#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

FBI | Breaking Cybersecurity News | The Hacker News

Now We Know — Apple Can Unlock iPhones, Here's How to Hack-Proof your Device

Now We Know — Apple Can Unlock iPhones, Here's How to Hack-Proof your Device

Feb 19, 2016
Apple has been asked to comply with a federal court order to help the FBI unlock an iPhone 5C by one of the terrorists in the San Bernardino mass shootings that killed 14 and injured 24 in December. The FBI knows that it can not bypass the encryption on the iPhone, but it very well knows that Apple can make a way out that could help them try more than 10 PINs on the dead shooter's iPhone without getting the device's data self-destructed. Although Apple refused to comply with the court order and has always claimed its inability to unlock phones anymore, the FBI so cleverly proved that Apple does have a technical way to help feds access data on a locked iOS device. And this is the first time when Apple has not denied that it can not unlock iPhones, rather it simply refused to build the FBI a Backdoor  for the iPhone, in an attempt to maintain its users trust. So, now we know that Apple is not doing so, but it has the ability to do so. Now, when you know
FBI Director Asks Tech Companies to At least Don't Offer End-to-End Encryption

FBI Director Asks Tech Companies to At least Don't Offer End-to-End Encryption

Dec 10, 2015
FBI declared War against Encryption. Encryption is defeating government intelligence agencies to detect terrorist activities and after the recent ISIS-linked terror attacks in Paris and California, the issue has once again become a political target in Washington. ...and meanwhile, Kazakhstan plans to make it Mandatory for its Citizens to Install Internet Backdoor , allowing the government to intercept users' traffic to any secure website and access everything from web browsing history to usernames and passwords. FBI: For God's Sake, Don't Use End-to-End Encryption At a Senate hearing on Wednesday, FBI's Director James Comey called for tech companies currently providing users with end-to-end encryption to reconsider "their business model" and simply stop doing that, reported The Intercept . Yes, instead of asking companies for a " backdoor " this time, Comey suggested them to adopt encryption techniques that help federal agencie
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Mr. Grey Hacker (Wanted by FBI) Steals 1.2 BILLION Login Passwords

Mr. Grey Hacker (Wanted by FBI) Steals 1.2 BILLION Login Passwords

Nov 26, 2015
That's a lot of Login credentials fetch by a single hacker. The FBI believes a single hacker who goes by the moniker Mr.Grey has stolen login credentials for over 1.2 Billion online accounts – apparently the biggest heist of log-in credentials the FBI has investigated thus far. Yeah, that's not Fifty, but 1.2 Billion Shades of Grey . The information came from the court documents the federal agents submitted to support its search warrant request in 2014, Reuters reported . The cyber security firm ' Hold Security ' initially reported the theft of the credentials last year. It found out that Russian hacking group CyberVor has stolen 1.2 Billion login details and an additional 500 Million email accounts. Botnet Breach These data were said to have been harvested from over 420,000 websites via botnets looking for SQL injection flaws ; the same technique recently used to hack TalkTalk . Botnets are usually employed to attack an individual targ
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Hacker Claims He helped FBI Track Down ISIS Hacker (Who was killed in Drone-Strike)

Hacker Claims He helped FBI Track Down ISIS Hacker (Who was killed in Drone-Strike)

Nov 24, 2015
Remember Junaid Hussain ? Junaid Hussain – a hacker turned ISIS cyber mastermind who was killed in a US drone strike in August this year. But something has emerged what we don't know about the death of Hussain. The infamous hacker who in the past hacked the Anonymous pseudo-official Twitter accounts, now claims he served as an FBI informant to help the US government track down Junaid Hussain. The hacker, goes by the online alias Shm00p ( @5hm00p ), is a member of the hacking collective Rustle League and believes he is "99.9% sure" that the information given by him to the FBI agents led to the extrajudicial killing of Hussain. "What the fuck have I done," Shm00p tweeted early Sunday morning. Over 15 hours later after his first tweet, Shm00p made a series of tweets at the FBI Twitter account. "I lost a lot of good friendship and my fucking honor," Shm00p tweeted at the FBI. You can see an archived copy of his now deleted t
FBI denies paying $1 MILLION to Unmask Tor Users

