Security News | Breaking Cybersecurity News | The Hacker News

Yahoo! The one who enabled the HTTPS connections by default from the beginning of this year, the one who encrypts traffic moving between its data centers from 31st March , now has been accused of harming every  Mailing List  across the world. Experts from the Internet Engineering Council John R. Levine , specialized in email infrastructure and spam filtering claimed this in the post titled " Yahoo breaks every mailing list in the world including the IETF's. " on Internet Engineering Task Force (IETF). Yahoo has established a new rule to automatically exclude Yahoo users from the mailing list, because Mailing List server does not comply with DMARC requirements and they strongly modifies each email. He talks about an " emerging e-mail security scheme " known as Domain-based Message Authentication, Reporting and Conformance (DMARC) that has been implemented by almost every largest email service providers, including Gmail, Hotmail, Comcast, and Yahoo. DMARC helps to reduce the p

ON HIGH-PRIORITY YAHOO! is finally rolling out encryption implementation over their site and services in order to protect users. Yahoo is rapidly becoming one of the most aggressive supporters of encryption, as in January this year Yahoo enabled the HTTPS connections by default, that automatically encrypts the connections between users and its email service. November last year, Yahoo revealed plans to encrypt all information that moves between its data centers and finally from 31st March Yahoo has taken another leap in user-data protection through the deployment of new encryption technologies. NSA TARGET LIST -  GMAIL, YAHOO, ... many more. Last year, It was revealed by  Edward Snowden  that under MUSCULAR program , the spy agency NSA was infiltrating the private data links between Google and Yahoo data centers. After finding themselves in the NSA's target list, Yahoo! and Google forced to think hard about the security and privacy of its users. Google had replied back

The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing security and compliance leadership to a vCISO, these organizations can more easily obtain cybersecurity expertise specialized for their industry and strengthen their cybersecurity posture. MSPs and MSSPs looking to meet this growing vCISO demand are often faced with the same challenge. The demand for cybersecurity talent far exceeds the supply. This has led to a competitive market where the costs of hiring and retaining skilled professionals can be prohibitive for MSSPs/MSPs as well. The need to maintain expertise of both security and compliance further exacerbates this challenge. Cynomi, the first AI-driven vCISO platform , can help. Cynomi enables you - MSPs, MSSPs and consulting firms

With revelations of NSA spying and some of the most jaw-dropping surveillance leaks, many people feel unencrypted and central-server service is bad in most of the cases, but end-to-end encryption can be used to reduce this problem. Worldwide Government surveillance raises privacy concerns and acquisition of WhatsApp by Facebook also made us think about the security concern with chat applications as well; though it was not so secure previously. People who care about having their SMS and Instant messages protected from prying eyes, now they can use end-to-end encrypted services, like  TextSecure .  It is a free Android-based messaging app, completly open-source , easy to use and designed with privacy in mind. Encrypting the stored data on the servers is as important as transferring data over an encrypted connection, but the most important factor of the encryption is that ' who has the decryption key '. If the company has the keys, then Government could snoop through your fi

Today Microsoft has released Security Bulletin Advanced Notification for February 2014 Patch Tuesday. The notification dictates five bulletins out of which two have critical Remote Code Execution and rest are important in aspect to severity of security flaw. A Remote Code Execution vulnerability has been found in Security software of Microsoft i.e. Forefront Protection 2010 for Exchange Server, but this time there will be no new bulletins for Internet Explorer. Not only this, users of Windows 7, Windows Server 2008 R2, Windows 8 and Windows 8.1, Windows Server 2012 and Windows Server 2012 R2, Windows RT and Windows RT 8.1 are also advised to patch their systems in order to protect themselves from being a victim of malicious code which is exploiting Remote code execution vulnerability. Except the remote code execution, Microsoft is going to release patches for privilege escalation, information disclosure, and denial of service security flaws in Windows operating syste

