#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

encryption | Breaking Cybersecurity News | The Hacker News

Privacy Tools — Tor Browser 4.0 and Tails 1.2 Update Released

Privacy Tools — Tor Browser 4.0 and Tails 1.2 Update Released

Oct 18, 2014
Tor - Privacy oriented encrypted anonymizing service, has announced the launch of its next version of Tor Browser Bundle, Tor version 4.0 , which disables SSL3 to prevent POODLE attack and uses new transports that are intended to defeat the Great Firewall of China and other extremely restrictive firewalls. Tor is generally thought to be a place where users come online to hide their activities and remain anonymous. Tor is an encrypted anonymizing network considered to be one of the most privacy oriented service and is mostly used by activists, journalists to circumvent online censorship and surveillance efforts by various countries. The popularity of the tool can be estimated by the recent announcement of an Internet router called Anonabox which was the highest crowd funded project on Kickstarter this week, generating more than $500,000 in funding since its launch on Monday. Tor privacy router Anonabox is designed to make all your online activity anonymous and conceal yo
Hacking Smart Electricity Meters To Cut Power Bills

Hacking Smart Electricity Meters To Cut Power Bills

Oct 17, 2014
Smart devices are growing at an exponential pace with the increase in connecting devices embedded in cars, retail systems, refrigerators, televisions and countless other things people use in their everyday life, but security and privacy are the key issues for such applications, which still face some enormous number of challenges. Millions of Network-connected electricity meters or Smart meters used in Spain are susceptible to cyberattack by hackers due to lack of basic and essential security controls that could put Millions of homes at risk, according to studies carried out by a pair of security researcher. HACKERS TO CAUSE BLACKOUT AND BILL FRAUD The security vulnerabilities found in the electricity meters could allow an intruder to carry out billing fraud or even shut down electric power to homes and cause blackouts. Poorly protected credentials inside the devices could let attackers take control over the gadgets, warn the researchers. The utility that deployed the
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
POODLE SSL 3.0 Attack Exploits Widely-used Web Encryption Standard

POODLE SSL 3.0 Attack Exploits Widely-used Web Encryption Standard

Oct 15, 2014
Another Heartbleed-like vulnerability has been discovered in the decade old but still widely used Secure Sockets Layer ( SSL ) 3.0 cryptographic protocol that could allow an attacker to decrypt contents of encrypted connections to websites. Google's Security Team revealed on Tuesday that the most widely used web encryption standard SSL 3.0 has a major security vulnerability that could be exploited to steal sensitive data. The flaw affects any product that follows the Secure layer version 3, including Chrome, Firefox, and Internet Explorer. Researchers dubbed the attack as " POODLE ," stands for Padding Oracle On Downgraded Legacy Encryption , which allows an attacker to perform a man-in-the-middle attack in order to decrypt HTTP cookies. The POODLE attack can force a connection to "fallback" to SSL 3.0, where it is then possible to steal cookies, which are meant to store personal data, website preferences or even passwords. Three Google security engineers - Bodo Möll
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
FBI Not Happy With Apple & Google's Encryption Policy

FBI Not Happy With Apple & Google's Encryption Policy

Sep 26, 2014
Users might have praised the technology companies for efforts to encrypt their latest devices that would prevent law enforcement agencies' hands on users' private data, but the FBI is not at all happy with Apple and Google right now. The Federal Bureau of Investigation director, James Comey , said Thursday he was " very concerned " over Apple and Google using stronger or full encryption in their Smartphones and Tablets that makes it impossible for law enforcement to collar criminals. According to Comey, the Silicon Valley tech giants are "marketing something expressly to allow people to place themselves above the law." " There will come a day – well it comes every day in this business – when it will matter a great, great deal to the lives of people of all kinds that we be able to with judicial authorization gain access to a kidnapper's or a terrorist or a criminal's device, " Comey told reporters . " I just want to make sure we
Next 'Android L' To Enable Full Disk Encryption By Default

Next 'Android L' To Enable Full Disk Encryption By Default

Sep 22, 2014
The search engine giant Google will soon come up with its next version of Android operating system, dubbed as Android L , with full-disk encryption enabled by default, Google confirmed Thursday. This will be for the first time that Google's Android OS will be encrypting your information, preventing both hackers and law enforcement agencies from gaining access to users' personal and highly sensitive data on their devices running the Android operating system. While Android has been offering data encryption options for some Android devices since 2011. However the options are not enabled by default, so users have had to activate the functionality manually. But Android L will have new activation procedures that will encrypt data automatically. Although Google is yet to provide more details about Android L, which is set to be released next month. But the move by the web giant will surely provide an extra layer of security on the personal data that users typically have on t
Fake Cell Phone Towers Could Be Intercepting Your Calls

