Search results for how to hack another account | Breaking Cybersecurity News | The Hacker News

Hacking Facebook account is one of the major queries on the Internet today. It's hard to find — how to hack Facebook account or facebook messenger, but researchers found a way that can allow someone to hack Facebook account passwords with only the target's phone number and some resources. Yes, your Facebook profile can be hacked, no matter how strong your password is or how much extra security measures you have taken. No joke! Hackers with resources to exploit SS7 network can hack your Facebook login and all they need is your phone number. The weaknesses in the part of global telecom network SS7 that not only let hackers and spy agencies listen to personal phone calls and intercept SMSes on a potentially massive scale but also let them hijack social media accounts to which you have provided your phone number. SS7 or Signalling System Number 7 is a cell phone signaling protocol that is being used by more than 800 telecommunication operators worldwide to exchange i...

We all have been receiving spam phone calls and messages on almost daily basis from scammers who want to pilfer your money and personal information, but a new type of social engineering hack that makes use of just your mobile number to trick you is a little scarier. Security firm Symantec is warning people about a new password recovery scam that tricks users into handing over their webmail account access to the attackers. In order to get into your email account, an attacker does not need any coding or technical skills. All an attacker needs your email address in question and your cell phone number. Since the process to reset the password is almost similar to all mail services, this new password recovery scam affects all popular webmail services including Gmail, Yahoo, and Outlook among others. Symantec has provided a video explanation of how this new hack attack works. The trick is as simple as it sounds: if you want to reset someone’s email account password, all y...

It's 2019, and just clicking on a specially crafted URL would have allowed an attacker to hack your Facebook account without any further interaction. A security researcher discovered a critical cross-site request forgery (CSRF) vulnerability in the most popular social media platform that could have been allowed attackers to hijack Facebook accounts by simply tricking the targeted users into clicking on a link. The researcher, who goes by the online alias "Samm0uda," discovered the vulnerability after he spotted a flawed endpoint (facebook.com/comet/dialog_DONOTUSE/) that could have been exploited to bypass CSRF protections and takeover victim's account. "This is possible because of a vulnerable endpoint which takes another given Facebook endpoint selected by the attacker along with the parameters and makes a POST request to that endpoint after adding the fb_dtsg parameter," the researcher says on his blog . "Also this endpoint is located under t...

How to hack an Instagram account? The answer to this question is difficult to find, but a bug bounty hunter just did it without too many difficulties. Belgian bug bounty hunter Arne Swinnen discovered two vulnerabilities in image-sharing social network Instagram that allowed him to brute-force Instagram account passwords and take over user accounts with minimal efforts. Both brute-force attack issues were exploitable due to Instagram’s weak password policies and its practice of using incremental user IDs. "This could have allowed an attacker to compromise many accounts without any user interaction, including high-profile ones," Swinnen wrote in a blog post describing details of both vulnerabilities. Brute-Force Attack Using Mobile Login API Swinnen discovered that an attacker could have performed brute force attack against any Instagram account via its Android authentication API URL, due to improper security implementations. According to his blog post , fo...

Over the last few weeks we have been contacted by a number of members of the  our  Facebook page , concerned by a message they saw on Facebook, warning them that their account protection was " very low ". With fake anti-virus (also known as scareware) attacks becoming an ever-growing problem (they attempt to trick you into believing your computer has a security problem when it doesn't), some security-conscious Facebook users might worry that this is a similarly-styled assault, designed to scare you into taking perhaps unwise actions. Certainly the warning message gives you the impression that there's something seriously wrong with how you have defended your Facebook account. I must admit I was surprised to see the message appear on my own Facebook account as I have been quite fastidious in my security settings on the social network. So, I was curious to find out just  why  Facebook believed that my account protection status was "very low", and what they t...

Phishing is most commonly perpetrated through the mass distribution of e-mail messages directing users to a fraud web site or services. These professional criminals daily find new ways to commit old crimes, treating cyber crime like a business and forming global criminal communities. Another latest scam has been notified by GFI that, where cyber criminals are offering the art of hacking Twitter accounts with a web-based exploit. Phishers are sending scam emails and offering fake twitter account hacking service, which in actual will hack their own twitter accounts. Email from phishers have text, “ Do you want to learn how to hack twitter? Are you looking for a way to hack your friends twitter account without them finding out? Interested in finding out ways to hack someone’s profile? Maybe you want to take a quick peek at their direct message inbox, steal their username or find a glitch to use a hacking script, ”. Hackers try to convince readers by showing a exploi...

