#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

sms hacking | Breaking Cybersecurity News | The Hacker News

Twitter Enables Password Reset With SMS and Suspicious Login Notifications

Twitter Enables Password Reset With SMS and Suspicious Login Notifications

May 09, 2014
The popular social media site Twitter is rolling out a couple of new features to its login process to help users prevent their account in a more secure way and restore access to their account if they forget their accounts' password. For tighten up the security measures Twitter is launching two factor authentication in its new password reset experience, making its users to reset their password in easier way and at the same time difficult for cybercriminals to log in to users' accounts. " The new process lets you choose the email address or phone number associated with your account where you'd like us to send your reset information. That way, whether you've recently changed your phone number, or are traveling with limited access to your devices, or had an old email address connected to your Twitter account, you've got options ," Twitter said in a blogpost on Thursday. RESET TWITTER PASSWORD WITH SMS This new experience will let Twitter users to
CASH! CASH! Hacking ATM Machines with Just a Text Message

CASH! CASH! Hacking ATM Machines with Just a Text Message

Mar 25, 2014
As we reported earlier, Microsoft will stop supporting the Windows XP operating system after 8th April, apparently 95% of the world's 3 million ATM machines are run on it.  Microsoft's decision to withdraw support for Windows XP  poses critical security threat to the economic infrastructure worldwide. MORE REASONS TO UPGRADE Security researchers at Antivirus firm Symantec claimed that hackers can exploit a weakness in Windows XP based ATMs, that allow them to withdraw cash simply by sending an SMS to compromised ATMs. " What was interesting about this variant of  Ploutus  was that it allowed  cybercriminals  to simply send an SMS to the compromised ATM, then walk up and collect the dispensed cash. It may seem incredible, but this technique is being used in a number of places across the world at this time. " researchers said. HARDWIRED Malware for ATMs According to researchers - In 2013, they detected a malware named Backdoor . Ploutus,  installed on ATMs in Mexico, wh
DROPOUTJEEP: NSA's Secret program to access any Apple iPhone, including microphone & camera

DROPOUTJEEP: NSA's Secret program to access any Apple iPhone, including microphone & camera

Jan 02, 2014
In the era of Smartphones, Apple's iPhone is the most popular device that exists, which itself gives the reason to target it. According to leaked documents shared by Security researcher  Jacob Appelbaum , a secret NSA program code named DROPOUTJEEP has nearly total access to the Apple's iPhones, which uses " modular mission applications to provide specific SIGINT functionality. " While giving the presentation at the Chaos Communications Congress (30C3) in Hamburg, Germany on Monday, Appelbaum revealed that NSA reportedly sniffing out every last bit of data from your iPhone. DROPOUTJEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS
cyber security

Demonstrate Responsible AI: Get the ISO 42001 Compliance Checklist from Vanta

websiteVantaCompliance / Security Audit
ISO 42001 helps organizations demonstrate trustworthy AI practices in accordance with global standards. With Vanta, completing the requirements for ISO 42001 compliance can be done in a fraction of the time. Download the checklist to get started.
Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

May 20, 2024Software Security / Vulnerability
All developers want to create secure and dependable software. They should feel proud to release their code with the full confidence they did not introduce any weaknesses or anti-patterns into their applications. Unfortunately, developers are not writing their own code for the most part these days. 96% of all software contains some open-source components, and open-source components make up between  70% and 90% of any given piece of modern software . Unfortunately for our security-minded developers, most modern vulnerabilities come from those software components.  As new vulnerabilities emerge and are publicly reported as  Common Vulnerabilities and Exposures  (CVEs), security teams have little choice but to ask the developer to refactor the code to include different versions of the dependencies. Nobody is happy in this situation, as it blocks new features and can be maddening to roll back component versions and hope that nothing breaks. Developers need a way to  quickly  determine if
Google Nexus phone vulnerable to SMS-based DOS attack

Google Nexus phone vulnerable to SMS-based DOS attack

Nov 30, 2013
Google's Nexus Smartphones are vulnerable to SMS-based DOS attack , where an attacker can force it to restart, freeze, or lose network connection by sending a large number of special SMS messages to them. The vulnerability, discovered by Bogdan Alecu , a system administrator at Dutch IT services company Levi9, and affects all Android 4.x firmware versions on Google Galaxy Nexus, Nexus 4 and Nexus 5. The problem is with how the phones handle a special type of text message, known as a flash SMS. By sending around 30 Flash SMS ( Flash SMS is a type of message that normally is not stored by the system and does not trigger any audio alerts ) messages to Nexus phone an attacker can cause the phone to malfunction. He presented the vulnerability on Friday at the DefCamp security conference in Bucharest, Romania. In an email exchange with me, he said ' I was testing different message types and for the class 0 messages I noticed that the popup being displayed also adds an extra layer wh
Simple, but Critical vulnerability in Verizon Portal revealed users' SMS History

