#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Search results for crack password | Breaking Cybersecurity News | The Hacker News

Everything We Learned From the LAPSUS$ Attacks

Everything We Learned From the LAPSUS$ Attacks

May 12, 2022
In recent months, a cybercriminal gang known as LAPSUS$ has claimed responsibility for a number of high-profile attacks against technology companies, including: T-Mobile (April 23, 2022) Globant  Okta Ubisoft Samsung Nvidia Microsoft Vodafone In addition to these attacks, LAPSUS$ was also able to successfully launch a ransomware attack against the Brazilian Ministry of Health. While high-profile cyber-attacks are certainly nothing new, there are several things that make LAPSUS$ unique. The alleged mastermind of these attacks and several other alleged accomplices were all teenagers. Unlike more traditional ransomware gangs, LAPSUS$ has a very strong social media presence. The gang is best known for data exfiltration. It has stolen source code and other proprietary information and has often leaked this information on the Internet. LAPSUS$ stolen credentials  In the case of Nvidia, for example, the  attackers gained access to hundreds of gigabytes of proprietary data ,
Cracking iPhone Hotspot password in 50 Seconds

Cracking iPhone Hotspot password in 50 Seconds

Jun 20, 2013
The ability to turn your iPhone into a Wi-Fi hotspot is a fantastically useful little tool in and of itself. When setting up a personal hotspot on their iPad or iPhone, users have the option of allowing iOS to automatically generate a password. According to a new study by Researchers at the University of Erlangen in Germany, iOS-generated passwords use a very specific formula one which the experienced hacker can crack in less than a minute. Using an iOS app written in Apple's own Xcode programming environment, the team set to work analyzing the words that Apple uses to generate its security keys . Apple's hotspot uses a standard WPA2 -type process, which includes the creation and passing of pre-shared keys (PSK). They found that the default passwords are made up of a combination of a short dictionary words followed by a series of random numbers and this method actually leaves them vulnerable to  brute force attack . The word list Apple uses contains approximately 52,500
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Cracking 16 Character Strong passwords in less than an hour

Cracking 16 Character Strong passwords in less than an hour

May 30, 2013
The Password serves to protect your financial transactions, your social networking sites, and a host of other nominally secure websites online. People often say, " don't use dictionary words as passwords. They are horribly unsecure ", but what if hackers also managed to crack any 16 character password ? Criminals or trespassers who want to crack into your digital figurative backyard will always find a way. A team of hackers has managed to crack more than 14,800 supposedly random passwords from a list of 16,449 converted into hashes using the MD5 cryptographic hash function. The problem is the relatively weak method of encrypting passwords called hashing.  Hashing takes each user's plain text password and runs it through a one-way mathematical function. This creates a unique string of numbers and letters called the hash. The article reports that, using a commodity computer with a single AMD Radeon 7970 graphics card, it took him 20 hours to crack 14
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
UNIX Co-Founder Ken Thompson's BSD Password Has Finally Been Cracked

UNIX Co-Founder Ken Thompson's BSD Password Has Finally Been Cracked

Oct 11, 2019
A 39-year-old password of Ken Thompson , the co-creator of the UNIX operating system among, has finally been cracked that belongs to a BSD-based system, one of the original versions of UNIX, which was back then used by various computer science pioneers. In 2014, developer Leah Neukirchen spotted an interesting " /etc/passwd " file in a publicly available source tree of historian BSD version 3, which includes hashed passwords belonging to more than two dozens Unix luminaries who worked on UNIX development, including Dennis Ritchie, Stephen R. Bourne, Ken Thompson, Eric Schmidt, Stuart Feldman, and Brian W. Kernighan. Since all passwords in that list are protected using now-depreciated DES-based crypt(3) algorithm and limited to at most 8 characters, Neukirchen decided to brute-force them for fun and successfully cracked passwords (listed below) for almost everyone using password cracking tools like John the Ripper and hashcat. The ones that she wasn't able to crack
11 Million Ashley Madison Passwords Cracked In Just 10 Days

11 Million Ashley Madison Passwords Cracked In Just 10 Days

Sep 10, 2015
Last month, when hackers leaked nearly 100 gigabytes of sensitive data belonging to the popular online casual sex and marriage affair website ' Ashley Madison ', there was at least one thing in favor of 37 Million cheaters that their Passwords were encrypted . But, the never ending saga of Ashley Madison hack could now definitely hit the cheaters hard, because a group of crazy Password Cracking Group, which calls itself CynoSure Prime , has cracked more than 11 Million user passwords just in the past 10 days, not years. Yes, the hashed passwords that were previously thought to be cryptographically protected using Bcrypt, have now been cracked successfully. Bcrypt is a cryptographic algorithm that makes the hashing process so slow that it would literally take centuries to brute-force all of the Ashley Madison account passwords. How do they Crack Passwords? The Password cracking team identified a weakness after reviewing the leaked data, which included u
Mitigate the LastPass Attack Surface in Your Environment with this Free Tool

