitcoin Poker website hacked, 42000 user passwords leaked

World's largest Bitcoin Poker website hacked, 42000 user passwords leaked

Dec 20, 2013
World's largest Bitcoin poker website ' SealsWithClubs ' has been compromised and around 42,000 users' credentials are at risk. Seals With Club  has issued a  Mandatory Password Reset   warning to their users, according to a statement published on the website. The service admitted their database had been compromised and revealed that the data center used until November was breached, resulting 42,020 hashed password theft. " Passwords were salted and hashed per user, but to be safe every user MUST change their password when they next log in. Please do so at your earliest opportunity. If your Seals password was used for any other purpose you should reset those passwords too as a precaution. " and " Transfers may be disabled for a short period of time.". Seals With Clubs used SHA1 hash functions to encrypt the passwords, but SHA1 is outdated and easy to crack if not salted. ' StacyM ', a user then posted the hashed passwords on a web forum o
Web Hosting software WHMCS vulnerable to SQL Injection; emergency security update released

Web Hosting software WHMCS vulnerable to SQL Injection; emergency security update released

Oct 06, 2013
WHMCS, a popular client management, billing and support application for Web hosting providers, released an emergency security update for the 5.2 and 5.1 minor releases, to patch a critical vulnerability that was publicly disclosed. The vulnerability was publicly posted by a user named as ' localhost ' on October 3rd, 2013 and also reported by several users on various Hosting related Forums . He also released a  proof-of-concept exploit code  for this SQL injection vulnerability in WHMCS. WHMCS says , as the updates have " critical security impacts .", enables attackers to execute SQL injection attacks against WHMCS deployments in order to extract or modify sensitive information from their databases i.e. Including information about existing accounts, their hashed passwords, which can result in the compromise of the administrator account. Yesterday a group of Palestinian hackers , named as KDMS Team  possibly used the same vulnerability against one of the largest Host
Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Feb 14, 2024Financial Security / Cyber Threats
The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive financial data against the same level of sophisticated threats as larger institutions, but often with more limited resources. The FinServ Threat Landscape Recent trends show an alarming increase in sophisticated cyber-attacks. Cybercriminals now deploy advanced techniques like deep fake technology and AI-powered attacks, making it increasingly difficult for banks to differentiate between legitimate and malicious activities. These developments necessitate a shift towards more sophisticated and adaptive cybersecurity measures. Take these industry statistics, for example. Financial firms report 703 cyberattack attempts per week.1 On average, 270 attacks (entailing unauthorized access of data, appl
Cracking iPhone Hotspot password in 50 Seconds

Cracking iPhone Hotspot password in 50 Seconds

Jun 20, 2013
The ability to turn your iPhone into a Wi-Fi hotspot is a fantastically useful little tool in and of itself. When setting up a personal hotspot on their iPad or iPhone, users have the option of allowing iOS to automatically generate a password. According to a new study by Researchers at the University of Erlangen in Germany, iOS-generated passwords use a very specific formula one which the experienced hacker can crack in less than a minute. Using an iOS app written in Apple's own Xcode programming environment, the team set to work analyzing the words that Apple uses to generate its security keys . Apple's hotspot uses a standard WPA2 -type process, which includes the creation and passing of pre-shared keys (PSK). They found that the default passwords are made up of a combination of a short dictionary words followed by a series of random numbers and this method actually leaves them vulnerable to  brute force attack . The word list Apple uses contains approximately 52,500
cyber security

The Critical State of AI in the Cloud

websiteWiz.ioArtificial Intelligence / Cloud Security
Wiz Research reveals the explosive growth of AI adoption and what 150,000+ cloud accounts revealed about the AI surge.
Cracking 16 Character Strong passwords in less than an hour

Cracking 16 Character Strong passwords in less than an hour

May 30, 2013
The Password serves to protect your financial transactions, your social networking sites, and a host of other nominally secure websites online. People often say, " don't use dictionary words as passwords. They are horribly unsecure ", but what if hackers also managed to crack any 16 character password ? Criminals or trespassers who want to crack into your digital figurative backyard will always find a way. A team of hackers has managed to crack more than 14,800 supposedly random passwords from a list of 16,449 converted into hashes using the MD5 cryptographic hash function. The problem is the relatively weak method of encrypting passwords called hashing.  Hashing takes each user's plain text password and runs it through a one-way mathematical function. This creates a unique string of numbers and letters called the hash. The article reports that, using a commodity computer with a single AMD Radeon 7970 graphics card, it took him 20 hours to crack 14
Bypassing Google Two Factor Authentication

Bypassing Google Two Factor Authentication

Feb 26, 2013
Duo Security found a loophole in Google's authentication system that allowed them to Google's two factor authentication and gain full control over a user's Gmail account by abusing the unique passwords used to connect individual applications to Google accounts. Duo Security itself a two-factor authentication provider and the flaw is located in the auto-login mechanism implemented in Chrome in the latest versions of Android, that allowed them to use an ASP to gain access to a Google account's recovery and 2-step verification settings.  Auto-login allowed users who linked their mobile devices or Chromebooks to their Google accounts to automatically access all Google-related pages over the Web without ever seeing another login page. " Generally, once you turn on 2-step verification, Google asks you to create a separate Application-Specific Password for each application you use (hence "Application-Specific") that doesn't support logins using 2-step verif
The use of passwords in a technological evolution

The use of passwords in a technological evolution

Jan 17, 2013
Every day we read about an incredible number of successful attacks and data breaches that exploited leak of authentication mechanisms practically in every sector. Often also critical control system are exposed on line protected only by a weak password, in many cases the default one of factory settings, wrong behavior related to the human component and absence of input validation makes many applications vulnerable to external attacks. Today I desire to focus the attention of a report published by the consulting firm's Deloitte titled " Technology, Media & Telecommunications Predictions 2013 " that provide a series of technology predictions, including the outlook for subscription TV services and enterprise social networks. The document correctly express great concern of the improper use of passwords that will continue also in 2013 being causes of many problems, it must to be considered that value of the information protected by passwords continues to grow attracting il
Cybersecurity Resources