FBI denies paying $1 MILLION to Unmask Tor Users

Nov 14, 2015
Just day before yesterday, the Tor Project Director Roger Dingledine accused the FBI of paying the Carnegie Mellon University (CMU) at least $1 Million to disclose the technique they had discovered to unmask Tor users and reveal their IP addresses. However, the Federal Bureau of Investigation has denied the claims. In a statement, the FBI spokeswoman said , "The allegation that we paid [CMU] $1 Million to hack into Tor is inaccurate." The Tor Project team discovered more than hundred new Tor relays that modified Tor protocol headers to track online people who were looking for Hidden Services , and the team believes that it belongs to the FBI in order to reveal the identity of Tor-masked IP addresses. One such IP address belongs to Brian Richard Farrell , an alleged Silk Road 2 lieutenant who was arrested in January 2014. The attack on Tor reportedly began in February 2014 and ran until July 2014, when the Tor Project discovered the flaw. Within few
FBI reportedly Paid $1 Million to University Researchers for UnMasking Tor Users

FBI reportedly Paid $1 Million to University Researchers for UnMasking Tor Users

Nov 12, 2015
The non-profit Tor Project has accused the FBI of paying the security researchers of Carnegie Mellon University (CMU) at least $1 Million to disclose the technique they had discovered that could help them… …Unmask Tor users as well as Reveal their IP addresses as part of a criminal investigation. As evidence, the Tor Project points to the cyber attack that it discovered last year in July. The team discovered more than hundred new Tor relays that modified Tor protocol headers to track people who were looking for Hidden Services – web servers hosted on Tor that offers more privacy. The Evidence The unknown attackers used a combination of nodes and exit relays, along with some vulnerabilities in the Tor network protocol that let them uncovered users' real IP addresses. The attack reportedly began in February 2014 and ran until July 2014, when the Tor Project discovered the vulnerability. Within few days, the team updated its software and rolled out new ve
FBI Deputy Director's Email Hacked by Teenager Who Hacked CIA Chief

FBI Deputy Director's Email Hacked by Teenager Who Hacked CIA Chief

Nov 06, 2015
The same group of teenage hackers that hacked the AOL email account of the CIA director John Brennan two weeks ago has now hacked into AOL email accounts of the FBI Deputy Director, Mark Giuliano and his wife. Yesterday, Cracka , a member of the teenage hacktivist group known as ' Crackas With Attitude ' (CWA) posted a new trove of information belong to thousands of government employees online; however they claim to have accessed far more than that. The hackers claimed to have obtained the personal information by hacking into AOL email accounts of the Giuliano and his wife. More Than 3,500 Government Employees Doxxed The published information includes more than 3,500 names, email addresses and contact numbers of law enforcement and military personnel. Though the FBI officials couldn't immediately verify the claims, Infowars has confirmed the authenticity of several people listed, which includes everyone from local police officers to FBI and mili
FBI Suggests Ransomware Victims — 'Just Pay the Ransom Money'

FBI Suggests Ransomware Victims — 'Just Pay the Ransom Money'

Oct 27, 2015
Your Headache is not my Problem. If your computer gets hacked and infected with malware that holds your data for ransom, just pay off the criminals to see your valuable data again and do not expect the FBI to save them – it's what the FBI is advising concerning ransomware . Ransomware is a sophisticated malicious software that lets hacker encrypts all the contents of a victim's hard drive or/and server and demands ransom (typically in Bitcoins) for the decrypt key. Also Read:   Free Ransomware Decryption and Malware Removal ToolKit Federal agencies and the FBI have long urged people not to pay ransom to the criminals, as there is no guarantee that they will even receive an unlock key. The FBI – 'Better Pay up the Ransom' However, while speaking at the 2015 Cyber Security Summit on Wednesday, Assistant Special Agent Joseph Bonavolonta , who oversees the FBI's Boston office, advised the companies infected with ransomware to better pay up th
FBI’s Cyber Task Force Identifies Stealthy FF-RATs used in Cyber Attack