GOOGLE, one of the most trusted brands continuously trying to keep its products more robust and secure for keeping its users safe. Google honors vulnerability hunters under its Bug bounty program and not only that, the company also offer a huge amount of reward to hackers in ' Pwnium ' hacking competition for finding critical vulnerability. Google Chrome , Browser from Google product family, has been added with a new feature that it will warn the user whenever browser's setting get altered by any malware . Browser hijacking is the modification of browser's settings, and the term " hijacking " is used when the changes performed without the user's permission. A browser hijacker may replace the existing home page, error page, or search page with its own. These are generally used to force hits to a particular website, increasing its advertising revenue i.e. Click jacking and Adware . A hijacker uses malicious software to change your internet s

DuckDuckGo , a private search engine that doesn't track your data over the internet and respects your online privacy ,  offers hundreds of Goodies that let you quickly do certain things like Programming, Math, Geek, Music related things. In our previous article, we have posted Cryptography hacks using DuckDuckGo search engine and today we are going to give another tutorial on DuckDuckGo Goodies for Sysadmins . Meaning of FTP Code: Being a system administrator, you might need to connect to a number of FTP servers. While handling FTP service you must be aware of the response code that it will give you when you initiate a connection or a new command. The FTP server response code will be of three digits and each digit has a special meaning. First digit denotes whether the response is good, bad or incomplete. There are hundreds of such FTP response codes. DuckDuckGo provides system administrators a facility to find the meaning of the response code received from the FTP

Over the past several months, it has become clear that the Internet and our Privacy have been fundamentally compromised. A Private search engine DuckDuckGo claims that when you click on one of their search results, they do not send personally identifiable information along with your request to the third party. Like Google dorks (advance search patterns), there are thousands of similar, but technically more useful search hacks are also available in DuckDuckGo called DuckDuckGoodies . Today I am going to share about Handy " Cryptography " using DuckDuckGo search engine . Whether you are a Hacker, Cracker or a Researcher, you need to face a number of hash strings in your day to day life. Hashing is a one way encryption of a plain text or a file, generally used to secure passwords or to check the integrity of the file. There is a certain set of hashing algorithms, e.g.md5, sha1, sha-512 etc. A hash function generates the exact output if executed n numbe

In the last quarter of 2013, sale of a Smartphone with ANDROID operating system has increased and every second person you see is a DROID user. A Russian security firm ' Doctor Web' identified the first mass distributed Android bootkit malware called ' Android.Oldboot ', a piece of malware that's designed to re-infect devices after reboot, even if you delete all working components of it. The bootkit Android.Oldboot has infected more than 350,000 android users in China, Spain, Italy, Germany, Russia, Brazil, the USA and some Southeast Asian countries. China seems to a mass victim of this kind of malware having a 92 % share. A Bootkit is a rootkit malware variant which infects the device at start-up and may encrypt disk or steal data, remove the application, open connection for Command and controller. A very unique technique is being used to inject this Trojan into an Android system where an attacker places a component of it into the boot

Pwnium is the annual Hacking competition where Google invites coders from around the world to find security holes in Google Chrome. Google has announced its 4th Pwnium Hacking Contest hosted at the Canadian Security conference in March, offering more than $2.7 million in potential rewards for hacking Chrome OS-running ARM and Intel Chromebook. This year the security researchers have a choice in between an ARM-based Chromebook, the HP Chromebook 11 (WiFi) and the Acer C720 Chromebook (2GB WiFi) based on Intel's Haswell microarchitecture . The attack must be demonstrated against one of these devices running " then-current " stable version of Chrome OS. " Security is a core tenet of Chromium, which is why we hold regular competitions to learn from security researchers. Contests like Pwnium help us make Chromium even more secure ," Jorge Lucángeli Obes, Google Security Engineer said. Amongst the payouts are $110,000 for the browser or s

123456, password, 12345678, qwerty… or abc123 , How many of you have your password one of these??? I think quite a many of you. Even after countless warnings and advices given to the users by many security researchers, people are continuously using a weak strength of password chains. After observing many cyber attacks in 2013, we have seen many incidents where an attacker can predict or brute-force your passwords very easily. From 2012, the only change till now is that the string " password " has shifted to the second place in a list of the most commonly used passphrases and string " 123456 " has taken the first place recently, according to an annual " Worst Passwords " report released by SplashData , a password management software company They announced the annual list of 25 most common passwords i.e. Obviously the worst password that found on the Internet. The Most common lists of the passwords this year are " qwerty ," " abc123 ," &qu

