unauthorized access | Breaking Cybersecurity News | The Hacker News

Four different Microsoft Azure services have been found vulnerable to server-side request forgery ( SSRF ) attacks that could be exploited to gain unauthorized access to cloud resources. The security issues, which were discovered by Orca between October 8, 2022 and December 2, 2022 in Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins, have since been addressed by Microsoft. "The discovered Azure SSRF vulnerabilities allowed an attacker to scan local ports, find new services, endpoints, and sensitive files - providing valuable information on possibly vulnerable servers and services to exploit for initial entry and the location of sensitive information to target," Orca researcher Lidor Ben Shitrit  said  in a report shared with The Hacker News. Two of the vulnerabilities affecting Azure Functions and Azure Digital Twins could be abused without requiring any authentication, enabling a threat actor to seize control of a server without eve

In October, A Security researcher ' Craig Heffner ' discovered a backdoor vulnerability ( CVE-2013-6027 ) with certain D-Link routers that allow cyber criminals to alter a router setting without a username or password. Last week, D-Link has released new version of Firmware for various vulnerable router models, that patches the unauthorized administrator access backdoor. Heffner  found that the web interface for some D-Link routers could be accessed if the browser's user agent string is set to xmlset_roodkcableoj28840ybtide . From last month, D-Link was working with Heffner and other security researchers, to find out more about the backdoor and now the Company has released the updates for the following models: DIR-100 DIR-120 DI-524 DI-524UP DI-604UP DI-604+ DI-624S TM-G5240 The company advised users to do not enable the Remote Management feature, since this will allow malicious users to use this exploit from the internet and also warned t

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a

Facebook OAuth is used to communicate between Applications & Facebook users, to grant additional permissions to your favorite apps. To make this possible, users have to ' allow or accept ' the application request so that app can access your account information with required permissions. As a normal Facebook user we always think that it is better than entering your Facebook credentials, we can  just allow specific permissions to an app in order to make it work with your account. Today whitehat Hacker ' Nir Goldshlager ' reported ' The Hacker News ' that he discovered a very critical vulnerability in Facebook's OAuth system, that allowed him to get full control over any Facebook account easily even without ' allow or accept ' options. For this purpose he hunt the flaw in a very mannered way i.e Step 1) Understanding the OAuth URL Step 2) Finding a way to use custom parameters in URL Step 3) Bypassing OAuth ' Allow '

In recent The Hacker News updates, we have reported about some major hacking events and critical vulnerabilities i.e Cyber attack and spying on The New York Times and Wall Street Journal by Chinese Hackers,  Security Flaws in UPnP protocol , Botnet attack hack 16,000 Facebook accounts, 700,000 accounts hacked in Africa and new android malware that infect more that 620,000 users . Today Twitter also announced that they have recorded some unusual access patterns that is identified as unauthorized access attempts to Twitter user data. Unknown hackers breach Twitter this week and may have gained access to passwords and other information for as many as 250,000 user accounts " the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords " said Bob Lord ,Director of Information Security, at Twitter. For security reasons twitter have reset passwords and revoked session tokens