The source code of the popular social media app Snapchat was recently surfaced online after a hacker leaked and posted it on the Microsoft-owned code repository GitHub. A GitHub account under the name Khaled Alshehri with the handle i5xx , who claimed to be from Pakistan, created a GitHub repository called Source-Snapchat with a description " Source Code for SnapChat ," publishing the code of what purported to be Snapchat's iOS app. The underlying code could potentially expose the company's extremely confidential information, like the entire design of the hugely-successful messaging app, how the app works and what future features are planned for the app. Snapchat's parent company, Snap Inc., responded to the leak by filing a copyright act request under the Digital Millennium Copyright Act (DMCA), helping it takedown the online repository hosting the Snapchat code. SnapChat Hack: Github Took Down Repository After DMCA Notice Though it is not clear...

Another Surprising Twist in the Apple-FBI Encryption Case : The Apple ID Passcode Changed while the San Bernardino Shooter's iPhone was in Government Custody. Yes, the Federal Bureau of Investigation (FBI) has been screwed up and left with no option to retrieve data from iPhone that belonged to San Bernardino shooter Syed Farook. Apple has finally responded to the Department of Justice (DoJ) court filing that attempts to force Apple to comply with an FBI request to help the feds unlock Farook's iPhone, but Apple refused to do so. According to Apple, the company had been helping feds with the investigation since early January to provide a way to access Farook's iPhone, but the problem is that the feds approached the company after attempting a 'blunder' themselves. Here's How the FBI Screwed itself On October 19, 2015, Roughly six weeks before the San Bernardino terrorist attacks, Syed Farook made a last full iCloud backup of his iPhone 5...

Today's admins certainly have plenty on their plates, and boosting ecosystem security remains a top priority. On-premises, and especially remote, accounts are gateways for accessing critical information. Password management makes this possible. After all, authentication should ensure that a user is whom they claim to be. This initial layer of security is crucial for protecting one's entire infrastructure. Unfortunately, the personal nature of passwords has its shortcomings. Passwords are easily forgotten. They may also be too simplistic; many companies don't enforce stringent password-creation requirements. This is where the Active Directory Password Policy comes in. Additionally, the following is achievable: Changing user passwords Recording password changes and storing them within a history log Active Directory accounts for any impactful changes across user accounts. We'll assess why and how administrators might leverage these core features. Why change user ...

Four month ago, a massive data breach on the eBay website affected 145 million registered users worldwide after its database was compromised. Meanwhile, another critical vulnerability on the eBay website was reported, allowing an attacker to hijack millions of user accounts in bulk. An Egyptian security researcher ‘ Yasser H. Ali ’ informed The Hacker News about this vulnerability 4 months ago, which could be used by the cyber criminals in the targeted attacks. At that time, Mr.Yasser secretly demonstrated the vulnerability step-by-step to ‘ The Hacker News ’ team and we confirmed - IT WORKS . Since it was not addressed by the eBay security team, we kept the technical details of this vulnerability hidden from our readers. But, as we promised to share the technical details of this interesting flaw, once after eBay team patch it. So, Here we go! The vulnerability Yasser found could allow you to Reset Password of any eBay user account and that too without any user interaction or d...

Ever wonder how to hack Instagram or how to hack a facebook account? Well, someone just did it! But, remember, even responsibly reporting a security vulnerability could end up in taking legal actions against you. An independent security researcher claims he was threatened by Facebook after he responsibly revealed a series of security vulnerabilities and configuration flaws that allowed him to successfully gained access to sensitive data stored on Instagram servers , including: Source Code of Instagram website SSL Certificates and Private Keys for Instagram Keys used to sign authentication cookies Personal details of Instagram Users and Employees Email server credentials Keys for over a half-dozen critical other functions However, instead of paying him a reward, Facebook has threatened to sue the researcher of intentionally withholding flaws and information from its team. Wesley Weinberg , a senior security researcher at Synack, participated in Facebook's b...