encryption | Breaking Cybersecurity News | The Hacker News

Mozilla is planning to provide a new feature that will allow free audio and video calls between its Firefox web browser , thereby ending the need of any third-party client service or plugin. Mozilla will soon release a new experimental version of Firefox Nightly , which will include an open source and Peer-to-peer communication protocol called WebRTC that enables Real-Time Communications (RTC) capabilities between two web browsers via simple Javascript APIs. NO PLUGINS REQUIRED WebRTC is not a web browser plugin, and its components run in the browser sandbox. Its components do not require separate installation or any separate process to run and it will receive its updates along with the web browser updates. " No plugins, no downloads. If you have a browser, a camera and a mic, you'll be able to make audio and video calls to anyone else with an enabled browser ." reads the blog post and when the camera or microphone are running, this is clearly shown by the Fire

After Whatsapp, The Chinese WeChat is the second most popular messaging application and currently being targeted by cybercriminals to spread a new Banking Trojan in order to steal the financial information from its users. WeChat is a famous mobile instant messaging app developed by Chinese company Tencent, with more than 355 million users across the world. The app offers people to chit-chat with their friends and relatives, and also allows users to make payments for goods and services on WeChat. The Payment feature of the app requires users' bank account details to their messenger account and this is what tempting cybercriminals to develop new and more sophisticated banking Trojans and malwares. The security researchers at Kaspersky Lab have uncovered such banking Trojan, dubbed as Banker.AndroidOS.Basti.a, which looks exactly like the legitimate WeChat application for Android devices. While installation, it also requires the same permissions such as to access the Int

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

TrueCrypt , the popular and reputed open source file and disk encryption Software for Windows, OSX and Linux, has abruptly closed down Wednesday recommending its users to use Microsoft's Bitlocker. TrueCrypt is a free, open-source and cross-platform encryption program, thereby one of the world's most-used encryption tool, trusted by tens of millions of users and recommended by NSA whistleblower Edward Snowden . TRUECRYPT IS NOT SECURE On Wednesday afternoon, the users of TrueCrypt encryption tool redirected to the project's official SourceForge-hosted page that displays a mysterious security warning message that the popular encryption tool has been discontinued and that users should switch to an alternative. The official website for the TrueCrypt software warns the user that the open source encryption software is no longer secure and informs that the development of the software has been terminated. At the top of TrueCrypt page on SourceForge display

There is a good news for all Security researchers, Penetration testers and Hackers. The developers of one of the most advance open source operating system for penetration testing, ' KALI Linux ' have announced yesterday the release of its latest version of Kali Linux 1.0.7 with some interesting features. Kali Linux is an open source Debian-based distribution for penetration testing and forensics that is maintained and funded by Offensive Security, a provider of world-class information security training and penetration testing services. In the beginning of this year, Offensive Security released Kali Linux 1.0.6 with Kernel version 3.12, and also added the Self Destruct feature that allows Kali users to encrypt the full hard disk to make the data inaccessible in an emergency case by entering a secret password at boot time. This latest Kali Linux 1.0.7 version added some more features to the last version, along with many new penetration testing and hacking too

The Edward Snowden revelations triggered a large-scale movement worldwide towards deploying encryption across the Internet for secure services, which is something the government agencies like NSA and GCHQ have targeted repeatedly, as exemplified by abruptly shutting down Lavabit , a Texas-based Encrypted Email Service. In response, a group of young developers at the European Organization for Nuclear Research (CERN) has launched a new email service which offers end-to-end encryption and securing communications that could put an end to government snooping and will keep away our personal data from prying eyes. PROTONMAIL - AN END-to-END ENCRYPTED EMAIL This new encrypted email service, called ProtonMail is a super-secure email service created in collaboration with the scientists from Harvard, the Massachusetts Institute of Technology and the European research lab CERN. ProtonMail offers a user-friendly experience with full "end-to-end" encryption . It encrypts the data on the browser