Simple, but Critical vulnerability in Verizon Portal revealed users' SMS History

Oct 21, 2013
A Security researcher discovered a critical privacy vulnerability on Verizon Wireless's Web-based customer portal that allows anyone to download user's SMS History and Numbers of other users he communicated with. Back in August, researcher ' Cody Collier ' found that a simple URL exploit could allow any subscriber to extract data using ' Download to SpreadSheet' function. To exploit, an attacker only needs to modify the subscriber's phone number in the URL and this would give an attacker access to the SMS history to the targeted account. https://wbillpay.verizonwireless.com/vzw/accountholder/unbilledusage/UnbilledMessaging.action?d-455677-e=2&1548506v4671=1&mtn= 999999999 Where variable ' mtn ' within the URL defines the mobile number and an attacker just need to modify this. " Message details consist of: Date, Time, To, From, and Direction an SMS or MMS took place. With no user interaction, all that was required was a subscriber's phone nu
Android WebView vulnerability allows hacker to install malicious apps

Android WebView vulnerability allows hacker to install malicious apps

Sep 16, 2013
WebView is an essential component in Android and iOS. It enables applications to display content from online resources and simplifies task of performing a network request, parsing the data and rendering it. Today AVG Security expert reported a critical vulnerability in Android's WebView feature that allows an attacker to install malicious software, send SMSs and performing more tasks. WebView uses a number of APIs which can interact with the web contents inside WebView. So this allows the user to view a web application as a part of an ordinary Android application. Users can be infected when they click on a URL link using a vulnerable application that allows opening a Java enabled browser or web page. The commands in the JavaScript code can enable attackers to install malicious software, send SMSs, steal personal information and more. To exploit the flaw, attacker can trick users to click a malicious link from a vulnerable WebView application and which will
Vulnerability in USB Internet Modems allows hacker to access Millions of Computers remotely

Vulnerability in USB Internet Modems allows hacker to access Millions of Computers remotely

Aug 16, 2013
A USB Internet Modems or Data card, is a type of modem that allows your computer to receive Internet access using USB Port and connect to a GSM/CDMA network there by creating a PPPoE  ( Point to Point protocol over Ethernet) interface to your computer. Indian Security Researcher ' Rahul Sasi ' found a new Innovative critical flaw in these USB Internet Modems that allows an attacker to execute malicious code remotely, just via sending an SMS. While talking to ' The Hacker News ' , he claimed that the reported vulnerability  allows him to even hack computers remotely to gain the Meterpreter shell or  full access to the victim's PC. Vulnerability can be used by a malicious attacker for Mass exploitation, since these modems have a phone number which lies in a particular series, so all the phone numbers starting with xxxxxx1000 to xxxxxx2000 would be running a particular version of the USB modem software. USB Internet Modems are supplied with diale
Hacking Facebook Account with just a text message

Hacking Facebook Account with just a text message

Jun 27, 2013
Can you ever imagine that a single text message is enough to hack any Facebook account without user interaction or without using any other malicious stuff like Trojans, phishing , keylogger etc. ? Today we are going to explain you that how a UK based Security Researcher, " fin1te " is able to hack any Facebook account within a minute by doing one SMS. Because 90% of us are Facebook user too, so we know that there is an option of linking your mobile number with your account, which allows you to receive Facebook account updates via SMS directly to your mobile and also you can login into your account using that linked number rather than your email address or username. According to hacker , the loophole was in phone number linking process, or in technical terms, at file  /ajax/settings/mobile/confirm_phone.php This particular webpage works in background when user submit his phone number and verification code, sent by Facebook to mobile. That submission form h
Fake Lookout android app stealing your SMS and MMS messages

Fake Lookout android app stealing your SMS and MMS messages

Oct 19, 2012
Android's App store is currently facing a new dilemma as its security has been compromised once again. Researchers from security firm TrustGo have recently spotted on Google Play a bogus app that supposedly automatizes the updating of a batch of other apps. The malicious code was hidden within an app named, "Updates" by developer Good Byte Labs (Package name: com.updateszxt) and was designed to look like an update to the Lookout™ mobile security application. The malware detected as Trojan!FakeLookout.A  is capable of stealing SMS and MMS messages and upload them to a remote server via FTP. This virus has the potential to steal all personal business sensitive data from the users' device. Though there are no reports of being infected by the users, it is believed that the infected users are not aware of it yet. " New approach being attempted by malware makers, " TrustGo said the site in question " contains a Trojan file that targets multiple platfo
Cybersecurity
Expert Insights
Cybersecurity Resources