#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

password security | Breaking Cybersecurity News | The Hacker News

ALERT: This New Ransomware Steals Passwords Before Encrypting Files

ALERT: This New Ransomware Steals Passwords Before Encrypting Files
Dec 04, 2015
You should be very careful while visiting websites on the Internet because you could be hit by a new upgrade to the World's worst Exploit Kit – Angler , which lets hackers develop and conduct their own drive-by attacks on visitors' computers with relative ease. Many poorly-secured websites are targeting Windows users with a new "Cocktail" of malware that steals users' passwords before locking them out from their machines for ransom. Yes, stealing Windows users' passwords before encrypting their data and locking their PCs for ransom makes this upgrade to the Angler Exploit Kit nastier. Here's How the New Threat Works: Once the Angler exploit kit finds a vulnerable application, such as Adobe Flash, in visitor's computer, the kit delivers its malicious payloads, according to a blog post published by Heimdal Security. The First Payload infects the victim's PC with a widely used data thief exploit known as Pony that systematic

Collision Attack: Widely Used SHA-1 Hash Algorithm Needs to Die Immediately

Collision Attack: Widely Used SHA-1 Hash Algorithm Needs to Die Immediately
Oct 08, 2015
SHA-1 – one of the Internet's widely adopted cryptographic hash function – is Just about to Die. Yes, the cost and time required to break the SHA1 algorithm have fallen much faster than previously expected. According to a team of researchers, SHA-1 is so weak that it may be broken and compromised by hackers in the next three months. The SHA-1 algorithm was designed in 1995 by the National Security Agency (NSA) as a part of the Digital Signature Algorithm. Like other hash functions, SHA-1 converts any input message to a long string of numbers and letters that serve as a cryptographic fingerprint for that message. Like fingerprints, the resulting hashes are useful as long as they are unique. If two different message inputs generate the same hash (also known as a collision ), it can open doors for real-world hackers to break into the security of banking transactions, software downloads, or any website communication. Collision Attacks on SHA-1 Researchers

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu

Encryption Software VeraCrypt 1.12 Adds New PIM Feature To Boost Password Security

Encryption Software VeraCrypt 1.12 Adds New PIM Feature To Boost Password Security
Aug 11, 2015
Encrypting your sensitive data is important. As you may know, CIA... C onfidentiality I ntegrity A vailability ...are the essential elements of Information Security. There are a number of tools and methods available out there, but not all encryption tools are same. We are now living in an era where everyone is watching everyone else, and now you need to pay extra attention before choosing any tool. VeraCrypt , a TrueCrypt alternative, is an open source file encryption software designed to protect your online privacy. VeraCrypt enters the market within months after TrueCrypt died , almost similar to it, but with enhancements to further secure your data. A week ago, latest version VeraCrypt 1.12 released with a new feature called PIM, which stands for " Personal Iterations Multiplier ". PIM (Personal Iterations Multiplier) is a new parameter introduced in VeraCrypt 1.12 to secure your data. PIM is basically a secret numerical value that

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

This MicroSD Card Has Entire Secure Computer Inside It

This MicroSD Card Has Entire Secure Computer Inside It
Jun 01, 2015
As Millions of Hackers, Spammers and Scammers are after your sensitive online data, you can't really expect your passwords to stay secure forever, even if you are using long passwords. Most of us might be worried about losing our passwords as we keep signing up for online services. However, Google is equally concerned about your online security and wants to help you protect your most sensitive data in a most smarter way. Google has now made what has to be one of the smallest computers ever — Project Vault. That's a really catching name announced on the second day of the annual Google I/O developers conference on Friday. Project Vault, designed by Google's ATAP (Advanced Technology and Projects) group, is a secure computer entirely packed onto a microSD card that can be plugged into any system whether it's a desktop or a mobile phone. The vault is technically a computer though it is not for regular computing. Rather it is a new and secure way to com

London Railway System Passwords Exposed During TV Documentary

London Railway System Passwords Exposed During TV Documentary
May 02, 2015
The Weakest Link In the Information Security Chain is still – Humans. And this news has ability to prove this fact Right. One of London's busiest railway stations has unwittingly exposed their system credentials during a BBC documentary. The sensitive credentials printed and attached to the top of a station controller's monitor were aired on Wednesday night on BBC. What could be even worse? If you think that the credentials might have been shown off in the documentary for a while or some seconds, then you are still unaware of the limit of their stupidity. The login credentials were visible for about 44 minute in the BBC documentary " Nick and Margaret: The Trouble with Our Trains " on Wednesday night, which featured Nick Hewer and Margaret Mountford – the two business experts, both famous for their supporting role on The Apprentice. The documentary was available on the YouTube , but have now been removed due to security concerns. While

Hacker Finds a Simple Way to Bypass Google Password Alert

Hacker Finds a Simple Way to Bypass Google Password Alert
May 02, 2015
Less than 24 hours after Google launched the new Phishing alert extension Password Alert , a security researcher was able to bypass the feature using deadly simple exploits. On Wednesday, the search engine giant launched a new Password Alert Chrome extension to alert its users whenever they accidentally enter their Google password on a carefully crafted phishing website that aimed at hijacking users' account. However, security expert Paul Moore easily circumvented the technology using just seven lines of simple JavaScript code that kills phishing alerts as soon as they started to appear, defeating Google's new Password Alert extension. Google shortly fixed the issue and released a new update to Password Alert extension that blocked the Moore's exploit. However, Moore discovered another way to block the new version of Password Alert, as well. The first proof of concept exploit by Moore relied on a JavaScript that looks for instances of warning screen every five mil

PayPal Wants To Integrate Password with Human Body

PayPal Wants To Integrate Password with Human Body
Apr 18, 2015
You would have been holding a number of online accounts for different services, but how many of you hold a different and unique password for every single account? Probably a very few of you. The majority of people have one or two passwords that are quite simple and easy to remember and comfortably manage on their own. However, you need not worry as the Future of identification would not rely on Passwords , according to PayPal's global head of developer evangelism Jonathan Leblanc . Neither it will depend on the old Biometric identification technologies, such as Fingerprint scanners and IRIS scanners , Rather depends on something More Secure and Easier to Use … ...Embeddable, Injectable and Ingestible Devices Yes, the next generation of identification for mobile payments and other sensitive online interactions will depend on embeddable, injectable, and ingestible devices, completely replacing passwords with the identification of your body. KILL ALL PASSWORDS

'TweetDeck Teams' Allows Managing Multiple Twitter Accounts Without Sharing Passwords

'TweetDeck Teams' Allows Managing Multiple Twitter Accounts Without Sharing Passwords
Feb 18, 2015
Many times organizations, companies and groups of people come across the problem when their social media teams have to work within a single Twitter account or maintain multiple twitter accounts. In this case, either they need to use some third party API-based services or they use TweetDeck software, the official free alternative tool to manage multiple twitter accounts. But the major problem with TweetDeck service is that everyone in the team need to have access to the same TweetDeck account password or multiple Twitter account passwords in order to use multiple accounts at one interface, and this is a known password sharing security issue from past few years. To cope up with these issues, Twitter has started rolling out a new feature called TweetDeck Teams , a new way to let you share your Twitter accounts on TweetDeck to multiple users without sharing passwords. ROLE OF ADMINISTRATORS TweetDeck Teams, which is rolling out to TweetDeck for the web, TweetDeck for Chro
Cybersecurity Resources