data breach | Breaking Cybersecurity News | The Hacker News

In the most surprising manner, the Chinese government said it arrested criminal hackers behind the massive cyber attack on US Office of Personnel Management (OPM) earlier this year, dismissing its involvement. Three months back, we reported that China arrested a handful of hackers within its borders who were suspected of allegedly stealing commercial secrets from US companies. The arrests took place shortly before China President Xi Jinping visited the United States in September 2015 when both heads of states agreed that neither side will participate in commercial espionage against one another. China: Cyber Criminals Hacked OPM, Not Government Spies Now, those suspected hackers have turned out to be the ones in connection with the OPM hack that resulted in the theft of personal details of more than 21 Million United States federal employees, including 5.6 Million federal employees' fingerprints . Citing an " investigation ", the Chinese governme

Earlier this month, a massive data breach at VTech – the maker of tablets and gadgets aimed at children – exposed the personal details of about 4.8 Million parents and photos of more than 200,000 Children. If that was not bad enough… …it turns out that the massive cyber attack against the toymaker company also left hundreds of thousands of snaps of parents and children , as well as a year worth of chat logs kept online in a way easily accessible to hackers. VTech Data Breach In a statement released Monday, the toymaker company VTech said the hacked database included victim's profile information including: Customers' names Email addresses Passwords ( One-way encrypted using MD5 hash that can be cracked in no time ) Secret questions and answers for password retrieval IP addresses Residential addresses Download history The database also included information on children including names, genders and date of births. Also Read: Caution! Hackers Ca

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a

The fight to protect your company's data isn't for the faint of heart. As an embattled IT warrior, with more systems, apps, and users to support than ever before, keeping everything up and running is a battle in itself. When it comes to preventing the worst-case scenario from happening, you need all the help you can get, despite your super-hero status. According to SANS, there are 6 key phases of an incident response plan. Preparation - Preparing users and IT to handle potential incidents in case they happen Identification - Figuring out what we mean by a "security incident" (which events can we ignore vs. which we must act on right now?) Containment - Isolating affected systems to prevent further damage Eradication - Finding and eliminating the root cause (removing affected systems from production) Recovery - Permitting affected systems back into the production environment (and watching them closely) Lessons Learned - Writing everything down and reviewing an

The Group of teenage hackers, which previously hacked into the personal email of the CIA director John Brennan and published a large trove of sensitive data, has now had its hands on even more important and presumably secure target. Hackers Accessed Law Enforcement Private Portal The hacking group, Crackas With Attitude ( CWA ), claims it has gained access to a Law Enforcement Portal through which one can access: Arrest records Tools for sharing information about terrorist events and active shooters The system in question is reportedly known as the Joint Automated Booking System ( JABS ), which is only available to the Federal Bureau of Investigation (FBI) and law enforcement. Hackers Gained Access to FBI's Real-Time Chat System Moreover, the hacking group also says it has gained access to another tool that is something like a real-time chat system for the FBI to communicate with other law enforcement agents around the US. Two days ago, CWA published

Police have arrested a fourth person, a 16-year-old boy , from London in connection with the high-profile hack of British telecoms giant TalkTalk. The investigating officers from the Metropolitan Police Cyber Crime Unit (MPCCU) arrested the teenager at his home in Norwich on suspicion of Computer Misuse Act offences. TalkTalk was subjected to a ' significant and sustained ' hacking attack on its official website two weeks back, which put the Bank Details and Personally Identifiable Information (PII) of its 4 Million customers at risk. The telco confirmed last week that at most 1.2 Million names, email addresses and phone numbers and around 21,000 unique bank account numbers and sort codes were compromised in the attack. However, TalkTalk said that the stolen credit card details were incomplete, so the payment cards could not be used for any false financial transactions. But, the company advised customers to remain vigilant against financial fraud. S

British Police have arrested a second teenage boy in relation to the major hack on the servers of UK-based telco 'TalkTalk' last week. On Monday, a 15-year-old boy (first arrest) from County Antrim, Northern Ireland, was arrested in connection with the TalkTalk Data Breach. On Thursday, The Metropolitan Police Cyber Crime Unit (MPCCU) arrested this second unnamed 16-year-old boy from Feltham in west London on suspicion of Computer Misuse Act offences. Latest TalkTalk Data breach put the Bank details and Personally Identifiable Information (PII) of millions of customers at risk, including: Nearly 21,000 Bank Accounts Almost 28,000 obscured Credit and Debit card details Less than 15,000 customer dates of birth Names, Email Addresses, and Phone Numbers of 1.2 Million Customers TalkTalk has confessed that " Not all of the data was encrypted "... yeah, its' too bad. However, " Investigations so far show that the information that may have bee

