#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

password stealer | Breaking Cybersecurity News | The Hacker News

Beware! Facebook UnfriendAlert Software Steals Your Account Password

Beware! Facebook UnfriendAlert Software Steals Your Account Password
Jun 06, 2015
Today everybody wants to know — Who visited my Facebook profile?, Who unfriended me from the Facebook Friend list?, Who saw my Facebook posts?, and many other features that isn't provided by Facebook by default. So most Facebook users try to find out a software and fall victim to one that promises to accomplish their desired task. Hackers make use of this weakness and often design malicious programs in order to victimize broad audience. Following I am going to disclose the realities behind one such software designed cleverly to trick Facebook users to make them believe it is genuine. UnfriendAlert , a free application that notifies you whenever someone removes you from the Facebook friend list, has been found collecting its users' Facebook credentials. UnfriendAlert Stealing your Facebook Credentials: Security researchers at Malwarebytes have warned users of the UnfriendAlert app saying that the notorious app asks users to login with their Facebook

AirHopper — Hacking Into an Isolated Computer Using FM Radio Signals

AirHopper — Hacking Into an Isolated Computer Using FM Radio Signals
Nov 01, 2014
In order to secure sensitive information such as Finance, many companies and government agencies generally use totally secure computer systems by making sure it aren't connected to any network at all. But the most secure systems aren't safe anymore. Security researchers at the Cyber Security Labs at Ben Gurion University in Israel have found a way to snoop on a personal computer even with no network connection. STEALING DATA USING RADIO SIGNALS Researchers have developed a proof-of-concept malware that can infiltrate a closed network to lift data from a machine that has been kept completely isolated from the internet or any Wi-Fi connection by using little more than a mobile phone's FM radio signals. Researcher Mordechai Guri , along with Professor Yuval Elovici of Ben Gurion University, presented the research on Thursday in the 9th IEEE International Conference on Malicious and Unwanted Software ( MALCON 2014 ) held at Denver. This new technology is kno

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl
Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte

Iranian Ajax Security Team targets US Defense Industry

Iranian Ajax Security Team targets US Defense Industry
May 14, 2014
The Iranian hacking group, which calls itself the " Ajax Security Team ", was quite famous from last few years for websites defacement attacks , and then suddenly they went into dark since past few months. But that doesn't mean that the group was inactive, rather defacing the websites, the group was planning something bigger. The Group of hackers at Ajax Security Team last defaced a website in December 2013 and after that it transitioned to sophisticated malware-based espionage campaigns in order to target U.S. defense organizations and Iranian dissidents, according to the report released by FireEye researchers. " The transition from patriotic hacking to cyber espionage is not an uncommon phenomenon. It typically follows an increasing politicization within the hacking community, particularly around geopolitical events ," researchers Nart Villeneuve, Ned Moran, Thoufique Haq and Mike Scott wrote in the report. " This is followed by increasing links between the hacking

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

Warning: Malicious version of FTP Software FileZilla stealing users' Credentials

Warning: Malicious version of FTP Software FileZilla stealing users' Credentials
Jan 29, 2014
Malware code can be very small, and the impact can be very severe! The Antivirus firm AVAST spotted a malicious version of the open source FTP (File Transfer Protocol) software ' FileZilla ' out in the wild. The software is open source, but has been modified by the hackers that steal users' credentials, offered on various hacked sites for download with banner or text ads. Once installed, the software's appearance and functionalities are equal to the original version, so a user cannot distinguish between the fake or real one, and the malware version of the " .exe " file is just slightly smaller than the real one. " The installed malware FTP client looks like the official version and it is fully functional! You can't find any suspicious behavior, entries in the system registry, communication or changes in application GUI ." The only difference is that the malware version use 2.46.3-Unicode and the official installer use v2.45-Unicode , as

Malicious Pinterest browser plugin stealing passwords and spreading spam

Malicious Pinterest browser plugin stealing passwords and spreading spam
Jul 11, 2013
Social networking sites are unfortunately now major interest to malicious cyber criminals, spreading malware and building botnet army to steal money direct from your keyboards. Janne Ahlberg, a security professional from Finland found and analysed an interesting piece of malicious code, offered as browser plugin, and infecting system to steal passwords from user's browser and also modifies the original Pinterest Pins links to spam with malicious links automatically. A diet spam on Pinterest redirecting users to a malicious site with domain name  pinteresf.org , plausible-looking domain name, like original Pinterest with similar appearance. On page load, it triggers a pop up message to all incoming visitors, offering to download " Pinterest Tool " as shown in screenshots " To continue, install our Pinterest Tool and enjoy more features of our site. " Janne's investigation claims that, this fake site offering a fake malware loaded browser plugin, harvesting passwords from us
Cybersecurity Resources