#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

password stealer | Breaking Cybersecurity News | The Hacker News

ALERT: This New Ransomware Steals Passwords Before Encrypting Files

ALERT: This New Ransomware Steals Passwords Before Encrypting Files

Dec 04, 2015
You should be very careful while visiting websites on the Internet because you could be hit by a new upgrade to the World's worst Exploit Kit – Angler , which lets hackers develop and conduct their own drive-by attacks on visitors' computers with relative ease. Many poorly-secured websites are targeting Windows users with a new "Cocktail" of malware that steals users' passwords before locking them out from their machines for ransom. Yes, stealing Windows users' passwords before encrypting their data and locking their PCs for ransom makes this upgrade to the Angler Exploit Kit nastier. Here's How the New Threat Works: Once the Angler exploit kit finds a vulnerable application, such as Adobe Flash, in visitor's computer, the kit delivers its malicious payloads, according to a blog post published by Heimdal Security. The First Payload infects the victim's PC with a widely used data thief exploit known as Pony that systematic
Beware! Facebook UnfriendAlert Software Steals Your Account Password

Beware! Facebook UnfriendAlert Software Steals Your Account Password

Jun 06, 2015
Today everybody wants to know — Who visited my Facebook profile?, Who unfriended me from the Facebook Friend list?, Who saw my Facebook posts?, and many other features that isn't provided by Facebook by default. So most Facebook users try to find out a software and fall victim to one that promises to accomplish their desired task. Hackers make use of this weakness and often design malicious programs in order to victimize broad audience. Following I am going to disclose the realities behind one such software designed cleverly to trick Facebook users to make them believe it is genuine. UnfriendAlert , a free application that notifies you whenever someone removes you from the Facebook friend list, has been found collecting its users' Facebook credentials. UnfriendAlert Stealing your Facebook Credentials: Security researchers at Malwarebytes have warned users of the UnfriendAlert app saying that the notorious app asks users to login with their Facebook
Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Feb 14, 2024Financial Security / Cyber Threats
The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive financial data against the same level of sophisticated threats as larger institutions, but often with more limited resources. The FinServ Threat Landscape Recent trends show an alarming increase in sophisticated cyber-attacks. Cybercriminals now deploy advanced techniques like deep fake technology and AI-powered attacks, making it increasingly difficult for banks to differentiate between legitimate and malicious activities. These developments necessitate a shift towards more sophisticated and adaptive cybersecurity measures. Take these industry statistics, for example. Financial firms report 703 cyberattack attempts per week.1 On average, 270 attacks (entailing unauthorized access of data, appl
AirHopper — Hacking Into an Isolated Computer Using FM Radio Signals

AirHopper — Hacking Into an Isolated Computer Using FM Radio Signals

Nov 01, 2014
In order to secure sensitive information such as Finance, many companies and government agencies generally use totally secure computer systems by making sure it aren't connected to any network at all. But the most secure systems aren't safe anymore. Security researchers at the Cyber Security Labs at Ben Gurion University in Israel have found a way to snoop on a personal computer even with no network connection. STEALING DATA USING RADIO SIGNALS Researchers have developed a proof-of-concept malware that can infiltrate a closed network to lift data from a machine that has been kept completely isolated from the internet or any Wi-Fi connection by using little more than a mobile phone's FM radio signals. Researcher Mordechai Guri , along with Professor Yuval Elovici of Ben Gurion University, presented the research on Thursday in the 9th IEEE International Conference on Malicious and Unwanted Software ( MALCON 2014 ) held at Denver. This new technology is kno
cyber security

The Critical State of AI in the Cloud

websiteWiz.ioArtificial Intelligence / Cloud Security
Wiz Research reveals the explosive growth of AI adoption and what 150,000+ cloud accounts revealed about the AI surge.
Iranian Ajax Security Team targets US Defense Industry

Iranian Ajax Security Team targets US Defense Industry

May 14, 2014
The Iranian hacking group, which calls itself the " Ajax Security Team ", was quite famous from last few years for websites defacement attacks , and then suddenly they went into dark since past few months. But that doesn't mean that the group was inactive, rather defacing the websites, the group was planning something bigger. The Group of hackers at Ajax Security Team last defaced a website in December 2013 and after that it transitioned to sophisticated malware-based espionage campaigns in order to target U.S. defense organizations and Iranian dissidents, according to the report released by FireEye researchers. " The transition from patriotic hacking to cyber espionage is not an uncommon phenomenon. It typically follows an increasing politicization within the hacking community, particularly around geopolitical events ," researchers Nart Villeneuve, Ned Moran, Thoufique Haq and Mike Scott wrote in the report. " This is followed by increasing links between the hacking
Warning: Malicious version of FTP Software FileZilla stealing users' Credentials

Warning: Malicious version of FTP Software FileZilla stealing users' Credentials

Jan 29, 2014
Malware code can be very small, and the impact can be very severe! The Antivirus firm AVAST spotted a malicious version of the open source FTP (File Transfer Protocol) software ' FileZilla ' out in the wild. The software is open source, but has been modified by the hackers that steal users' credentials, offered on various hacked sites for download with banner or text ads. Once installed, the software's appearance and functionalities are equal to the original version, so a user cannot distinguish between the fake or real one, and the malware version of the " .exe " file is just slightly smaller than the real one. " The installed malware FTP client looks like the official version and it is fully functional! You can't find any suspicious behavior, entries in the system registry, communication or changes in application GUI ." The only difference is that the malware version use 2.46.3-Unicode and the official installer use v2.45-Unicode , as
Malicious Pinterest browser plugin stealing passwords and spreading spam

Malicious Pinterest browser plugin stealing passwords and spreading spam

Jul 11, 2013
Social networking sites are unfortunately now major interest to malicious cyber criminals, spreading malware and building botnet army to steal money direct from your keyboards. Janne Ahlberg, a security professional from Finland found and analysed an interesting piece of malicious code, offered as browser plugin, and infecting system to steal passwords from user's browser and also modifies the original Pinterest Pins links to spam with malicious links automatically. A diet spam on Pinterest redirecting users to a malicious site with domain name  pinteresf.org , plausible-looking domain name, like original Pinterest with similar appearance. On page load, it triggers a pop up message to all incoming visitors, offering to download " Pinterest Tool " as shown in screenshots " To continue, install our Pinterest Tool and enjoy more features of our site. " Janne's investigation claims that, this fake site offering a fake malware loaded browser plugin, harvesting passwords from us
Cybersecurity Resources