The world's most popular Free Web Hosting company 000Webhost has suffered a major data breach, exposing more than 13.5 Million of its customers' personal records. The stolen data includes usernames, passwords in plain text, email addresses, IP addresses and last names of around 13.5 Million of 000Webhost's customers. According to a recent report published by Forbes , the Free Hosting service provider 000Webhost was hacked in March 2015 by an anonymous hacker. In a post on its official Facebook page, the hosting company has acknowledged the data breach and posted the following statement: "We have witnessed a database breach on our main server. A hacker used an exploit in old PHP version to upload some files, gaining access to our systems. Although the whole database has been compromised , we are mostly concerned about the leaked client information." The stolen data was obtained by Troy Hunt , an Australian security researcher, who received the dat

Security researchers at Symantec have uncovered a new Backdoor Trojan that grants hackers remote access and some control over infected machines. " Duuzer ," as dubbed by the researchers, has been targeting organizations in South Korea and elsewhere in an attempt to steal valuable information. The Trojan is designed to infect both 32-bit and 64-bit computers running Windows 7, Windows Vista, and Windows XP. Duuzer gives attackers remote access to the compromised computer, allowing them to: Collect system and drive information Create, enumerate, and end processes Access, modify and delete files Upload and Download additional files Change the time attributes of files Execute malicious commands Steal data from infected system Know about victim's Operating System Duuzer Infects via Spear Phishing or Watering Hole Attacks It is currently unclear how the malware is being distributed, but according to Symantec Researchers, the most obvious routes ar

The arrest is the first major outcome since TalkTalk – the biggest phone and broadband provider in the UK with more than 4 Million customers – had suffered a serious data breach. The Police Service of Northern Ireland (PSNI) and the investigating officers from the Metropolitan police's cyber crime unit (MPCCU) have arrested a 15-year-old boy in connection with the latest cyber attack on TalkTalk . The press release issued by the police said the boy was detained in County Antrim at about 4.20pm on Monday on suspicion of committing offences under the Computer Misuse Act. The Computer Misuse Act 1990 is an act of the Parliament of the United Kingdom, according to which any computer misuse offences like: Unauthorised access to computer material. Unauthorised access with the intent to commit further offences. Unauthorised acts with the intent to impair, or with recklessness as to impairing, operation of the computers, and other electronic devices. ...Are consi

TalkTalk , one of the biggest UK-based phone and Internet service provider with more than 4 Million customers, has been hacked again, the company announced late Thursday. TalkTalk is informing its 4 million customers that it has fallen victim to a "significant and sustained cyber attack" and it is possible that sensitive data including bank details have been stolen. In February, TalkTalk suffered a major data breach in which its customer details were stolen and misused by scammers to access additional information as well as steal considerable amount of money. What data might have been Exposed? According to the company, potentially all of its 4 Million customers could be affected by the data breach. However, TalkTalk hasn't specified exactly what kind of data was stolen from its servers, but says that the systems accessed by hackers contained information including: Credit card details and/or bank details Full names Postal addresses Dates

Samsung has been surrounded by a lot of controversies since the past few years, but that has not influenced its productivity. But this report has raised a few eyebrows... Samsung's mobile payment system company, LoopPay , was hacked back in March this year, just a month after Samsung bought it to help make Samsung Pay a reality. Samsung acquired LoopPay for more than $250 Million in February this year, and a group of Chinese Hackers were able to access LoopPay computer systems in March. The most worrisome part is – the hack was discovered 5 months later in August . Hackers were After Technology; Not Money or Sensitive Data The hackers, believed to be from a group called ' Codoso Group ' or ' Sunshock Group ,' were after the company's Magnetic Secure Transmission (MST) Technology . The group injected LoopPay's computer network with a hidden sophisticated attack in March, but the investigation kicked off when LoopPay learned of

This week, three high-profile data breaches took place, compromising personal and sensitive details of millions of people. Telecommunication giant T-Mobile Crowdfunding website Patreon US brokerage firm Scottrade In T-Mobile's case, its credit application processor Experian was hacked , potentially exposing highly sensitive details of 15 Million people who applied for its service in the past two years. The stolen data includes home addresses, birth dates, driver's license number, passport number, military I.D. numbers and – most unfortunately – the Social Security numbers, among other information. Patreon Hack Hits 2.3 Million Users In Patreon's case, hackers managed to steal almost 15 gigabytes' worth of data including names, shipping addresses and email addresses of 2.3 Million users . In a post published late Wednesday, Patreon CEO Jack Conte confirmed that the crowdfunding firm had been hacked and that the personal data of its users h