After introducing the Fingerprint scanner to its new release, Samsung next plans to add IRIS scanning technology to its future smartphones to better improve the security of smartphones and for being more innovative too. According to a report released by The Wall Street Journal, Samsung senior Vice President Rhee In-jong told analysts and investors at a forum in Hong Kong that the company is planning to incorporate biometric sensors such as eye scanners into more of its products as a part of its enterprise security software. " We're looking at various types of biometric mechanisms and one of things that everybody is looking at is iris detection, " Rhee said. The move is no doubt in order to bring an added layer of security to its devices. A Smartphone with an eye-scanning feature would most likely to be used in the front-facing camera to scan the unique patterns of the user's iris and once the pattern get matched with the already stored user's iris image in the phon

If you have an account with Microsoft's popular free email service Outlook.com, and using Outlook app for Android, then there is a bad news for you. Microsoft's Android app for Outlook.com,  provides users to access their Outlook emails on their Android devices, fails to provide security and encryption. LOOPHOLES DISCOVERED Researchers from ' Include Security ' firm claims to have found multiple vulnerabilities in Microsoft's Outlook app for Android, that leaves users' email data vulnerable to hackers and other malicious third party apps. By default, Email attachments are stored into easily accessible folders on the Android filesystem Email Database ( Body, Subject ) is stored locally in an unencrypted manner App's 'Pin Code' feature doesn't protect or encrypt email data. EMAIL ATTACHMENTS ARE ACCESSIBLE TO ANY OTHER APPS Today almost every applications available at Google Play Store generally ask for  READ_EXTERNAL_STORA

The most popular open source Instant messaging application based on the ' Extensible Messaging and Presence Protocol ' (XMPP), formerly known as Jabber that enables you to connect with other people over the Internet will begin refusing unencrypted connections as from today. In an announcement yesterday, The XMPP Standard Foundation (XSF) informs that a large number of XMPP service operators and software developers permanently turned on mandatory encryption for client-to-server and server-to-server connections from today in order to harden the security of the messaging service. Many XMPP-based services operate independently, so it is tough to enforce all of them to use Encryption . ' While XMPP is an open distributed network, obviously no single entity can "mandate" encryption for the whole network - but as a group we are moving in the right direction ,' reads the blog post. ' If you use an XMPP service provided by someone else and you encounter problems contact

The Music Industry, Movie Studios and other companies who create media contents are always concerned with people getting access to their content without paying for it. Last year, On Request of Big Tech companies such as Microsoft, Google and Netflix, The World Wide Web Consortium (W3C) defined a new API (Application Programming Interface) called ' Encrypted Media Extensions (EME) ' in HTML5 to aid web-based video services in restricting the rights of users who utilize their services. Now the companies won't need to rely on third-party plugins like Flash and Silverlight to deliver copy-protected movies and TV shows to your browser. Instead, now they have same capabilities of Digital rights management (DRM)  right into the fabrics of the web. All other major modern web browsers, including Internet Explorer, Chrome, and Safari are supporting  Encrypted Media Extensions (EME)  within the web browser since last year, except Mozilla Firefox . Even after criticizing the use o

It's an era of Mass Surveillance, where Encryption has become more important today for all of us than any other time in the History. But the trouble is that Crypto programs are too hard for Non-Internet-Savvy to implement and use. Time is loudly announcing the need to switch to some alternatives that provide end-to-end encryption for communication between two devices in order to keep your personal data away from NSA's prying eyes and respect your Privacy . But, many services, including Facebook's messaging application, don't support encryption and therefore are weak in providing security of our online data, which could result in data breach either by cyber criminals or by our own Government under surveillance programs. Because Facebook's messaging application doesn't support end-to-end encryption, an Open-source and most popular crypto chat-encryption application called 'Cryptocat' has made it possible to chat with your Facebook friends and rel

Last year, Just after Snowden leaks, the U.S Government warned that NSA surveillance revelations will make harder to track bad guys trying to harm the United States, as disclosures can be helpful to terrorist groups. In response to the NSA revelations, the terrorists at Al-Qaeda have started using strongest encryption techniques in order to bypass the standard cryptographic protections in its various communications, according to the recent report released by the Threat Intelligence  company, Recorded Future . The analysis carried out by the intelligence firm revealed that the Infamous Terrorist Organizations, Al-Qaeda that attacked civilian and military targets in various countries, has switched to new encryption software for the first time in seven years, following the revelations of the US National Security Agency (NSA) by former contractor Edward Snowden . Al-Qaeda is a global militant Islamist and takfiri organization which operates as a network comprising both a