Fake Cell Phone Towers Could Be Intercepting Your Calls

Sep 04, 2014
A notable number of cell phone towers around the United States are rogue that, according to latest report, could spoof legitimate towers and intercept calls. The research carried out by ESD America , a defense and law enforcement technology firm based in Las Vegas, shows that a rogue cell phone towers, also known as "interceptors", may process the call. ESD America, the company that makes the super-secure CryptoPhone, makes one of the oldest and most expensive high-security cell phones in the market. It provides equipment and training to more than 40 countries with a goal to provide technical security assistance to government and corporate clients across Asia. SEVERAL ROGUE CELL PHONE TOWERS DISCOVERED While field-testing its secure Android handset, the CryptoPhone 500 , the firm came across the existence of a series of fake base stations along the Eastern seaboard of the US. Les Goldsmith, the CEO of ESD America, told the US publication Popular Science tha
Cryptography Expert Says, 'PGP Encryption is Fundamentally Broken, Time for PGP to Die'

Cryptography Expert Says, 'PGP Encryption is Fundamentally Broken, Time for PGP to Die'

Aug 19, 2014
A Senior cryptography expert has claimed multiple issues with PGP email encryption - an open source end-to-end encryption  to secure email. Before continuing, I would like to clarify that covering this topic doesn't mean you should stop using PGP encryption , instead we are bringing to you what Security researcher has argued about its fundamental implications.  PGP or Pretty Good Privacy , a program written in 1991, uses symmetric public key cryptography and hashing that allow both Privacy and Security , as well as Authenticity . Privacy and Security ensure users to exchange messages securely and Authenticity proves the origin of those messages. But PGP is a complicated multi-step process, which requires users to keep track of the public keys of other users in order to communicate. Despite clumsiness of the PGP implementation, the popular Internet giants such as Google and Yahoo! have looked forward to integrate it into their popular email services. A respected research profes
End-to-End Encryption for Yahoo Mail Coming Next Year

End-to-End Encryption for Yahoo Mail Coming Next Year

Aug 08, 2014
Today at Black Hat 2014 hacking conference, Yahoo! Chief Information Security Officer Alex Stamos announced that the company will start giving its consumers the option of end-to-end encryption in its Mail service by next year. Google showed off a PGP-based encryption plugin for Gmail back in June. The Purple-hued company will offer encryption via a modified version of the same End-to-End browser plug-in that Google uses for PGP in Gmail, Alex Stamos told the audience at his talk titled Building Safe Systems at Scale - Lessons from Six Months at Yahoo. The PGP plugin will be native in mobile apps allowing Gmail and Yahoo mail to easily exchange encrypted email. Infact, the email providers themselves won't be able to decrypt messages exchanged between its users. Only senders and recipients will be able to read the messages. In short, it means that Yahoo email users can reportedly send safe and secure messages between Yahoo users and also Gmail adherents without fear, wh
Free CryptoLocker Ransomware Decryption Tool Released

Free CryptoLocker Ransomware Decryption Tool Released

Aug 07, 2014
When I say Ransomware, the first nasty piece of malware strikes in the mind is CryptoLocker . A nasty strain of ransomware malware that threatened most of the people around the world by effectively destroying important files of the victims forever. CRYPTOLOCKER - A DEVASTATING THREAT CryptoLocker is a simple rather a devastating piece of Ransomware that encrypts the files on a victim's computer and issues an ultimatum - Pay up or lose your data. CryptoLocker is particularly designed to extort money from computer users by holding computer files hostage until the computer user pays a ransom fee to get them back. Cryptolocker hijacker sniffs out your personal files and wraps them with strong AES-256-bit encryption before it demands money. HOW TO DECRYPT CRYPTOLOCKER? FREE TOOL RELEASED Thanks to security experts, who created an online service where victims whose systems have been encrypted by the CryptoLocker ransomware can get the decryption keys for free. This o
Intel launches Hardware-based Self-Encrypting Solid State Drives

Intel launches Hardware-based Self-Encrypting Solid State Drives

Jul 25, 2014
Data security is a big task for businesses as well as a challenge for IT leaders, whether it be securing networks or devices. Past few months, we often came across various data breaches, the largest among all was Target data breach , which cost a business nearly $50,000 in lost productivity, replacement and data recovery.  Once a bad actor has stolen your hardware or compromised your network, the ability to lock down sensitive data is predominant. To help mitigate these threats in order to protect businesses against data breaches without even damaging performance, Intel has announced its latest enterprise-class solid state drives (SSDs) that are self-encrypting, packaged with some powerful security and management features. The New Intel SSD 2500 Pro Series of solid state drives offers significant performance with hardware-based 256-bit self-encryption to reduce the impact on the performance. Intel SSD 2500 Pro Series will be offered in both 2.5-inch SATA and M.2
miniLock - Open Source File Encryption Tool from CryptoCat Developer