In my last article, we have learnt that how to encrypt our Emails using Gnu Privacy Guard . Previously we used Microsoft Outlook as a desktop mail client and a GpgOL plugin to handle encryption decryption of our communication. Since Microsoft is a US-based company, that has to follow all the laws of that contingent. Should we trust Microsoft product to save our e-mail password and data? Obviously NO!  This made me write a new article on the same topic is that today we are going to use an open source mail client i.e.  Mozilla Thunderbird , available for Windows, Mac OS X and Linux. Thunderbird Installation: Initially you need to download the Thunderbird mail client, and install it to make your email communication more secure and private. Open Thunderbird tool and configure your mail account, as shown: Installing and Configuring ENIGMAIL:  In the next step you need to install an Add-on in Thunderbird, called  ENIGMAIL . You can search and install add-on using Tools-> Add-ons

Full disk encryption is expected to be the top security technology to be adopted this year. Take a moment to think about the information that is present on your personal computer, i.e. Photo s , passwords, emails, Important documents from work or  Financial data and  trade secrets. Many of us from the Security Industry obviously have enough confidential and important data regarding our work, source codes, or researches stored in our laptops or systems. What if your computer is stolen or seized by any Law enforcement agency at the Airport? Best example to explain the situation is as follows: We all know  Guardian journalist ' Glenn Greenwald ', who  has written a series of stories in July 2013 revealing the NSA's secret surveillance programs, leaked by whistleblower Edward Snowden . In August 2013,  The partner of the Guardian journalist ' Glenn Greenwald ', was returning from a trip to Berlin when he was stopped by officers at the Airport under Terrorism Act 20

If you spend more than a few hours a month doing patching; if you stay up until the middle of the night one Saturday each month doing patching; if you just flip on automatic updates and hope for the best; or if you email your users instructions on how to update their machines – then you're doing it wrong. Patching shouldn't be something that takes multiple days, nor is it something that should ruin one weekend a month. But it is critical and needs to be done right. If you think you're spending way too much time on patching, and have actually considered skipping a month because things didn't sound "that bad," then here's a post just for you. In it, we'll look at seven tips to save you time (and money) taking care of patch management. 1. Have a plan: First of all, you have to have a plan. Management has to support it, and you need to make sure it covers all the systems on your network. You don't want to patch at random, or try to remember every system that you have. Create a plan that

After being an owner of Smartphones, now it's your turn to own a Smart Car. Wouldn't it sound great if you could use your favorite mobile apps on Car's dashboard display? Yes! You heard right.. Google has tied-up with several Auto manufacturers with the goal to bring Android to Cars with built-in controls and hardware by the end of this year. Google has announced at the CES technology trade show in Las Vegas, the Open Automotive Alliance (OAA) will achieve this with their partners i.e. General Motors, Honda, Audi, Hyundai and chipmaker Nvidia. This new project is designed to accelerate innovation in the Automotive sector, with the customized version of most popular mobile platform 'Android' for Cars, that will bring Google Places, Maps, Voice, Earth and developer support to cars. " This open development model and common platform will allow automakers to more easily bring cutting-edge technology to their drivers, and create new opportunities for developers to delive

Think twice before using some words like ' Bomb ', ' Attack ', ' Blast ' or ' kill ' in your Facebook status update, tweets or emails, because this may flag you as a potential terrorist under a surveillance project of Indian Security agencies. This Indian Internet surveillance project named as NETRA ( Network Traffic Analysis) ,   capable of detecting and capture any dubious voice traffic passing through software such as Skype or Google Talk, according to  the Economic Times . In Hindi, NETRA means " eye " and this project is an Indian version of PRISM i.e. A spying project by US National Security Agency (NSA), that also allows the government to monitor the Internet and telephone records of citizens. Reportedly, NETRA is under testing right now by the Indian Intelligence Bureau and Cabinet Secretariat and after on success will be deployed by all Indian National security agencies. Centre for Artificial Intelligence and Robotics (CAIR), a lab under Defence Research and D