Search results for ways to hack | Breaking Cybersecurity News | The Hacker News

Last month Tech Crunch reported that  payment terminal manufacturer Wiseasy had been hacked . Although Wiseasy might not be well known in North America, their Android-based payment terminals are widely used in the Asia Pacific region and hackers managed to steal passwords for 140,000 payment terminals. How Did the Wiseasy Hack Happen? Wiseasy employees use a cloud-based dashboard for remotely managing payment terminals. This dashboard allows the company to perform a variety of configuration and management tasks such as managing payment terminal users, adding or removing apps, and even locking the terminal.  Hackers were able to gain access to the Wiseasy dashboard by infecting employee's computers with malware. This allowed hackers to gain access to two different employee's dashboards, ultimately leading to a massive harvesting of payment terminal credentials once they gained access. Top Lessons Learned from the Wiseasy Hack 1 — Transparency isn't always the best policy...

If you are concerned about the insecurity of Internet of Things, have good hands at programming and know how to hack smart devices, then you can grab an opportunity to earn $50,000 in prize money for discovering the non-traditional ways to secure IoT devices. Internet of Things (IoT) market is going to expand rapidly over the next decade. We already have 6.5 billion to 8 billion IoT devices connected to the Internet worldwide, and the number is expected to reach 50 billion by 2020. While IoT is going to improve life for many, the number of security risks due to lack of stringent security measures and encryption mechanisms in the devices have increased exponentially. This rise in the number of security risks would continue to widen the attack surface, giving hackers a large number of entry points to affect you some or the other way. Recently, we saw a record-breaking DDoS attack (Distributed Denial of Service) against the France-based hosting provider OVH that reached over...

Phishing is most commonly perpetrated through the mass distribution of e-mail messages directing users to a fraud web site or services. These professional criminals daily find new ways to commit old crimes, treating cyber crime like a business and forming global criminal communities. Another latest scam has been notified by GFI that, where cyber criminals are offering the art of hacking Twitter accounts with a web-based exploit. Phishers are sending scam emails and offering fake twitter account hacking service, which in actual will hack their own twitter accounts. Email from phishers have text, " Do you want to learn how to hack twitter? Are you looking for a way to hack your friends twitter account without them finding out? Interested in finding out ways to hack someone's profile? Maybe you want to take a quick peek at their direct message inbox, steal their username or find a glitch to use a hacking script, ". Hackers try to convince readers by showing a exploi...

E-HACK is an Information Security Workshop, organized by infySEC . The workshop aims at creating awareness about INFORMATION SECURITY by showing in what all ways information or data can be stolen. Meddle in cyber-warfare, battle with our machine master mind who will throw challenges on web application security, network security, algorithms, reverse engineering and decryption.  The team which cracks the final level will attain the glory of being Winner at our E-HACK Guinness record attempt with tons of prizes waiting. Be simple but not simpler is quote by Einstein, that's secret of success for E-HACK. Be there to witness the epic battle of brains. It's planned to be done in a more fun way, through a game called CTF (Capture the Flag) . The only way to know how to protect our information is by knowing the ways in which it can be stolen. So, we'll be having wide range of discussions on what all ways a HACKER can get his hands on your information and in what all ways you can thwart...

How to hack an Instagram account? The answer to this question is difficult to find, but a bug bounty hunter just did it without too many difficulties. Belgian bug bounty hunter Arne Swinnen discovered two vulnerabilities in image-sharing social network Instagram that allowed him to brute-force Instagram account passwords and take over user accounts with minimal efforts. Both brute-force attack issues were exploitable due to Instagram's weak password policies and its practice of using incremental user IDs. "This could have allowed an attacker to compromise many accounts without any user interaction, including high-profile ones," Swinnen wrote in a blog post describing details of both vulnerabilities. Brute-Force Attack Using Mobile Login API Swinnen discovered that an attacker could have performed brute force attack against any Instagram account via its Android authentication API URL, due to improper security implementations. According to his blog post , fo...

Is it wrong to hack back in order to counter hacking attack when you have become a victim? — this has been a long time debate. While many countries, including the United States, consider hacking back practices as illegal, many security firms and experts believe it as "a terrible idea" and officially "cautions" victims against it, even if they use it as a part of an active defense strategy. Accessing a system that does not belong to you or distributing code designed to enable unauthorized access to anyone's system is an illegal practice. However, this doesn't mean that this practice is not at all performed. In some cases, retribution is part of current defense offerings, and many security firms do occasionally hack the infrastructure of threat groups to unmask several high-profile malware campaigns. But a new proposed bill intended to amend section 1030 of the Computer Fraud and Abuse Act that would allow victims of ongoing cyber-attacks to fight ...