FBI's Cyber Task Force Identifies Stealthy FF-RATs used in Cyber Attack

Sep 02, 2015
In both April and June this year, a series of cyber attacks was conducted against the United States Office of Personnel Management (OPM) . These attacks resulted in 21 million current and former Federal government employees' information being stolen. After months of investigation, the FBI's Cyber Task Force identified several Remote Access Tools (RATs) that were used to carry out the attack. One of the more effective tools discovered is named ' FF-RAT '. FF-RAT evades endpoint detection through stealth tactics, including the ability to download DLLs remotely and execute them in memory only. Hackers use RATs to gain unlimited access to infected endpoints. Once the victim's access privilege is acquired, it is then used for malware deployment, command and control (C&C) server communication, and data exfiltration. Most Advanced Persistent Threat (APT) attacks also take advantage of RAT functionality for bypassing strong authentication, reconnaissance, spreading
Malware And Hacking Forum Seized, Dozens Arrested

Malware And Hacking Forum Seized, Dozens Arrested

Jul 16, 2015
The FBI and other law enforcement agencies have arrested more than 70 people suspected of carrying out cyber criminal activities associated with one of the most active underground web forums known as Darkode . Darkode , also used by notorious Lizard Squad , was an online bazaar for cyber criminals looking to buy and sell hacking tools, botnet tools, zero-day exploits, ransomware programs, stolen credit cards, spam services and many illicit products and services. Darkode had been in operation since 2007 before law enforcement authorities seized it this week as part of an investigation carried out in 20 different countries. "We have dismantled a cyber-hornet's' nest...which was believed by many, including the hackers themselves, to be impenetrable," said U.S. Attorney David J. Hickton . The crackdown, which the FBI dubbed Operation Shrouded Horizon , was initiated two years ago by its counterparts in Europe, Brazil and law enforcement agencies in more
FBI: Banned Security Researcher Admitted to Hacking Plane In-Flight

FBI: Banned Security Researcher Admitted to Hacking Plane In-Flight

May 17, 2015
A security researcher who was pulled out from a United Airlines flight last month had previously admitted to Federal Bureau of Investigation (FBI) that he had taken control of an airplane and made it fly briefly sideways. Chris Roberts, the founder of One World Labs , was recently detained, questioned and had his equipment taken by federal agents after he landed on a United flight from Chicago to Syracuse, New York following his tweet suggesting he might hack into the plane's in-flight entertainment system. In that particular tweet, Roberts joked: " Find me on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? 'PASS OXYGEN ON' Anyone? :) " The federal agents addressed the tweet immediately and took it seriously following the Roberts' capabilities of such hacking tactics. In the FBI affidavit first made public Friday - first obtained by APTN National News - Roberts told the FBI earlier this year about not once, b
Own a WordPress Website? ISIS is After You — FBI warns

Own a WordPress Website? ISIS is After You — FBI warns

Apr 09, 2015
If you run a self-hosted WordPress website, then you must Beware: "ISIS is after you." Yes, you heard right. The United States Federal Bureau of Investigation (FBI) is warning WordPress users to patch vulnerable plugins for the popular content management system before ISIS exploit them to display pro-ISIS messages. According to the FBI, ISIS sympathizers are targeting WordPress sites and the communication platforms of commercial entities, news organizations, federal/state/local governments, religious institutions, foreign governments, and a number of other domestic and international websites. Targets seem to be random: They are not linked to particular name or business. The attackers are sympathizers and supporters of ISIS (also known as ISIL), not actual members of the terrorist organization. They are mostly unskilled people and are not doing much hard work — Just leveraging known WordPress plugin flaws in commonly available hacking tools. These
FBI Director says 'Sloppy' Sony Hackers Left Clues that Point to North Korea

FBI Director says 'Sloppy' Sony Hackers Left Clues that Point to North Korea

Jan 08, 2015
The hackers group responsible for the last year's largest hacking attack on Sony Pictures Entertainment left many clues which proves that the Sony's hackers , who called themselves Guardians of Peace (GOP) , linked to North Korea, as claimed by the Federal Bureau of Investigation (FBI). Speaking at the International Conference on Cyber Security (ICCS) at Fordham University in New York on Wednesday, the director of the FBI defended his bureau's claim and said that the North Korean government was involved in the massive cyber attack against Sony Pictures – saying skeptics " don't have the facts that I have ." " There's not much I have high confidence about, " James Comey said, as reported by the FBI New York field office's official Twitter feed. " I have very high confidence... on North Korea. " According to Comey, the hackers usually relied on proxy connections to hide their real IP address each time they sent threatening
Tor Network Is Under Attack through Directory Authority Servers Seizures

