A security expert demonstrated how to exploit a vulnerability in Apple IOS system to steal user password with a phishing email. A new vulnerability that affects Apple’s iOS could be exploited by hackers to collect user passwords by using a single email.

A security and forensic expert has developed a tool, the iOS 8.3 Mail.app inject kit, that could be used to create malicious iCloud password phishing emails. He explained that he exploits an unpatched bug affecting Apple iOS. The iOS 8.3 Mail.app inject kit exploits a vulnerability in the Apple operating system’s native email client that allows and attacker to display a realistic pop-up. 

Hacks happen all the time. While some exploits are caused by insanely technical code created to dupe even the most advanced machines, more often it's simple human actions that are to blame. 

Hackers are not necessary interested in someone’s money or secrets, so what drives them to be what they are? It is very interesting, but 86% of hackers are sure they would not be punished for their deeds. The best way to protect yourself is to know what you're doing that may be unsafe. Even the best protection software won't help someone with unsafe online practices. Here's a list of nine common things people do that quite often leads to them getting hacked.

For years, the most popular password was "password," until last year when it got bumped by "123456" which is, of course, no better, because your password security can be compromised. 

The problem is we're lazy and having to memorize a complicated string of letters, numbers, and characters for each of our private accounts. Edward Snowden has bad news for you: Your computer password is probably terrible. For somebody who has a very common 8-character password, it can literally take less than a second for a computer to pull that password out. Less than one second.

​One dollar could buy you a stolen password to an Uber account and free car rides around town. Vendors on dark net sites are offering active Uber username and login details for $1.

Motherboard said it was able to verify that some of the accounts were still in use by Uber members and that, in one case, a previously hacked Amazon password was likely used to get into an Uber account because the passwords were the same. The company said it investigated the issue, and found no evidence of a breach. In May 2014, the company suffered a security breach that affected thousands of Uber's current and former drivers. 

Twitch, the game streaming website, has been hacked and users’ details have been compromised. Users’ accounts have been reset and it does not seem that any credit card or other financial information has been made available.

Passwords do appear to have been leaked and the company recommends that users reset their details on any site where they use the same password. It means that Twitch website security became very vulnerable. Users received emails telling them that there may have been unauthorized access to some of your Twitch user account information.

Microsoft has announced an ambitious plan to replace passwords with biometric identifiers in it’s yet to be released Windows 10 operating system. The race to replace passwords has been on for years, it offers the most realistic chance of eradicating the archaic.

The difficultly with password alternatives to date has been primarily a problem of adoption and practicality. Tattoos as passwords, for example, is a ridiculous idea. In body chip implants are promising but I imagine many people would be squeamish about having a computer chip injected into their bodies. Windows Ten may put biometric technologies within the reach of all computer users.

Turns out nobody can remember their Yahoo passwords. Now the company wants to make it so no one has to. Yahoo! launched a new service, which lets someone log into a Yahoo account using a short password the company texts to their phone instead of having to remember their own password. 

This is the first step to eliminating passwords. The process feels like a common process for logging into websites called two-factor authentication, where you first enter your own password, then enter a second password the company sends to your phones. 

Earlier we wrote a lot about different skimming techniques, different ways of compromising bank cards, and flaws in new secure credit cards that lets hackers steal money.

Now let’s talk about the less apparent dangers that run the risk of remaining unnoticed by the majority of users. We will relate stories about risks attributed to cross-border payments, as well as some inherent flaws found in payment systems. Many think that indicating a CVV code is necessary for processing any online transaction. However, some online shops provide an opportunity to avoid this step, and do not transmit the secret code to a payment gateway.

Experts disclosed a widespread level of employee indifference towards protecting sensitive corporate data, including personal information of customers. In fact, an alarming number of employees surveyed admitted they would sell their passwords, some for little money.

These statistics are based on a global survey of employees at large organizations. In addition to blatant sabotage, the survey also confirmed that employees are lax about password management in general. Specifically, employees routinely share login information for corporate applications with their colleagues, so it increases the potential that the passwords they sell might not even be their own.

A group, which claimed to have affiliation with Anonymous, released a file after hacking some combinations of passwords and usernames. The information is said to be used in a number of sites.

Other types of data that were compromised include the users' credit card numbers and card expiration dates. The file also included the accounts of several dating and porn sites. News of the hack came just a day following the network connection failure with Sony's PlayStation and Microsoft's Xbox Live. The hacker group Lizard Squad claimed to be responsible for the attacks on gaming platforms.