Mitigate the LastPass Attack Surface in Your Environment with this Free Tool

Jan 05, 2023 Password Management / IT Breach
The latest breach announced by LastPass is a major cause for concern to security stakeholders. As often occurs, we are at a security limbo – on the one hand, as LastPass has noted, users who followed LastPass best practices would be exposed to practically zero to extremely low risk. However, to say that password best practices are not followed is a wild understatement. The reality is that there are very few organizations in which these practices are truly enforced. This puts security teams in the worst position, where exposure to compromise is almost certain, but pinpointing the users who created this exposure is almost impossible.  To assist them throughout this challenging time, Browser Security solution LayerX has launched a free offering of its platform, enabling security teams to gain visibility into all browsers on which the LastPass extension is installed and mitigate the potential impacts of the LastPass breach on their environments by informing vulnerable users and require t
How to Hack WiFi Password Easily Using New Attack On WPA/WPA2

How to Hack WiFi Password Easily Using New Attack On WPA/WPA2

Nov 25, 2018
Looking for how to hack WiFi password OR WiFi hacking software? Well, a security researcher has revealed a new WiFi hacking technique that makes it easier for hackers to crack WiFi passwords of most modern routers. Discovered by the lead developer of the popular password-cracking tool Hashcat, Jens 'Atom' Steube, the new WiFi hack works explicitly against WPA/WPA2 wireless network protocols with Pairwise Master Key Identifier (PMKID)-based roaming features enabled. The attack to compromise the WPA/WPA2 enabled WiFi networks was accidentally discovered by Steube while he was analyzing the newly-launched WPA3 security standard . This new WiFi hacking method could potentially allow attackers to recover the Pre-shared Key (PSK) login passwords, allowing them to hack into your Wi-Fi network and eavesdrop on the Internet communications. How to Hack WiFi Password Using PMKID According to the researcher, the previously known WiFi hacking methods require attackers to wai
Hey, Music Lovers! Last.Fm Hack Leaks 43 Million Account Passwords

Hey, Music Lovers! Last.Fm Hack Leaks 43 Million Account Passwords

Sep 02, 2016
Another Day, Another Data Breach! If you love to listen to music online and have an account on Last.fm website, your account details may have compromised in a data breach that leaked more than 43 Million user personal data online. Last.fm was hacked in March of 2012 and three months after the breach, London-based music streaming service admitted to the incident and issued a warning, encouraging its users to change their passwords. But now it turns out that the Last.fm data breach was massive, and four years later the stolen data have surfaced in the public. The copy of the hacked database obtained by the data breach indexing website LeakedSource contained 43,570,999 user records that were originally stolen from Last.fm on March 22, 2012, according to timestamps in the database. The leaked records include usernames, hashed passwords, email addresses, the date when a user signed up to the website, and ad-related data. Wait! Have you visited The Hacker News early this wee
Russian firm Elcomsoft unveils tool to crack BlackBerry encryption security

Russian firm Elcomsoft unveils tool to crack BlackBerry encryption security

Sep 30, 2011
Russian firm Elcomsoft unveils tool to crack BlackBerry encryption security A Russian security company has upgraded a phone-password cracking suite with the ability to figure out the master device password for Research in Motion's BlackBerry devices. Elcomsoft said that before it developed the product, it was believed that there was no way to figure out a device password on a BlackBerry smartphone or PlayBook tablet. BlackBerry smartphones are configured to wipe all data on the phone if a password is typed incorrectly 10 times in a row, the company said. " ElcomSoft Phone Password Breaker " does exactly what it says, enabling its users to recover plain-text passwords governing encrypted backups for BlackBerry smartphones and PlayBook tablets. (The password-breaking tool also works on Apple devices running iOS, such as iPhones and iPads.) The new feature is wrapped into Elcomsoft's Phone Password Breaker. It costs £79 ($123) for the home edition and £199 for the fu
Cryptography Hacks - Hash Encryption using DuckDuckGo Search Engine

Cryptography Hacks - Hash Encryption using DuckDuckGo Search Engine

Jan 30, 2014
Over the past several months, it has become clear that the Internet and our Privacy have been fundamentally compromised. A Private search engine DuckDuckGo claims that when you click on one of their search results, they do not send personally identifiable information along with your request to the third party. Like Google dorks (advance search patterns), there are thousands of similar, but technically more useful search hacks are also available in DuckDuckGo called DuckDuckGoodies . Today I am going to share about Handy " Cryptography " using DuckDuckGo search engine . Whether you are a Hacker, Cracker or a Researcher, you need to face a number of hash strings in your day to day life. Hashing is a one way encryption of a plain text or a file, generally used to secure passwords or to check the integrity of the file. There is a certain set of hashing algorithms, e.g.md5, sha1, sha-512 etc. A hash function generates the exact output if executed n numbe
Over 43 Million Weebly Accounts Hacked; Foursquare Also Hit By Data Breach