There is no question that Mobile devices have become a staple in everyday living around the world. But have you ever asked yourself, How Secure are the Android, iPhone or any other Smart devices? It is really important for us to think about the Security and Privacy of our Data stored in Smartphones. In June 2010, Apple introduced ' Data protection ' feature in iOS 4.0 devices that offer hardware encryption for  all the data stored on the devices. " Data protection enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode. This provides an additional layer of protection for your email messages attachments , and third-party applications ." Apple claimed  in an old announcement. But unexpectedly, In last few updates Apple has silently removed the email attachment encryption from  data protection mechanisms. Noticed by Security Researcher -  Andreas Kurtz , claims that  since at least version 7.0.4 and including the current

If you are a user of the American On-Line (AOL) mail service then you are advised to change your password as soon as possible. AOL Inc. on Monday confirmed the company suffered a massive data breach that may have affected a "significant number" of email accounts. The company has issued a warning to users that their personal information including email addresses, postal addresses, address books, encrypted passwords and the encrypted answers to security question-answers, has been stolen by attackers, the New York-based company said Monday. " The ongoing investigation of this serious criminal activity is our top priority, " AOL said in a blog post . " We are working closely with federal authorities to pursue this investigation to its resolution. Our security team has put enhanced protective measures in place, and we urge our users to take proactive steps to help ensure the security of their accounts ." AOL said it began investigating the

An application should always encrypt users' sensitive data, either it is local or stored on company servers, but still many popular services failed to provide fully secured solutions to their users. Cristian Dinu (DrOptix) and Dragoş Gaftoneanu , Romanian programmers at Hackyard Security Group , a private community dedicated to IT security research approaches ' The Hacker News ' editorial and claimed that the Microsoft owned most popular free voice calling service Skype leaves its local database unencrypted, that puts users' sensitive information at risk. All Skype-to-Skype voice, video, file transfers and instant messages are encrypted. Though, Skype's local database is also supposed to be encrypted because it is sensitive enough, but  Dragoş  found that Skype leaves users' full name, birthday, phone numbers, country, city and even full chat conversations unencrypted on the systems' hard drive in a known location without any encryption or password.

The National Institute of Standards and Technology (NIST) has announced to abandon the controversial  Dual Elliptic Curve Deterministic  Random Bit Generator,  better known as  Dual_EC_DRBG in the wake of allegations that the National Security Agency. Back in December, Edward Snowden leaks revealed that RSA received $10 million bribe from NSA under a secret contract to implement their flawed cryptographic algorithm Dual_EC_DRBG in its bSafe Security tool as the default protocol in its products for keeping Encryption Weak . In response to the accusations on NSA and RSA, and despite RSA denied all the accusations. without wasting time NIST issued an announcement recommending against using Dual_EC_DRBG and abandon the cryptographic algorithm from its revised guidance provided in the Recommendation for Random Number Generation Using Deterministic Random Bit Generators ( NIST Special Publication 800-90A, Rev.1 ). But it didn't remove it from its random number generator

Constant password breaches and Snowden revelations about Government Surveillance have raised many questions that why don't cloud and email Services encrypt the data stored on their server?  Revelations forced the popular Internet Giants such as Google and Yahoo to contemplate on the privacy and security issues and in response companies started enhancing their encryption standard by enabling HTTPS by default and removed the option to turn it off. A few days back, Google admitted that their automated systems read your content, including incoming and outgoing emails to provide you personally relevant advertisements. That means Internet giants generally do encrypt your data, but they have the key so they can decrypt it any time they want. Encryption is mandatory in Modern Internet and web services should consider Encrypting and decrypting your data locally, so that no one can snoop on. Such cryptographic mechanism is called End-to-End Encryption , that means content of yo