Another Surprising Twist in the Apple-FBI Encryption Case : The Apple ID Passcode Changed while the San Bernardino Shooter's iPhone was in Government Custody. Yes, the Federal Bureau of Investigation (FBI) has been screwed up and left with no option to retrieve data from iPhone that belonged to San Bernardino shooter Syed Farook. Apple has finally responded to the Department of Justice (DoJ) court filing that attempts to force Apple to comply with an FBI request to help the feds unlock Farook's iPhone, but Apple refused to do so. According to Apple, the company had been helping feds with the investigation since early January to provide a way to access Farook's iPhone, but the problem is that the feds approached the company after attempting a 'blunder' themselves. Here's How the FBI Screwed itself On October 19, 2015, Roughly six weeks before the San Bernardino terrorist attacks, Syed Farook made a last full iCloud backup of his iPhone 5...

Section four of the " Executive Order on Improving the Nation's Cybersecurity " introduced a lot of people in tech to the concept of a "Software Supply Chain" and securing it. If you make software and ever hope to sell it to one or more federal agencies, you  have  to pay attention to this. Even if you never plan to sell to a government, understanding your Software Supply Chain and learning how to secure it will pay dividends in a stronger security footing and the benefits it provides. This article will look at three ways to supercharge your  Software Supply Chain Security . What is your Software Supply Chain? It's essentially everything that goes into building a piece of software: from the IDE in which the developer writes code, to the third-party dependencies, to the build systems and scripts, to the hardware and operating system on which it runs. Instabilities and vulnerabilities can be introduced, maliciously or not, from inception to deployment and even beyond....

As businesses move to a remote workforce, hackers have increased their activity to capitalize on new security holes. Cybercriminals often use unsophisticated methods that continue to be extremely successful. These include phishing emails to harvest credentials and gain easy access to business-critical environments. Hackers are also using ransomware to hold your data hostage, demanding a ransom payment in exchange for a decryption key that unlocks your stolen data.  When dealing with a cyberattack, there are practical steps you want to follow. What do these steps include? Quickly contain and isolate critical systems Report the hack to your customers and business stakeholders Engage the help of law enforcement Enact your disaster recovery and business continuity plans Analyze the attack, and remediate Quickly contain and isolate critical systems This first step is necessary: quickly contain and isolate critical systems. There is a chance that if you discover ransomware ...

Bluetooth Low Energy, also known as Bluetooth Smart or Bluetooth 4, is the leading protocol designed for connecting IoT devices, medical equipment, smart homes and like most emerging technologies, security is often an afterthought. As devices become more and more embedded in our daily lives, vulnerabilities have real impact on our digital and physical security. Enter the Bluetooth lock, promising digital key convenience with temporary and Internet shareable access. The problem is, almost all of these locks have vulnerabilities, easily exploited via Bluetooth! DEF CON always has the coolest new hacks and security news, and this year was no exception. The hacking conferences are a great way to get a pulse on the general status of the security world, what people are interested in, worried about, or looking to exploit. This year clearly had an uptick in Internet of Things (IoT) devices and ways to hack them. Obviously, we had to go and take a look at the Bluetooth lock hack, and...

Earlier this week, security researchers at Zimperium revealed a high-severity vulnerability in Android platforms that allowed a single multimedia text message to hack 950 Million Android smartphones and tablets. As explained in our previous article, the critical flaw resides in a core Android component called " Stagefright ," a native Android media playback library used by Android to process, record and play multimedia files. To Exploit Stagefright vulnerability, which is actively being exploited in the wild, all an attacker needed is your phone number to send a malicious MMS message and compromise your Android device with no action, no indication required from your side. Hacking Without Knowing Phone Number But, Now you Don't even require the mobile numbers of your victims to infect their devices, a recent research claimed. In the previously known attack scenario, an attacker can exploit Stagefright vulnerability only against his/her known contact n...

Throughout 2020, businesses, in general, have had their hands full with IT challenges. They had to rush to accommodate a sudden shift to remote work. Then they had to navigate a rapid adoption of automation technologies. And as the year came to a close, more businesses began trying to assemble the safety infrastructure required to return to some semblance of normal in 2021. But at the end of the year,  news of a massive breach  of IT monitoring software vendor SolarWinds introduced a new complication – the possibility of a wave of secondary data breaches and cyber-attacks. And because SolarWinds' products have a presence in so many business networks, the size of the threat is massive. So far, though, most of the attention is getting paid to large enterprises like Microsoft and Cisco (and the US Government), who were the primary target of the SolarWinds breach. What nobody's talking about is the rest of the 18,000 or so SolarWinds clients who may have been affected. For the...

Yesterday WikiLeaks published thousands of documents revealing top CIA hacking secrets , including the agency's ability to break into iPhones, Android phones, smart TVs, and Microsoft, Mac and Linux operating systems. It dubbed the first release as Vault 7 . Vault 7 is just the first part of leak series " Year Zero " that WikiLeaks will be releasing in coming days. Vault 7 is all about a covert global hacking operation being run by the US Central Intelligence Agency (CIA). According to the whistleblower organization, the CIA did not inform the companies about the security issues of their products; instead held on to security bugs in software and devices, including iPhones, Android phones, and Samsung TVs, that millions of people around the world rely on. One leaked document suggested that the CIA was even looking for tools to remotely control smart cars and trucks, allowing the agency to cause "accidents" which would effectively be "nearly undetectable assas...