miniLock - Open Source File Encryption Tool from CryptoCat Developer

Jul 06, 2014
It's the age of surveillance what made the Use of Encryption so widely that it has become a need of law enforcement agencies, cyber criminals as well as every individual. But, encryption is not so easy. To solve this problem, a 23-year old Cryptocat developer Nadim Kobeissi is ready to release a simple solution to deliver strong encryption at the HOPE hacker conference in New York later this month, which may soon come as an extension for Google Chrome web browser, Wired reported . The encryption program is dubbed as miniLock , which is a free and open-source browser plugin designed to let anyone encrypt and decrypt files in seconds using a drag-and-drop interface with practically unbreakable cryptographic protection. " The tagline is that this is file encryption that does more with less, " says Kobeissi, activist and security consultant. " It's super simple, approachable, and it's almost impossible to be confused using it. " Drag-and-drop interface here means, miniL
Critical Vulnerability and Privacy LoopHole Found in RoboForm Password Manager

Critical Vulnerability and Privacy LoopHole Found in RoboForm Password Manager

Jul 05, 2014
Unless you are a human supercomputer, remembering password is not so easy, and that too if you have a different password for each site. But luckily to make the whole process very easy, there is a growing market out there for password managers and lockers with extra layers of security. But, if you are using the mobile version of most popular password manager from Password management company RoboForm to manage your passwords then you might be at a risk, claimed a UK based Security researcher. I am personally using RoboForm from last few months, which is a great password manager application developed by Siber Systems Inc. for various platforms that stores your sensitive data all in one place, protected at RoboForm account and encrypted by a secret master password. RoboForm user be able to then quickly access those passwords and notes anytime, anywhere. But a IT security consultant and tech enthusiast Paul Moore discovered one critical vulnerability in its app and one Pri
Infosec A-Team to Launch NSA-Proof Invisible Messenger for Whistleblowers

Infosec A-Team to Launch NSA-Proof Invisible Messenger for Whistleblowers

Jul 05, 2014
If a whistleblower discloses an activity to the public, then there should be a trust-based mechanism that ensure the protection of truth-tellers on an international level by hiding their identities. In an effort to provide this kind of service and security, Security experts grouped together to create a stealthy Internet Messenger (IM) and file transfer client, which is especially designed for whistleblowers. Dubbed as " ‪invisible.im " is an anonymous Instant Messenger (IM) that leaves no trace‬. The team behind the project called itself " The Infosec A-Team " which includes Metasploit Founder HD Moore , noted infosec and opsec experts The Grugq , an Australian security analyst Patrick Gray , and Richo . Invisible.im aims to serve the rigid anonymity needs of whistleblowers. The project website states: invisible.im was established to develop an instant messenger and file transfer tool that leaves virtually no evidence of conversations or transfers having occurred. Th
Microsoft Boosts Encryption for Outlook Webmail and OneDrive

Microsoft Boosts Encryption for Outlook Webmail and OneDrive

Jul 02, 2014
After the wide chain of scandals over US global snooping that seriously damaged the trust on the top U.S. Tech companies, Google and Yahoo! came forward and took initiative to provide more secure, encrypted and NSA-proofed service in an effort to gain their reputation again among its users. Now, Microsoft has also announced several improvements to the encryption used in its online cloud services in order to protect them from cyber criminals, bad actors and prying eyes. The company effort detailed in a blog entry by Matt Thomlinson, Microsoft's Vice President of Trustworthy Computing Security. MICROSOFT'S COMMITMENT Last December, Microsoft promised to protect its users data from government snooping by expanding encryption across its services, reinforcing legal protections for its customers' data and enhancing the transparency of its software code, making it easier for the customers to reassure themselves that its products contain no backdoors. Yesterday's announc
Android 4.3 and Earlier versions Vulnerable to Critical Code-Execution Flaw

Android 4.3 and Earlier versions Vulnerable to Critical Code-Execution Flaw

Jun 27, 2014
A critical code-execution vulnerability almost affecting everyone those are not running the most updated version of Google Android , i.e. Android version 4.4 also known as KitKat. After nine months of vulnerability disclosure to the Android security team, researchers of the Application Security team at IBM have finally revealed all the possible details of a serious code-execution vulnerability that still affects the Android devices running versions 4.3 and earlier, which could allow attackers to exfiltrate sensitive information from the vulnerable devices. " Considering Android's fragmented nature and the fact that this was a code-execution vulnerability, we decided to wait a bit with the public disclosure ," said Roee Hay, a security research group leader at IBM. The researchers found the stack buffer overflow vulnerability that resides in the Android's KeyStore storage service, which according to the Android developers' website is the service code running in Androi
Cybersecurity Resources