If your Social Security number gets hacked in any data breaches, including recently hacked T-Mobile , then there's a way to prevent hackers from misusing your identity (i.e. identity theft ). The solution here is that you can institute a security freeze at each of the three credit bureaus, Equifax , Experian , or TransUnion . Once frozen, nobody will be allowed to access your credit report, which will prevent any identity thieves from opening new accounts in your name. Because most creditors required to see your credit report before approving a new account. But, if they are restricted to see your file, they may not extend the credit or open a new account in your name. However, there are some disadvantages of doing so. 1.   Cost The cost of a security freeze differs by state (check yours here ). However, it is often free for already affected people, but the issue is – if you want to let anyone check your credit, you will need to pay a fee every time to

If you applied for financing from T-Mobile anytime between 1 September 2013 and 16 September 2015, you have been HACKED! – even if you never had T-Mobile service. T-Mobile's credit application processor Experian was hacked, potentially exposing the highly personal information of more than 15 million people in the United States. The stolen information includes names, addresses, phone numbers and – most unfortunately – Social Security numbers . The massive data breach was first discovered in mid-September and has now been confirmed by T-Mobile CEO John Legere . According to Legere, Hackers successfully obtained Millions of people's private information through Experian, one of the world's largest credit check companies that process T-Mobile's credit applications. Both customers and people who submitted to a T-Mobile credit check ( but either canceled or never activated their T-Mobile service ) between September 1, 2013, and September 16, 2015, are most at ris

The OPM Data Breach  ( Office of Personnel Management ) is getting even worse than we thought. We already know more than 21 Million current and former federal employees had their personal and highly sensitive private information hijacked in a massive data breach that affected Defense Department's OPM. But, now it has been revealed that the hackers have made off a lot more than just names, residential addresses, and social security numbers of the US government employees. And it's the unique and all time constant identity – The Fingerprints . 5.6 MILLLLLION Fingerprints Breached The US officials on Wednesday admitted that nearly 5.6 Million Fingerprints of its federal employees were also stolen in the massive data breach took place in April this year. The OPM, the US government agency that handles all federal employee data, had previously reported that some 1.1 Million Fingerprints were stolen. However, this figure has now been increased to 5.6 Million. L

We at The Hacker News are big fans of Security Software – The first thing we install while setting our Computers and Devices. Thanks to Free Security Software that protects Internet users without paying for their security. But, Remember: Nothing comes for FREE " Free " is just a relative term, as one of the world's most popular anti-virus companies is now admitting. Czech Republic-based antivirus company AVG has announced its privacy policy in which the company openly admits that it will collect and sell users' data to online advertisers for the purpose of making money from its free antivirus software. This new policy, which will come into effect on October 15 , clearly explains that AVG will be allowed to collect and sell users' " non-personal data " in order to " make money from our free offerings so we can keep them free ." Have a Look on Your Data AVG wants to Sell  Here's the list of, what AVG calls, &q

Health Care Hacks  —   the choice of hackers this year! In a delayed revelation made by Excellus BlueCross BlueShield (BCBS) ,   which says that about 10.5 Millions of their clients' data and information has been compromised by hackers. Excellus BCBS headquartered in Rochester, New York, provides finance and health care services across upstate New York and long-term care insurance nationwide. On August 5, 2015, Excellus BCBS discovered that the hackers targeted their IT systems back in December 2013, initiating a sophisticated attack to gain access to their systems and record client's personal data. The Compromised Data includes: Social Security Number (SSN) Date of birth Mailing address Telephone number Member identification number Financial account information Claims information Did they forget something?...It seems everything is gone! Moreover, it's been two years Excellus systems were open to the hackers. So, what the company was doing

Last month, when hackers leaked nearly 100 gigabytes of sensitive data belonging to the popular online casual sex and marriage affair website ' Ashley Madison ', there was at least one thing in favor of 37 Million cheaters that their Passwords were encrypted . But, the never ending saga of Ashley Madison hack could now definitely hit the cheaters hard, because a group of crazy Password Cracking Group, which calls itself CynoSure Prime , has cracked more than 11 Million user passwords just in the past 10 days, not years. Yes, the hashed passwords that were previously thought to be cryptographically protected using Bcrypt, have now been cracked successfully. Bcrypt is a cryptographic algorithm that makes the hashing process so slow that it would literally take centuries to brute-force all of the Ashley Madison account passwords. How do they Crack Passwords? The Password cracking team identified a weakness after reviewing the leaked data, which included u