Over 43 Million Weebly Accounts Hacked; Foursquare Also Hit By Data Breach

Oct 20, 2016
2016 is the year of data breaches that has made almost every major companies victims to the cyber attacks, resulting in compromise of over billion of online users accounts. Weebly and Foursquare are the latest victims of the massive data breach, joining the list of "Mega-Breaches" revealed in recent months, including LinkedIn , MySpace , VK.com , Tumblr , Dropbox , and the biggest one -- Yahoo . Details for over 43 Million users have been stolen from the San Francisco-based website building service Weebly, according to breach notification site LeakedSource, who had already indexed a copy of the stolen data that it received from an anonymous source. In addition, LeakedSource posted details of the cyber attack in its blog post on Thursday explaining what happened. The attack believed to have been carried out in February 2016. "Unlike nearly every other hack, the Co-founder and CTO of Weebly Chris Fanini fortunately did not have his head buried deeply in the san
Taringa: Over 28 Million Users' Data Exposed in Massive Data Breach

Taringa: Over 28 Million Users' Data Exposed in Massive Data Breach

Sep 04, 2017
Exclusive — If you have an account on Taringa , also known as "The Latin American Reddit," your account details may have compromised in a massive data breach that leaked login details of almost all of its over 28 million users. Taringa is a popluar social network geared toward Latin American users, who create and share thousands of posts every day on general interest topics like life hacks, tutorials, recipes, reviews, and art. The Hacker News has been informed by LeakBase , a breach notification service, who has obtained a copy of the hacked database containing details on 28,722,877 accounts, which includes usernames, email addresses and hashed passwords for Taringa users. The hashed passwords use an ageing algorithm called MD5 – which has been considered outdated even before 2012 – that can easily be cracked, making Taringa users open to hackers. Wanna know how weak is MD5?, LeakBase team has already cracked 93.79 percent (nearly 27 Million) of hashed passwords s
Tesla Cars Can Be Hacked to Locate and Unlock Remotely

Tesla Cars Can Be Hacked to Locate and Unlock Remotely

Mar 31, 2014
Smart Phones, Smart TVs, Smart Refrigerators, even Smart Cars! When it comes to Smart devices, we simply provide them the master control of various tasks to make our life easy and more comfortable, unaware about its worst impact. At the starting of last month we reported that by using a $20 toolkit called CAN Hacking Tool (CHT) , hackers can hack your Smart Cars, giving entire control of your car to an attacker from windows and headlights to its steering and brakes. Now a new research carried out on the  Tesla Smart car  has proved that the hackers are able to remotely locate or unlock the Tesla Motors Inc. electric vehicles, just by cracking a six-character password using traditional hacking techniques. At the Black Hat Asia security conference in Singapore on Friday, Nitesh Dhanjani , a corporate security consultant and Tesla owner, said a recent study conducted by him on the Tesla Model S sedan pointed out several design flaws in its security system, and there wasn&
Securing Passwords with Bcrypt Hashing Function

Securing Passwords with Bcrypt Hashing Function

Apr 10, 2014
Passwords are the first line of defense against cyber criminals. It is the most vital secret of every activity we do over the internet and also a final check to get into any of your user account, whether it is your bank account, email account, shopping cart account or any other account you have. We all know storing passwords in clear text in your database is ridiculous. Many desktop applications and almost every web service including, blogs, forums eventually need to store a collection of user data and the passwords, that has to be stored using a hashing algorithm. Cryptographic hash algorithms MD5, SHA1, SHA256, SHA512, SHA-3 are general purpose hash functions, designed to calculate a digest of huge amounts of data in as short a time as possible. Hashing is the greatest way for protecting passwords and considered to be pretty safe for ensuring the integrity of data or password. The benefit of hashing is that if someone steals the database with hashed passwords, they o
Apple Weakens iOS 10 Backup Encryption; Now Can Be Cracked 2,500 Times Faster

Apple Weakens iOS 10 Backup Encryption; Now Can Be Cracked 2,500 Times Faster

Sep 23, 2016
After the iPhone encryption battle between Apple and the FBI , Apple was inspired to work toward making an unhackable future iPhones by implementing stronger security measures even the company can't hack. Even at that point the company hired one of the key developers of Signal — one of the world's most secure, encrypted messaging apps — its core security team to achieve this goal. But it seems like Apple has taken something of a backward step. Apple deliberately weakens Backup Encryption For iOS 10 With the latest update of its iPhone operating system, it seems the company might have made a big blunder that directly affects its users' security and privacy. Apple has downgraded the hashing algorithm for iOS 10 from "PBKDF2 SHA-1 with 10,000 iterations" to "plain SHA256 with a single iteration," potentially allowing attackers to brute-force the password via a standard desktop computer processor. PBKDF2 stands for Password-Based Key Deri
Cybersecurity Resources