Tor Network Is Under Attack through Directory Authority Servers Seizures

Dec 23, 2014
Tor has been targeted once again, but this time at a much larger scale. A new attack on Tor network reportedly would either completely shut it down worldwide or turn it into evil network. This time Tor – an internet browser which allows people to maintain their anonymity online by protecting their location – is warning its users of a cyber attack that quietly seized some of its network specialized servers called Directory Authorities (DA) , the servers that help Tor clients to find Tor relays in the anonymous network service. Tor network architecture relies on ten Directory Authorities whose information is hardcoded into Tor clients. These directory authorities are located in the Europe and United States, and maintain the signed list of all the verified exit relays of the Tor network, and according to experts, attack on these backbone servers can "incapacitate" the overall architecture of Tor. " The Tor Project has learned that there may be an attempt to incapacit
Sony Pictures Employees Receive Threatening Email After Hack

Sony Pictures Employees Receive Threatening Email After Hack

Dec 06, 2014
The massive hacking attack against Sony Pictures Entertainment have reached a totally unbelievable and scary phase as multiple media sources are saying that Sony Pictures employees received e-mails from hackers threatening to harm them and their family members . Said one employee, " It's really crazy and scary. " It seems like matters for Sony Pictures is getting worse with time. Last month hacking attack on Sony Pictures Entertainment made the studio's internal corporate systems offline and spewed confidential information onto the Internet. Hackers group that identifies itself as # GOP ( Guardians of Peace ) claimed responsibility for the hack and apparently stolen reams of internal corporate data as well. Just a week after the cyber-attack on Sony Pictures Entertainment, high-quality versions of five newest films – Annie , Fury , Still Alice , Mr. Turner and To Write Love on Her Arms – distributed by Sony Pictures leaked online during Black Friday.
Sony Pictures Hack — 5 Things You Need To Know

Sony Pictures Hack — 5 Things You Need To Know

Dec 02, 2014
What a horrible start the holiday season in U.S. Over Thanksgiving weekend, Sony Pictures Entertainment suffered a massive data breach as "Guardians of Peace" hacked-into Sony Pictures' computer system that brought the studio's network to a screeching halt. Following the hack, hackers leaked five unreleased Sony movies to Torrent file-sharing website during Black Friday. It's still not clear whether both the incident back to back with Sony Pictures belongs to same group of hackers or not, but here's what you need to know about the breach: 1. FBI MALWARE WARNING AFTER SONY PICTURES HACK The U.S. Federal Bureau of Investigation (FBI) warned businesses that cyber criminals have used malicious software to launch destructive cyber-attacks in the United States, following the last week's massive data breach at Sony Pictures Entertainment, in which four unreleased films were stolen and pirate-shared. In a five-page confidential 'flash'
More than 400 Underground Sites seized by FBI in 'Operation Onymous'

More than 400 Underground Sites seized by FBI in 'Operation Onymous'

Nov 10, 2014
The joint operation by authorities of the U.S. Federal Bureau of Investigation (FBI) and European law enforcement seized Silk Road 2.0 , an alternative to the notorious online illegal-drug marketplace last week, and arrested 26-year-old operator Blake Benthall, but that wasn't the end. US and European authorities over the weekend announced the seizure of 27 different websites as part of a much larger operation called Operation Onymous , which led to take-down of more than "410 hidden services" that sell illegal goods and services from drugs to murder-for-hire assassins by masking their identities using the Tor encryption network. " The action aimed to stop the sale, distribution and promotion of illegal and harmful items, including weapons and drugs, which were being sold on online 'dark' marketplaces, " according to the Europol press release . This globally-coordinated take down is the combined efforts of 17 nations which includes the law enforcemen
Cybersecurity Resources